security fix: CP-18: Users – Create New User

2026-02-28 09:20:43 +01:00 · 2021-08-13 14:55:08 +05:00
parent bd96fa181c
commit 2625158059
2 changed files with 25 additions and 0 deletions
--- a/plogical/acl.py
+++ b/plogical/acl.py
@@ -53,6 +53,14 @@ class ACLManager:
        else:
            return 0

+    @staticmethod
+    def CheckRegEx(RegexCheck, value):
+        import re
+        if re.match(RegexCheck, value):
+            return 1
+        else:
+            return 0
+


    @staticmethod
--- a/userManagment/views.py
+++ b/userManagment/views.py
@@ -131,6 +131,23 @@ def submitUserCreation(request):
            websitesLimit = data['websitesLimit']
            selectedACL = data['selectedACL']

+            if ACLManager.CheckRegEx("^[\w'\-,.][^0-9_!¡?÷?¿/\\+=@#$%ˆ&*(){}|~<>;:[\]]{2,}$", firstName) == 0:
+                data_ret = {'status': 0, 'createStatus': 0, 'error_message': 'First Name can only contain Alphabets and should be more then 2 characters..'}
+                json_data = json.dumps(data_ret)
+                return HttpResponse(json_data)
+
+            if ACLManager.CheckRegEx("^[\w'\-,.][^0-9_!¡?÷?¿/\\+=@#$%ˆ&*(){}|~<>;:[\]]{2,}$", lastName) == 0:
+                data_ret = {'status': 0, 'createStatus': 0, 'error_message': 'First Name can only contain Alphabets and should be more then 2 characters..'}
+                json_data = json.dumps(data_ret)
+                return HttpResponse(json_data)
+
+            import validators
+            if not validators.email(email):
+                data_ret = {'status': 0, 'createStatus': 0,
+                            'error_message': 'Invalid email address.'}
+                json_data = json.dumps(data_ret)
+                return HttpResponse(json_data)
+
            try:
                securityLevel = data['securityLevel']
            except: