From 10a89cb7900c84a76f92f63c1f92edb4e13912cb Mon Sep 17 00:00:00 2001 From: ivanm Date: Wed, 28 Feb 2024 13:32:17 +0100 Subject: [PATCH] refs #6827 Check usernames special characters --- back/methods/chat/spec/send.spec.js | 4 +-- db/dump/fixtures.before.sql | 26 +++++++++---------- .../account/procedures/user_checkName.sql | 2 +- .../10917-aquaPhormium/00-firstScript.sql | 9 +++++++ e2e/paths/02-client/01_create_client.spec.js | 2 +- .../02-client/07_edit_web_access.spec.js | 4 +-- e2e/paths/02-client/09_add_credit.spec.js | 2 +- e2e/paths/02-client/19_summary.spec.js | 2 +- e2e/paths/05-ticket/05_tracking_state.spec.js | 2 +- .../01_create_and_basic_data.spec.js | 4 +-- .../client/specs/createWithUser.spec.js | 6 ++--- .../client/back/models/specs/client.spec.js | 8 +++--- .../specs/activeWithInheritedRole.spec.js | 2 +- .../back/methods/worker/specs/new.spec.js | 2 +- 14 files changed, 42 insertions(+), 33 deletions(-) create mode 100644 db/versions/10917-aquaPhormium/00-firstScript.sql diff --git a/back/methods/chat/spec/send.spec.js b/back/methods/chat/spec/send.spec.js index e910f3fab..511f5fe80 100644 --- a/back/methods/chat/spec/send.spec.js +++ b/back/methods/chat/spec/send.spec.js @@ -3,14 +3,14 @@ const {models} = require('vn-loopback/server/server'); describe('Chat send()', () => { it('should return true as response', async() => { let ctx = {req: {accessToken: {userId: 1}}}; - let response = await models.Chat.send(ctx, '@salesPerson', 'I changed something'); + let response = await models.Chat.send(ctx, '@salesperson', 'I changed something'); expect(response).toEqual(true); }); it('should return false as response', async() => { let ctx = {req: {accessToken: {userId: 18}}}; - let response = await models.Chat.send(ctx, '@salesPerson', 'I changed something'); + let response = await models.Chat.send(ctx, '@salesperson', 'I changed something'); expect(response).toEqual(false); }); diff --git a/db/dump/fixtures.before.sql b/db/dump/fixtures.before.sql index 1d59c7ac0..1c20b46c1 100644 --- a/db/dump/fixtures.before.sql +++ b/db/dump/fixtures.before.sql @@ -81,7 +81,7 @@ INSERT INTO `account`.`roleConfig`(`id`, `mysqlPassword`, `rolePrefix`, `userPre CALL `account`.`role_sync`; INSERT INTO `account`.`user`(`id`,`name`, `nickname`, `role`,`active`,`email`, `lang`, `image`, `password`) - SELECT id, name, CONCAT(name, 'Nick'), id, 1, CONCAT(name, '@mydomain.com'), 'en', '4fa3ada0-3ac4-11eb-9ab8-27f6fc3b85fd', '$2b$10$UzQHth.9UUQ1T5aiQJ21lOU0oVlbxoqH4PFM9V8T90KNSAcg0eEL2' + SELECT id, LOWER(name), CONCAT(name, 'Nick'), id, 1, CONCAT(name, '@mydomain.com'), 'en', '4fa3ada0-3ac4-11eb-9ab8-27f6fc3b85fd', '$2b$10$UzQHth.9UUQ1T5aiQJ21lOU0oVlbxoqH4PFM9V8T90KNSAcg0eEL2' FROM `account`.`role` ORDER BY id; @@ -118,18 +118,18 @@ INSERT INTO `hedera`.`tpvConfig`(`id`, `currency`, `terminal`, `transactionType` INSERT INTO `account`.`user`(`id`,`name`,`nickname`, `password`,`role`,`active`,`email`,`lang`, `image`) VALUES - (1101, 'BruceWayne', 'Bruce Wayne', '$2b$10$UzQHth.9UUQ1T5aiQJ21lOU0oVlbxoqH4PFM9V8T90KNSAcg0eEL2', 2, 1, 'BruceWayne@mydomain.com', 'es', 'e7723f0b24ff05b32ed09d95196f2f29'), - (1102, 'PetterParker', 'Petter Parker', '$2b$10$UzQHth.9UUQ1T5aiQJ21lOU0oVlbxoqH4PFM9V8T90KNSAcg0eEL2', 2, 1, 'PetterParker@mydomain.com', 'en', 'e7723f0b24ff05b32ed09d95196f2f29'), - (1103, 'ClarkKent', 'Clark Kent', '$2b$10$UzQHth.9UUQ1T5aiQJ21lOU0oVlbxoqH4PFM9V8T90KNSAcg0eEL2', 2, 1, 'ClarkKent@mydomain.com', 'fr', 'e7723f0b24ff05b32ed09d95196f2f29'), - (1104, 'TonyStark', 'Tony Stark', '$2b$10$UzQHth.9UUQ1T5aiQJ21lOU0oVlbxoqH4PFM9V8T90KNSAcg0eEL2', 2, 1, 'TonyStark@mydomain.com', 'es', 'e7723f0b24ff05b32ed09d95196f2f29'), - (1105, 'MaxEisenhardt', 'Max Eisenhardt', '$2b$10$UzQHth.9UUQ1T5aiQJ21lOU0oVlbxoqH4PFM9V8T90KNSAcg0eEL2', 2, 1, 'MaxEisenhardt@mydomain.com', 'pt', 'e7723f0b24ff05b32ed09d95196f2f29'), - (1106, 'DavidCharlesHaller', 'David Charles Haller', '$2b$10$UzQHth.9UUQ1T5aiQJ21lOU0oVlbxoqH4PFM9V8T90KNSAcg0eEL2', 1, 1, 'DavidCharlesHaller@mydomain.com', 'en', 'e7723f0b24ff05b32ed09d95196f2f29'), - (1107, 'HankPym', 'Hank Pym', '$2b$10$UzQHth.9UUQ1T5aiQJ21lOU0oVlbxoqH4PFM9V8T90KNSAcg0eEL2', 1, 1, 'HankPym@mydomain.com', 'en', 'e7723f0b24ff05b32ed09d95196f2f29'), - (1108, 'CharlesXavier', 'Charles Xavier', '$2b$10$UzQHth.9UUQ1T5aiQJ21lOU0oVlbxoqH4PFM9V8T90KNSAcg0eEL2', 1, 1, 'CharlesXavier@mydomain.com', 'en', 'e7723f0b24ff05b32ed09d95196f2f29'), - (1109, 'BruceBanner', 'Bruce Banner', '$2b$10$UzQHth.9UUQ1T5aiQJ21lOU0oVlbxoqH4PFM9V8T90KNSAcg0eEL2', 1, 1, 'BruceBanner@mydomain.com', 'en', 'e7723f0b24ff05b32ed09d95196f2f29'), - (1110, 'JessicaJones', 'Jessica Jones', '$2b$10$UzQHth.9UUQ1T5aiQJ21lOU0oVlbxoqH4PFM9V8T90KNSAcg0eEL2', 1, 1, 'JessicaJones@mydomain.com', 'en', NULL), - (1111, 'Missing', 'Missing', '$2b$10$UzQHth.9UUQ1T5aiQJ21lOU0oVlbxoqH4PFM9V8T90KNSAcg0eEL2', 2, 0, NULL, 'en', NULL), - (1112, 'Trash', 'Trash', '$2b$10$UzQHth.9UUQ1T5aiQJ21lOU0oVlbxoqH4PFM9V8T90KNSAcg0eEL2', 2, 0, NULL, 'en', NULL); + (1101, 'brucewayne', 'Bruce Wayne', '$2b$10$UzQHth.9UUQ1T5aiQJ21lOU0oVlbxoqH4PFM9V8T90KNSAcg0eEL2', 2, 1, 'BruceWayne@mydomain.com', 'es', 'e7723f0b24ff05b32ed09d95196f2f29'), + (1102, 'petterparker', 'Petter Parker', '$2b$10$UzQHth.9UUQ1T5aiQJ21lOU0oVlbxoqH4PFM9V8T90KNSAcg0eEL2', 2, 1, 'PetterParker@mydomain.com', 'en', 'e7723f0b24ff05b32ed09d95196f2f29'), + (1103, 'clarkkent', 'Clark Kent', '$2b$10$UzQHth.9UUQ1T5aiQJ21lOU0oVlbxoqH4PFM9V8T90KNSAcg0eEL2', 2, 1, 'ClarkKent@mydomain.com', 'fr', 'e7723f0b24ff05b32ed09d95196f2f29'), + (1104, 'tonystark', 'Tony Stark', '$2b$10$UzQHth.9UUQ1T5aiQJ21lOU0oVlbxoqH4PFM9V8T90KNSAcg0eEL2', 2, 1, 'TonyStark@mydomain.com', 'es', 'e7723f0b24ff05b32ed09d95196f2f29'), + (1105, 'maxeisenhardt', 'Max Eisenhardt', '$2b$10$UzQHth.9UUQ1T5aiQJ21lOU0oVlbxoqH4PFM9V8T90KNSAcg0eEL2', 2, 1, 'MaxEisenhardt@mydomain.com', 'pt', 'e7723f0b24ff05b32ed09d95196f2f29'), + (1106, 'davidcharleshaller', 'David Charles Haller', '$2b$10$UzQHth.9UUQ1T5aiQJ21lOU0oVlbxoqH4PFM9V8T90KNSAcg0eEL2', 1, 1, 'DavidCharlesHaller@mydomain.com', 'en', 'e7723f0b24ff05b32ed09d95196f2f29'), + (1107, 'hankpym', 'Hank Pym', '$2b$10$UzQHth.9UUQ1T5aiQJ21lOU0oVlbxoqH4PFM9V8T90KNSAcg0eEL2', 1, 1, 'HankPym@mydomain.com', 'en', 'e7723f0b24ff05b32ed09d95196f2f29'), + (1108, 'charlesxavier', 'Charles Xavier', '$2b$10$UzQHth.9UUQ1T5aiQJ21lOU0oVlbxoqH4PFM9V8T90KNSAcg0eEL2', 1, 1, 'CharlesXavier@mydomain.com', 'en', 'e7723f0b24ff05b32ed09d95196f2f29'), + (1109, 'brucebanner', 'Bruce Banner', '$2b$10$UzQHth.9UUQ1T5aiQJ21lOU0oVlbxoqH4PFM9V8T90KNSAcg0eEL2', 1, 1, 'BruceBanner@mydomain.com', 'en', 'e7723f0b24ff05b32ed09d95196f2f29'), + (1110, 'jessicajones', 'Jessica Jones', '$2b$10$UzQHth.9UUQ1T5aiQJ21lOU0oVlbxoqH4PFM9V8T90KNSAcg0eEL2', 1, 1, 'JessicaJones@mydomain.com', 'en', NULL), + (1111, 'missing', 'Missing', '$2b$10$UzQHth.9UUQ1T5aiQJ21lOU0oVlbxoqH4PFM9V8T90KNSAcg0eEL2', 2, 0, NULL, 'en', NULL), + (1112, 'trash', 'Trash', '$2b$10$UzQHth.9UUQ1T5aiQJ21lOU0oVlbxoqH4PFM9V8T90KNSAcg0eEL2', 2, 0, NULL, 'en', NULL); UPDATE account.`user` SET passExpired = DATE_SUB(util.VN_CURDATE(), INTERVAL 1 YEAR) diff --git a/db/routines/account/procedures/user_checkName.sql b/db/routines/account/procedures/user_checkName.sql index 4f954ad00..6fab17361 100644 --- a/db/routines/account/procedures/user_checkName.sql +++ b/db/routines/account/procedures/user_checkName.sql @@ -7,7 +7,7 @@ BEGIN * The user name must only contain lowercase letters or, starting with second * character, numbers or underscores. */ - IF vUserName NOT REGEXP '^[a-z0-9_-]*$' THEN + IF vUserName NOT REGEXP BINARY '^[a-z0-9_-]+$' THEN SIGNAL SQLSTATE '45000' SET MESSAGE_TEXT = 'INVALID_USER_NAME'; END IF; diff --git a/db/versions/10917-aquaPhormium/00-firstScript.sql b/db/versions/10917-aquaPhormium/00-firstScript.sql new file mode 100644 index 000000000..436243ba5 --- /dev/null +++ b/db/versions/10917-aquaPhormium/00-firstScript.sql @@ -0,0 +1,9 @@ +UPDATE account.user +SET name = LOWER(name), + name = REPLACE(name, ' ', ''), + name = REPLACE(name, '.', ''), + name = REPLACE(name, 'ñ', 'n'), + name = REPLACE(name, '*', ''), + name = REPLACE(name, 'ç', 'z'), + name = REPLACE(name, 'ã', 'a') +WHERE NOT active; diff --git a/e2e/paths/02-client/01_create_client.spec.js b/e2e/paths/02-client/01_create_client.spec.js index 744b11a72..e951ec784 100644 --- a/e2e/paths/02-client/01_create_client.spec.js +++ b/e2e/paths/02-client/01_create_client.spec.js @@ -32,7 +32,7 @@ describe('Client create path', () => { await page.autocompleteSearch(selectors.createClientView.salesPerson, 'salesPerson'); await page.autocompleteSearch(selectors.createClientView.businessType, 'florist'); await page.write(selectors.createClientView.taxNumber, '74451390E'); - await page.write(selectors.createClientView.userName, 'CaptainMarvel'); + await page.write(selectors.createClientView.userName, 'captainmarvel'); await page.write(selectors.createClientView.email, 'CarolDanvers@verdnatura.es'); await page.waitToClick(selectors.createClientView.createButton); const message = await page.waitForSnackbar(); diff --git a/e2e/paths/02-client/07_edit_web_access.spec.js b/e2e/paths/02-client/07_edit_web_access.spec.js index c5e132ab7..8758c3b05 100644 --- a/e2e/paths/02-client/07_edit_web_access.spec.js +++ b/e2e/paths/02-client/07_edit_web_access.spec.js @@ -29,7 +29,7 @@ describe('Client web access path', () => { await page.click($.enableWebAccess); await page.click($.saveButton); const enableMessage = await page.waitForSnackbar(); - await page.overwrite($.userName, 'Legion'); + await page.overwrite($.userName, 'legion'); await page.overwrite($.email, 'legion@marvel.com'); await page.click($.saveButton); const modifyMessage = await page.waitForSnackbar(); @@ -47,7 +47,7 @@ describe('Client web access path', () => { expect(modifyMessage.type).toBe('success'); expect(hasAccess).toBe('unchecked'); - expect(userName).toEqual('Legion'); + expect(userName).toEqual('legion'); expect(email).toEqual('legion@marvel.com'); // expect(logName).toEqual('Legion'); diff --git a/e2e/paths/02-client/09_add_credit.spec.js b/e2e/paths/02-client/09_add_credit.spec.js index 2365f0635..179265b0f 100644 --- a/e2e/paths/02-client/09_add_credit.spec.js +++ b/e2e/paths/02-client/09_add_credit.spec.js @@ -34,6 +34,6 @@ describe('Client Add credit path', () => { const result = await page.waitToGetProperty(selectors.clientCredit.firstCreditText, 'innerText'); expect(result).toContain(999); - expect(result).toContain('salesAssistant'); + expect(result).toContain('salesassistant'); }); }); diff --git a/e2e/paths/02-client/19_summary.spec.js b/e2e/paths/02-client/19_summary.spec.js index b3bf43c5c..dec8d505c 100644 --- a/e2e/paths/02-client/19_summary.spec.js +++ b/e2e/paths/02-client/19_summary.spec.js @@ -61,7 +61,7 @@ describe('Client summary path', () => { it('should display web access details', async() => { const result = await page.waitToGetProperty(selectors.clientSummary.userName, 'innerText'); - expect(result).toContain('PetterParker'); + expect(result).toContain('petterparker'); }); it('should display business data', async() => { diff --git a/e2e/paths/05-ticket/05_tracking_state.spec.js b/e2e/paths/05-ticket/05_tracking_state.spec.js index 9ac373287..5cfc1c9d4 100644 --- a/e2e/paths/05-ticket/05_tracking_state.spec.js +++ b/e2e/paths/05-ticket/05_tracking_state.spec.js @@ -59,7 +59,7 @@ describe('Ticket Create new tracking state path', () => { const result = await page .waitToGetProperty(selectors.createStateView.worker, 'value'); - expect(result).toEqual('salesPerson'); + expect(result).toEqual('salesperson'); }); it(`should succesfully create a valid state`, async() => { diff --git a/e2e/paths/14-account/01_create_and_basic_data.spec.js b/e2e/paths/14-account/01_create_and_basic_data.spec.js index e38d1aeec..e2c069d80 100644 --- a/e2e/paths/14-account/01_create_and_basic_data.spec.js +++ b/e2e/paths/14-account/01_create_and_basic_data.spec.js @@ -21,7 +21,7 @@ describe('Account create and basic data path', () => { }); it('should fill the form and then save it by clicking the create button', async() => { - await page.write(selectors.accountIndex.newName, 'Remy'); + await page.write(selectors.accountIndex.newName, 'remy'); await page.write(selectors.accountIndex.newNickname, 'Gambit'); await page.write(selectors.accountIndex.newEmail, 'RemyEtienneLeBeau@verdnatura.es'); await page.autocompleteSearch(selectors.accountIndex.newRole, 'Trainee'); @@ -39,7 +39,7 @@ describe('Account create and basic data path', () => { it('should check the name is as expected', async() => { const result = await page.waitToGetProperty(selectors.accountBasicData.name, 'value'); - expect(result).toEqual('Remy'); + expect(result).toEqual('remy'); }); it('should check the nickname is as expected', async() => { diff --git a/modules/client/back/methods/client/specs/createWithUser.spec.js b/modules/client/back/methods/client/specs/createWithUser.spec.js index 074cb289a..04fc51a26 100644 --- a/modules/client/back/methods/client/specs/createWithUser.spec.js +++ b/modules/client/back/methods/client/specs/createWithUser.spec.js @@ -3,8 +3,8 @@ const LoopBackContext = require('loopback-context'); describe('Client Create', () => { const newAccount = { - userName: 'Deadpool', - email: 'Deadpool@marvel.com', + userName: 'deadpool', + email: 'deadpool@marvel.com', fi: '16195279J', name: 'Wade', socialName: 'DEADPOOL MARVEL', @@ -31,7 +31,7 @@ describe('Client Create', () => { }); }); - it(`should not find Deadpool as he's not created yet`, async() => { + it(`should not find deadpool as he's not created yet`, async() => { const tx = await models.Client.beginTransaction({}); try { diff --git a/modules/client/back/models/specs/client.spec.js b/modules/client/back/models/specs/client.spec.js index bf134fbf9..1b5132304 100644 --- a/modules/client/back/models/specs/client.spec.js +++ b/modules/client/back/models/specs/client.spec.js @@ -31,8 +31,8 @@ describe('Client Model', () => { await models.Client.notifyAssignment(instance, previousWorkerId, currentWorkerId); - expect(chatModel.send).toHaveBeenCalledWith(ctx, '@DavidCharlesHaller', `Client assignment has changed`); - expect(chatModel.send).toHaveBeenCalledWith(ctx, '@HankPym', `Client assignment has changed`); + expect(chatModel.send).toHaveBeenCalledWith(ctx, '@davidcharleshaller', `Client assignment has changed`); + expect(chatModel.send).toHaveBeenCalledWith(ctx, '@hankpym', `Client assignment has changed`); }); it('should call to the Chat send() method for the previous worker', async() => { @@ -40,7 +40,7 @@ describe('Client Model', () => { await models.Client.notifyAssignment(instance, null, currentWorkerId); - expect(chatModel.send).toHaveBeenCalledWith(ctx, '@HankPym', `Client assignment has changed`); + expect(chatModel.send).toHaveBeenCalledWith(ctx, '@hankpym', `Client assignment has changed`); }); it('should call to the Chat send() method for the current worker', async() => { @@ -48,7 +48,7 @@ describe('Client Model', () => { await models.Client.notifyAssignment(instance, previousWorkerId, null); - expect(chatModel.send).toHaveBeenCalledWith(ctx, '@DavidCharlesHaller', `Client assignment has changed`); + expect(chatModel.send).toHaveBeenCalledWith(ctx, '@davidcharleshaller', `Client assignment has changed`); }); }); diff --git a/modules/worker/back/methods/worker/specs/activeWithInheritedRole.spec.js b/modules/worker/back/methods/worker/specs/activeWithInheritedRole.spec.js index 580e07351..cf1eafa23 100644 --- a/modules/worker/back/methods/worker/specs/activeWithInheritedRole.spec.js +++ b/modules/worker/back/methods/worker/specs/activeWithInheritedRole.spec.js @@ -6,7 +6,7 @@ describe('Worker activeWithInheritedRole', () => { allRolesCount = await app.models.VnRole.count(); }); - it('should return the workers with an inherited role of salesPerson', async() => { + it('should return the workers with an inherited role of salesperson', async() => { const filter = {where: {role: 'salesPerson'}}; const result = await app.models.Worker.activeWithInheritedRole(filter); diff --git a/modules/worker/back/methods/worker/specs/new.spec.js b/modules/worker/back/methods/worker/specs/new.spec.js index d3e9cb9d0..66959e0a7 100644 --- a/modules/worker/back/methods/worker/specs/new.spec.js +++ b/modules/worker/back/methods/worker/specs/new.spec.js @@ -20,7 +20,7 @@ describe('Worker new', () => { const employeeId = 1; const defaultWorker = { fi: '78457139E', - name: 'DEFAULTERWORKER', + name: 'defaulterworker', firstName: 'DEFAULT', lastNames: 'WORKER', email: 'defaultWorker@mydomain.com',