make sure alias prefix cannot be more than 40 chars

2020-11-18 10:38:35 +01:00 · 2020-11-18 10:38:35 +01:00 · 5b9dc88c67
parent 0224e5f8a6
commit 5b9dc88c67
7 changed files with 10 additions and 3 deletions
--- a/app/alias_utils.py
+++ b/app/alias_utils.py
@ -215,6 +215,9 @@ _ALIAS_PREFIX_PATTERN = r"[0-9a-z-_]{1,}"


 def check_alias_prefix(alias_prefix) -> bool:
+    if len(alias_prefix) > 40:
+        return False
+
    if re.fullmatch(_ALIAS_PREFIX_PATTERN, alias_prefix) is None:
        return False

--- a/app/api/views/new_custom_alias.py
+++ b/app/api/views/new_custom_alias.py
@ -238,7 +238,7 @@ def new_custom_alias_v3():
    alias_prefix = convert_to_id(alias_prefix)

    if not check_alias_prefix(alias_prefix):
-        return jsonify(error="alias prefix format problem"), 400
+        return jsonify(error="alias prefix invalid format or too long"), 400

    # check if mailbox is not tempered with
    mailboxes = []
--- a/app/dashboard/templates/dashboard/custom_alias.html
+++ b/app/dashboard/templates/dashboard/custom_alias.html
@ -32,11 +32,13 @@
                   id="prefix"
                   type="text"
                   pattern="[0-9a-z-_]{1,}"
+                   maxlength="40"
                   title="Only lowercase letters, numbers, dashes (-) and underscores (_) are currently supported."
                   placeholder="Email alias, for example newsletter-123_xyz"
                   autofocus required>
            <div class="small-text">
              Only lowercase letters, numbers, dashes (-) and underscores (_) are currently supported.
+              Cannot be more than 40 letters.
            </div>
          </div>

--- a/app/dashboard/views/custom_alias.py
+++ b/app/dashboard/views/custom_alias.py
@ -126,7 +126,7 @@ def custom_alias():
        if not check_alias_prefix(alias_prefix):
            flash(
                "Only lowercase letters, numbers, dashes (-) and underscores (_) "
-                "are currently supported for alias prefix",
+                "are currently supported for alias prefix. Cannot be more than 40 letters",
                "error",
            )
            return redirect(url_for("dashboard.custom_alias"))
--- a/app/oauth/templates/oauth/authorize.html
+++ b/app/oauth/templates/oauth/authorize.html
@ -98,6 +98,7 @@
                  <input name="prefix" class="form-control"
                         type="text"
                         pattern="[0-9a-z-_]{1,}"
+                         maxlength="40"
                         title="Only lowercase letters, numbers, dashes (-) and underscores (_) are currently supported."
                         placeholder="email alias"
                         autofocus>
--- a/app/oauth/views/authorize.py
+++ b/app/oauth/views/authorize.py
@ -158,7 +158,7 @@ def authorize():
                if not check_alias_prefix(alias_prefix):
                    flash(
                        "Only lowercase letters, numbers, dashes (-) and underscores (_) "
-                        "are currently supported for alias prefix",
+                        "are currently supported for alias prefix. Cannot be more than 40 letters",
                        "error",
                    )
                    return redirect(request.url)
--- a/tests/test_alias_utils.py
+++ b/tests/test_alias_utils.py
@ -54,3 +54,4 @@ def test_check_alias_prefix(flask_client):
    assert not check_alias_prefix("éè")
    assert not check_alias_prefix("a b")
    assert not check_alias_prefix("+👌")
+    assert not check_alias_prefix("too-long" * 10)