cerebrate-project
/
cerebrate
mirror of https://github.com/cerebrate-project/cerebrate
1
0
Fork 0
Code Issues Releases Wiki Activity

fix: [validation] Tightened the validation rules for users to avoid 500 errors when the requirements are not met 

- ensure that username is unique
- (optional) ensure that individual->user assignment is unique
- (optional) ensure that usernames are e-mail addresses

- As reported by Matúš Mikuláš, Adam Gajdošík, Milan Pikula of SK-CERT
develop-unstable
iglocska 2023-01-03 15:03:06 +01:00
parent da2f904554
commit e0f92aa8e0
No known key found for this signature in database
GPG Key ID: BEA224F1FEF113AC
2 changed files with 29 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
src/Model/Table/SettingProviders/CerebrateSettingsProvider.php
View File

@ -328,6 +328,24 @@ class CerebrateSettingsProvider extends BaseSettingsProvider
], ],
] ]
], ],
'Users' => [
'Users' => [
'Settings' => [
'user.multiple-users-per-individual' => [
'name' => __('Multiple users per individual'),
'type' => 'boolean',
'description' => __('Allow for multiple user accounts to be assigned to a single user account. This setting will automatically be restricted when using KeyCloak.'),
'default' => false
],
'user.username-must-be-email' => [
'name' => __('Usernames must be e-mail addresses'),
'type' => 'boolean',
'description' => __('This setting will enforce that usernames conform to basic requirements of e-mail addresses.'),
'default' => false
]
]
]
]
/* /*
'Features' => [ 'Features' => [
'Demo Settings' => [ 'Demo Settings' => [

11
src/Model/Table/UsersTable.php
View File

@ -175,11 +175,22 @@ class UsersTable extends AppTable
]) ])
->requirePresence(['username'], 'create') ->requirePresence(['username'], 'create')
->notEmptyString('username', __('Please fill this field'), 'create'); ->notEmptyString('username', __('Please fill this field'), 'create');
if (Configure::read('user.username-must-be-email')) {
$validator->add('username', 'valid_email', [
'rule' => 'email',
'message' => 'Username has to be a valid e-mail address.'
]);
}
return $validator; return $validator;
} }
public function buildRules(RulesChecker $rules): RulesChecker public function buildRules(RulesChecker $rules): RulesChecker
{ {
$rules->add($rules->isUnique(['username']));
$allowDuplicateIndividuals = false;
if (empty(Configure::read('user.multiple-users-per-individual')) || !empty(Configure::read('keycloak.enabled'))) {
$rules->add($rules->isUnique(['individual_id']));
}
return $rules; return $rules;
} }