Validate username in admin user creation process

This runs usernames through the same checks as the web interface, ensuring no invalid user is created, such as user_name or userName. This closes #49
6 years ago · 5e5b283daf
parent 852ca5eea4
commit 5e5b283daf
1 changed files with 16 additions and 0 deletions
--- a/app.go
+++ b/app.go
@ -26,6 +26,7 @@ import (
 	"github.com/writeas/web-core/auth"
 	"github.com/writeas/web-core/converter"
 	"github.com/writeas/web-core/log"
+	"github.com/writeas/writefreely/author"
 	"github.com/writeas/writefreely/config"
 	"github.com/writeas/writefreely/page"
 )
@ -508,6 +509,21 @@ func adminCreateUser(app *app, credStr string, isAdmin bool) {
 	username := creds[0]
 	password := creds[1]

+	// Normalize and validate username
+	desiredUsername := username
+	username = getSlug(username, "")
+
+	usernameDesc := username
+	if username != desiredUsername {
+		usernameDesc += " (originally: " + desiredUsername + ")"
+	}
+
+	if !author.IsValidUsername(app.cfg, username) {
+		log.Error("Username %s is invalid, reserved, or shorter than configured minimum length (%d characters).", usernameDesc, app.cfg.App.MinUsernameLen)
+		os.Exit(1)
+	}
+
+	// Hash the password
 	hashedPass, err := auth.HashPass([]byte(password))
 	if err != nil {
 		log.Error("Unable to hash password: %v", err)