From d6fd11fe95ef628c9fd781867463a7ccbdbbde63 Mon Sep 17 00:00:00 2001
From: Mohamed Karray <mohamed.karray.sr@gmail.com>
Date: Mon, 1 Oct 2018 16:30:30 +0200
Subject: [PATCH] fix regexp for user and group name

---
 .../scm/api/v2/ValidationConstraints.java     |  2 +-
 .../v2/resources/GroupRootResourceTest.java   | 34 ++++++++++++++++++-
 2 files changed, 34 insertions(+), 2 deletions(-)

diff --git a/scm-webapp/src/main/java/sonia/scm/api/v2/ValidationConstraints.java b/scm-webapp/src/main/java/sonia/scm/api/v2/ValidationConstraints.java
index b98af3aa80..2070aee789 100644
--- a/scm-webapp/src/main/java/sonia/scm/api/v2/ValidationConstraints.java
+++ b/scm-webapp/src/main/java/sonia/scm/api/v2/ValidationConstraints.java
@@ -9,6 +9,6 @@ public final class ValidationConstraints {
    * and it not contains whitespaces
    * and the characters: . - _ @ are allowed
    */
-  public static final String USER_GROUP_PATTERN = "^[^@\\s][A-z0-9\\.\\-_@]+$";
+  public static final String USER_GROUP_PATTERN = "^[^@\\s][A-Za-z0-9\\.\\-_@]+$";
 
 }
diff --git a/scm-webapp/src/test/java/sonia/scm/api/v2/resources/GroupRootResourceTest.java b/scm-webapp/src/test/java/sonia/scm/api/v2/resources/GroupRootResourceTest.java
index c4fded9bb7..036579e9dd 100644
--- a/scm-webapp/src/test/java/sonia/scm/api/v2/resources/GroupRootResourceTest.java
+++ b/scm-webapp/src/test/java/sonia/scm/api/v2/resources/GroupRootResourceTest.java
@@ -238,7 +238,7 @@ public class GroupRootResourceTest {
 
     assertEquals(400, response.getStatus());
 
-    // the whitespace at the begin opf the name is not allowed
+    // the whitespace at the begin of the name is not allowed
     groupJson = "{ \"name\": \" grpname\", \"type\": \"admin\" }";
     request = MockHttpRequest
       .post("/" + GroupRootResource.GROUPS_PATH_V2)
@@ -248,6 +248,38 @@ public class GroupRootResourceTest {
     dispatcher.invoke(request, response);
 
     assertEquals(400, response.getStatus());
+
+    // the characters {[ are not allowed
+    groupJson = "{ \"name\": \"grp{name}\", \"type\": \"admin\" }";
+    request = MockHttpRequest
+      .post("/" + GroupRootResource.GROUPS_PATH_V2)
+      .contentType(VndMediaType.GROUP)
+      .content(groupJson.getBytes());
+
+    dispatcher.invoke(request, response);
+
+    assertEquals(400, response.getStatus());
+
+    groupJson = "{ \"name\": \"grp[name]\", \"type\": \"admin\" }";
+    request = MockHttpRequest
+      .post("/" + GroupRootResource.GROUPS_PATH_V2)
+      .contentType(VndMediaType.GROUP)
+      .content(groupJson.getBytes());
+
+    dispatcher.invoke(request, response);
+
+    assertEquals(400, response.getStatus());
+
+    groupJson = "{ \"name\": \"grp/name\", \"type\": \"admin\" }";
+    request = MockHttpRequest
+      .post("/" + GroupRootResource.GROUPS_PATH_V2)
+      .contentType(VndMediaType.GROUP)
+      .content(groupJson.getBytes());
+
+    dispatcher.invoke(request, response);
+
+    assertEquals(400, response.getStatus());
+
   }
 
   @Test