diff --git a/components/org.wso2.carbon.identity.recovery/src/main/java/org/wso2/carbon/identity/recovery/IdentityRecoveryConstants.java b/components/org.wso2.carbon.identity.recovery/src/main/java/org/wso2/carbon/identity/recovery/IdentityRecoveryConstants.java index 79db8d4f85..1c24516773 100644 --- a/components/org.wso2.carbon.identity.recovery/src/main/java/org/wso2/carbon/identity/recovery/IdentityRecoveryConstants.java +++ b/components/org.wso2.carbon.identity.recovery/src/main/java/org/wso2/carbon/identity/recovery/IdentityRecoveryConstants.java @@ -185,6 +185,9 @@ public class IdentityRecoveryConstants { public static final String AP_CONFIRMATION_CODE_THREAD_LOCAL_INITIAL_VALUE = "apConfirmationCodeThreadLocalInitialValue"; + public static final String GIVENNAME_CLAIM = "http://wso2.org/claims/givenname"; + public static final String LASTNAME_CLAIM = "http://wso2.org/claims/lastname"; + private IdentityRecoveryConstants() { } @@ -284,6 +287,7 @@ public enum ErrorMessages { ERROR_CODE_ERROR_DELETING_RECOVERY_DATA("20061", "Error deleting user recovery data of the tenant: %s"), ERROR_CODE_ERROR_GETTING_CONNECTOR_CONFIG("20062", "Error while getting connector configurations"), ERROR_CODE_ERROR_NO_REQUIRED_PERMISSIONS("20063", "User does not have required permissions"), + ERROR_CODE_INVALID_GIVEN_NAME_CLAIM("20067", "For security measures, < > ` \" characters are restricted"), ERROR_CODE_ERROR_RETRIVING_CLAIM("18004", "Error when retrieving the locale claim of user '%s' of '%s' domain."), ERROR_CODE_RECOVERY_DATA_NOT_FOUND_FOR_USER("18005", "Recovery data not found."), diff --git a/components/org.wso2.carbon.identity.recovery/src/main/java/org/wso2/carbon/identity/recovery/signup/UserSelfRegistrationManager.java b/components/org.wso2.carbon.identity.recovery/src/main/java/org/wso2/carbon/identity/recovery/signup/UserSelfRegistrationManager.java index f8f5ee6ec8..793ce5f599 100644 --- a/components/org.wso2.carbon.identity.recovery/src/main/java/org/wso2/carbon/identity/recovery/signup/UserSelfRegistrationManager.java +++ b/components/org.wso2.carbon.identity.recovery/src/main/java/org/wso2/carbon/identity/recovery/signup/UserSelfRegistrationManager.java @@ -192,6 +192,14 @@ public NotificationResponseBean registerUser(User user, String password, Claim[] claimsMap.put(claim.getClaimUri(), claim.getValue()); } + String givenNameClaim = claimsMap.get(IdentityRecoveryConstants.GIVENNAME_CLAIM); + String lastNameClaim = claimsMap.get(IdentityRecoveryConstants.LASTNAME_CLAIM); + if ((StringUtils.isNotEmpty(givenNameClaim) && !Utils.isValidName(givenNameClaim)) || + (StringUtils.isNotEmpty(lastNameClaim) && !Utils.isValidName(lastNameClaim))) { + throw Utils.handleClientException(IdentityRecoveryConstants.ErrorMessages. + ERROR_CODE_INVALID_GIVEN_NAME_CLAIM, null); + } + //Set arbitrary properties to use in UserSelfRegistrationHandler Utils.setArbitraryProperties(properties); validateAndFilterFromReceipt(consent, claimsMap); diff --git a/components/org.wso2.carbon.identity.recovery/src/main/java/org/wso2/carbon/identity/recovery/util/Utils.java b/components/org.wso2.carbon.identity.recovery/src/main/java/org/wso2/carbon/identity/recovery/util/Utils.java index ae2d5b19f9..6d4217bd4b 100644 --- a/components/org.wso2.carbon.identity.recovery/src/main/java/org/wso2/carbon/identity/recovery/util/Utils.java +++ b/components/org.wso2.carbon.identity.recovery/src/main/java/org/wso2/carbon/identity/recovery/util/Utils.java @@ -1356,4 +1356,15 @@ private static int getRecoveryCodeExpiryTime() { return IdentityRecoveryConstants.RECOVERY_CODE_DEFAULT_EXPIRY_TIME; } } + + /** + * Checks whether the user's name claims contain any of <, >, " and ` characters + * + * @param name username to validate + * @return true if any invalid character is found in the name + */ + public static boolean isValidName(String name) { + + return !name.contains("<") && !name.contains(">") && !name.contains("\"") && !name.contains("`"); + } }