From 8d2b76334cd60356c85810bf4902124105d54ad4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Cl=C3=A9ment?= <clement@selfhost.fr>
Date: Thu, 16 Feb 2017 14:27:45 +0100
Subject: [PATCH] Possibility to register user having a '-', a '_' or a '.' in
 username

---
 app/Controllers/userController.php | 6 ++++--
 app/Models/Auth.php                | 5 +++--
 app/install.php                    | 2 +-
 app/views/auth/formLogin.phtml     | 2 +-
 app/views/user/manage.phtml        | 2 +-
 cli/_cli.php                       | 4 +++-
 cli/delete-user.php                | 3 ++-
 cli/do-install.php                 | 3 ++-
 8 files changed, 17 insertions(+), 10 deletions(-)

diff --git a/app/Controllers/userController.php b/app/Controllers/userController.php
index 9d6ae18e6..6199ff218 100644
--- a/app/Controllers/userController.php
+++ b/app/Controllers/userController.php
@@ -103,8 +103,9 @@ class FreshRSS_user_Controller extends Minz_ActionController {
 		if (!is_array($userConfig)) {
 			$userConfig = array();
 		}
+        $aValid = array('-', '_', '.');
 
-		$ok = ($new_user_name != '') && ctype_alnum($new_user_name);
+		$ok = ($new_user_name != '') && ctype_alnum(str_replace($aValid, '', $new_user_name));
 
 		if ($ok) {
 			$languages = Minz_Translate::availableLanguages();
@@ -187,7 +188,8 @@ class FreshRSS_user_Controller extends Minz_ActionController {
 		$db = FreshRSS_Context::$system_conf->db;
 		require_once(APP_PATH . '/SQL/install.sql.' . $db['type'] . '.php');
 
-		$ok = ctype_alnum($username);
+        $aValid = array('-', '_', '.');
+		$ok = ctype_alnum(str_replace($aValid, '', $username));
 		if ($ok) {
 			$default_user = FreshRSS_Context::$system_conf->default_user;
 			$ok &= (strcasecmp($username, $default_user) !== 0);	//It is forbidden to delete the default user
diff --git a/app/Models/Auth.php b/app/Models/Auth.php
index b3255cfbd..e63a24b27 100644
--- a/app/Models/Auth.php
+++ b/app/Models/Auth.php
@@ -182,7 +182,8 @@ class FreshRSS_Auth {
 
 class FreshRSS_FormAuth {
 	public static function checkCredentials($username, $hash, $nonce, $challenge) {
-		if (!ctype_alnum($username) ||
+		$aValid = array('-', '_', '.');
+		if (!ctype_alnum(str_replace($aValid, '', $username)) ||
 				!ctype_graph($challenge) ||
 				!ctype_alnum($nonce)) {
 			Minz_Log::debug('Invalid credential parameters:' .
@@ -211,7 +212,7 @@ class FreshRSS_FormAuth {
 			// Token has expired (> 1 month) or does not exist.
 			// TODO: 1 month -> use a configuration instead
 			@unlink($token_file);
-			return array(); 	
+			return array();
 		}
 
 		$credentials = @file_get_contents($token_file);
diff --git a/app/install.php b/app/install.php
index 986a7dc60..1b23254de 100644
--- a/app/install.php
+++ b/app/install.php
@@ -553,7 +553,7 @@ function printStep2() {
 		<div class="form-group">
 			<label class="group-name" for="default_user"><?php echo _t('install.default_user'); ?></label>
 			<div class="group-controls">
-				<input type="text" id="default_user" name="default_user" required="required" size="16" maxlength="16" pattern="[0-9a-zA-Z]{1,16}" value="<?php echo isset($_SESSION['default_user']) ? $_SESSION['default_user'] : ''; ?>" placeholder="<?php echo httpAuthUser() == '' ? 'alice' : httpAuthUser(); ?>" tabindex="3" />
+				<input type="text" id="default_user" name="default_user" required="required" size="16" maxlength="16" pattern="[0-9a-zA-Z.\-_]{1,16}" value="<?php echo isset($_SESSION['default_user']) ? $_SESSION['default_user'] : ''; ?>" placeholder="<?php echo httpAuthUser() == '' ? 'alice' : httpAuthUser(); ?>" tabindex="3" />
 			</div>
 		</div>
 
diff --git a/app/views/auth/formLogin.phtml b/app/views/auth/formLogin.phtml
index a8213b7ae..6cfe6764a 100644
--- a/app/views/auth/formLogin.phtml
+++ b/app/views/auth/formLogin.phtml
@@ -9,7 +9,7 @@
 		<input type="hidden" name="_csrf" value="<?php echo FreshRSS_Auth::csrfToken(); ?>" />
 		<div>
 			<label for="username"><?php echo _t('gen.auth.username'); ?></label>
-			<input type="text" id="username" name="username" size="16" required="required" maxlength="16" pattern="[0-9a-zA-Z]{1,16}" autofocus="autofocus" />
+			<input type="text" id="username" name="username" size="16" required="required" maxlength="16" pattern="[0-9a-zA-Z.\-_]{1,16}" autofocus="autofocus" />
 		</div>
 		<div>
 			<label for="passwordPlain"><?php echo _t('gen.auth.password'); ?></label>
diff --git a/app/views/user/manage.phtml b/app/views/user/manage.phtml
index a32247d14..334650e56 100644
--- a/app/views/user/manage.phtml
+++ b/app/views/user/manage.phtml
@@ -22,7 +22,7 @@
 		<div class="form-group">
 			<label class="group-name" for="new_user_name"><?php echo _t('admin.user.username'); ?></label>
 			<div class="group-controls">
-				<input id="new_user_name" name="new_user_name" type="text" size="16" required="required" maxlength="16" autocomplete="off" pattern="[0-9a-zA-Z]{1,16}" placeholder="demo" />
+				<input id="new_user_name" name="new_user_name" type="text" size="16" required="required" maxlength="16" autocomplete="off" pattern="[0-9a-zA-Z.\-_]{1,16}" placeholder="demo" />
 			</div>
 		</div>
 
diff --git a/cli/_cli.php b/cli/_cli.php
index 7d1a7c6b2..885199659 100644
--- a/cli/_cli.php
+++ b/cli/_cli.php
@@ -20,7 +20,9 @@ function fail($message) {
 }
 
 function cliInitUser($username) {
-	if (!ctype_alnum($username)) {
+    $aValid = array('-', '_', '.');
+    
+	if (!ctype_alnum(str_replace($aValid, '', $username))) {
 		fail('FreshRSS error: invalid username: ' . $username . "\n");
 	}
 
diff --git a/cli/delete-user.php b/cli/delete-user.php
index 6f0e86e17..82605fb27 100755
--- a/cli/delete-user.php
+++ b/cli/delete-user.php
@@ -9,8 +9,9 @@ $options = getopt('', array(
 if (empty($options['user'])) {
 	fail('Usage: ' . basename(__FILE__) . " --user username");
 }
+$aValid = array('-', '_', '.');
 $username = $options['user'];
-if (!ctype_alnum($username)) {
+if (!ctype_alnum(str_replace($aValid, '', $username))) {
 	fail('FreshRSS error: invalid username “' . $username . '”');
 }
 
diff --git a/cli/do-install.php b/cli/do-install.php
index 100d4947f..eb46c7e93 100755
--- a/cli/do-install.php
+++ b/cli/do-install.php
@@ -47,7 +47,8 @@ if ($requirements['all'] !== 'ok') {
 	fail($message);
 }
 
-if (!ctype_alnum($options['default_user'])) {
+$aValid = array('-', '_', '.');
+if (!ctype_alnum(str_replace($aValid, '', $options['default_user']))) {
 	fail('FreshRSS invalid default username (must be ASCII alphanumeric): ' . $options['default_user']);
 }