Merge "Fix allow the use of blank in user group name to access the share"

manila/api/common.py

@@ -309,14 +309,28 @@ def validate_common_name(access):
         exc_str = _('Invalid CN (common name). Must be 1-64 chars long.')
         raise webob.exc.HTTPBadRequest(explanation=exc_str)
 
+'''
+for the reference specification for AD usernames, reference below links:
+
+  1:https://msdn.microsoft.com/en-us/library/bb726984.aspx
+  2:https://technet.microsoft.com/en-us/library/cc733146.aspx
+'''
+
 
 def validate_username(access):
-    valid_username_re = '[\w\$\.\-_\`;\'\{\}\[\]\\\\]{4,255}$'
+    sole_periods_spaces_re = '[\s|\.]+$'
+    valid_username_re = '.[^\"\/\\\[\]\:\;\|\=\,\+\*\?\<\>]{3,254}$'
     username = access
+
+    if re.match(sole_periods_spaces_re, username):
+        exc_str = ('Invalid user or group name,cannot consist solely '
+                   'of periods or spaces.')
+        raise webob.exc.HTTPBadRequest(explanation=exc_str)
+
     if not re.match(valid_username_re, username):
         exc_str = ('Invalid user or group name. Must be 4-255 characters '
                    'and consist of alphanumeric characters and '
-                   'special characters $]{.-_\'`;}[\\')
+                   'exclude special characters "/\[]:;|=,+*?<>')
         raise webob.exc.HTTPBadRequest(explanation=exc_str)
 
 

manila/tests/api/test_common.py

@@ -258,6 +258,8 @@ class MiscFunctionsTest(test.TestCase):
     @ddt.data(['ip', '1.1.1.1', False, False], ['user', 'alice', False, False],
               ['cert', 'alice', False, False], ['cephx', 'alice', True, False],
               ['user', 'alice$', False, False],
+              ['user', 'test group name', False, False],
+              ['user', 'group$.-_\'`{}', False, False],
               ['ip', '172.24.41.0/24', False, False],
               ['ip', '1001::1001', False, True],
               ['ip', '1001::1000/120', False, True])
@@ -270,7 +272,8 @@ class MiscFunctionsTest(test.TestCase):
               ['ip', '255.255.255.265', False], ['ip', '1.1.1.0/34', False],
               ['cert', '', False], ['cephx', 'client.alice', True],
               ['group', 'alice', True], ['cephx', 'alice', False],
-              ['cephx', '', True], ['user', 'bob', False],
+              ['cephx', '', True], ['user', 'bob/', False],
+              ['user', 'group<>', False], ['user', '+=*?group', False],
               ['ip', '1001::1001/256', False],
               ['ip', '1001:1001/256', False],)
     @ddt.unpack

manila/tests/api/v1/test_shares.py

@@ -787,8 +787,10 @@ class ShareActionsTest(test.TestCase):
         {'access_type': 'ip', 'access_to': '127.0.0.1'},
         {'access_type': 'user', 'access_to': '1' * 4},
         {'access_type': 'user', 'access_to': '1' * 255},
-        {'access_type': 'user', 'access_to': 'fake\\]{.-_\'`;}['},
-        {'access_type': 'user', 'access_to': 'MYDOMAIN\\Administrator'},
+        {'access_type': 'user', 'access_to': 'fake{.-_\'`}'},
+        {'access_type': 'user', 'access_to': 'MYDOMAIN-Administrator'},
+        {'access_type': 'user', 'access_to': 'test group name'},
+        {'access_type': 'user', 'access_to': 'group$.-_\'`{}'},
         {'access_type': 'cert', 'access_to': 'x'},
         {'access_type': 'cert', 'access_to': 'tenant.example.com'},
         {'access_type': 'cert', 'access_to': 'x' * 64},
@@ -821,7 +823,9 @@ class ShareActionsTest(test.TestCase):
         {'access_type': 'user', 'access_to': '1'},
         {'access_type': 'user', 'access_to': '1' * 3},
         {'access_type': 'user', 'access_to': '1' * 256},
-        {'access_type': 'user', 'access_to': 'root^'},
+        {'access_type': 'user', 'access_to': 'root<>'},
+        {'access_type': 'user', 'access_to': 'group\\'},
+        {'access_type': 'user', 'access_to': '+=*?group'},
         {'access_type': 'cert', 'access_to': ''},
         {'access_type': 'cert', 'access_to': ' '},
         {'access_type': 'cert', 'access_to': 'x' * 65},

manila/tests/api/v2/test_shares.py

@@ -1922,10 +1922,16 @@ class ShareActionsTest(test.TestCase):
          "version": "2.7"},
         {"access": {'access_type': 'user', 'access_to': '1' * 255},
          "version": "2.7"},
-        {"access": {'access_type': 'user', 'access_to': 'fake\\]{.-_\'`;}['},
+        {"access": {'access_type': 'user', 'access_to': 'fake{.-_\'`}'},
          "version": "2.7"},
         {"access": {'access_type': 'user',
-                    'access_to': 'MYDOMAIN\\Administrator'},
+                    'access_to': 'MYDOMAIN-Administrator'},
+         "version": "2.7"},
+        {"access": {'access_type': 'user',
+                    'access_to': 'test group name'},
+         "version": "2.7"},
+        {"access": {'access_type': 'user',
+                    'access_to': 'group$.-_\'`{}'},
          "version": "2.7"},
         {"access": {'access_type': 'cert', 'access_to': 'x'},
          "version": "2.7"},
@@ -1980,7 +1986,11 @@ class ShareActionsTest(test.TestCase):
          "version": "2.7"},
         {"access": {'access_type': 'user', 'access_to': '1' * 256},
          "version": "2.7"},
-        {"access": {'access_type': 'user', 'access_to': 'root^'},
+        {"access": {'access_type': 'user', 'access_to': 'root<>'},
+         "version": "2.7"},
+        {"access": {'access_type': 'user', 'access_to': 'group\\'},
+         "version": "2.7"},
+        {"access": {'access_type': 'user', 'access_to': '+=*?group'},
          "version": "2.7"},
         {"access": {'access_type': 'cert', 'access_to': ''},
          "version": "2.7"},

releasenotes/notes/bug-1733494-allow-user-group-name-with-blank-access-fix-665b3e42bdc985ac.yaml

@@ -0,0 +1,4 @@
+---
+fixes:
+  - Allows the use of blank in user group name, since
+    the AD allow user group name to include blank.