summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGravatar Dirk Hohndel <dirk@hohndel.org>2017-07-14 22:15:31 -0700
committerGravatar Dirk Hohndel <dirk@hohndel.org>2017-07-14 22:41:25 -0700
commita0c6ceeb3d6219bdf003fd8dac8de5558846df48 (patch)
tree38723752ee71373b27849cc93e04f8fa10d10f63
parent1b8b1120482e9426da68ea08cb23afca85d4b97d (diff)
downloadsubsurface-a0c6ceeb3d6219bdf003fd8dac8de5558846df48.tar.gz
QML UI: enforce rules for cloud credentials
Email addresses are checked for a someone useful pattern, passwords are letters, numbers, and +-_. only. Reject anything else. Signed-off-by: Dirk Hohndel <dirk@hohndel.org>
-rw-r--r--mobile-widgets/qmlmanager.cpp31
1 files changed, 22 insertions, 9 deletions
diff --git a/mobile-widgets/qmlmanager.cpp b/mobile-widgets/qmlmanager.cpp
index 5b526362a..486d5ca9e 100644
--- a/mobile-widgets/qmlmanager.cpp
+++ b/mobile-widgets/qmlmanager.cpp
@@ -278,33 +278,46 @@ void QMLManager::saveCloudCredentials()
{
QSettings s;
bool cloudCredentialsChanged = false;
+ // make sure we only have letters, numbers, and +-_. in password and email address
+ QRegularExpression regExp("^[a-zA-Z0-9@.+_-]+$");
+ QString cloudPwd = cloudPassword();
+ QString cloudUser = cloudUserName();
+ if (cloudPwd.isEmpty() || !reg.match(cloudPwd) || !reg.match(cloudUser) {
+ setStartPageText(RED_FONT + tr("Cloud storage email and password can only consist of letters, numbers, and '.', '-', '_', and '+'.") + END_FONT);
+ return;
+ }
+ // use the same simplistic regex as the backend to check email addresses
+ regExp = QRegularExpression("^[a-zA-Z0-9.+_-]+@[a-zA-Z0-9.+_-]+\\.[a-zA-Z0-9]+");
+ if (!regExp.match(cloudUser).hasMatch()) {
+ setStartPageText(RED_FONT + tr("Invalid format for email address") + END_FONT);
+ return;
+ }
s.beginGroup("CloudStorage");
- s.setValue("email", cloudUserName());
- s.setValue("password", cloudPassword());
+ s.setValue("email", cloudUser);
+ s.setValue("password", cloudPwd);
s.sync();
- if (!same_string(prefs.cloud_storage_email, qPrintable(cloudUserName()))) {
+ if (!same_string(prefs.cloud_storage_email, qPrintable(cloudUser))) {
free(prefs.cloud_storage_email);
- prefs.cloud_storage_email = strdup(qPrintable(cloudUserName()));
+ prefs.cloud_storage_email = strdup(qPrintable(cloudUser));
cloudCredentialsChanged = true;
}
- cloudCredentialsChanged |= !same_string(prefs.cloud_storage_password, qPrintable(cloudPassword()));
+ cloudCredentialsChanged |= !same_string(prefs.cloud_storage_password, qPrintable(cloudPwd));
if (!cloudCredentialsChanged) {
// just go back to the dive list
setCredentialStatus(oldStatus());
}
- if (!same_string(prefs.cloud_storage_password, qPrintable(cloudPassword()))) {
+ if (!same_string(prefs.cloud_storage_password, qPrintable(cloudPwd))) {
free(prefs.cloud_storage_password);
- prefs.cloud_storage_password = strdup(qPrintable(cloudPassword()));
+ prefs.cloud_storage_password = strdup(qPrintable(cloudPwd));
}
- if (cloudUserName().isEmpty() || cloudPassword().isEmpty()) {
+ if (cloudUser.isEmpty() || cloudPwd.isEmpty()) {
setStartPageText(RED_FONT + tr("Please enter valid cloud credentials.") + END_FONT);
} else if (cloudCredentialsChanged) {
// let's make sure there are no unsaved changes
saveChangesLocal();
-
free(prefs.userid);
prefs.userid = NULL;
syncLoadFromCloud();