Refuse username if username is already in use

This commit is contained in:
Denis Natusch 2024-01-06 20:31:43 +01:00
parent 13641bc6a2
commit 06fc8732cc
No known key found for this signature in database
GPG key ID: 5E57BD8EDACFA985
2 changed files with 65 additions and 0 deletions

View file

@ -60,6 +60,12 @@ public class UserController {
@PostMapping("/register") @PostMapping("/register")
String register(@Valid RegistrationForm form, Errors result) { String register(@Valid RegistrationForm form, Errors result) {
if (
(!result.hasErrors()) &&
(!userManagement.getUserByName(form.getUsername()).isEmpty())
) {
result.rejectValue("username", "username already in use");
}
if (result.hasErrors()){ if (result.hasErrors()){
return "register"; return "register";
} }
@ -85,6 +91,13 @@ public class UserController {
public String editProfile(@LoggedIn UserAccount userAccount, @Valid ProfileForm form, Errors result, Model model) { public String editProfile(@LoggedIn UserAccount userAccount, @Valid ProfileForm form, Errors result, Model model) {
String redirect = "redirect:/logout"; String redirect = "redirect:/logout";
if (
(!result.hasErrors()) &&
(!userManagement.getUserByName(form.getUsername()).isEmpty()) &&
(userManagement.getUserByAccount(userAccount).get().getUsername() != form.getUsername())
) {
result.rejectValue("username", "username already in use");
}
if (result.hasErrors()){ if (result.hasErrors()){
return "profile"; return "profile";
} }
@ -138,6 +151,13 @@ public class UserController {
@PostMapping("/customers/edit/{id}") @PostMapping("/customers/edit/{id}")
@PreAuthorize("hasRole('ADMIN')") @PreAuthorize("hasRole('ADMIN')")
public String updateCustomer(@PathVariable("id") User user, @Valid AdminForm form, Errors result) { public String updateCustomer(@PathVariable("id") User user, @Valid AdminForm form, Errors result) {
if (
!result.hasErrors() &&
!userManagement.getUserByName(form.getUsername()).isEmpty() &&
!user.getUsername().equals(form.getUsername())
) {
result.rejectValue("username", "username already in use");
}
if (result.hasErrors()){ if (result.hasErrors()){
return "edit-customer"; return "edit-customer";
} }

View file

@ -57,6 +57,8 @@ class UserControllerIntegrationTests {
createTestUser("jacob"); createTestUser("jacob");
createTestUser("moana"); createTestUser("moana");
createTestUser("paul"); createTestUser("paul");
createTestUser("mark");
createTestUser("eva");
} }
@Test @Test
@ -308,4 +310,47 @@ class UserControllerIntegrationTests {
.extracting("username") .extracting("username")
.contains("jacob"); .contains("jacob");
} }
@Test
@WithAnonymousUser
void userAlreadyExistsRegistration() throws Exception {
MockHttpServletRequestBuilder createCustomer = post("/register")
.param("username", "admin")
.param("password", "123")
.param("fullName", "Tom Klaus")
.param("address", "Baum Weg");
mvc.perform(createCustomer).andExpect(content().string(containsString("Ungültiger Nutzername")));
}
@Test
@WithMockUser(username = "mark", password = "123")
void changeUsernameToExistingUsername() throws Exception {
assertTrue(userAccountManagement.findByUsername("jacob").isPresent());
assertTrue(userAccountManagement.findByUsername("mark").isPresent());
MockHttpServletRequestBuilder createCustomer = post("/profile")
.param("username", "admin")
.param("password", "")
.param("fullName", "Mark Klaus")
.param("address", "Baum Weg");
mvc.perform(createCustomer).andExpect(content().string(containsString("Ungültiger Nutzername")));
createCustomer = post("/profile")
.param("username", "jacob")
.param("password", "")
.param("fullName", "Mark Klaus")
.param("address", "Baum Weg");
mvc.perform(createCustomer).andExpect(content().string(containsString("Ungültiger Nutzername")));
assertTrue(userAccountManagement.findByUsername("mark").isPresent());
}
@Test
@WithMockUser(username = "admin", password = "admin", roles = "ADMIN")
void changeCustomerUsernameToExistingUsername() throws Exception {
assertTrue(userAccountManagement.findByUsername("eva").isPresent());
mvc.perform(post("/customers/edit/" + userManagement.getUserByName("eva").get().getId())
.param("username", "admin")
.param("fullName", "Eva Klaus")
.param("address", "Baum Weg")
).andExpect(content().string(containsString("Ungültiger Nutzername")));
assertTrue(userAccountManagement.findByUsername("eva").isPresent());
}
} }