Merge pull request #4756 from zyhfish/task/fix-4752

Fix #4752: validate the username and email.
2024-10-24 09:53:24 -04:00
parent 992a786c2b 3565185808
commit 6719d242bd
8 changed files with 167 additions and 102 deletions
--- a/Oqtane.Server/Controllers/UserController.cs
+++ b/Oqtane.Server/Controllers/UserController.cs
@ -347,6 +347,13 @@ namespace Oqtane.Controllers
            return user;
        }

+        // GET api/<controller>/validate/x
+        [HttpGet("validateuser")]
+        public async Task<UserValidateResult> ValidateUser(string username, string email, string password)
+        {
+            return await _userManager.ValidateUser(username, email, password);
+        }
+
        // GET api/<controller>/validate/x
        [HttpGet("validate/{password}")]
        public async Task<bool> Validate(string password)
--- a/Oqtane.Server/Managers/Interfaces/IUserManager.cs
+++ b/Oqtane.Server/Managers/Interfaces/IUserManager.cs
@ -19,6 +19,7 @@ namespace Oqtane.Managers
        Task<User> ResetPassword(User user, string token);
        User VerifyTwoFactor(User user, string token);
        Task<User> LinkExternalAccount(User user, string token, string type, string key, string name);
+        Task<UserValidateResult> ValidateUser(string username, string email, string password);
        Task<bool> ValidatePassword(string password);
        Task<Dictionary<string, string>> ImportUsers(int siteId, string filePath, bool notify);
    }
--- a/Oqtane.Server/Managers/UserManager.cs
+++ b/Oqtane.Server/Managers/UserManager.cs
@ -540,6 +540,30 @@ namespace Oqtane.Managers
            return user;
        }

+        public async Task<UserValidateResult> ValidateUser(string username, string email, string password)
+        {
+            var validateResult = new UserValidateResult { Succeeded = true };
+
+            //validate username
+            var allowedChars = _identityUserManager.Options.User.AllowedUserNameCharacters;
+            if (string.IsNullOrWhiteSpace(username) || (!string.IsNullOrEmpty(allowedChars) && username.Any(c => !allowedChars.Contains(c))))
+            {
+                validateResult.Succeeded = false;
+                validateResult.Errors.Add("Message.Username.Invalid", string.Empty);
+            }
+
+            //validate password
+            var passwordValidator = new PasswordValidator<IdentityUser>();
+            var passwordResult = await passwordValidator.ValidateAsync(_identityUserManager, null, password);
+            if (!passwordResult.Succeeded)
+            {
+                validateResult.Succeeded = false;
+                validateResult.Errors.Add("Message.Password.Invalid", string.Empty);
+            }
+
+            return validateResult;
+        }
+
        public async Task<bool> ValidatePassword(string password)
        {
            var validator = new PasswordValidator<IdentityUser>();