Uploaded image for project: 'OpenOLAT'
  1. OpenOLAT
  2. OO-3603

RestAPI: syntax check for usernames is missing

    XMLWordPrintable

    Details

      Description

      Via RestAPI it's possible to create usernames with capitals or empty strings. This patch adds the syntax checking for usernames:

      diff --git a/src/main/java/org/olat/user/restapi/UserWebService.java b/src/main/java/org/olat/user/restapi/UserWebService.java
      index c4e2784..c3d7519 100644
      --- a/src/main/java/org/olat/user/restapi/UserWebService.java
      +++ b/src/main/java/org/olat/user/restapi/UserWebService.java
      @@ -255,6 +255,16 @@
       			return Response.serverError().status(Status.UNAUTHORIZED).build();
       		}
       		
      +		if (user.getLogin() == null || !UserManager.getInstance().syntaxCheckOlatLogin(user.getLogin())) {
      +			Locale locale = getLocale(request);
      +			Translator translator = Util.createPackageTranslator(UserShortDescription.class, locale);
      +			String translation = translator.translate("new.error.loginname.empty");
      +			ErrorVO[] errorVos = new ErrorVO[]{
      +				new ErrorVO("org.olat.admin.user", "new.error.loginname.empty", translation)
      +			};
      +			return Response.ok(errorVos).status(Status.NOT_ACCEPTABLE).build();
      +		}
      +			
       		// Check if login is still available
       		Identity identity = BaseSecurityManager.getInstance().findIdentityByName(user.getLogin());
       		if (identity != null) {
      

        Attachments

          Activity

            People

            • Assignee:
              srosse Stéphane Rossé
              Reporter:
              stephan Stephan Clemenz
              Tester:
              Mandy Menzel
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 35 minutes
                35m