mirror of
https://github.com/goharbor/harbor.git
synced 2024-12-22 16:48:30 +01:00
Escape the query string in list user (#13013)
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
This commit is contained in:
parent
97b9cc2d5e
commit
354eaac195
src/common/dao
@ -26,6 +26,7 @@ import (
|
|||||||
"github.com/goharbor/harbor/src/common/utils"
|
"github.com/goharbor/harbor/src/common/utils"
|
||||||
"github.com/goharbor/harbor/src/lib/log"
|
"github.com/goharbor/harbor/src/lib/log"
|
||||||
"github.com/stretchr/testify/assert"
|
"github.com/stretchr/testify/assert"
|
||||||
|
"github.com/stretchr/testify/require"
|
||||||
)
|
)
|
||||||
|
|
||||||
func execUpdate(o orm.Ormer, sql string, params ...interface{}) error {
|
func execUpdate(o orm.Ormer, sql string, params ...interface{}) error {
|
||||||
@ -278,21 +279,18 @@ func TestGetUser(t *testing.T) {
|
|||||||
|
|
||||||
func TestListUsers(t *testing.T) {
|
func TestListUsers(t *testing.T) {
|
||||||
users, err := ListUsers(nil)
|
users, err := ListUsers(nil)
|
||||||
if err != nil {
|
require.Nil(t, err)
|
||||||
t.Errorf("Error occurred in ListUsers: %v", err)
|
assert.Greater(t, len(users), 0)
|
||||||
}
|
|
||||||
users2, err := ListUsers(&models.UserQuery{Username: username})
|
users2, err := ListUsers(&models.UserQuery{Username: username})
|
||||||
if len(users2) != 1 {
|
require.Nil(t, err)
|
||||||
t.Errorf("Expect one user in list, but the acutal length is %d, the list: %+v", len(users), users)
|
assert.Equal(t, 1, len(users2))
|
||||||
}
|
assert.Equal(t, username, users2[0].Username)
|
||||||
if users2[0].Username != username {
|
|
||||||
t.Errorf("The username in result list does not match, expected: %s, actual: %s", username, users2[0].Username)
|
|
||||||
}
|
|
||||||
|
|
||||||
users3, err := ListUsers(&models.UserQuery{Username: username, Pagination: &models.Pagination{Page: 2, Size: 1}})
|
users3, err := ListUsers(&models.UserQuery{Username: username, Pagination: &models.Pagination{Page: 2, Size: 1}})
|
||||||
if len(users3) != 0 {
|
require.Nil(t, err)
|
||||||
t.Errorf("Expect no user in list, but the acutal length is %d, the list: %+v", len(users3), users3)
|
assert.Equal(t, 0, len(users3))
|
||||||
}
|
users4, err := ListUsers(&models.UserQuery{Username: "__"})
|
||||||
|
require.Nil(t, err)
|
||||||
|
assert.Equal(t, 0, len(users4))
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestResetUserPassword(t *testing.T) {
|
func TestResetUserPassword(t *testing.T) {
|
||||||
|
@ -129,11 +129,11 @@ func userQueryConditions(query *models.UserQuery) orm.QuerySeter {
|
|||||||
}
|
}
|
||||||
|
|
||||||
if len(query.Username) > 0 {
|
if len(query.Username) > 0 {
|
||||||
qs = qs.Filter("username__contains", query.Username)
|
qs = qs.Filter("username__contains", Escape(query.Username))
|
||||||
}
|
}
|
||||||
|
|
||||||
if len(query.Email) > 0 {
|
if len(query.Email) > 0 {
|
||||||
qs = qs.Filter("email__contains", query.Email)
|
qs = qs.Filter("email__contains", Escape(query.Email))
|
||||||
}
|
}
|
||||||
|
|
||||||
return qs
|
return qs
|
||||||
|
Loading…
Reference in New Issue
Block a user