From 5b9dc88c674593a99d77d9fd7d0ae23485d39b22 Mon Sep 17 00:00:00 2001
From: Son NK <>
Date: Wed, 18 Nov 2020 10:38:35 +0100
Subject: [PATCH] make sure alias prefix cannot be more than 40 chars
---
app/alias_utils.py | 3 +++
app/api/views/new_custom_alias.py | 2 +-
app/dashboard/templates/dashboard/custom_alias.html | 2 ++
app/dashboard/views/custom_alias.py | 2 +-
app/oauth/templates/oauth/authorize.html | 1 +
app/oauth/views/authorize.py | 2 +-
tests/test_alias_utils.py | 1 +
7 files changed, 10 insertions(+), 3 deletions(-)
diff --git a/app/alias_utils.py b/app/alias_utils.py
index d05d70ad..0b24eafd 100644
--- a/app/alias_utils.py
+++ b/app/alias_utils.py
@@ -215,6 +215,9 @@ _ALIAS_PREFIX_PATTERN = r"[0-9a-z-_]{1,}"
def check_alias_prefix(alias_prefix) -> bool:
+ if len(alias_prefix) > 40:
+ return False
+
if re.fullmatch(_ALIAS_PREFIX_PATTERN, alias_prefix) is None:
return False
diff --git a/app/api/views/new_custom_alias.py b/app/api/views/new_custom_alias.py
index 8f72d4b5..cf815efb 100644
--- a/app/api/views/new_custom_alias.py
+++ b/app/api/views/new_custom_alias.py
@@ -238,7 +238,7 @@ def new_custom_alias_v3():
alias_prefix = convert_to_id(alias_prefix)
if not check_alias_prefix(alias_prefix):
- return jsonify(error="alias prefix format problem"), 400
+ return jsonify(error="alias prefix invalid format or too long"), 400
# check if mailbox is not tempered with
mailboxes = []
diff --git a/app/dashboard/templates/dashboard/custom_alias.html b/app/dashboard/templates/dashboard/custom_alias.html
index 9927d23e..0963b894 100644
--- a/app/dashboard/templates/dashboard/custom_alias.html
+++ b/app/dashboard/templates/dashboard/custom_alias.html
@@ -32,11 +32,13 @@
id="prefix"
type="text"
pattern="[0-9a-z-_]{1,}"
+ maxlength="40"
title="Only lowercase letters, numbers, dashes (-) and underscores (_) are currently supported."
placeholder="Email alias, for example newsletter-123_xyz"
autofocus required>
Only lowercase letters, numbers, dashes (-) and underscores (_) are currently supported.
+ Cannot be more than 40 letters.
diff --git a/app/dashboard/views/custom_alias.py b/app/dashboard/views/custom_alias.py
index ab9bb4c1..92ff0ffa 100644
--- a/app/dashboard/views/custom_alias.py
+++ b/app/dashboard/views/custom_alias.py
@@ -126,7 +126,7 @@ def custom_alias():
if not check_alias_prefix(alias_prefix):
flash(
"Only lowercase letters, numbers, dashes (-) and underscores (_) "
- "are currently supported for alias prefix",
+ "are currently supported for alias prefix. Cannot be more than 40 letters",
"error",
)
return redirect(url_for("dashboard.custom_alias"))
diff --git a/app/oauth/templates/oauth/authorize.html b/app/oauth/templates/oauth/authorize.html
index a34587fa..26924fea 100644
--- a/app/oauth/templates/oauth/authorize.html
+++ b/app/oauth/templates/oauth/authorize.html
@@ -98,6 +98,7 @@
diff --git a/app/oauth/views/authorize.py b/app/oauth/views/authorize.py
index 988856a3..70f59f3d 100644
--- a/app/oauth/views/authorize.py
+++ b/app/oauth/views/authorize.py
@@ -158,7 +158,7 @@ def authorize():
if not check_alias_prefix(alias_prefix):
flash(
"Only lowercase letters, numbers, dashes (-) and underscores (_) "
- "are currently supported for alias prefix",
+ "are currently supported for alias prefix. Cannot be more than 40 letters",
"error",
)
return redirect(request.url)
diff --git a/tests/test_alias_utils.py b/tests/test_alias_utils.py
index 6ee883e6..e2281539 100644
--- a/tests/test_alias_utils.py
+++ b/tests/test_alias_utils.py
@@ -54,3 +54,4 @@ def test_check_alias_prefix(flask_client):
assert not check_alias_prefix("éè")
assert not check_alias_prefix("a b")
assert not check_alias_prefix("+👌")
+ assert not check_alias_prefix("too-long" * 10)