UsernameProhibitedCharactersValidatorTest.java
/*
* Copyright 2021 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.userprofile.validator;
import org.junit.Assert;
import org.junit.Test;
/**
* @author Vlastimil Elias <velias@redhat.com>
*/
public class UsernameProhibitedCharactersValidatorTest {
@Test
public void allowed() {
// letters and numbers
assertValid("a");
assertValid("A");
assertValid("z");
assertValid("Z");
assertValid("0");
assertValid("9");
assertValid("\u010D");
assertValid("\u01B1");
assertValid("\u0397");
// symbols we want to be allowed
assertValid(".");
assertValid("-");
assertValid("_");
assertValid("@");
}
@Test
public void disallowed() {
// white and control characters
assertInvalid(" ");
assertInvalid("\t");
assertInvalid("\n");
assertInvalid("\f");
assertInvalid("\r");
assertInvalid("\u0000");
//symbols dangerous for distinct technologies or really unnecessary in username
//potential path traversals
assertInvalid("/");
assertInvalid("\\");
//html/javascript dangerous
assertInvalid("<");
assertInvalid(">");
assertInvalid("'");
assertInvalid("\"");
assertInvalid("&");
//other symbols not expected in username and potentially dangerous for other technologies
assertInvalid("*");
assertInvalid("$");
assertInvalid("%");
assertInvalid("#");
assertInvalid("(");
assertInvalid(")");
assertInvalid("{");
assertInvalid("}");
assertInvalid("|");
assertInvalid("`");
assertInvalid("~");
assertInvalid("^");
assertInvalid("!");
assertInvalid("?");
assertInvalid(":");
assertInvalid(",");
assertInvalid(";");
assertInvalid("��");
assertInvalid("=");
//unexpected character between expected
assertInvalid("as tr");
assertInvalid("\tastr");
assertInvalid("astr\t");
}
private void assertValid(String value) {
Assert.assertTrue(UsernameProhibitedCharactersValidator.INSTANCE.validate(value).isValid());
}
private void assertInvalid(String value) {
Assert.assertFalse(UsernameProhibitedCharactersValidator.INSTANCE.validate(value).isValid());
}
}