diff options
| author |  Dirk Hohndel <dirk@hohndel.org> | 2017-07-14 22:15:31 -0700 |
|---|---|---|
| committer | Dirk Hohndel <dirk@hohndel.org> | 2017-07-14 22:41:25 -0700 |
| commit | a0c6ceeb3d6219bdf003fd8dac8de5558846df48 (patch) | |
| tree | 38723752ee71373b27849cc93e04f8fa10d10f63 /mobile-widgets/qmlmanager.cpp | |
| parent | 1b8b1120482e9426da68ea08cb23afca85d4b97d (diff) | |
| download | subsurface-a0c6ceeb3d6219bdf003fd8dac8de5558846df48.tar.gz | |
QML UI: enforce rules for cloud credentials
Email addresses are checked for a someone useful pattern, passwords are
letters, numbers, and +-_. only. Reject anything else.
Signed-off-by: Dirk Hohndel <dirk@hohndel.org>
Diffstat (limited to 'mobile-widgets/qmlmanager.cpp')
| -rw-r--r-- | mobile-widgets/qmlmanager.cpp | 31 |
1 files changed, 22 insertions, 9 deletions
diff --git a/mobile-widgets/qmlmanager.cpp b/mobile-widgets/qmlmanager.cpp index 5b526362a..486d5ca9e 100644 --- a/mobile-widgets/qmlmanager.cpp +++ b/mobile-widgets/qmlmanager.cpp @@ -278,33 +278,46 @@ void QMLManager::saveCloudCredentials() { QSettings s; bool cloudCredentialsChanged = false; + // make sure we only have letters, numbers, and +-_. in password and email address + QRegularExpression regExp("^[a-zA-Z0-9@.+_-]+$"); + QString cloudPwd = cloudPassword(); + QString cloudUser = cloudUserName(); + if (cloudPwd.isEmpty() || !reg.match(cloudPwd) || !reg.match(cloudUser) { + setStartPageText(RED_FONT + tr("Cloud storage email and password can only consist of letters, numbers, and '.', '-', '_', and '+'.") + END_FONT); + return; + } + // use the same simplistic regex as the backend to check email addresses + regExp = QRegularExpression("^[a-zA-Z0-9.+_-]+@[a-zA-Z0-9.+_-]+\\.[a-zA-Z0-9]+"); + if (!regExp.match(cloudUser).hasMatch()) { + setStartPageText(RED_FONT + tr("Invalid format for email address") + END_FONT); + return; + } s.beginGroup("CloudStorage"); - s.setValue("email", cloudUserName()); - s.setValue("password", cloudPassword()); + s.setValue("email", cloudUser); + s.setValue("password", cloudPwd); s.sync(); - if (!same_string(prefs.cloud_storage_email, qPrintable(cloudUserName()))) { + if (!same_string(prefs.cloud_storage_email, qPrintable(cloudUser))) { free(prefs.cloud_storage_email); - prefs.cloud_storage_email = strdup(qPrintable(cloudUserName())); + prefs.cloud_storage_email = strdup(qPrintable(cloudUser)); cloudCredentialsChanged = true; } - cloudCredentialsChanged |= !same_string(prefs.cloud_storage_password, qPrintable(cloudPassword())); + cloudCredentialsChanged |= !same_string(prefs.cloud_storage_password, qPrintable(cloudPwd)); if (!cloudCredentialsChanged) { // just go back to the dive list setCredentialStatus(oldStatus()); } - if (!same_string(prefs.cloud_storage_password, qPrintable(cloudPassword()))) { + if (!same_string(prefs.cloud_storage_password, qPrintable(cloudPwd))) { free(prefs.cloud_storage_password); - prefs.cloud_storage_password = strdup(qPrintable(cloudPassword())); + prefs.cloud_storage_password = strdup(qPrintable(cloudPwd)); } - if (cloudUserName().isEmpty() || cloudPassword().isEmpty()) { + if (cloudUser.isEmpty() || cloudPwd.isEmpty()) { setStartPageText(RED_FONT + tr("Please enter valid cloud credentials.") + END_FONT); } else if (cloudCredentialsChanged) { // let's make sure there are no unsaved changes saveChangesLocal(); - free(prefs.userid); prefs.userid = NULL; syncLoadFromCloud(); |