add UserInput sanitization

2021-03-06 08:56:54 +01:00 · 2021-03-06 08:56:54 +01:00 · cc93a57af9
parent 56c8c9160b
commit cc93a57af9
3 changed files with 27 additions and 8 deletions
--- a/internal/models/user.go
+++ b/internal/models/user.go
@ -2,6 +2,7 @@ package models

 import (
 	"context"
+	"strings"
 	"time"

 	sqlutils "github.com/zdam-egzamin-zawodowy/backend/pkg/utils/sql"
@ -86,6 +87,25 @@ func (input *UserInput) ToUser() *User {
 	return u
 }

+func (input *UserInput) Sanitize() *UserInput {
+	if input.DisplayName != nil {
+		trimmed := strings.TrimSpace(*input.DisplayName)
+		input.DisplayName = &trimmed
+	}
+
+	if input.Password != nil {
+		sanitized := strings.ToLower(strings.TrimSpace(*input.Password))
+		input.Password = &sanitized
+	}
+
+	if input.Email != nil {
+		sanitized := strings.ToLower(strings.TrimSpace(*input.Email))
+		input.Email = &sanitized
+	}
+
+	return input
+}
+
 func (input *UserInput) ApplyUpdate(q *orm.Query) (*orm.Query, error) {
 	if !input.IsEmpty() {
 		if input.DisplayName != nil {
--- a/internal/user/usecase/usecase.go
+++ b/internal/user/usecase/usecase.go
@ -28,7 +28,7 @@ func New(cfg *Config) (user.Usecase, error) {
 }

 func (ucase *usecase) Store(ctx context.Context, input *models.UserInput) (*models.User, error) {
-	if err := ucase.validateInput(input, validateOptions{false}); err != nil {
+	if err := ucase.validateInput(input.Sanitize(), validateOptions{false}); err != nil {
 		return nil, err
 	}
 	return ucase.userRepository.Store(ctx, input)
@ -43,7 +43,7 @@ func (ucase *usecase) UpdateOneByID(ctx context.Context, id int, input *models.U
 		&models.UserFilter{
 			ID: []int{id},
 		},
-		input,
+		input.Sanitize(),
 	)
 	if err != nil {
 		return nil, err
@ -58,7 +58,7 @@ func (ucase *usecase) UpdateMany(ctx context.Context, f *models.UserFilter, inpu
 	if f == nil {
 		return []*models.User{}, nil
 	}
-	if err := ucase.validateInput(input, validateOptions{true}); err != nil {
+	if err := ucase.validateInput(input.Sanitize(), validateOptions{true}); err != nil {
 		return nil, err
 	}
 	items, err := ucase.userRepository.UpdateMany(ctx, f, input)
@ -149,8 +149,7 @@ func (ucase *usecase) validateInput(input *models.UserInput, opts validateOption
 	}

 	if input.Password != nil {
-		password := *input.Password
-		passwordLength := len(password)
+		passwordLength := len(*input.Password)
 		if passwordLength > user.MaxPasswordLength || passwordLength < user.MinPasswordLength {
 			return fmt.Errorf(messagePasswordInvalidLength, user.MinPasswordLength, user.MaxPasswordLength)
 		}
--- a/pkg/utils/sql/sanitize_sort.go
+++ b/pkg/utils/sql/sanitize_sort.go
@ -37,14 +37,14 @@ func SanitizeSort(sort string) string {
 }

 func SanitizeSorts(sorts []string) []string {
-	sanitizedExprs := []string{}
+	sanitizedSorts := []string{}
 	for _, sort := range sorts {
 		sanitized := SanitizeSort(sort)
 		if sanitized != "" {
-			sanitizedExprs = append(sanitizedExprs, sanitized)
+			sanitizedSorts = append(sanitizedSorts, sanitized)
 		}
 	}
-	return sanitizedExprs
+	return sanitizedSorts
 }

 type buffer struct {