strip() whitespace from new local user master data (#1019)

When creating a new local user, there is a chance that, due to a copy & paste or typing error, whitespace will be introduced at the start or end of the username. This can lead to issues when trying to log in using the affected username, as such a condition can easily be overlooked - no user will be found in the database if entering the username without the aforementioned whitespace. This commit therefore strip()s the username string within routes/{admin,index}.py. The firstname, lastname and email strings within routes/{admin,index,user}.py are also strip()ped on this occasion.
2024-11-09 15:10:27 +00:00 · 2021-11-05 16:04:35 +01:00 · 2021-11-05 16:04:35 +01:00 · 20b866a784
commit 20b866a784
parent 1662a812ba
3 changed files with 16 additions and 19 deletions
--- a/powerdnsadmin/routes/admin.py
+++ b/powerdnsadmin/routes/admin.py
@ -102,17 +102,17 @@ def edit_user(user_username=None):
        fdata = request.form

        if create:
-            user_username = fdata['username']
+            user_username = fdata.get('username', '').strip()

        user = User(username=user_username,
-                    plain_text_password=fdata['password'],
-                    firstname=fdata['firstname'],
-                    lastname=fdata['lastname'],
-                    email=fdata['email'],
+                    plain_text_password=fdata.get('password', ''),
+                    firstname=fdata.get('firstname', '').strip(),
+                    lastname=fdata.get('lastname', '').strip(),
+                    email=fdata.get('email', '').strip(),
                    reload_info=False)

        if create:
-            if fdata['password'] == "":
+            if not fdata.get('password', ''):
                return render_template('admin_edit_user.html',
                                       user=user,
                                       create=create,
--- a/powerdnsadmin/routes/index.py
+++ b/powerdnsadmin/routes/index.py
@ -625,12 +625,12 @@ def register():
        if request.method == 'GET':
            return render_template('register.html')
        elif request.method == 'POST':
-            username = request.form['username']
-            password = request.form['password']
-            firstname = request.form.get('firstname')
-            lastname = request.form.get('lastname')
-            email = request.form.get('email')
-            rpassword = request.form.get('rpassword')
+            username = request.form.get('username', '').strip()
+            password = request.form.get('password', '')
+            firstname = request.form.get('firstname', '').strip()
+            lastname = request.form.get('lastname', '').strip()
+            email = request.form.get('email', '').strip()
+            rpassword = request.form.get('rpassword', '')

            if not username or not password or not email:
                return render_template(
--- a/powerdnsadmin/routes/user.py
+++ b/powerdnsadmin/routes/user.py
@ -41,13 +41,10 @@ def profile():
        return render_template('user_profile.html')
    if request.method == 'POST':
        if session['authentication_type'] == 'LOCAL':
-            firstname = request.form[
-                'firstname'] if 'firstname' in request.form else ''
-            lastname = request.form[
-                'lastname'] if 'lastname' in request.form else ''
-            email = request.form['email'] if 'email' in request.form else ''
-            new_password = request.form[
-                'password'] if 'password' in request.form else ''
+            firstname = request.form.get('firstname', '').strip()
+            lastname = request.form.get('lastname', '').strip()
+            email = request.form.get('email', '').strip()
+            new_password = request.form.get('password', '')
        else:
            firstname = lastname = email = new_password = ''
            current_app.logger.warning(