mirror of
https://github.com/onionshare/onionshare.git
synced 2025-01-25 22:15:57 -05:00
Prevent usernames in Chat mode of length 128 chars or more
This commit is contained in:
parent
b2d57ff787
commit
00473eaef6
@ -88,7 +88,7 @@ var emitMessage = function (socket) {
|
||||
|
||||
var updateUsername = function (socket) {
|
||||
var username = $('#username').val();
|
||||
if (!checkUsernameExists(username)) {
|
||||
if (!checkUsernameExists(username) && !checkUsernameLength(username)) {
|
||||
$.ajax({
|
||||
method: 'POST',
|
||||
url: `http://${document.domain}:${location.port}/update-session-username`,
|
||||
@ -133,6 +133,15 @@ var checkUsernameExists = function (username) {
|
||||
return false;
|
||||
}
|
||||
|
||||
var checkUsernameLength = function (username) {
|
||||
$('#username-error').text('');
|
||||
if (username.length > 128) {
|
||||
$('#username-error').text('Please choose a shorter username.');
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
var getScrollDiffBefore = function () {
|
||||
return $('#chat').scrollTop() - ($('#chat')[0].scrollHeight - $('#chat')[0].offsetHeight);
|
||||
}
|
||||
|
@ -23,6 +23,7 @@
|
||||
<div class="chat-container no-js">
|
||||
<div class="chat-users">
|
||||
<div class="editable-username">
|
||||
<p>Your username:</p>
|
||||
<input id="username" value="{{ username }}" />
|
||||
<p id="username-error"></p>
|
||||
</div>
|
||||
|
@ -79,20 +79,33 @@ class ChatModeWeb:
|
||||
if (
|
||||
data.get("username", "")
|
||||
and data.get("username", "") not in self.connected_users
|
||||
and len(data.get("username", "")) < 128
|
||||
):
|
||||
session["name"] = data.get("username", session.get("name"))
|
||||
self.web.add_request(
|
||||
request.path,
|
||||
{"id": history_id, "status_code": 200},
|
||||
)
|
||||
|
||||
self.web.add_request(self.web.REQUEST_LOAD, request.path)
|
||||
r = make_response(
|
||||
jsonify(
|
||||
username=session.get("name"),
|
||||
success=True,
|
||||
self.web.add_request(
|
||||
request.path,
|
||||
{"id": history_id, "status_code": 200},
|
||||
)
|
||||
|
||||
self.web.add_request(self.web.REQUEST_LOAD, request.path)
|
||||
r = make_response(
|
||||
jsonify(
|
||||
username=session.get("name"),
|
||||
success=True,
|
||||
)
|
||||
)
|
||||
else:
|
||||
self.web.add_request(
|
||||
request.path,
|
||||
{"id": history_id, "status_code": 403},
|
||||
)
|
||||
|
||||
r = make_response(
|
||||
jsonify(
|
||||
username=session.get("name"),
|
||||
success=False,
|
||||
)
|
||||
)
|
||||
)
|
||||
return self.web.add_security_headers(r)
|
||||
|
||||
@self.web.socketio.on("joined", namespace="/chat")
|
||||
|
@ -47,6 +47,27 @@ class TestChat(GuiBaseTest):
|
||||
self.assertTrue(jsonResponse["success"])
|
||||
self.assertEqual(jsonResponse["username"], "oniontest")
|
||||
|
||||
def change_username_too_long(self, tab):
|
||||
"""Test that we can't set our username to something 128 chars or longer"""
|
||||
url = f"http://127.0.0.1:{tab.app.port}/update-session-username"
|
||||
bad_username = "sduBB9yEMkyQpwkMM4A9nUbQwNUbPU2PQuJYN26zCQ4inELpB76J5i5oRUnD3ESVaE9NNE8puAtBj2DiqDaZdVqhV8MonyxSSGHRv87YgM5dzwBYPBxttoQSKZAUkFjo"
|
||||
data = {"username":bad_username}
|
||||
if tab.settings.get("general", "public"):
|
||||
r = requests.post(url, json=data)
|
||||
else:
|
||||
r = requests.post(
|
||||
url,
|
||||
json=data,
|
||||
auth=requests.auth.HTTPBasicAuth(
|
||||
"onionshare", tab.get_mode().server_status.web.password
|
||||
),
|
||||
)
|
||||
|
||||
QtTest.QTest.qWait(500, self.gui.qtapp)
|
||||
jsonResponse = r.json()
|
||||
self.assertFalse(jsonResponse["success"])
|
||||
self.assertNotEqual(jsonResponse["username"], bad_username)
|
||||
|
||||
def run_all_chat_mode_tests(self, tab):
|
||||
"""Tests in chat mode after starting a chat"""
|
||||
self.server_working_on_start_button_pressed(tab)
|
||||
@ -60,6 +81,7 @@ class TestChat(GuiBaseTest):
|
||||
self.server_status_indicator_says_started(tab)
|
||||
self.view_chat(tab)
|
||||
self.change_username(tab)
|
||||
self.change_username_too_long(tab)
|
||||
self.server_is_stopped(tab)
|
||||
self.web_server_is_stopped(tab)
|
||||
self.server_status_indicator_says_closed(tab)
|
||||
|
Loading…
x
Reference in New Issue
Block a user