Merge branch 'fix/55-fix-validation' into dev

net.go

@@ -100,9 +100,6 @@ func GetNetwork(name string) (*Network, error) {
 	if govalidator.IsNull(name) {
 		return nil, fmt.Errorf("validation error: %s can not be null", name)
 	}
-	if !govalidator.IsAlphanumeric(name) {
-		return nil, fmt.Errorf("validation error: `%s` can only contain letters and numbers", name)
-	}
 
 	var network dbNetworkModel
 	db.Preload("Users").Where(&dbNetworkModel{Name: name}).First(&network)
@@ -134,8 +131,8 @@ func CreateNewNetwork(name, cidr string, nettype NetworkType, via string) (*Netw
 	if govalidator.IsNull(name) {
 		return nil, fmt.Errorf("validation error: %s can not be null", name)
 	}
-	if !govalidator.Matches(name, "[\\w.]+") { // allow alphanumeric + dot
-		return nil, fmt.Errorf("validation error: `%s` can only contain letters, numbers and dots", name)
+	if !govalidator.Matches(name, "^([\\w\\.]+)$") { // allow alphanumeric, underscore and dot
+		return nil, fmt.Errorf("validation error: `%s` can only contain letters, numbers, underscores and dots", name)
 	}
 	if !govalidator.IsCIDR(cidr) {
 		return nil, fmt.Errorf("validation error: `%s` must be a network in the CIDR form", cidr)

net_test.go

@@ -1,6 +1,7 @@
 package ovpm
 
 import (
+	"fmt"
 	"testing"
 )
 
@@ -49,6 +50,27 @@ func TestVPNCreateNewNetwork(t *testing.T) {
 		t.Fatalf("network CIDR is expected to be '%s' but it's '%s' instead", netType, network.Type)
 	}
 
+	// Test username validation.
+	var networknametests = []struct {
+		networkname string
+		ok          bool
+	}{
+		{"asdf1240asfd", true},
+		{"asdf.asfd", true},
+		{"asdf12.12asfd", true},
+		{"asd1f-as4fd", false},
+		{"as0df a01sfd", false},
+		{"as0df$a01sfd", false},
+		{"as0df#a01sfd", false},
+		{"a6sdf_as1fd", true},
+	}
+
+	for i, tt := range networknametests {
+		_, err := CreateNewNetwork(tt.networkname, fmt.Sprintf("192.168.%d.0/24", i), SERVERNET, "")
+		if ok := (err == nil); ok != tt.ok {
+			t.Fatalf("expcted condition failed '%s': %v", tt.networkname, err)
+		}
+	}
 }
 
 func TestVPNDeleteNetwork(t *testing.T) {

user.go

@@ -132,8 +132,8 @@ func CreateNewUser(username, password string, nogw bool, hostid uint32, admin bo
 	if govalidator.IsNull(username) {
 		return nil, fmt.Errorf("validation error: %s can not be null", username)
 	}
-	if !govalidator.Matches(username, "[\\w.]+") { // allow alphanumeric + dot
-		return nil, fmt.Errorf("validation error: `%s` can only contain letters, numbers and dots", username)
+	if !govalidator.Matches(username, "^([\\w\\.]+)$") { // allow alphanumeric, underscore and dot
+		return nil, fmt.Errorf("validation error: `%s` can only contain letters, numbers, underscores and dots", username)
 	}
 	if username == "root" {
 		return nil, fmt.Errorf("forbidden: username root is reserved and can not be used")

user_test.go

@@ -78,6 +78,25 @@ func TestCreateNewUser(t *testing.T) {
 		t.Fatalf("user creation expected to err but it didn't")
 	}
 
+	// Test username validation.
+	var usernametests = []struct {
+		username string
+		ok       bool
+	}{
+		{"asdf1240asfd", true},
+		{"asdf.asfd", true},
+		{"asdf12.12asfd", true},
+		{"asd1f-as4fd", false},
+		{"as0df a01sfd", false},
+		{"a6sdf_as1fd", true},
+	}
+
+	for _, tt := range usernametests {
+		_, err := ovpm.CreateNewUser(tt.username, "1234", false, 0, true)
+		if ok := (err == nil); ok != tt.ok {
+			t.Fatalf("expcted condition failed '%s': %v", tt.username, err)
+		}
+	}
 }
 
 func TestUserUpdate(t *testing.T) {