Changeset 13984

Timestamp:

07/27/2024 07:01:02 PM (10 months ago)

Author:

espellcaste

Message:

Enforce requirement of usernames having valid letters.

Profile links dont

Location:

trunk

Files:

• src/bp-members/bp-members-functions.php (modified) (5 diffs)
• tests/phpunit/testcases/members/functions.php (modified) (33 diffs)

trunk/src/bp-members/bp-members-functions.php

@@ -1622 +1622 @@
     // Note: This check only works on Multisite.
     $limited_email_domains = get_site_option( 'limited_email_domains' );
-    if ( is_array( $limited_email_domains ) && empty( $limited_email_domains ) == false ) {
+    if ( is_array( $limited_email_domains ) && ! empty( $limited_email_domains ) ) {
         $emaildomain = substr( $user_email, 1 + strpos( $user_email, '@' ) );
-        if ( ! in_array( $emaildomain, $limited_email_domains ) ) {
+
+        if ( ! in_array( $emaildomain, $limited_email_domains, true ) ) {
             $errors['domain_not_allowed'] = 1;
         }
@@ -1634 +1635 @@
     }
 
-    $retval = ! empty( $errors ) ? $errors : true;
-
-    return $retval;
+    return ! empty( $errors ) ? $errors : true;
 }
 
@@ -1713 +1712 @@
         // User name can't be on the list of illegal names.
         $illegal_names = get_site_option( 'illegal_names' );
-        if ( in_array( $user_name, (array) $illegal_names ) ) {
-            $errors->add( 'user_name', __( 'That username is not allowed', 'buddypress' ) );
+        if ( in_array( $user_name, (array) $illegal_names, true ) ) {
+            $errors->add( 'user_name', __( 'That username is not allowed.', 'buddypress' ) );
         }
 
@@ -1724 +1723 @@
         // Minimum of 4 characters.
         if ( strlen( $user_name ) < 4 ) {
-            $errors->add( 'user_name',  __( 'Username must be at least 4 characters', 'buddypress' ) );
+            $errors->add( 'user_name', __( 'Username must be at least 4 characters.', 'buddypress' ) );
+        }
+
+        // Maximum of 60 characters.
+        if ( strlen( $user_name ) > 60 ) {
+            $errors->add( 'user_name', __( 'Username may not be longer than 60 characters.', 'buddypress' ) );
         }
 
         // No underscores. @todo Why not?
-        if ( false !== strpos( ' ' . $user_name, '_' ) ) {
+        if ( str_contains( ' ' . $user_name, '_' ) ) {
             $errors->add( 'user_name', __( 'Sorry, usernames may not contain the character "_"!', 'buddypress' ) );
         }
@@ -1735 +1739 @@
         $match = array();
         preg_match( '/[0-9]*/', $user_name, $match );
-        if ( $match[0] == $user_name ) {
+
+        // Check for valid letters.
+        $valid_letters = preg_match( '/[a-zA-Z]+/', $user_name );
+
+        if ( $match[0] === $user_name || ! $valid_letters ) {
             $errors->add( 'user_name', __( 'Sorry, usernames must have letters too!', 'buddypress' ) );
         }
 
         // Check into signups.
-        $signups = BP_Signup::get( array(
-            'user_login' => $user_name,
-        ) );
+        $signups = BP_Signup::get(
+            array(
+                'user_login' => $user_name,
+            )
+        );
 
         $signup = isset( $signups['signups'] ) && ! empty( $signups['signups'][0] ) ? $signups['signups'][0] : false;

trunk/tests/phpunit/testcases/members/functions.php

@@ -6 +6 @@
 class BP_Tests_Members_Functions extends BP_UnitTestCase {
     protected $permalink_structure = '';
-    protected $filter_fired = '';
+    protected $filter_fired        = '';
 
     public function set_up() {
@@ -25 +25 @@
     public function test_bp_core_delete_account() {
         // Stash
-        $current_user = get_current_user_id();
+        $current_user      = get_current_user_id();
         $deletion_disabled = bp_disable_account_deletion();
 
@@ -33 +33 @@
 
         // 1. Admin can delete user account
-        self::set_current_user( $admin_user );
+        $this->set_current_user( $admin_user );
         $user1 = self::factory()->user->create( array( 'role' => 'subscriber' ) );
         bp_core_delete_account( $user1 );
@@ -52 +52 @@
         $user3 = self::factory()->user->create( array( 'role' => 'subscriber' ) );
         $user4 = self::factory()->user->create( array( 'role' => 'subscriber' ) );
-        self::set_current_user( $user3 );
+        $this->set_current_user( $user3 );
         bp_core_delete_account( $user4 );
         $maybe_user = new WP_User( $user4 );
@@ -59 +59 @@
 
         // Cleanup
-        self::set_current_user( $current_user );
+        $this->set_current_user( $current_user );
         bp_update_option( 'bp-disable-account-deletion', $deletion_disabled );
     }
@@ -136 +136 @@
 
         // Now change the members directory slug
-        $pages = bp_core_get_directory_pages();
-        $members_page = get_post( $pages->members->id );
-        $new_members_slug = 'new-members-slug';
+        $pages                   = bp_core_get_directory_pages();
+        $members_page            = get_post( $pages->members->id );
+        $new_members_slug        = 'new-members-slug';
         $members_page->post_name = $new_members_slug;
-        $p = wp_update_post( $members_page );
+        $p                       = wp_update_post( $members_page );
 
         // Weird!
@@ -185 +185 @@
      */
     public function test_bp_core_get_user_displayname_xprofile_exists() {
-        $xprofile_is_active = bp_is_active( 'xprofile' );
+        $xprofile_is_active                         = bp_is_active( 'xprofile' );
         buddypress()->active_components['xprofile'] = '1';
 
@@ -202 +202 @@
      */
     public function test_bp_core_get_user_displayname_arrays_all_bad_entries() {
-        $this->assertSame( array(), bp_core_get_user_displaynames( array( 0, 'foo', ) ) );
+        $this->assertSame( array(), bp_core_get_user_displaynames( array( 0, 'foo' ) ) );
     }
 
@@ -219 +219 @@
         );
 
-        $this->assertSame( $expected, bp_core_get_user_displaynames( array( $u1, $u2, ) ) );
+        $this->assertSame( $expected, bp_core_get_user_displaynames( array( $u1, $u2 ) ) );
     }
 
@@ -227 +227 @@
     public function test_bp_core_get_user_displaynames_one_not_in_xprofile() {
         $u1 = self::factory()->user->create();
-        $u2 = self::factory()->user->create( array(
-            'display_name' => 'Bar',
-        ) );
+        $u2 = self::factory()->user->create(
+            array(
+                'display_name' => 'Bar',
+            )
+        );
         xprofile_set_field_data( 1, $u1, 'Foo' );
 
@@ -237 +239 @@
         );
 
-        $this->assertSame( $expected, bp_core_get_user_displaynames( array( $u1, $u2, ) ) );
+        $this->assertSame( $expected, bp_core_get_user_displaynames( array( $u1, $u2 ) ) );
     }
 
@@ -244 +246 @@
      */
     public function test_bp_members_migrate_signups_standard() {
-        $u = self::factory()->user->create();
+        $u     = self::factory()->user->create();
         $u_obj = new WP_User( $u );
 
@@ -254 +256 @@
         $wpdb->update(
             $wpdb->users,
-            array( 'user_status' => '2', ),
-            array( 'ID' => $u, ),
-            array( '%d', ),
-            array( '%d', )
+            array( 'user_status' => '2' ),
+            array( 'ID' => $u ),
+            array( '%d' ),
+            array( '%d' )
         );
         clean_user_cache( $u );
@@ -278 +280 @@
      */
     public function test_bp_members_migrate_signups_activation_key_but_user_status_0() {
-        $u = self::factory()->user->create();
+        $u     = self::factory()->user->create();
         $u_obj = new WP_User( $u );
 
@@ -291 +293 @@
         $wpdb->update(
             $wpdb->users,
-            array( 'user_status' => '0', ),
-            array( 'ID' => $u, ),
-            array( '%d', ),
-            array( '%d', )
+            array( 'user_status' => '0' ),
+            array( 'ID' => $u ),
+            array( '%d' ),
+            array( '%d' )
         );
         clean_user_cache( $u );
@@ -309 +311 @@
      */
     public function test_bp_members_migrate_signups_no_activation_key_but_user_status_2() {
-        $u = self::factory()->user->create();
+        $u     = self::factory()->user->create();
         $u_obj = new WP_User( $u );
 
@@ -316 +318 @@
         $wpdb->update(
             $wpdb->users,
-            array( 'user_status' => '2', ),
-            array( 'ID' => $u, ),
-            array( '%d', ),
-            array( '%d', )
+            array( 'user_status' => '2' ),
+            array( 'ID' => $u ),
+            array( '%d' ),
+            array( '%d' )
         );
         clean_user_cache( $u );
@@ -326 +328 @@
 
         // Use email address as a sanity check
-        $found = BP_Signup::get();
+        $found       = BP_Signup::get();
         $found_email = isset( $found['signups'][0]->user_email ) ? $found['signups'][0]->user_email : '';
         $this->assertSame( $u_obj->user_email, $found_email );
@@ -344 +346 @@
 
         $time = time();
-        $t1 = date( 'Y-m-d H:i:s', $time - 50 );
-        $t2 = date( 'Y-m-d H:i:s', $time - 500 );
-        $t3 = date( 'Y-m-d H:i:s', $time - 5000 );
+        $t1   = date( 'Y-m-d H:i:s', $time - 50 );
+        $t2   = date( 'Y-m-d H:i:s', $time - 500 );
+        $t3   = date( 'Y-m-d H:i:s', $time - 5000 );
 
         update_user_meta( $u1, 'last_activity', $t1 );
@@ -355 +357 @@
         global $wpdb;
         $bp = buddypress();
-        $wpdb->query( $wpdb->prepare(
-            "INSERT INTO {$bp->members->table_name_last_activity}
+        $wpdb->query(
+            $wpdb->prepare(
+                "INSERT INTO {$bp->members->table_name_last_activity}
                 (`user_id`, `component`, `type`, `action`, `content`, `primary_link`, `item_id`, `date_recorded` ) VALUES
                 ( %d, %s, %s, %s, %s, %s, %d, %s )",
-            $u2, $bp->members->id, 'last_activity', '', '', '', 0, $t1
-        ) );
+                $u2,
+                $bp->members->id,
+                'last_activity',
+                '',
+                '',
+                '',
+                0,
+                $t1
+            )
+        );
 
         bp_last_activity_migrate();
@@ -387 +398 @@
      */
     public function test_bp_core_get_userid_from_nicename_failure() {
-        $this->assertSame( NULL, bp_core_get_userid_from_nicename( 'non_existent_user' ) );
+        $this->assertSame( null, bp_core_get_userid_from_nicename( 'non_existent_user' ) );
     }
 
@@ -432 +443 @@
         }
 
-        $bp = buddypress();
+        $bp             = buddypress();
         $displayed_user = $bp->displayed_user;
 
-        $u1 = self::factory()->user->create();
+        $u1                     = self::factory()->user->create();
         $bp->displayed_user->id = $u1;
 
@@ -460 +471 @@
         }
 
-        $bp = buddypress();
+        $bp             = buddypress();
         $displayed_user = $bp->displayed_user;
 
-        $u1 = self::factory()->user->create();
+        $u1                     = self::factory()->user->create();
         $bp->displayed_user->id = $u1;
 
@@ -484 +495 @@
      */
     public function test_bp_core_process_spammer_status_ms_bulk_ham() {
-        if ( ! is_multisite() ) {
-            $this->markTestSkipped();
-        }
-
-        $bp = buddypress();
+        $this->skipWithoutMultisite();
+
+        $bp             = buddypress();
         $displayed_user = $bp->displayed_user;
 
-        $u1 = self::factory()->user->create();
+        $u1                     = self::factory()->user->create();
         $bp->displayed_user->id = $u1;
 
@@ -520 +529 @@
         add_action( 'make_spam_user', array( $this, 'notification_filter_callback' ) );
 
-        $n = bp_core_process_spammer_status( $u1, 'spam' );
+        bp_core_process_spammer_status( $u1, 'spam' );
 
         remove_action( 'make_spam_user', array( $this, 'notification_filter_callback' ) );
@@ -529 +538 @@
     public function test_bp_core_process_spammer_status_make_ham_user_filter() {
         $u1 = self::factory()->user->create();
-        $s  = bp_core_process_spammer_status( $u1, 'spam' );
+
+        bp_core_process_spammer_status( $u1, 'spam' );
 
         add_action( 'make_ham_user', array( $this, 'notification_filter_callback' ) );
 
-        $h = bp_core_process_spammer_status( $u1, 'ham' );
+        bp_core_process_spammer_status( $u1, 'ham' );
 
         remove_action( 'make_ham_user', array( $this, 'notification_filter_callback' ) );
 
         $this->assertSame( 'make_ham_user', $this->filter_fired );
-
     }
 
@@ -545 +554 @@
 
         $u1 = self::factory()->user->create();
-        $n = bp_core_process_spammer_status( $u1, 'spam' );
+
+        bp_core_process_spammer_status( $u1, 'spam' );
 
         remove_action( 'bp_make_spam_user', array( $this, 'notification_filter_callback' ) );
 
         $this->assertSame( 'bp_make_spam_user', $this->filter_fired );
-
     }
 
@@ -557 +566 @@
 
         $u1 = self::factory()->user->create();
-        $n = bp_core_process_spammer_status( $u1, 'ham' );
+        $n  = bp_core_process_spammer_status( $u1, 'ham' );
 
         remove_action( 'bp_make_ham_user', array( $this, 'notification_filter_callback' ) );
 
         $this->assertSame( 'bp_make_ham_user', $this->filter_fired );
-
     }
 
@@ -570 +578 @@
      */
     public function test_bp_core_process_spammer_status_ms_should_only_spam_sites_with_one_admin() {
-        if ( ! is_multisite() ) {
-            $this->markTestSkipped();
-        }
+        $this->skipWithoutMultisite();
 
         $u1 = self::factory()->user->create();
@@ -663 +669 @@
         global $wpdb;
 
-
-        $signups = array( 'no-blog' =>
-            array( 'signup_id' => self::factory()->signup->create( array(
-                    'user_login'     => 'noblog',
-                    'user_email'     => 'noblog@example.com',
-                    'activation_key' => 'no-blog',
-                    'meta' => array(
-                        'field_1' => 'Foo Bar',
-                        'password' => 'foobar',
-                    ),
-            ) ),
-                'password' => 'foobar',
+        $signups = array(
+            'no-blog' =>
+            array(
+                'signup_id' => self::factory()->signup->create(
+                    array(
+                        'user_login'     => 'noblog',
+                        'user_email'     => 'noblog@example.com',
+                        'activation_key' => 'no-blog',
+                        'meta'           => array(
+                            'field_1'  => 'Foo Bar',
+                            'password' => 'foobar',
+                        ),
+                    )
+                ),
+                'password'  => 'foobar',
             ),
         );
 
         if ( is_multisite() ) {
-            $signups['ms-blog'] = array( 'signup_id' => self::factory()->signup->create( array(
-                    'user_login'     => 'msblog',
-                    'user_email'     => 'msblog@example.com',
-                    'domain'         => get_current_site()->domain,
-                    'path'           => get_current_site()->path . 'ms-blog',
-                    'title'          => 'Ding Dang',
-                    'activation_key' => 'ms-blog',
-                    'meta' => array(
-                        'field_1'  => 'Ding Dang',
-                        'password' => 'dingdang',
-                    ),
-                ) ),
-                'password' => 'dingdang',
+            $signups['ms-blog'] = array(
+                'signup_id' => self::factory()->signup->create(
+                    array(
+                        'user_login'     => 'msblog',
+                        'user_email'     => 'msblog@example.com',
+                        'domain'         => get_current_site()->domain,
+                        'path'           => get_current_site()->path . 'ms-blog',
+                        'title'          => 'Ding Dang',
+                        'activation_key' => 'ms-blog',
+                        'meta'           => array(
+                            'field_1'  => 'Ding Dang',
+                            'password' => 'dingdang',
+                        ),
+                    )
+                ),
+                'password'  => 'dingdang',
             );
         }
@@ -747 +759 @@
 
         // Create the signup.
-        self::factory()->signup->create( array(
-            'user_login'     => 'test',
-            'user_email'     => 'test@example.com',
-            'activation_key' => $key,
-            'meta' => array(
-                'field_1' => 'Foo Bar',
-                'password' => 'foobar',
-            ),
-        ) );
+        self::factory()->signup->create(
+            array(
+                'user_login'     => 'test',
+                'user_email'     => 'test@example.com',
+                'activation_key' => $key,
+                'meta'           => array(
+                    'field_1'  => 'Foo Bar',
+                    'password' => 'foobar',
+                ),
+            )
+        );
 
         // Activate user.
@@ -788 +802 @@
         // Spam user 2.
         if ( is_multisite() ) {
-            wp_update_user( array( 'ID' => $u2, 'spam' => '1' ) );
+            wp_update_user(
+                array(
+                    'ID'   => $u2,
+                    'spam' => '1',
+                )
+            );
         } else {
             bp_core_process_spammer_status( $u2, 'spam' );
@@ -810 +829 @@
         $this->assertSame( 0, bp_get_total_member_count() );
     }
+
+    /**
+     * @dataProvider provider_bp_core_validate_user_signup_errors
+     *
+     * @param string   $user_name User name to validate.
+     * @param string   $user_email User email to validate.
+     * @param WP_Error $expected_error Expected error message.
+     */
+    public function test_bp_core_validate_user_signup_errors( $user_name, $user_email, $expected_error ) {
+        $this->skipWithMultisite();
+
+        $validate = bp_core_validate_user_signup( $user_name, $user_email );
+
+        $this->assertSame( $user_email, $validate['user_email'] );
+        $this->assertSame( $user_name, $validate['user_name'] );
+        $this->assertSame( $expected_error, $validate['errors']->get_error_message() );
+    }
+
+    /**
+     * Provider for the test_bp_core_validate_user_signup() test.
+     *
+     * @return array[]
+     */
+    public function provider_bp_core_validate_user_signup_errors() {
+        return array(
+            array( '', 'test@example.com', 'Please enter a username' ),
+            array( '@-t', 'test@example.com', 'Username must be at least 4 characters.' ),
+            array( '@-', 'test@example.com', 'Username must be at least 4 characters.' ),
+            array( '@-@-', 'test@example.com', 'Sorry, usernames must have letters too!' ),
+            array( '4343543', 'test@example.com', 'Sorry, usernames must have letters too!' ),
+            array( 'cool-test', 'example.com', 'Please check your email address.' ),
+            array( 'test&', 'test@example.com', 'Usernames can contain only letters, numbers, ., -, and @' ),
+            array( 'test_', 'test@example.com', 'Sorry, usernames may not contain the character "_"!' ),
+            array( '4te343543', 'test@example.com', '' ),
+            array( 'g4te343543', 'test@example.com', '' ),
+        );
+    }
 }