diff options
author | Miguel Jacq <mig@mig5.net> | 2021-05-14 10:44:14 +1000 |
---|---|---|
committer | Miguel Jacq <mig@mig5.net> | 2021-05-14 10:44:14 +1000 |
commit | 00473eaef6f013ccce870335785873f89db0617d (patch) | |
tree | 3cfb5a2f498304c4712ade611d1a965bdcdfca46 | |
parent | b2d57ff7874bdfa9758860909aa82cedbb1a3041 (diff) | |
download | onionshare-00473eaef6f013ccce870335785873f89db0617d.tar.gz onionshare-00473eaef6f013ccce870335785873f89db0617d.zip |
Prevent usernames in Chat mode of length 128 chars or more
-rw-r--r-- | cli/onionshare_cli/resources/static/js/chat.js | 11 | ||||
-rw-r--r-- | cli/onionshare_cli/resources/templates/chat.html | 3 | ||||
-rw-r--r-- | cli/onionshare_cli/web/chat_mode.py | 33 | ||||
-rw-r--r-- | desktop/tests/test_gui_chat.py | 22 |
4 files changed, 57 insertions, 12 deletions
diff --git a/cli/onionshare_cli/resources/static/js/chat.js b/cli/onionshare_cli/resources/static/js/chat.js index 258b020b..97b14e3e 100644 --- a/cli/onionshare_cli/resources/static/js/chat.js +++ b/cli/onionshare_cli/resources/static/js/chat.js @@ -88,7 +88,7 @@ var emitMessage = function (socket) { var updateUsername = function (socket) { var username = $('#username').val(); - if (!checkUsernameExists(username)) { + if (!checkUsernameExists(username) && !checkUsernameLength(username)) { $.ajax({ method: 'POST', url: `http://${document.domain}:${location.port}/update-session-username`, @@ -133,6 +133,15 @@ var checkUsernameExists = function (username) { return false; } +var checkUsernameLength = function (username) { + $('#username-error').text(''); + if (username.length > 128) { + $('#username-error').text('Please choose a shorter username.'); + return true; + } + return false; +} + var getScrollDiffBefore = function () { return $('#chat').scrollTop() - ($('#chat')[0].scrollHeight - $('#chat')[0].offsetHeight); } diff --git a/cli/onionshare_cli/resources/templates/chat.html b/cli/onionshare_cli/resources/templates/chat.html index 7156d58c..7f60b11d 100644 --- a/cli/onionshare_cli/resources/templates/chat.html +++ b/cli/onionshare_cli/resources/templates/chat.html @@ -23,6 +23,7 @@ <div class="chat-container no-js"> <div class="chat-users"> <div class="editable-username"> + <p>Your username:</p> <input id="username" value="{{ username }}" /> <p id="username-error"></p> </div> @@ -43,4 +44,4 @@ <script async src="{{ static_url_path }}/js/chat.js"></script> </body> -</html>
\ No newline at end of file +</html> diff --git a/cli/onionshare_cli/web/chat_mode.py b/cli/onionshare_cli/web/chat_mode.py index 8b2a5673..e9b573dd 100644 --- a/cli/onionshare_cli/web/chat_mode.py +++ b/cli/onionshare_cli/web/chat_mode.py @@ -79,20 +79,33 @@ class ChatModeWeb: if ( data.get("username", "") and data.get("username", "") not in self.connected_users + and len(data.get("username", "")) < 128 ): session["name"] = data.get("username", session.get("name")) - self.web.add_request( - request.path, - {"id": history_id, "status_code": 200}, - ) + self.web.add_request( + request.path, + {"id": history_id, "status_code": 200}, + ) - self.web.add_request(self.web.REQUEST_LOAD, request.path) - r = make_response( - jsonify( - username=session.get("name"), - success=True, + self.web.add_request(self.web.REQUEST_LOAD, request.path) + r = make_response( + jsonify( + username=session.get("name"), + success=True, + ) + ) + else: + self.web.add_request( + request.path, + {"id": history_id, "status_code": 403}, + ) + + r = make_response( + jsonify( + username=session.get("name"), + success=False, + ) ) - ) return self.web.add_security_headers(r) @self.web.socketio.on("joined", namespace="/chat") diff --git a/desktop/tests/test_gui_chat.py b/desktop/tests/test_gui_chat.py index 7a19168b..08c619c6 100644 --- a/desktop/tests/test_gui_chat.py +++ b/desktop/tests/test_gui_chat.py @@ -47,6 +47,27 @@ class TestChat(GuiBaseTest): self.assertTrue(jsonResponse["success"]) self.assertEqual(jsonResponse["username"], "oniontest") + def change_username_too_long(self, tab): + """Test that we can't set our username to something 128 chars or longer""" + url = f"http://127.0.0.1:{tab.app.port}/update-session-username" + bad_username = "sduBB9yEMkyQpwkMM4A9nUbQwNUbPU2PQuJYN26zCQ4inELpB76J5i5oRUnD3ESVaE9NNE8puAtBj2DiqDaZdVqhV8MonyxSSGHRv87YgM5dzwBYPBxttoQSKZAUkFjo" + data = {"username":bad_username} + if tab.settings.get("general", "public"): + r = requests.post(url, json=data) + else: + r = requests.post( + url, + json=data, + auth=requests.auth.HTTPBasicAuth( + "onionshare", tab.get_mode().server_status.web.password + ), + ) + + QtTest.QTest.qWait(500, self.gui.qtapp) + jsonResponse = r.json() + self.assertFalse(jsonResponse["success"]) + self.assertNotEqual(jsonResponse["username"], bad_username) + def run_all_chat_mode_tests(self, tab): """Tests in chat mode after starting a chat""" self.server_working_on_start_button_pressed(tab) @@ -60,6 +81,7 @@ class TestChat(GuiBaseTest): self.server_status_indicator_says_started(tab) self.view_chat(tab) self.change_username(tab) + self.change_username_too_long(tab) self.server_is_stopped(tab) self.web_server_is_stopped(tab) self.server_status_indicator_says_closed(tab) |