sanitize app passwords name (#589)

zio/stable
Ansh 2023-05-04 22:27:05 -07:00 committed by GitHub
parent 8d78e8581c
commit f28405f928
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 38 additions and 4 deletions

View File

@ -72,6 +72,19 @@ export function Component({}: {}) {
}, [store]) }, [store])
const createAppPassword = async () => { const createAppPassword = async () => {
// if name is all whitespace, we don't allow it
if (!name || !name.trim()) {
Toast.show(
'Please enter a name for your app password. All spaces is not allowed.',
)
return
}
// if name is too short (under 4 chars), we don't allow it
if (name.length < 4) {
Toast.show('App Password names must be at least 4 characters long.')
return
}
try { try {
const newPassword = await store.me.createAppPassword(name) const newPassword = await store.me.createAppPassword(name)
if (newPassword) { if (newPassword) {
@ -86,13 +99,27 @@ export function Component({}: {}) {
} }
} }
const _onChangeText = (text: string) => {
// sanitize input
// we only all alphanumeric characters, spaces, dashes, and underscores
// if the user enters anything else, we ignore it and shake the input container
// also, it cannot start with a space
if (text.match(/^[a-zA-Z0-9-_ ]*$/)) {
setName(text)
} else {
Toast.show(
'App Password names can only contain letters, numbers, spaces, dashes, and underscores.',
)
}
}
return ( return (
<View style={[styles.container, pal.view]} testID="addAppPasswordsModal"> <View style={[styles.container, pal.view]} testID="addAppPasswordsModal">
<View> <View>
{!appPassword ? ( {!appPassword ? (
<Text type="lg" style={[pal.text]}> <Text type="lg" style={[pal.text]}>
Please enter a unique name for this App Password. We have generated Please enter a unique name for this App Password or use our randomly
a random name for you. generated one.
</Text> </Text>
) : ( ) : (
<Text type="lg" style={[pal.text]}> <Text type="lg" style={[pal.text]}>
@ -106,7 +133,7 @@ export function Component({}: {}) {
<View style={[pal.btn, styles.textInputWrapper]}> <View style={[pal.btn, styles.textInputWrapper]}>
<TextInput <TextInput
style={[styles.input, pal.text]} style={[styles.input, pal.text]}
onChangeText={setName} onChangeText={_onChangeText}
value={name} value={name}
placeholder="Enter a name for this App Password" placeholder="Enter a name for this App Password"
placeholderTextColor={pal.colors.textLight} placeholderTextColor={pal.colors.textLight}
@ -114,6 +141,7 @@ export function Component({}: {}) {
autoComplete="off" autoComplete="off"
autoCapitalize="none" autoCapitalize="none"
autoFocus={true} autoFocus={true}
maxLength={32}
selectTextOnFocus={true} selectTextOnFocus={true}
multiline={true} // need this to be true otherwise selectTextOnFocus doesn't work multiline={true} // need this to be true otherwise selectTextOnFocus doesn't work
numberOfLines={1} // hack for multiline so only one line shows (android) numberOfLines={1} // hack for multiline so only one line shows (android)
@ -154,7 +182,13 @@ export function Component({}: {}) {
For security reasons, you won't be able to view this again. If you For security reasons, you won't be able to view this again. If you
lose this password, you'll need to generate a new one. lose this password, you'll need to generate a new one.
</Text> </Text>
) : null} ) : (
<Text type="xs" style={[pal.textLight, s.mb10, s.mt2]}>
Only contain letters, numbers, spaces, dashes, and underscores
allowed. Must be at least 4 characters long, but no more than 32
characters long.
</Text>
)}
<View style={styles.btnContainer}> <View style={styles.btnContainer}>
<Button <Button
type="primary" type="primary"