From 501968ff1bb546e26e6e683901c9f58b4f187596 Mon Sep 17 00:00:00 2001 From: Thomas Berezansky Date: Sat, 24 Sep 2011 21:50:15 -0400 Subject: [PATCH] Username Rules In TPac, enforce the "username can't look like a barcode" rule. Add new setting for username validation. If set, usernames must match. Add patron registration checks for usernames: No spaces If set, can look like a barcode (initial/no username picked) If set, can look like a username If both set, must look like one of them Signed-off-by: Thomas Berezansky Signed-off-by: Bill Erickson --- .../lib/OpenILS/WWW/EGCatLoader/Account.pm | 14 +++++++++ Open-ILS/src/sql/Pg/950.data.seed-values.sql | 9 ++++++ .../templates/opac/myopac/update_username.tt2 | 2 +- .../web/js/ui/default/actor/user/register.js | 29 ++++++++++++++++++- Open-ILS/web/opac/skin/default/js/myopac.js | 8 +++++ 5 files changed, 60 insertions(+), 2 deletions(-) diff --git a/Open-ILS/src/perlmods/lib/OpenILS/WWW/EGCatLoader/Account.pm b/Open-ILS/src/perlmods/lib/OpenILS/WWW/EGCatLoader/Account.pm index 2e6f527a62..60e33d7b87 100644 --- a/Open-ILS/src/perlmods/lib/OpenILS/WWW/EGCatLoader/Account.pm +++ b/Open-ILS/src/perlmods/lib/OpenILS/WWW/EGCatLoader/Account.pm @@ -1186,6 +1186,20 @@ sub load_myopac_update_username { return Apache2::Const::OK; } + # New username can't look like a barcode if we have a barcode regex + my $regex_check = $ctx->{get_org_setting}->($e->requestor->home_ou, 'opac.barcode_regex'); + if($regex_check and $username =~ /$regex_check/) { + $ctx->{invalid_username} = $username; + return Apache2::Const::OK; + } + + # New username has to look like a username if we have a username regex + $regex_check = $ctx->{get_org_setting}->($e->requestor->home_ou, 'opac.username_regex'); + if($regex_check and $username !~ /$regex_check/) { + $ctx->{invalid_username} = $username; + return Apache2::Const::OK; + } + if($username ne $e->requestor->usrname) { my $evt = $U->simplereq( diff --git a/Open-ILS/src/sql/Pg/950.data.seed-values.sql b/Open-ILS/src/sql/Pg/950.data.seed-values.sql index 2dfc497d2e..eff9a54b43 100644 --- a/Open-ILS/src/sql/Pg/950.data.seed-values.sql +++ b/Open-ILS/src/sql/Pg/950.data.seed-values.sql @@ -3671,6 +3671,15 @@ INSERT into config.org_unit_setting_type 'coust', 'description'), 'interval', null) +,( 'opac.username_regex', 'glob', + oils_i18n_gettext('opac.username_regex', + 'Patron username format', + 'coust', 'label'), + oils_i18n_gettext('opac.username_regex', + 'Regular expression defining the patron username format, used for patron registration and self-service username changing only', + 'coust', 'description'), + 'string', null) + ,( 'org.bounced_emails', 'prog', oils_i18n_gettext('org.bounced_emails', 'Sending email address for patron notices', diff --git a/Open-ILS/src/templates/opac/myopac/update_username.tt2 b/Open-ILS/src/templates/opac/myopac/update_username.tt2 index 70449ccedd..5bfb3f159c 100644 --- a/Open-ILS/src/templates/opac/myopac/update_username.tt2 +++ b/Open-ILS/src/templates/opac/myopac/update_username.tt2 @@ -7,7 +7,7 @@ [% IF ctx.invalid_username %]
[% bad_user = ctx.invalid_username | html %] - [% l('"[_1]" is not a valid username. Usernames cannot have any spaces. Please try a different username.', bad_user) %] + [% l('"[_1]" is not a valid username. Usernames cannot have any spaces or look like a barcode. Please try a different username.', bad_user) %]
[% ELSIF ctx.username_exists %] diff --git a/Open-ILS/web/js/ui/default/actor/user/register.js b/Open-ILS/web/js/ui/default/actor/user/register.js index 3fe41b85c6..cfbefca2b5 100644 --- a/Open-ILS/web/js/ui/default/actor/user/register.js +++ b/Open-ILS/web/js/ui/default/actor/user/register.js @@ -166,7 +166,9 @@ function load() { 'ui.patron.edit.aua.post_code.example', 'ui.patron.edit.aua.county.require', 'format.date', - 'ui.patron.edit.default_suggested' + 'ui.patron.edit.default_suggested', + 'opac.barcode_regex', + 'opac.username_regex' ]); for(k in orgSettings) @@ -987,6 +989,31 @@ function attachWidgetEvents(fmcls, fmfield, widget) { switch(fmfield) { case 'usrname': + widget.widget.isValid = function() { + // No spaces + if(this.attr("value").match(/\s/)) { + return false; + } + // Can look like a barcode (for initial value) + if(orgSettings['opac.barcode_regex']) { + var test_regexp = new RegExp(orgSettings['opac.barcode_regex']); + if(test_regexp.test(this.attr("value"))) { + return true; + } + } + // Can look like a username + if(orgSettings['opac.username_regex']) { + var test_regexp = new RegExp(orgSettings['opac.username_regex']); + if(test_regexp.test(this.attr("value"))) { + return true; + } + } + // If we know what a barcode and username look like and we got here, reject + if(orgSettings['opac.barcode_regex'] && orgSettings['opac.username_regex']) + return false; + // Otherwise we don't have enough info to say either way, let it through. + return true; + } dojo.connect(widget.widget, 'onChange', function() { var input = findWidget('au', 'usrname'); diff --git a/Open-ILS/web/opac/skin/default/js/myopac.js b/Open-ILS/web/opac/skin/default/js/myopac.js index 1f4108e810..8ac144893a 100644 --- a/Open-ILS/web/opac/skin/default/js/myopac.js +++ b/Open-ILS/web/opac/skin/default/js/myopac.js @@ -1076,6 +1076,14 @@ function myOPACUpdateUsername() { return; } + r = fetchOrgSettingDefault(G.user.home_ou(), 'opac.username_regex'); + if(r) { + if(!username.match(new RegExp(r))) { + alert($('myopac_invalid_username').innerHTML); + return; + } + } + /* first see if the requested username is taken */ var req = new Request(CHECK_USERNAME, G.user.session, username); req.send(true); -- 2.43.2