Merge pull request #4756 from zyhfish/task/fix-4752

Fix #4752: validate the username and email.
oqtane · Oct 24, 2024 · 6719d24 · 6719d24
2 parents 992a786 + 3565185
commit 6719d24
Show file tree

Hide file tree

Showing 8 changed files with 167 additions and 102 deletions.
diff --git a/Oqtane.Client/Installer/Installer.razor b/Oqtane.Client/Installer/Installer.razor
@@ -156,129 +156,130 @@
     private List<SiteTemplate> _templates;
     private string _template = Constants.DefaultSiteTemplate;
     private bool _register = true;
-	private string _message = string.Empty;
-	private string _loadingDisplay = "display: none;";
+    private string _message = string.Empty;
+    private string _loadingDisplay = "display: none;";
 
-	protected override async Task OnInitializedAsync()
-	{
+    protected override async Task OnInitializedAsync()
+    {
         // include CSS
         var content = $"<link rel=\"stylesheet\" href=\"{Constants.BootstrapStylesheetUrl}\" integrity=\"{Constants.BootstrapStylesheetIntegrity}\" crossorigin=\"anonymous\" type=\"text/css\"/>";
         SiteState.AppendHeadContent(content);
 
         _togglePassword = SharedLocalizer["ShowPassword"];
-		_toggleConfirmPassword = SharedLocalizer["ShowPassword"];
+        _toggleConfirmPassword = SharedLocalizer["ShowPassword"];
 
-		_databases = await DatabaseService.GetDatabasesAsync();
-		if (_databases.Exists(item => item.IsDefault))
-		{
-			_databaseName = _databases.Find(item => item.IsDefault).Name;
-		}
-		else
-		{
-			_databaseName = "LocalDB";
-		}
-		LoadDatabaseConfigComponent();
+        _databases = await DatabaseService.GetDatabasesAsync();
+        if (_databases.Exists(item => item.IsDefault))
+        {
+            _databaseName = _databases.Find(item => item.IsDefault).Name;
+        }
+        else
+        {
+            _databaseName = "LocalDB";
+        }
+        LoadDatabaseConfigComponent();
 
         _templates = await SiteTemplateService.GetSiteTemplatesAsync();
     }
 
-	private void DatabaseChanged(ChangeEventArgs eventArgs)
-	{
-		try
-		{
-			_databaseName = (string)eventArgs.Value;
-			_showConnectionString = false;
-			LoadDatabaseConfigComponent();
-		}
-		catch
-		{
-			_message = Localizer["Error.DbConfig.Load"];
-		}
-	}
+    private void DatabaseChanged(ChangeEventArgs eventArgs)
+    {
+        try
+        {
+            _databaseName = (string)eventArgs.Value;
+            _showConnectionString = false;
+            LoadDatabaseConfigComponent();
+        }
+        catch
+        {
+            _message = Localizer["Error.DbConfig.Load"];
+        }
+    }
 
-	private void LoadDatabaseConfigComponent()
-	{
-		var database = _databases.SingleOrDefault(d => d.Name == _databaseName);
-		if (database != null)
-		{
-			_databaseConfigType = Type.GetType(database.ControlType);
-			DatabaseConfigComponent = builder =>
-			{
-				builder.OpenComponent(0, _databaseConfigType);
-				builder.AddComponentReferenceCapture(1, inst => { _databaseConfig = Convert.ChangeType(inst, _databaseConfigType); });
-				builder.CloseComponent();
-			};
-		}
-	}
+    private void LoadDatabaseConfigComponent()
+    {
+        var database = _databases.SingleOrDefault(d => d.Name == _databaseName);
+        if (database != null)
+        {
+            _databaseConfigType = Type.GetType(database.ControlType);
+            DatabaseConfigComponent = builder =>
+            {
+                builder.OpenComponent(0, _databaseConfigType);
+                builder.AddComponentReferenceCapture(1, inst => { _databaseConfig = Convert.ChangeType(inst, _databaseConfigType); });
+                builder.CloseComponent();
+            };
+        }
+    }
 
-	protected override async Task OnAfterRenderAsync(bool firstRender)
-	{
-		if (firstRender)
-		{
+    protected override async Task OnAfterRenderAsync(bool firstRender)
+    {
+        if (firstRender)
+        {
             // include JavaScript
-			var interop = new Interop(JSRuntime);
+            var interop = new Interop(JSRuntime);
             await interop.IncludeScript("", Constants.BootstrapScriptUrl, Constants.BootstrapScriptIntegrity, "anonymous", "", "head");
-		}
-	}
+        }
+    }
 
-	private async Task Install()
-	{
-		var connectionString = String.Empty;
-		if (_showConnectionString)
-		{
-			connectionString = _connectionString;
-		}
-		else
-		{
-			if (_databaseConfig is IDatabaseConfigControl databaseConfigControl)
-			{
-				connectionString = databaseConfigControl.GetConnectionString();
-			}
-		}
+    private async Task Install()
+    {
+        var connectionString = String.Empty;
+        if (_showConnectionString)
+        {
+            connectionString = _connectionString;
+        }
+        else
+        {
+            if (_databaseConfig is IDatabaseConfigControl databaseConfigControl)
+            {
+                connectionString = databaseConfigControl.GetConnectionString();
+            }
+        }
 
-		if (connectionString != "" && !string.IsNullOrEmpty(_hostUsername) && !string.IsNullOrEmpty(_hostPassword) && _hostPassword == _confirmPassword && !string.IsNullOrEmpty(_hostEmail) && _hostEmail.Contains("@"))
-		{
-			if (await UserService.ValidatePasswordAsync(_hostPassword))
-			{
-				_loadingDisplay = "";
-				StateHasChanged();
+        if (connectionString != "" && !string.IsNullOrEmpty(_hostUsername) && !string.IsNullOrEmpty(_hostPassword) && _hostPassword == _confirmPassword && !string.IsNullOrEmpty(_hostEmail) && _hostEmail.Contains("@"))
+        {
+            var result = await UserService.ValidateUserAsync(_hostUsername, _hostEmail, _hostPassword);
+            if (result.Succeeded)
+            {
+                _loadingDisplay = "";
+                StateHasChanged();
 
-				Uri uri = new Uri(NavigationManager.Uri);
+                Uri uri = new Uri(NavigationManager.Uri);
 
-				var database = _databases.SingleOrDefault(d => d.Name == _databaseName);
+                var database = _databases.SingleOrDefault(d => d.Name == _databaseName);
 
-				var config = new InstallConfig
-				{
-					DatabaseType = database.DBType,
-					ConnectionString = connectionString,
-					Aliases = uri.Authority,
-					HostUsername = _hostUsername,
-					HostPassword = _hostPassword,
-					HostEmail = _hostEmail,
-					HostName = _hostUsername,
-					TenantName = TenantNames.Master,
-					IsNewTenant = true,
-					SiteName = Constants.DefaultSite,
-					Register = _register,
-                    SiteTemplate = _template,
-                    RenderMode = RenderModes.Static,
-                    Runtime = Runtimes.Server
-                };
+                var config = new InstallConfig
+                    {
+                        DatabaseType = database.DBType,
+                        ConnectionString = connectionString,
+                        Aliases = uri.Authority,
+                        HostUsername = _hostUsername,
+                        HostPassword = _hostPassword,
+                        HostEmail = _hostEmail,
+                        HostName = _hostUsername,
+                        TenantName = TenantNames.Master,
+                        IsNewTenant = true,
+                        SiteName = Constants.DefaultSite,
+                        Register = _register,
+                        SiteTemplate = _template,
+                        RenderMode = RenderModes.Static,
+                        Runtime = Runtimes.Server
+                    };
 
-				var installation = await InstallationService.Install(config);
-				if (installation.Success)
-				{
-					NavigationManager.NavigateTo(uri.Scheme + "://" + uri.Authority, true);
-				}
-				else
-				{
-					_message = installation.Message;
-					_loadingDisplay = "display: none;";
-				}				
-			}
-			else
-			{
-				_message = Localizer["Message.Password.Invalid"];				
+                var installation = await InstallationService.Install(config);
+                if (installation.Success)
+                {
+                    NavigationManager.NavigateTo(uri.Scheme + "://" + uri.Authority, true);
+                }
+                else
+                {
+                    _message = installation.Message;
+                    _loadingDisplay = "display: none;";
+                }
+            }
+            else
+            {
+                _message = string.Join("<br />", result.Errors.Select(i => !string.IsNullOrEmpty(i.Value) ? i.Value : Localizer[i.Key]));
 			}
 		}
 		else

diff --git a/Oqtane.Client/Resources/Installer/Installer.resx b/Oqtane.Client/Resources/Installer/Installer.resx
@@ -183,4 +183,7 @@
   <data name="Template" xml:space="preserve">
     <value>Select a site template</value>
   </data>
+  <data name="Message.Username.Invalid" xml:space="preserve">
+    <value>The Username Provided Does Not Meet The System Requirement, It Can Only Contains Letters Or Digits.</value>
+  </data>
 </root>
diff --git a/Oqtane.Client/Services/Interfaces/IUserService.cs b/Oqtane.Client/Services/Interfaces/IUserService.cs
@@ -113,6 +113,15 @@ public interface IUserService
         /// <returns></returns>
         Task<User> VerifyTwoFactorAsync(User user, string token);
 
+        /// <summary>
+        /// Validate identity user info.
+        /// </summary>
+        /// <param name="username"></param>
+        /// <param name="email"></param>
+        /// <param name="password"></param>
+        /// <returns></returns>
+        Task<UserValidateResult> ValidateUserAsync(string username, string email, string password);
+
         /// <summary>
         /// Validate a users password against the password policy 
         /// </summary>

diff --git a/Oqtane.Client/Services/UserService.cs b/Oqtane.Client/Services/UserService.cs
@@ -89,6 +89,11 @@ public async Task<User> VerifyTwoFactorAsync(User user, string token)
             return await PostJsonAsync<User>($"{Apiurl}/twofactor?token={token}", user);
         }
 
+        public async Task<UserValidateResult> ValidateUserAsync(string username, string email, string password)
+        {
+            return await GetJsonAsync<UserValidateResult>($"{Apiurl}/validateuser?username={WebUtility.UrlEncode(username)}&email={WebUtility.UrlEncode(email)}&password={WebUtility.UrlEncode(password)}");
+        }
+
         public async Task<bool> ValidatePasswordAsync(string password)
         {
             return await GetJsonAsync<bool>($"{Apiurl}/validate/{WebUtility.UrlEncode(password)}");

diff --git a/Oqtane.Server/Controllers/UserController.cs b/Oqtane.Server/Controllers/UserController.cs
@@ -347,6 +347,13 @@ public async Task<User> Link([FromBody] User user, string token, string type, st
             return user;
         }
 
+        // GET api/<controller>/validate/x
+        [HttpGet("validateuser")]
+        public async Task<UserValidateResult> ValidateUser(string username, string email, string password)
+        {
+            return await _userManager.ValidateUser(username, email, password);
+        }
+
         // GET api/<controller>/validate/x
         [HttpGet("validate/{password}")]
         public async Task<bool> Validate(string password)

diff --git a/Oqtane.Server/Managers/Interfaces/IUserManager.cs b/Oqtane.Server/Managers/Interfaces/IUserManager.cs
@@ -19,6 +19,7 @@ public interface IUserManager
         Task<User> ResetPassword(User user, string token);
         User VerifyTwoFactor(User user, string token);
         Task<User> LinkExternalAccount(User user, string token, string type, string key, string name);
+        Task<UserValidateResult> ValidateUser(string username, string email, string password);
         Task<bool> ValidatePassword(string password);
         Task<Dictionary<string, string>> ImportUsers(int siteId, string filePath, bool notify);
     }

diff --git a/Oqtane.Server/Managers/UserManager.cs b/Oqtane.Server/Managers/UserManager.cs
@@ -540,6 +540,30 @@ public async Task<User> LinkExternalAccount(User user, string token, string type
             return user;
         }
 
+        public async Task<UserValidateResult> ValidateUser(string username, string email, string password)
+        {
+            var validateResult = new UserValidateResult { Succeeded = true };
+
+            //validate username
+            var allowedChars = _identityUserManager.Options.User.AllowedUserNameCharacters;
+            if (string.IsNullOrWhiteSpace(username) || (!string.IsNullOrEmpty(allowedChars) && username.Any(c => !allowedChars.Contains(c))))
+            {
+                validateResult.Succeeded = false;
+                validateResult.Errors.Add("Message.Username.Invalid", string.Empty);
+            }
+
+            //validate password
+            var passwordValidator = new PasswordValidator<IdentityUser>();
+            var passwordResult = await passwordValidator.ValidateAsync(_identityUserManager, null, password);
+            if (!passwordResult.Succeeded)
+            {
+                validateResult.Succeeded = false;
+                validateResult.Errors.Add("Message.Password.Invalid", string.Empty);
+            }
+
+            return validateResult;
+        }
+
         public async Task<bool> ValidatePassword(string password)
         {
             var validator = new PasswordValidator<IdentityUser>();

diff --git a/Oqtane.Shared/Models/UserValidateResult.cs b/Oqtane.Shared/Models/UserValidateResult.cs
@@ -0,0 +1,15 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+
+namespace Oqtane.Models
+{
+    public class UserValidateResult
+    {
+        public bool Succeeded {  get; set; }
+
+        public IDictionary<string, string> Errors { get; set; } = new Dictionary<string, string>();
+    }
+}