Clean usernames of invalid characters when the users receive their name from the login server

This commit is contained in:
Paul Bienkowski 2022-09-13 09:08:26 +02:00
parent 0ab5a87c77
commit e8eaeab7dd

View file

@ -1,5 +1,6 @@
import asyncio
import logging
import re
from requests.exceptions import RequestException
@ -91,6 +92,15 @@ async def login_redirect(req):
preferred_username = userinfo["preferred_username"]
email = userinfo.get("email")
clean_username = re.sub(r"[^a-zA-Z0-9_.-]", "", preferred_username)
if clean_username != preferred_username:
log.warning(
"Username %r contained invalid characters and was changed to %r",
preferred_username,
clean_username,
)
preferred_username = clean_username
if email is None:
raise ValueError(
"user has no email set, please configure keycloak to require emails"