From e8eaeab7dd424c756d5b57eaf1c55a3d11e05900 Mon Sep 17 00:00:00 2001 From: Paul Bienkowski Date: Tue, 13 Sep 2022 09:08:26 +0200 Subject: [PATCH] Clean usernames of invalid characters when the users receive their name from the login server --- api/obs/api/routes/login.py | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/api/obs/api/routes/login.py b/api/obs/api/routes/login.py index 5727b05..1c4e80a 100644 --- a/api/obs/api/routes/login.py +++ b/api/obs/api/routes/login.py @@ -1,5 +1,6 @@ import asyncio import logging +import re from requests.exceptions import RequestException @@ -91,6 +92,15 @@ async def login_redirect(req): preferred_username = userinfo["preferred_username"] email = userinfo.get("email") + clean_username = re.sub(r"[^a-zA-Z0-9_.-]", "", preferred_username) + if clean_username != preferred_username: + log.warning( + "Username %r contained invalid characters and was changed to %r", + preferred_username, + clean_username, + ) + preferred_username = clean_username + if email is None: raise ValueError( "user has no email set, please configure keycloak to require emails"