gnunet-svn
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[libeufin] 02/02: Sanity-check usernames at Sandbox.

From: gnunet
Subject: [libeufin] 02/02: Sanity-check usernames at Sandbox.
Date: Sun, 19 Sep 2021 09:24:03 +0200 
This is an automated email from the git hooks/post-receive script.

ms pushed a commit to branch master
in repository libeufin.

commit 01cec79392cf07f7ab066885337318c1bdee2b17
Author: ms <ms@taler.net>
AuthorDate: Sun Sep 19 09:23:34 2021 +0200

    Sanity-check usernames at Sandbox.
---
 nexus/src/main/kotlin/tech/libeufin/nexus/Taler.kt |  2 +-
 .../kotlin/tech/libeufin/nexus/ebics/EbicsNexus.kt |  2 +-
 .../tech/libeufin/nexus/server/NexusServer.kt      | 18 +----------
 .../src/main/kotlin/tech/libeufin/sandbox/Main.kt  | 11 ++++++-
 util/src/main/kotlin/HTTP.kt                       |  6 ++--
 util/src/main/kotlin/strings.kt                    | 35 ++++++++++++++++++++++
 6 files changed, 51 insertions(+), 23 deletions(-)

diff --git a/nexus/src/main/kotlin/tech/libeufin/nexus/Taler.kt 
b/nexus/src/main/kotlin/tech/libeufin/nexus/Taler.kt
index 840ef52..31fff08 100644
--- a/nexus/src/main/kotlin/tech/libeufin/nexus/Taler.kt
+++ b/nexus/src/main/kotlin/tech/libeufin/nexus/Taler.kt
@@ -478,7 +478,7 @@ private fun getCurrency(facadeName: String): String {
     }
 }
 
-fun talerFacadeRoutes(route: Route, httpClient: HttpClient) {
+fun talerFacadeRoutes(route: Route) {
     route.get("/config") {
         val facadeId = ensureNonNull(call.parameters["fcid"])
         call.request.requirePermission(
diff --git a/nexus/src/main/kotlin/tech/libeufin/nexus/ebics/EbicsNexus.kt 
b/nexus/src/main/kotlin/tech/libeufin/nexus/ebics/EbicsNexus.kt
index bfbfb37..37c710c 100644
--- a/nexus/src/main/kotlin/tech/libeufin/nexus/ebics/EbicsNexus.kt
+++ b/nexus/src/main/kotlin/tech/libeufin/nexus/ebics/EbicsNexus.kt
@@ -314,7 +314,7 @@ fun Route.ebicsBankConnectionRoutes(client: HttpClient) {
     }
 
     post("/download/{msgtype}") {
-        val orderType = 
requireNotNull(call.parameters["msgtype"]).toUpperCase(Locale.ROOT)
+        val orderType = 
requireNotNull(call.parameters["msgtype"]).uppercase(Locale.ROOT)
         if (orderType.length != 3) {
             throw NexusError(HttpStatusCode.BadRequest, "ebics order type must 
be three characters")
         }
diff --git a/nexus/src/main/kotlin/tech/libeufin/nexus/server/NexusServer.kt 
b/nexus/src/main/kotlin/tech/libeufin/nexus/server/NexusServer.kt
index 12fd7aa..f7e0295 100644
--- a/nexus/src/main/kotlin/tech/libeufin/nexus/server/NexusServer.kt
+++ b/nexus/src/main/kotlin/tech/libeufin/nexus/server/NexusServer.kt
@@ -119,22 +119,6 @@ fun ApplicationCall.expectUrlParameter(name: String): 
String {
         ?: throw NexusError(HttpStatusCode.BadRequest, "Parameter '$name' not 
provided in URI")
 }
 
-fun isValidResourceName(name: String): Boolean {
-    return name.matches(Regex("[a-z]([-a-z0-9]*[a-z0-9])?"))
-}
-
-fun requireValidResourceName(name: String): String {
-    if (!isValidResourceName(name)) {
-        throw NexusError(
-            HttpStatusCode.BadRequest,
-            "Invalid resource name. The first character must be a lowercase 
letter, " +
-                    "and all following characters (except for the last 
character) must be a dash, " +
-                    "lowercase letter, or digit. The last character must be a 
lowercase letter or digit."
-        )
-    }
-    return name
-}
-
 suspend inline fun <reified T : Any> ApplicationCall.receiveJson(): T {
     try {
         return this.receive()
@@ -1060,7 +1044,7 @@ fun serverMain(host: String, port: Int) {
                 }
             }
             route("/facades/{fcid}/taler-wire-gateway") {
-                talerFacadeRoutes(this, client)
+                talerFacadeRoutes(this)
             }
             route("/facades/{fcid}/anastasis") {
                 anastasisFacadeRoutes(this, client)
diff --git a/sandbox/src/main/kotlin/tech/libeufin/sandbox/Main.kt 
b/sandbox/src/main/kotlin/tech/libeufin/sandbox/Main.kt
index 109fa79..c60435b 100644
--- a/sandbox/src/main/kotlin/tech/libeufin/sandbox/Main.kt
+++ b/sandbox/src/main/kotlin/tech/libeufin/sandbox/Main.kt
@@ -99,9 +99,18 @@ class Superuser : CliktCommand("Add superuser or change pw") 
{
         execThrowableOrTerminate {
             dbCreateTables(getDbConnFromEnv(SANDBOX_DB_ENV_VAR_NAME))
         }
+        try {
+            requireValidResourceName(username)
+        } catch (e: UtilError) {
+            println(e) // Gives instructions about the allowed format.
+            exitProcess(1)
+        }
         transaction {
+            val user = SandboxUserEntity.find {
+                SandboxUsersTable.username eq username
+            }.firstOrNull()
+
             val hashedPw = CryptoUtil.hashpw(password)
-            val user = SandboxUserEntity.find { SandboxUsersTable.username eq 
username }.firstOrNull()
             if (user == null) {
                 SandboxUserEntity.new {
                     this.username = this@Superuser.username
diff --git a/util/src/main/kotlin/HTTP.kt b/util/src/main/kotlin/HTTP.kt
index 045e92a..4d53547 100644
--- a/util/src/main/kotlin/HTTP.kt
+++ b/util/src/main/kotlin/HTTP.kt
@@ -32,9 +32,9 @@ fun extractUserAndPassword(authorizationHeader: String): 
Pair<String, String> {
         // FIXME/note: line below doesn't check for "Basic" presence.
         val split = authorizationHeader.split(" ")
         val plainUserAndPass = String(base64ToBytes(split[1]), Charsets.UTF_8)
-        val ret = plainUserAndPass.split(":")
-        if (ret.size != 2) throw java.lang.Exception(
-            "HTTP Basic auth line does not contain username and (only) 
password"
+        val ret = plainUserAndPass.split(":", limit = 2)
+        if (ret.size < 2) throw java.lang.Exception(
+            "HTTP Basic auth line does not contain username and password"
         )
         ret
     } catch (e: Exception) {
diff --git a/util/src/main/kotlin/strings.kt b/util/src/main/kotlin/strings.kt
index e3f6565..e44b9a2 100644
--- a/util/src/main/kotlin/strings.kt
+++ b/util/src/main/kotlin/strings.kt
@@ -148,4 +148,39 @@ private val ibanRegex = 
Regex("^[A-Z]{2}[0-9]{2}[a-zA-Z0-9]{1,30}$")
 
 fun validateIban(iban: String): Boolean {
     return ibanRegex.matches(iban)
+}
+
+fun isValidResourceName(name: String): Boolean {
+    return name.matches(Regex("[a-z]([-a-z0-9]*[a-z0-9])?"))
+}
+
+fun requireValidResourceName(name: String): String {
+    if (!isValidResourceName(name)) {
+        throw UtilError(
+            HttpStatusCode.BadRequest,
+            "Invalid resource name. The first character must be a lowercase 
letter, " +
+                    "and all following characters (except for the last 
character) must be a dash, " +
+                    "lowercase letter, or digit. The last character must be a 
lowercase letter or digit.",
+            LibeufinErrorCode.LIBEUFIN_EC_GENERIC_PARAMETER_MALFORMED
+        )
+    }
+    return name
+}
+
+
+fun sanityCheckOrThrow(credentials: Pair<String, String>) {
+    if (!sanityCheckCredentials(credentials)) throw UtilError(
+        HttpStatusCode.BadRequest,
+        "Please only use alphanumeric credentials.",
+        LibeufinErrorCode.LIBEUFIN_EC_GENERIC_PARAMETER_MALFORMED
+    )
+}
+/**
+ * Sanity-check user's credentials.
+ */
+fun sanityCheckCredentials(credentials: Pair<String, String>): Boolean {
+    val allowedChars = Regex("^[a-zA-Z0-9]+$")
+    if (!allowedChars.matches(credentials.first)) return false
+    if (!allowedChars.matches(credentials.second)) return false
+    return true
 }
\ No newline at end of file

-- 
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]