nocebo/diaspora_federation
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge pull request #86 from denschub/diaspora-id-regex

Browse source 
Tighten the validation of diaspora* IDs
This commit is contained in:
Benjamin Neff 2017-09-13 13:15:44 +02:00
commit c32406f279
No known key found for this signature in database
GPG key ID: 971464C3F1A90194
2 changed files with 36 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

21
lib/diaspora_federation/validators/rules/diaspora_id.rb
View file

@ -4,19 +4,19 @@ module Validation
# #
# A simple rule to validate the base structure of diaspora* IDs. # A simple rule to validate the base structure of diaspora* IDs.
class DiasporaId class DiasporaId
# Maximum length of a full diaspora* ID
DIASPORA_ID_MAX_LENGTH = 255
# The Regex for a valid diaspora* ID # The Regex for a valid diaspora* ID
DIASPORA_ID_REGEX = begin DIASPORA_ID_REGEX = begin
letter = "a-zA-Z" username = "[[:lower:]\\d\\-\\.\\_]+"
digit = "0-9" hostname_part = "[[:lower:]\\d\\-]"
hexadecimal = "[a-fA-F#{digit}]"
username = "[#{letter}#{digit}\\-\\_\\.]+"
hostname_part = "[#{letter}#{digit}\\-]"
hostname = "#{hostname_part}+(?:[.]#{hostname_part}*)*" hostname = "#{hostname_part}+(?:[.]#{hostname_part}*)*"
ipv4 = "(?:[#{digit}]{1,3}\\.){3}[#{digit}]{1,3}" ipv4 = "(?:[\\d]{1,3}\\.){3}[\\d]{1,3}"
ipv6 = "\\[(?:#{hexadecimal}{0,4}:){0,7}#{hexadecimal}{1,4}\\]" ipv6 = "\\[(?:[[:xdigit:]]{0,4}:){0,7}[[:xdigit:]]{1,4}\\]"
ip_addr = "(?:#{ipv4}|#{ipv6})" ip_addr = "(?:#{ipv4}|#{ipv6})"
domain = "(?:#{hostname}|#{ip_addr})" domain = "(?:#{hostname}|#{ip_addr})"
port = "(?::[#{digit}]+)?" port = "(?::[\\d]+)?"
"#{username}\\@#{domain}#{port}" "#{username}\\@#{domain}#{port}"
end end
@ -32,7 +32,10 @@ module Validation
# Determines if value is a valid diaspora* ID # Determines if value is a valid diaspora* ID
def valid_value?(value) def valid_value?(value)
value.is_a?(String) && value =~ DIASPORA_ID return false unless value.is_a?(String)
return false if value.length > DIASPORA_ID_MAX_LENGTH
value =~ DIASPORA_ID
end end
# This rule has no params. # This rule has no params.

24
spec/lib/diaspora_federation/validators/rules/diaspora_id_spec.rb
View file

@ -83,6 +83,30 @@ describe Validation::Rule::DiasporaId do
expect(validator.errors).to include(:diaspora_id) expect(validator.errors).to include(:diaspora_id)
end end
it "fails if the diaspora* ID contains uppercase characters in the username" do
validator = Validation::Validator.new(OpenStruct.new(diaspora_id: "SOME_USER@example.com"))
validator.rule(:diaspora_id, :diaspora_id)
expect(validator).not_to be_valid
expect(validator.errors).to include(:diaspora_id)
end
it "fails if the diaspora* ID contains uppercase characters in the domain-name" do
validator = Validation::Validator.new(OpenStruct.new(diaspora_id: "some_user@EXAMPLE.com"))
validator.rule(:diaspora_id, :diaspora_id)
expect(validator).not_to be_valid
expect(validator.errors).to include(:diaspora_id)
end
it "fails if the diaspora* ID is longer than 255 characters" do
validator = Validation::Validator.new(OpenStruct.new(diaspora_id: "#{'a' * 244}@example.com"))
validator.rule(:diaspora_id, :diaspora_id)
expect(validator).not_to be_valid
expect(validator.errors).to include(:diaspora_id)
end
it "fails for nil and empty" do it "fails for nil and empty" do
[nil, ""].each do |val| [nil, ""].each do |val|
validator = Validation::Validator.new(OpenStruct.new(diaspora_id: val)) validator = Validation::Validator.new(OpenStruct.new(diaspora_id: val))