Prevent usernames in Chat mode of length 128 chars or more

2025-05-02 14:36:15 -04:00 · 2021-05-14 10:44:14 +10:00 · 2021-05-14 10:44:14 +10:00 · 00473eaef6
commit 00473eaef6
parent b2d57ff787
4 changed files with 58 additions and 13 deletions
--- a/cli/onionshare_cli/resources/static/js/chat.js
+++ b/cli/onionshare_cli/resources/static/js/chat.js
@ -88,7 +88,7 @@ var emitMessage = function (socket) {

 var updateUsername = function (socket) {
  var username = $('#username').val();
-  if (!checkUsernameExists(username)) {
+  if (!checkUsernameExists(username) && !checkUsernameLength(username)) {
    $.ajax({
      method: 'POST',
      url: `http://${document.domain}:${location.port}/update-session-username`,
@ -133,6 +133,15 @@ var checkUsernameExists = function (username) {
  return false;
 }

+var checkUsernameLength = function (username) {
+  $('#username-error').text('');
+  if (username.length > 128) {
+    $('#username-error').text('Please choose a shorter username.');
+    return true;
+  }
+  return false;
+}
+
 var getScrollDiffBefore = function () {
  return $('#chat').scrollTop() - ($('#chat')[0].scrollHeight - $('#chat')[0].offsetHeight);
 }
--- a/cli/onionshare_cli/resources/templates/chat.html
+++ b/cli/onionshare_cli/resources/templates/chat.html
@ -23,6 +23,7 @@
  <div class="chat-container no-js">
    <div class="chat-users">
      <div class="editable-username">
+        <p>Your username:</p>
        <input id="username" value="{{ username }}" />
        <p id="username-error"></p>
      </div>
@ -43,4 +44,4 @@
  <script async src="{{ static_url_path }}/js/chat.js"></script>
 </body>

-</html>
+</html>
--- a/cli/onionshare_cli/web/chat_mode.py
+++ b/cli/onionshare_cli/web/chat_mode.py
@ -79,20 +79,33 @@ class ChatModeWeb:
            if (
                data.get("username", "")
                and data.get("username", "") not in self.connected_users
+                and len(data.get("username", "")) < 128
            ):
                session["name"] = data.get("username", session.get("name"))
-            self.web.add_request(
-                request.path,
-                {"id": history_id, "status_code": 200},
-            )
-
-            self.web.add_request(self.web.REQUEST_LOAD, request.path)
-            r = make_response(
-                jsonify(
-                    username=session.get("name"),
-                    success=True,
+                self.web.add_request(
+                    request.path,
+                    {"id": history_id, "status_code": 200},
+                )
+
+                self.web.add_request(self.web.REQUEST_LOAD, request.path)
+                r = make_response(
+                    jsonify(
+                        username=session.get("name"),
+                        success=True,
+                    )
+                )
+            else:
+                self.web.add_request(
+                    request.path,
+                    {"id": history_id, "status_code": 403},
+                )
+
+                r = make_response(
+                    jsonify(
+                        username=session.get("name"),
+                        success=False,
+                    )
                )
-            )
            return self.web.add_security_headers(r)

        @self.web.socketio.on("joined", namespace="/chat")