strip() whitespace from new local user master data (#1019)

When creating a new local user, there is a chance that, due to a copy &
paste or typing error, whitespace will be introduced at the start or end
of the username. This can lead to issues when trying to log in using the
affected username, as such a condition can easily be overlooked - no
user will be found in the database if entering the username without the
aforementioned whitespace. This commit therefore strip()s the username
string within routes/{admin,index}.py.

The firstname, lastname and email strings within
routes/{admin,index,user}.py are also strip()ped on this occasion.
This commit is contained in:
zoeller-freinet 2021-11-05 16:04:35 +01:00 committed by GitHub
parent 1662a812ba
commit 20b866a784
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 16 additions and 19 deletions

View File

@ -102,17 +102,17 @@ def edit_user(user_username=None):
fdata = request.form fdata = request.form
if create: if create:
user_username = fdata['username'] user_username = fdata.get('username', '').strip()
user = User(username=user_username, user = User(username=user_username,
plain_text_password=fdata['password'], plain_text_password=fdata.get('password', ''),
firstname=fdata['firstname'], firstname=fdata.get('firstname', '').strip(),
lastname=fdata['lastname'], lastname=fdata.get('lastname', '').strip(),
email=fdata['email'], email=fdata.get('email', '').strip(),
reload_info=False) reload_info=False)
if create: if create:
if fdata['password'] == "": if not fdata.get('password', ''):
return render_template('admin_edit_user.html', return render_template('admin_edit_user.html',
user=user, user=user,
create=create, create=create,

View File

@ -625,12 +625,12 @@ def register():
if request.method == 'GET': if request.method == 'GET':
return render_template('register.html') return render_template('register.html')
elif request.method == 'POST': elif request.method == 'POST':
username = request.form['username'] username = request.form.get('username', '').strip()
password = request.form['password'] password = request.form.get('password', '')
firstname = request.form.get('firstname') firstname = request.form.get('firstname', '').strip()
lastname = request.form.get('lastname') lastname = request.form.get('lastname', '').strip()
email = request.form.get('email') email = request.form.get('email', '').strip()
rpassword = request.form.get('rpassword') rpassword = request.form.get('rpassword', '')
if not username or not password or not email: if not username or not password or not email:
return render_template( return render_template(

View File

@ -41,13 +41,10 @@ def profile():
return render_template('user_profile.html') return render_template('user_profile.html')
if request.method == 'POST': if request.method == 'POST':
if session['authentication_type'] == 'LOCAL': if session['authentication_type'] == 'LOCAL':
firstname = request.form[ firstname = request.form.get('firstname', '').strip()
'firstname'] if 'firstname' in request.form else '' lastname = request.form.get('lastname', '').strip()
lastname = request.form[ email = request.form.get('email', '').strip()
'lastname'] if 'lastname' in request.form else '' new_password = request.form.get('password', '')
email = request.form['email'] if 'email' in request.form else ''
new_password = request.form[
'password'] if 'password' in request.form else ''
else: else:
firstname = lastname = email = new_password = '' firstname = lastname = email = new_password = ''
current_app.logger.warning( current_app.logger.warning(