kotovalexarian-likes-gitlab
/
gitlab-org--gitlab-foss
1
0
Fork 0
Code Releases Activity

Correct namespace validation to forbid bad names #21077 

Adds .git and .atom to the master namespace regex
Updates existing group tests and adds two new ones
Updates path cleaning to also forbid .atom
This commit is contained in:
Will Starms 2016-08-25 11:48:08 -05:00
parent c901936a82
commit 4f1de5faac
5 changed files with 41 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG
View File

@ -30,6 +30,7 @@ v 8.13.0 (unreleased)
- Allow the Koding integration to be configured through the API - Allow the Koding integration to be configured through the API
- Add new issue button to each list on Issues Board - Add new issue button to each list on Issues Board
- Added soft wrap button to repository file/blob editor - Added soft wrap button to repository file/blob editor
- Update namespace validation to forbid reserved names (.git and .atom) (Will Starms)
- Add word-wrap to issue title on issue and milestone boards (ClemMakesApps) - Add word-wrap to issue title on issue and milestone boards (ClemMakesApps)
- Fix todos page mobile viewport layout (ClemMakesApps) - Fix todos page mobile viewport layout (ClemMakesApps)
- Fix inconsistent highlighting of already selected activity nav-links (ClemMakesApps) - Fix inconsistent highlighting of already selected activity nav-links (ClemMakesApps)

14
app/models/namespace.rb
View File

@ -61,15 +61,13 @@ class Namespace < ActiveRecord::Base
def clean_path(path) def clean_path(path)
path = path.dup path = path.dup
# Get the email username by removing everything after an `@` sign. # Get the email username by removing everything after an `@` sign.
path.gsub!(/@.*\z/, "") path.gsub!(/@.*\z/, "")
# Usernames can't end in .git, so remove it.
path.gsub!(/\.git\z/, "")
# Remove dashes at the start of the username.
path.gsub!(/\A-+/, "")
# Remove periods at the end of the username.
path.gsub!(/\.+\z/, "")
# Remove everything that's not in the list of allowed characters. # Remove everything that's not in the list of allowed characters.
path.gsub!(/[^a-zA-Z0-9_\-\.]/, "") path.gsub!(/[^a-zA-Z0-9_\-\.]/, "")
# Remove trailing violations ('.atom', '.git', or '.')
path.gsub!(/(\.atom|\.git|\.)*\z/, "")
# Remove leading violations ('-')
path.gsub!(/\A\-+/, "")
# Users with the great usernames of "." or ".." would end up with a blank username. # Users with the great usernames of "." or ".." would end up with a blank username.
# Work around that by setting their username to "blank", followed by a counter. # Work around that by setting their username to "blank", followed by a counter.

4
lib/gitlab/regex.rb
View File

@ -2,7 +2,7 @@ module Gitlab
module Regex module Regex
extend self extend self
NAMESPACE_REGEX_STR = '(?:[a-zA-Z0-9_\.][a-zA-Z0-9_\-\.]*[a-zA-Z0-9_\-]|[a-zA-Z0-9_])'.freeze NAMESPACE_REGEX_STR = '(?:[a-zA-Z0-9_\.][a-zA-Z0-9_\-\.]*[a-zA-Z0-9_\-]|[a-zA-Z0-9_])(?<!\.git|\.atom)'.freeze
def namespace_regex def namespace_regex
@namespace_regex ||= /\A#{NAMESPACE_REGEX_STR}\z/.freeze @namespace_regex ||= /\A#{NAMESPACE_REGEX_STR}\z/.freeze
@ -10,7 +10,7 @@ module Gitlab
def namespace_regex_message def namespace_regex_message
"can contain only letters, digits, '_', '-' and '.'. " \ "can contain only letters, digits, '_', '-' and '.'. " \
"Cannot start with '-' or end in '.'." \ "Cannot start with '-' or end in '.', '.git' or '.atom'." \
end end
def namespace_name_regex def namespace_name_regex

32
spec/features/groups_spec.rb
View File

@ -5,6 +5,12 @@ feature 'Group', feature: true do
login_as(:admin) login_as(:admin)
end end
matcher :have_namespace_error_message do
match do |page|
page.has_content?("Path can contain only letters, digits, '_', '-' and '.'. Cannot start with '-' or end in '.', '.git' or '.atom'.")
end
end
describe 'creating a group with space in group path' do describe 'creating a group with space in group path' do
it 'renders new group form with validation errors' do it 'renders new group form with validation errors' do
visit new_group_path visit new_group_path
@ -13,7 +19,31 @@ feature 'Group', feature: true do
click_button 'Create group' click_button 'Create group'
expect(current_path).to eq(groups_path) expect(current_path).to eq(groups_path)
expect(page).to have_content("Path can contain only letters, digits, '_', '-' and '.'. Cannot start with '-' or end in '.'.") expect(page).to have_namespace_error_message
end
end
describe 'creating a group with .atom at end of group path' do
it 'renders new group form with validation errors' do
visit new_group_path
fill_in 'Group path', with: 'atom_group.atom'
click_button 'Create group'
expect(current_path).to eq(groups_path)
expect(page).to have_namespace_error_message
end
end
describe 'creating a group with .git at end of group path' do
it 'renders new group form with validation errors' do
visit new_group_path
fill_in 'Group path', with: 'git_group.git'
click_button 'Create group'
expect(current_path).to eq(groups_path)
expect(page).to have_namespace_error_message
end end
end end

1
spec/models/namespace_spec.rb
View File

@ -114,6 +114,7 @@ describe Namespace, models: true do
it "cleans the path and makes sure it's available" do it "cleans the path and makes sure it's available" do
expect(Namespace.clean_path("-john+gitlab-ETC%.git@gmail.com")).to eq("johngitlab-ETC2") expect(Namespace.clean_path("-john+gitlab-ETC%.git@gmail.com")).to eq("johngitlab-ETC2")
expect(Namespace.clean_path("--%+--valid_*&%name=.git.%.atom.atom.@email.com")).to eq("valid_name")
end end
end end
end end