Commit c79be5bb by Brittney Exline Committed by GitHub

Merge pull request #15929 from edx/bexline/clean_saml_usernames

ENT-619 Clean usernames coming from identity providers
parents c9ad66df 716a608f
...@@ -7,6 +7,7 @@ from __future__ import absolute_import ...@@ -7,6 +7,7 @@ from __future__ import absolute_import
import json import json
import logging import logging
import re
from config_models.models import ConfigurationModel, cache from config_models.models import ConfigurationModel, cache
from django.conf import settings from django.conf import settings
...@@ -65,6 +66,11 @@ def clean_json(value, of_type): ...@@ -65,6 +66,11 @@ def clean_json(value, of_type):
return json.dumps(value_python, indent=4) return json.dumps(value_python, indent=4)
def clean_username(username=''):
""" Simple helper method to ensure a username is compatible with our system requirements. """
return re.sub(r'[^-\w]+', '_', username)[:30]
class AuthNotConfigured(SocialAuthBaseException): class AuthNotConfigured(SocialAuthBaseException):
""" Exception when SAMLProviderData or other required info is missing """ """ Exception when SAMLProviderData or other required info is missing """
def __init__(self, provider_name): def __init__(self, provider_name):
...@@ -259,7 +265,7 @@ class ProviderConfig(ConfigurationModel): ...@@ -259,7 +265,7 @@ class ProviderConfig(ConfigurationModel):
# technically a data race between the creation of this value and the # technically a data race between the creation of this value and the
# creation of the user object, so it is still possible for users to get # creation of the user object, so it is still possible for users to get
# an error on submit. # an error on submit.
registration_form_data['username'] = pipeline_kwargs.get('username') registration_form_data['username'] = clean_username(pipeline_kwargs.get('username') or '')
# Any other values that are present in the details dict should be copied # Any other values that are present in the details dict should be copied
# into the registration form details. This may include details that do # into the registration form details. This may include details that do
......
...@@ -1117,14 +1117,19 @@ class RegistrationViewTest(ThirdPartyAuthTestMixin, UserAPITestCase): ...@@ -1117,14 +1117,19 @@ class RegistrationViewTest(ThirdPartyAuthTestMixin, UserAPITestCase):
) )
@ddt.data( @ddt.data(
('pk', 'PK'), ('pk', 'PK', 'Bob123', 'Bob123'),
('Pk', 'PK'), ('Pk', 'PK', None, ''),
('pK', 'PK'), ('pK', 'PK', 'Bob123@edx.org', 'Bob123_edx_org'),
('PK', 'PK'), ('PK', 'PK', 'Bob123123123123123123123123123123123123', 'Bob123123123123123123123123123'),
('us', 'US'), ('us', 'US', 'Bob-1231231&23123+1231(2312312312@3123123123', 'Bob-1231231_23123_1231_2312312'),
) )
@ddt.unpack @ddt.unpack
def test_register_form_third_party_auth_running_google(self, input_country_code, expected_country_code): def test_register_form_third_party_auth_running_google(
self,
input_country_code,
expected_country_code,
input_username,
expected_username):
no_extra_fields_setting = {} no_extra_fields_setting = {}
country_options = ( country_options = (
[ [
...@@ -1148,7 +1153,7 @@ class RegistrationViewTest(ThirdPartyAuthTestMixin, UserAPITestCase): ...@@ -1148,7 +1153,7 @@ class RegistrationViewTest(ThirdPartyAuthTestMixin, UserAPITestCase):
"openedx.core.djangoapps.user_api.api.third_party_auth.pipeline", "google-oauth2", "openedx.core.djangoapps.user_api.api.third_party_auth.pipeline", "google-oauth2",
email="bob@example.com", email="bob@example.com",
fullname="Bob", fullname="Bob",
username="Bob123", username=input_username,
country=input_country_code country=input_country_code
): ):
self._assert_password_field_hidden(no_extra_fields_setting) self._assert_password_field_hidden(no_extra_fields_setting)
...@@ -1194,7 +1199,7 @@ class RegistrationViewTest(ThirdPartyAuthTestMixin, UserAPITestCase): ...@@ -1194,7 +1199,7 @@ class RegistrationViewTest(ThirdPartyAuthTestMixin, UserAPITestCase):
no_extra_fields_setting, no_extra_fields_setting,
{ {
u"name": u"username", u"name": u"username",
u"defaultValue": u"Bob123", u"defaultValue": expected_username,
u"type": u"text", u"type": u"text",
u"required": True, u"required": True,
u"label": u"Public Username", u"label": u"Public Username",
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment