diff options
| author | Bond-009 <bond.009@outlook.com> | 2025-02-20 12:04:43 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2025-02-20 12:04:43 +0100 |
| commit | 51e0ce7ea4cdbaf3f6b0edfc9a3440b56077cc85 (patch) | |
| tree | 2b14670c82cb977aecf4373ec8c62e174ec2c426 | |
| parent | 0dbd875dd0586eeeb15cf762d0b19dd41c45e67c (diff) | |
| parent | 84450bb2972c00307c9eb17111df35a9316de4af (diff) | |
Merge pull request #13556 from Jxiced/master
Don't allow usernames to have leading or trailing spaces
| -rw-r--r-- | Jellyfin.Server.Implementations/Users/UserManager.cs | 2 | ||||
| -rw-r--r-- | tests/Jellyfin.Server.Implementations.Tests/Users/UserManagerTests.cs | 4 |
2 files changed, 5 insertions, 1 deletions
diff --git a/Jellyfin.Server.Implementations/Users/UserManager.cs b/Jellyfin.Server.Implementations/Users/UserManager.cs index c7ae0f4db..fba8923f8 100644 --- a/Jellyfin.Server.Implementations/Users/UserManager.cs +++ b/Jellyfin.Server.Implementations/Users/UserManager.cs @@ -113,7 +113,7 @@ namespace Jellyfin.Server.Implementations.Users // This is some regex that matches only on unicode "word" characters, as well as -, _ and @ // In theory this will cut out most if not all 'control' characters which should help minimize any weirdness // Usernames can contain letters (a-z + whatever else unicode is cool with), numbers (0-9), at-signs (@), dashes (-), underscores (_), apostrophes ('), periods (.) and spaces ( ) - [GeneratedRegex(@"^[\w\ \-'._@+]+$")] + [GeneratedRegex(@"^(?!\s)[\w\ \-'._@+]+(?<!\s)$")] private static partial Regex ValidUsernameRegex(); /// <inheritdoc/> diff --git a/tests/Jellyfin.Server.Implementations.Tests/Users/UserManagerTests.cs b/tests/Jellyfin.Server.Implementations.Tests/Users/UserManagerTests.cs index 665afe111..4cea53bd3 100644 --- a/tests/Jellyfin.Server.Implementations.Tests/Users/UserManagerTests.cs +++ b/tests/Jellyfin.Server.Implementations.Tests/Users/UserManagerTests.cs @@ -23,6 +23,10 @@ namespace Jellyfin.Server.Implementations.Tests.Users [InlineData(" ")] [InlineData("")] [InlineData("special characters like & $ ? are not allowed")] + [InlineData("thishasaspaceontheend ")] + [InlineData(" thishasaspaceatthestart")] + [InlineData(" thishasaspaceatbothends ")] + [InlineData(" this has a space at both ends and inbetween ")] public void ThrowIfInvalidUsername_WhenInvalidUsername_ThrowsArgumentException(string username) { Assert.Throws<ArgumentException>(() => UserManager.ThrowIfInvalidUsername(username)); |