From a0ab0eb8758a2b51b905771e4ef2c30a733047cb Mon Sep 17 00:00:00 2001 From: Jxiced Date: Fri, 14 Feb 2025 17:01:01 +0000 Subject: [PATCH 1/4] Update ThrowIfInvalidUsername to include whitespaces. --- Jellyfin.Server.Implementations/Users/UserManager.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Jellyfin.Server.Implementations/Users/UserManager.cs b/Jellyfin.Server.Implementations/Users/UserManager.cs index c7ae0f4dbe..f54355f2a7 100644 --- a/Jellyfin.Server.Implementations/Users/UserManager.cs +++ b/Jellyfin.Server.Implementations/Users/UserManager.cs @@ -735,7 +735,7 @@ namespace Jellyfin.Server.Implementations.Users internal static void ThrowIfInvalidUsername(string name) { - if (!string.IsNullOrWhiteSpace(name) && ValidUsernameRegex().IsMatch(name)) + if (!string.IsNullOrWhiteSpace(name) && ValidUsernameRegex().IsMatch(name) && !char.IsWhiteSpace(name[0]) && !char.IsWhiteSpace(name[^1])) { return; } From 237c1d9b976f58a8b1dec1018626debe334246c6 Mon Sep 17 00:00:00 2001 From: Jxiced Date: Fri, 14 Feb 2025 17:46:23 +0000 Subject: [PATCH 2/4] Update regex and revert previous changes to ThrowIfInvalidUsername. --- Jellyfin.Server.Implementations/Users/UserManager.cs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Jellyfin.Server.Implementations/Users/UserManager.cs b/Jellyfin.Server.Implementations/Users/UserManager.cs index f54355f2a7..3ff725d65d 100644 --- a/Jellyfin.Server.Implementations/Users/UserManager.cs +++ b/Jellyfin.Server.Implementations/Users/UserManager.cs @@ -113,7 +113,7 @@ namespace Jellyfin.Server.Implementations.Users // This is some regex that matches only on unicode "word" characters, as well as -, _ and @ // In theory this will cut out most if not all 'control' characters which should help minimize any weirdness // Usernames can contain letters (a-z + whatever else unicode is cool with), numbers (0-9), at-signs (@), dashes (-), underscores (_), apostrophes ('), periods (.) and spaces ( ) - [GeneratedRegex(@"^[\w\ \-'._@+]+$")] + [GeneratedRegex(@"^(?!\s)[\w \-'._@]+(? @@ -735,7 +735,7 @@ namespace Jellyfin.Server.Implementations.Users internal static void ThrowIfInvalidUsername(string name) { - if (!string.IsNullOrWhiteSpace(name) && ValidUsernameRegex().IsMatch(name) && !char.IsWhiteSpace(name[0]) && !char.IsWhiteSpace(name[^1])) + if (!string.IsNullOrWhiteSpace(name) && ValidUsernameRegex().IsMatch(name)) { return; } From b5fcbfc15eef9845f21ecbeaea954d44394b0a5c Mon Sep 17 00:00:00 2001 From: Jxiced Date: Fri, 14 Feb 2025 17:49:25 +0000 Subject: [PATCH 3/4] Update test cases. --- .../Users/UserManagerTests.cs | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tests/Jellyfin.Server.Implementations.Tests/Users/UserManagerTests.cs b/tests/Jellyfin.Server.Implementations.Tests/Users/UserManagerTests.cs index 665afe1118..4cea53bd3d 100644 --- a/tests/Jellyfin.Server.Implementations.Tests/Users/UserManagerTests.cs +++ b/tests/Jellyfin.Server.Implementations.Tests/Users/UserManagerTests.cs @@ -23,6 +23,10 @@ namespace Jellyfin.Server.Implementations.Tests.Users [InlineData(" ")] [InlineData("")] [InlineData("special characters like & $ ? are not allowed")] + [InlineData("thishasaspaceontheend ")] + [InlineData(" thishasaspaceatthestart")] + [InlineData(" thishasaspaceatbothends ")] + [InlineData(" this has a space at both ends and inbetween ")] public void ThrowIfInvalidUsername_WhenInvalidUsername_ThrowsArgumentException(string username) { Assert.Throws(() => UserManager.ThrowIfInvalidUsername(username)); From 84450bb2972c00307c9eb17111df35a9316de4af Mon Sep 17 00:00:00 2001 From: Jxiced <48179642+Jxiced@users.noreply.github.com> Date: Fri, 14 Feb 2025 18:13:05 +0000 Subject: [PATCH 4/4] Update Jellyfin.Server.Implementations/Users/UserManager.cs Co-authored-by: gnattu --- Jellyfin.Server.Implementations/Users/UserManager.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Jellyfin.Server.Implementations/Users/UserManager.cs b/Jellyfin.Server.Implementations/Users/UserManager.cs index 3ff725d65d..fba8923f89 100644 --- a/Jellyfin.Server.Implementations/Users/UserManager.cs +++ b/Jellyfin.Server.Implementations/Users/UserManager.cs @@ -113,7 +113,7 @@ namespace Jellyfin.Server.Implementations.Users // This is some regex that matches only on unicode "word" characters, as well as -, _ and @ // In theory this will cut out most if not all 'control' characters which should help minimize any weirdness // Usernames can contain letters (a-z + whatever else unicode is cool with), numbers (0-9), at-signs (@), dashes (-), underscores (_), apostrophes ('), periods (.) and spaces ( ) - [GeneratedRegex(@"^(?!\s)[\w \-'._@]+(?