Enforce Account.sshUserName to match regular expression.

By enforcing that sshUserName has a well-defined form one can be sure that
there won't be bad surprises in Gerrit database like names containing
spaces.

The regular expression defines broad range of allowed user names so most
existing users won't be affected by this change.

Existing data has to be fixed *manually* by changing broken user names to
ones that match introduced regular expression.

Change-Id: I232f1205a57d5f03e465e3e0df1a8bdad97b6f54
Signed-off-by: Grzegorz Kossakowski <grek@google.com>

src/main/java/com/google/gerrit/client/reviewdb/Account.java

@@ -106,6 +106,10 @@ public final class Account {
   @Column(notNull = false)
   protected String preferredEmail;
 
+  /** Regular expression that {@link #sshUserName} must match (not enforced in this class). */
+  public static final String SSH_USER_NAME_PATTERN =
+    "^[a-zA-Z][a-zA-Z0-9._-]+$";
+
   /** Username to authenticate as through SSH connections. */
   @Column(notNull = false)
   protected String sshUserName;

src/main/java/com/google/gerrit/client/rpc/InvalidSshUserNameException.java

@@ -0,0 +1,30 @@
+// Copyright (C) 2009 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package com.google.gerrit.client.rpc;
+
+import com.google.gerrit.client.reviewdb.Account;
+
+/** Error indicating the SSH user name does not match {@link Account#SSH_USER_NAME_PATTERN} pattern. */
+public class InvalidSshUserNameException extends Exception {
+
+  private static final long serialVersionUID = 1L;
+
+  public static final String MESSAGE = "Invalid SSH user name.";
+
+  public InvalidSshUserNameException() {
+    super(MESSAGE);
+  }
+
+}

src/main/java/com/google/gerrit/server/rpc/account/AccountSecurityImpl.java

@@ -25,6 +25,7 @@ import com.google.gerrit.client.reviewdb.ContributorAgreement;
 import com.google.gerrit.client.reviewdb.ReviewDb;
 import com.google.gerrit.client.rpc.ContactInformationStoreException;
 import com.google.gerrit.client.rpc.InvalidSshKeyException;
+import com.google.gerrit.client.rpc.InvalidSshUserNameException;
 import com.google.gerrit.client.rpc.NameAlreadyUsedException;
 import com.google.gerrit.client.rpc.NoSuchEntityException;
 import com.google.gerrit.server.BaseServiceImplementation;
@@ -64,9 +65,13 @@ import java.util.HashSet;
 import java.util.List;
 import java.util.Map;
 import java.util.Set;
+import java.util.regex.Pattern;
 
 class AccountSecurityImpl extends BaseServiceImplementation implements
     AccountSecurity {
+
+  private static final Pattern SSH_USER_NAME_PATTERN = Pattern.compile(Account.SSH_USER_NAME_PATTERN);
+
   private final Logger log = LoggerFactory.getLogger(getClass());
   private final ContactStore contactStore;
   private final AuthConfig authConfig;
@@ -194,6 +199,9 @@ class AccountSecurityImpl extends BaseServiceImplementation implements
         if (me == null) {
           throw new Failure(new NoSuchEntityException());
         }
+        if (newName != null && !SSH_USER_NAME_PATTERN.matcher(newName).matches()) {
+          throw new Failure(new InvalidSshUserNameException());
+        }
         final Account other;
         if (newName != null) {
           other = db.accounts().bySshUserName(newName);