fix(net,user): improve handle validation process

In the past we were validating only alphanumeric handle strings.

Now we allow alphanumeric characters, underscores and dots in the
handles. (such as usernames, networknames etc)

Fixes #55

net.go

@@ -100,10 +100,6 @@ func GetNetwork(name string) (*Network, error) {
 	if govalidator.IsNull(name) {
 		return nil, fmt.Errorf("validation error: %s can not be null", name)
 	}
-       	if !govalidator.Matches(name, "[\\w.]+") { // allow alphanumeric + dot
-		return nil, fmt.Errorf("validation error: `%s` can only contain letters, numbers and dots", name)
-	}
-
 
 	var network dbNetworkModel
 	db.Preload("Users").Where(&dbNetworkModel{Name: name}).First(&network)
@@ -135,8 +131,8 @@ func CreateNewNetwork(name, cidr string, nettype NetworkType, via string) (*Netw
 	if govalidator.IsNull(name) {
 		return nil, fmt.Errorf("validation error: %s can not be null", name)
 	}
-	if !govalidator.Matches(name, "[\\w.]+") { // allow alphanumeric + dot
-		return nil, fmt.Errorf("validation error: `%s` can only contain letters, numbers and dots", name)
+	if !govalidator.Matches(name, "^([\\w\\.]+)$") { // allow alphanumeric, underscore and dot
+		return nil, fmt.Errorf("validation error: `%s` can only contain letters, numbers, underscores and dots", name)
 	}
 	if !govalidator.IsCIDR(cidr) {
 		return nil, fmt.Errorf("validation error: `%s` must be a network in the CIDR form", cidr)

net_test.go

@@ -1,6 +1,7 @@
 package ovpm
 
 import (
+	"fmt"
 	"testing"
 )
 
@@ -49,6 +50,27 @@ func TestVPNCreateNewNetwork(t *testing.T) {
 		t.Fatalf("network CIDR is expected to be '%s' but it's '%s' instead", netType, network.Type)
 	}
 
+	// Test username validation.
+	var networknametests = []struct {
+		networkname string
+		ok          bool
+	}{
+		{"asdf1240asfd", true},
+		{"asdf.asfd", true},
+		{"asdf12.12asfd", true},
+		{"asd1f-as4fd", false},
+		{"as0df a01sfd", false},
+		{"as0df$a01sfd", false},
+		{"as0df#a01sfd", false},
+		{"a6sdf_as1fd", true},
+	}
+
+	for i, tt := range networknametests {
+		_, err := CreateNewNetwork(tt.networkname, fmt.Sprintf("192.168.%d.0/24", i), SERVERNET, "")
+		if ok := (err == nil); ok != tt.ok {
+			t.Fatalf("expcted condition failed '%s': %v", tt.networkname, err)
+		}
+	}
 }
 
 func TestVPNDeleteNetwork(t *testing.T) {

user.go

@@ -132,8 +132,8 @@ func CreateNewUser(username, password string, nogw bool, hostid uint32, admin bo
 	if govalidator.IsNull(username) {
 		return nil, fmt.Errorf("validation error: %s can not be null", username)
 	}
-	if !govalidator.Matches(username, "[\\w.]+") { // allow alphanumeric + dot
-		return nil, fmt.Errorf("validation error: `%s` can only contain letters, numbers and dots", username)
+	if !govalidator.Matches(username, "^([\\w\\.]+)$") { // allow alphanumeric, underscore and dot
+		return nil, fmt.Errorf("validation error: `%s` can only contain letters, numbers, underscores and dots", username)
 	}
 	if username == "root" {
 		return nil, fmt.Errorf("forbidden: username root is reserved and can not be used")

user_test.go

@@ -78,6 +78,25 @@ func TestCreateNewUser(t *testing.T) {
 		t.Fatalf("user creation expected to err but it didn't")
 	}
 
+	// Test username validation.
+	var usernametests = []struct {
+		username string
+		ok       bool
+	}{
+		{"asdf1240asfd", true},
+		{"asdf.asfd", true},
+		{"asdf12.12asfd", true},
+		{"asd1f-as4fd", false},
+		{"as0df a01sfd", false},
+		{"a6sdf_as1fd", true},
+	}
+
+	for _, tt := range usernametests {
+		_, err := ovpm.CreateNewUser(tt.username, "1234", false, 0, true)
+		if ok := (err == nil); ok != tt.ok {
+			t.Fatalf("expcted condition failed '%s': %v", tt.username, err)
+		}
+	}
 }
 
 func TestUserUpdate(t *testing.T) {