[Summary view] [Print] [Text view]

   1  <?php
   2  
   3  final class PhabricatorUserTestCase extends PhabricatorTestCase {
   4  
   5    public function testUsernameValidation() {
   6      $map = array(
   7        'alincoln'    => true,
   8        'alincoln69'  => true,
   9        'hd3'         => true,
  10        'Alincoln'    => true,
  11        'a.lincoln'   => true,
  12  
  13        'alincoln!'   => false,
  14        ''            => false,
  15  
  16        // These are silly, but permitted.
  17        '7'           => true,
  18        '0'           => true,
  19        '____'        => true,
  20        '-'           => true,
  21  
  22        // These are not permitted because they make capturing @mentions
  23        // ambiguous.
  24        'joe.'        => false,
  25  
  26        // We can never allow these because they invalidate usernames as tokens
  27        // in commit messages ("Reviewers: alincoln, usgrant"), or as parameters
  28        // in URIs ("/p/alincoln/", "?user=alincoln"), or make them unsafe in
  29        // HTML. Theoretically we escape all the HTML/URI stuff, but these
  30        // restrictions make attacks more difficult and are generally reasonable,
  31        // since usernames like "<^, ,^>" don't seem very important to support.
  32        '<script>'    => false,
  33        'a lincoln'   => false,
  34        ' alincoln'   => false,
  35        'alincoln '   => false,
  36        'a,lincoln'   => false,
  37        'a&lincoln'   => false,
  38        'a/lincoln'   => false,
  39  
  40        "username\n"  => false,
  41        "user\nname"  => false,
  42        "\nusername"  => false,
  43        "username\r"  => false,
  44        "user\rname"  => false,
  45        "\rusername"  => false,
  46      );
  47  
  48      foreach ($map as $name => $expect) {
  49        $this->assertEqual(
  50          $expect,
  51          PhabricatorUser::validateUsername($name),
  52          "Validity of '{$name}'.");
  53      }
  54    }
  55  
  56  }