Make account names case-insensitive (#407)

* make names insensitive * add dev dependency * make users table case-insensitive * use unicode collation * always use username from database * adjust regex * add validator test * up cargo deps * up yarn deps * flake.lock: Update Flake lock file updates: • Updated input 'rust-overlay': 'github:oxalica/rust-overlay/603e4962d7d2225ba2caf66b0eabfcaa9a93c490' (2023-11-09) → 'github:oxalica/rust-overlay/41f7b0618052430d3a050e8f937030d00a2fcced' (2023-11-10) * add accounts table tests * add users table tests
kitsune-soc · Nov 11, 2023 · 110b4b3 · 110b4b3
1 parent 22efa4a
commit 110b4b3
Show file tree

Hide file tree

Showing 28 changed files with 677 additions and 385 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/crates/kitsune-blocking/Cargo.toml b/crates/kitsune-blocking/Cargo.toml
@@ -7,5 +7,5 @@ version.workspace = true
 once_cell = "1.18.0"
 rayon = "1.8.0"
 thiserror = "1.0.50"
-tokio = { version = "1.33.0", features = ["rt", "sync"] }
+tokio = { version = "1.34.0", features = ["rt", "sync"] }
 tracing = "0.1.40"
diff --git a/crates/kitsune-cache/Cargo.toml b/crates/kitsune-cache/Cargo.toml
@@ -15,4 +15,4 @@ tracing = "0.1.40"
 typed-builder = "0.18.0"
 
 [dev-dependencies]
-tokio = { version = "1.33.0", features = ["macros", "rt"] }
+tokio = { version = "1.34.0", features = ["macros", "rt"] }
diff --git a/crates/kitsune-captcha/Cargo.toml b/crates/kitsune-captcha/Cargo.toml
@@ -5,7 +5,7 @@ edition.workspace = true
 
 [dependencies]
 enum_dispatch = "0.3.12"
-http = "0.2.9"
+http = "0.2.10"
 kitsune-http-client = { path = "../kitsune-http-client" }
 serde = { version = "1.0.192", features = ["derive"] }
 serde_urlencoded = "0.7.1"

diff --git a/crates/kitsune-config/Cargo.toml b/crates/kitsune-config/Cargo.toml
@@ -7,5 +7,5 @@ version.workspace = true
 eyre = "0.6.8"
 serde = { version = "1.0.192", features = ["derive"] }
 smol_str = { version = "0.2.0", features = ["serde"] }
-tokio = { version = "1.33.0", features = ["fs"] }
+tokio = { version = "1.34.0", features = ["fs"] }
 toml = { version = "0.8.8", default-features = false, features = ["parse"] }
diff --git a/crates/kitsune-core/Cargo.toml b/crates/kitsune-core/Cargo.toml
@@ -32,7 +32,7 @@ garde = { version = "0.16.2", default-features = false, features = [
 globset = "0.4.13"
 headers = "0.3.9"
 hex-simd = { version = "0.8.0", features = ["unstable"] }
-http = "0.2.9"
+http = "0.2.10"
 img-parts = "0.3.0"
 iso8601-timestamp = "0.2.12"
 kitsune-blocking = { path = "../kitsune-blocking" }
@@ -69,7 +69,7 @@ smol_str = "0.2.0"
 speedy-uuid = { path = "../../lib/speedy-uuid", features = ["diesel"] }
 thiserror = "1.0.50"
 time = "0.3.30"
-tokio = { version = "1.33.0", features = ["macros", "rt"] }
+tokio = { version = "1.34.0", features = ["macros", "rt"] }
 tracing = "0.1.40"
 typed-builder = "0.18.0"
 url = "2.4.1"

diff --git a/crates/kitsune-core/src/service/account.rs b/crates/kitsune-core/src/service/account.rs
@@ -674,27 +674,31 @@ impl AccountService {
                 ..changeset
             };
         }
+
         if let Some(ref mut note) = update.note {
             note.clean_html();
             changeset = UpdateAccount {
                 note: Some(note),
                 ..changeset
             };
         }
+
         if let Some(avatar) = update.avatar {
             let media_attachment = self.attachment_service.upload(avatar).await?;
             changeset = UpdateAccount {
                 avatar_id: Some(media_attachment.id),
                 ..changeset
             };
         }
+
         if let Some(header) = update.header {
             let media_attachment = self.attachment_service.upload(header).await?;
             changeset = UpdateAccount {
                 header_id: Some(media_attachment.id),
                 ..changeset
             };
         }
+
         if let Some(locked) = update.locked {
             changeset = UpdateAccount {
                 locked: Some(locked),

diff --git a/crates/kitsune-core/src/service/attachment.rs b/crates/kitsune-core/src/service/attachment.rs
@@ -350,7 +350,7 @@ mod test {
     }
 
     async fn handle(_req: Request<Body>) -> Result<Response<Body>, Infallible> {
-        Ok::<_, Infallible>(Response::new(Body::from("")))
+        Ok::<_, Infallible>(Response::new(Body::empty()))
     }
 
     async fn prepare_db(db_conn: &mut AsyncPgConnection) -> Uuid {

diff --git a/crates/kitsune-core/src/service/user.rs b/crates/kitsune-core/src/service/user.rs
@@ -73,7 +73,7 @@ fn is_strong_password(value: &Option<String>, _context: &()) -> garde::Result {
 #[derive(Clone, TypedBuilder, Validate)]
 pub struct Register {
     /// Username of the new user
-    #[garde(length(min = 1, max = 64), pattern(r"[\w\.]+"))]
+    #[garde(length(min = 1, max = 64), pattern(r"^[\p{L}\p{N}\.]+$"))]
     username: String,
 
     /// Email address of the new user
@@ -261,3 +261,49 @@ impl UserService {
         self.registrations_open
     }
 }
+
+#[cfg(test)]
+mod test {
+    use super::Register;
+    use garde::Validate;
+
+    #[test]
+    fn alphanumeric_username() {
+        let valid_usernames = [
+            "aumetra",
+            "AUMETRA",
+            "aum3tr4",
+            "äumäträ",
+            "아우멭라",
+            "あうめtら",
+        ];
+
+        for username in valid_usernames {
+            let register = Register::builder()
+                .email("[email protected]".into())
+                .password("verysecurepassword123".into())
+                .username(username.into())
+                .build();
+
+            assert!(
+                register.validate(&()).is_ok(),
+                "{username} is considered invalid",
+            );
+        }
+
+        let invalid_usernames = [",,,", "🎃spooky", "weewoo 🚨"];
+
+        for username in invalid_usernames {
+            let register = Register::builder()
+                .email("[email protected]".into())
+                .password("verysecurepassword123".into())
+                .username(username.into())
+                .build();
+
+            assert!(
+                register.validate(&()).is_err(),
+                "{username} is considered valid",
+            );
+        }
+    }
+}
diff --git a/crates/kitsune-db/Cargo.toml b/crates/kitsune-db/Cargo.toml
@@ -26,3 +26,8 @@ speedy-uuid = { path = "../../lib/speedy-uuid", features = ["diesel"] }
 thiserror = "1.0.50"
 tracing-log = "0.2.0"
 typed-builder = "0.18.0"
+
+[dev-dependencies]
+kitsune-test = { path = "../kitsune-test" }
+serial_test = "2.0.0"
+tokio = { version = "1.34.0", features = ["macros"] }
diff --git a/crates/kitsune-db/migrations/2023-05-19-192931_initial_tables/up.sql b/crates/kitsune-db/migrations/2023-05-19-192931_initial_tables/up.sql
@@ -1,8 +1,15 @@
+CREATE COLLATION ignore_accent_case (
+    provider = icu,
+    deterministic = false,
+    locale = 'und-u-ks-level1'
+);
+
 CREATE TABLE accounts (
     id UUID PRIMARY KEY,
     display_name TEXT,
     note TEXT,
-    username TEXT NOT NULL,
+    -- Use special collation to ignore case and accent differences
+    username TEXT NOT NULL COLLATE ignore_accent_case, 
     locked BOOLEAN NOT NULL,
     local BOOLEAN NOT NULL,
     domain TEXT NOT NULL,
@@ -74,7 +81,8 @@ CREATE TABLE users (
     id UUID PRIMARY KEY,
     account_id UUID NOT NULL UNIQUE,
     oidc_id TEXT UNIQUE,
-    username TEXT NOT NULL,
+    -- Use special collation to ignore case and accent differences
+    username TEXT NOT NULL COLLATE ignore_accent_case,
     email TEXT NOT NULL UNIQUE,
     password TEXT UNIQUE,
     domain TEXT NOT NULL,