diff --git a/lib/go-tc/users.go b/lib/go-tc/users.go index dd4ff5c4e1..4288c94000 100644 --- a/lib/go-tc/users.go +++ b/lib/go-tc/users.go @@ -24,6 +24,7 @@ import ( "encoding/json" "errors" "fmt" + "strings" "time" "github.com/apache/trafficcontrol/lib/go-rfc" @@ -487,6 +488,8 @@ func (u *CurrentUserUpdateRequestUser) UnmarshalAndValidate(user *User) error { errs = append(errs, fmt.Errorf("username: %w", err)) } else if user.Username == nil || *user.Username == "" { errs = append(errs, errors.New("username: cannot be null or empty string")) + } else if strings.Contains(*user.Username, " ") { + errs = append(errs, errors.New("username: cannot contain spaces")) } } diff --git a/traffic_ops/testing/api/v2/user_test.go b/traffic_ops/testing/api/v2/user_test.go index b3253e65d9..d7aa716f32 100644 --- a/traffic_ops/testing/api/v2/user_test.go +++ b/traffic_ops/testing/api/v2/user_test.go @@ -17,13 +17,13 @@ package v2 import ( "bytes" "fmt" - "github.com/apache/trafficcontrol/lib/go-rfc" "net/http" "net/mail" "strings" "testing" "time" + "github.com/apache/trafficcontrol/lib/go-rfc" "github.com/apache/trafficcontrol/lib/go-tc" "github.com/apache/trafficcontrol/lib/go-util" toclient "github.com/apache/trafficcontrol/traffic_ops/v2-client" @@ -273,6 +273,31 @@ func UserSelfUpdateTest(t *testing.T) { } else if *resp2[0].Email != currentEmail { t.Errorf("Expected Email to still be '%s', but it was '%s'", currentEmail, *resp2[0].Email) } + + // Now test using an invalid username + currentUsername := *user.Username + newUsername := "ops man" + user.Username = &newUsername + updateResp, _, err = TOSession.UpdateCurrentUser(user) + if err == nil { + t.Fatal("error was expected updating user with username: 'ops man' - got none") + } + + // Ensure it wasn't actually updated + resp2, _, err = TOSession.GetUserByID(*user.ID) + if err != nil { + t.Fatalf("error getting user #%d: %v", *user.ID, err) + } + + if len(resp2) < 1 { + t.Fatalf("no user returned when requesting user #%d", *user.ID) + } + + if resp2[0].Username == nil { + t.Errorf("Username missing or null after update") + } else if *resp2[0].Username != currentUsername { + t.Errorf("Expected Username to still be '%s', but it was '%s'", currentUsername, *resp2[0].Username) + } } func UserUpdateOwnRoleTest(t *testing.T) { diff --git a/traffic_ops/testing/api/v3/user_test.go b/traffic_ops/testing/api/v3/user_test.go index b9093d9c07..4dd7f3cb7c 100644 --- a/traffic_ops/testing/api/v3/user_test.go +++ b/traffic_ops/testing/api/v3/user_test.go @@ -337,6 +337,31 @@ func UserSelfUpdateTest(t *testing.T) { } else if *resp2[0].Email != currentEmail { t.Errorf("Expected Email to still be '%s', but it was '%s'", currentEmail, *resp2[0].Email) } + + // Now test using an invalid username + currentUsername := *user.Username + newUsername := "ops man" + user.Username = &newUsername + updateResp, _, err = TOSession.UpdateCurrentUser(user) + if err == nil { + t.Fatal("error was expected updating user with username: 'ops man' - got none") + } + + // Ensure it wasn't actually updated + resp2, _, err = TOSession.GetUserByID(*user.ID) + if err != nil { + t.Fatalf("error getting user #%d: %v", *user.ID, err) + } + + if len(resp2) < 1 { + t.Fatalf("no user returned when requesting user #%d", *user.ID) + } + + if resp2[0].Username == nil { + t.Errorf("Username missing or null after update") + } else if *resp2[0].Username != currentUsername { + t.Errorf("Expected Username to still be '%s', but it was '%s'", currentUsername, *resp2[0].Username) + } } func UserUpdateOwnRoleTest(t *testing.T) { diff --git a/traffic_ops/testing/api/v4/user_test.go b/traffic_ops/testing/api/v4/user_test.go index 35864892b4..105c94474c 100644 --- a/traffic_ops/testing/api/v4/user_test.go +++ b/traffic_ops/testing/api/v4/user_test.go @@ -297,6 +297,30 @@ func UserSelfUpdateTest(t *testing.T) { } else if *resp2.Response[0].Email != currentEmail { t.Errorf("Expected Email to still be '%s', but it was '%s'", currentEmail, *resp2.Response[0].Email) } + + // Now test using an invalid username + currentUsername := *&user.Username + user.Username = "ops man" + updateResp, _, err = TOSession.UpdateCurrentUser(user, client.RequestOptions{}) + if err == nil { + t.Fatal("error was expected updating user with username: 'ops man' - got none") + } + + // Ensure it wasn't actually updated + resp2, _, err = TOSession.GetUsers(opts) + if err != nil { + t.Fatalf("error getting user #%d: %v", *user.ID, err) + } + + if len(resp2.Response) < 1 { + t.Fatalf("no user returned when requesting user #%d", *user.ID) + } + + if resp2.Response[0].Username == "" { + t.Errorf("Username missing or null after update") + } else if resp2.Response[0].Username != currentUsername { + t.Errorf("Expected Username to still be '%s', but it was '%s'", currentUsername, resp2.Response[0].Username) + } } func UserUpdateOwnRoleTest(t *testing.T) {