From 2b987e6e9301a290648ccc77402172b275083933 Mon Sep 17 00:00:00 2001 From: Moxie Marlinspike Date: Mon, 28 Oct 2019 12:51:19 -0700 Subject: [PATCH] Usernames can't start with numbers --- .../textsecuregcm/controllers/AccountController.java | 2 +- .../tests/controllers/AccountControllerTest.java | 12 ++++++++++++ 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/service/src/main/java/org/whispersystems/textsecuregcm/controllers/AccountController.java b/service/src/main/java/org/whispersystems/textsecuregcm/controllers/AccountController.java index f352cc4d5..262c958f4 100644 --- a/service/src/main/java/org/whispersystems/textsecuregcm/controllers/AccountController.java +++ b/service/src/main/java/org/whispersystems/textsecuregcm/controllers/AccountController.java @@ -540,7 +540,7 @@ public class AccountController { username = username.toLowerCase(); - if (!username.matches("^[a-z0-9_]+$")) { + if (!username.matches("^[a-z_][a-z0-9_]+$")) { return Response.status(Response.Status.BAD_REQUEST).build(); } diff --git a/service/src/test/java/org/whispersystems/textsecuregcm/tests/controllers/AccountControllerTest.java b/service/src/test/java/org/whispersystems/textsecuregcm/tests/controllers/AccountControllerTest.java index bfca6aed6..7f07e3472 100644 --- a/service/src/test/java/org/whispersystems/textsecuregcm/tests/controllers/AccountControllerTest.java +++ b/service/src/test/java/org/whispersystems/textsecuregcm/tests/controllers/AccountControllerTest.java @@ -864,6 +864,18 @@ public class AccountControllerTest { assertThat(response.getStatus()).isEqualTo(400); } + @Test + public void testSetInvalidPrefixUsername() { + Response response = + resources.getJerseyTest() + .target("/v1/accounts/username/0n00bkiller") + .request() + .header("Authorization", AuthHelper.getAuthHeader(AuthHelper.VALID_NUMBER, AuthHelper.VALID_PASSWORD)) + .put(Entity.text("")); + + assertThat(response.getStatus()).isEqualTo(400); + } + @Test public void testSetUsernameBadAuth() { Response response =