Raise an error if a user tries to register with an excessively long username

Summary: Fixes T2348. We should probably do some of this more broadly, but can tackle them one at a time as they arise, since many fields have no effective length limit. Test Plan: {F54126} Reviewers: btrahan, asherkin Reviewed By: asherkin CC: aran Maniphest Tasks: T2348 Differential Revision: https://secure.phabricator.com/D6744
2025-01-11 15:21:03 +01:00 · 2013-08-13 14:37:23 -07:00 · 2013-08-13 14:37:23 -07:00 · a530004ac7
commit a530004ac7
parent f852a09e1c
1 changed files with 10 additions and 2 deletions
--- a/src/applications/people/storage/PhabricatorUser.php
+++ b/src/applications/people/storage/PhabricatorUser.php
@ -9,6 +9,7 @@ final class PhabricatorUser

  const SESSION_TABLE = 'phabricator_session';
  const NAMETOKEN_TABLE = 'user_nametoken';
+  const MAXIMUM_USERNAME_LENGTH = 64;

  protected $phid;
  protected $userName;
@ -689,8 +690,11 @@ EOBODY;
  }

  public static function describeValidUsername() {
-    return 'Usernames must contain only numbers, letters, period, underscore '.
-           'and hyphen, and can not end with a period.';
+    return pht(
+      'Usernames must contain only numbers, letters, period, underscore and '.
+      'hyphen, and can not end with a period. They must have no more than %d '.
+      'characters.',
+      new PhutilNumber(self::MAXIMUM_USERNAME_LENGTH));
  }

  public static function validateUsername($username) {
@ -701,6 +705,10 @@ EOBODY;
    //  - Unit tests, obviously.
    //  - describeValidUsername() method, above.

+    if (strlen($username) > self::MAXIMUM_USERNAME_LENGTH) {
+      return false;
+    }
+
    return (bool)preg_match('/^[a-zA-Z0-9._-]*[a-zA-Z0-9_-]$/', $username);
  }