handle special characters in password

2025-02-12 03:29:16 +00:00 · 2023-05-06 23:46:45 -07:00 · 2023-05-06 23:46:45 -07:00 · 1961042e0e
commit 1961042e0e
parent ea2fdec293
3 changed files with 14 additions and 12 deletions
--- a/net/server/internal/authUtil.go
+++ b/net/server/internal/authUtil.go
@ -334,15 +334,15 @@ func BasicCredentials(r *http.Request) (string, []byte, error) {
 		return username, password, err
 	}

-	// parse credentials
-	login := strings.Split(string(credentials), ":")
-	if login[0] == "" || login[1] == "" {
-		return username, password, errors.New("invalid credentials")
-	}
-	username = login[0]
+  login := string(credentials)
+  idx := strings.Index(login, ":");
+  if idx <= 0 {
+    return username, password, errors.New("invalid credentials")
+  }

 	// hash password
-	password, err = bcrypt.GenerateFromPassword([]byte(login[1]), bcrypt.DefaultCost)
+	username = login[0:idx]
+	password, err = bcrypt.GenerateFromPassword([]byte(login[idx+1:]), bcrypt.DefaultCost)
 	if err != nil {
 		return username, password, err
 	}
--- a/net/web/src/access/createAccount/CreateAccount.jsx
+++ b/net/web/src/access/createAccount/CreateAccount.jsx
@ -15,7 +15,7 @@ export  function CreateAccount() {
    catch(err) {
      modal.error({
        title: 'Create Account Error',
-        content: 'Please check with you administrator.',
+        content: 'Please check with your administrator.',
        bodyStyle: { padding: 16 },
      });
    }
--- a/net/web/src/access/createAccount/useCreateAccount.hook.js
+++ b/net/web/src/access/createAccount/useCreateAccount.hook.js
@ -1,6 +1,7 @@
 import { useContext, useState, useEffect, useRef } from 'react';
 import { AppContext } from 'context/AppContext';
 import { useNavigate, useLocation } from "react-router-dom";
+import { getUsername } from 'api/getUsername';

 export function useCreateAccount() {

@ -27,9 +28,9 @@ export function useCreateAccount() {
    setChecked(false)
    clearTimeout(debounce.current)
    debounce.current = setTimeout(async () => {
-      if (app.actions?.username && name !== '') {
+      if (name !== '') {
        try {
-          let valid = await app.actions.username(name, state.token)
+          let valid = await getUsername(name, state.token)
          if (!valid) {
            updateState({ validateStatus: 'error', help: 'Username is not available' })
          }
@ -61,8 +62,9 @@ export function useCreateAccount() {
      updateState({ confirm });
    },
    isDisabled: () => {
-      if (state.username === '' || state.password === '' || state.password !== state.confirm || !checked ||
-          state.validateStatus === 'error') {
+      const restricted = new RegExp('[!@#$%^&*()\ ,.?":{}|<>]', 'i');
+      if (state.username === '' || restricted.test(state.username) || state.password === '' ||
+          state.password !== state.confirm || !checked || state.validateStatus === 'error') {
        return true
      }
      return false