Adds username validation for socketio event handler as well

2025-02-02 09:35:33 -05:00 · 2021-11-14 23:28:17 +05:30 · 2021-11-14 23:28:17 +05:30 · 6429392a40
commit 6429392a40
parent 2a7c3d6867
2 changed files with 28 additions and 18 deletions
--- a/cli/onionshare_cli/resources/static/js/chat.js
+++ b/cli/onionshare_cli/resources/static/js/chat.js
@ -93,6 +93,8 @@ var updateUsername = function (socket) {
      console.log(response);
      if (response.success && response.username == username) {
        socket.emit('update_username', { username: username });
      } else {
        addStatusMessage("Failed to updated username.")
      }
    });
    return username;
--- a/cli/onionshare_cli/web/chat_mode.py
+++ b/cli/onionshare_cli/web/chat_mode.py
@ -47,6 +47,13 @@ class ChatModeWeb:
        self.define_routes()
    def validate_username(self, username):
        return (
            username
            and username not in self.connected_users
            and len(username) < 128
        )
    def define_routes(self):
        """
        The web app routes for chatting
@ -78,11 +85,7 @@ class ChatModeWeb:
        def update_session_username():
            history_id = self.cur_history_id
            data = request.get_json()
-            if (
+            if self.validate_username(data.get("username", "")):
                data.get("username", "")
                and data.get("username", "") not in self.connected_users
                and len(data.get("username", "")) < 128
            ):
                session["name"] = data.get("username", session.get("name"))
                self.web.add_request(
                    request.path,
@ -141,7 +144,7 @@ class ChatModeWeb:
            """Sent by a client when the user updates their username.
            The message is sent to all people in the server."""
            current_name = session.get("name")
-            if message.get("username", ""):
+            if self.validate_username(message.get("username", "")):
                session["name"] = message["username"]
                self.connected_users[
                    self.connected_users.index(current_name)
@ -158,6 +161,11 @@ class ChatModeWeb:
                    },
                    broadcast=True,
                )
            else:
                emit(
                    "status",
                    {"msg": "Failed to update username."},
                )
        @self.web.socketio.on("disconnect", namespace="/chat")
        def disconnect():