From 2068732eef5c33cc12fd4010b1771ed1bcd9dde6 Mon Sep 17 00:00:00 2001
From: wang yan <wangyan@vmware.com>
Date: Wed, 15 May 2019 14:08:09 +0800
Subject: [PATCH] add validation for robot account registration

Signed-off-by: wang yan <wangyan@vmware.com>
---
 src/common/models/robot.go | 10 ++++++++--
 src/core/api/robot.go      |  6 +++---
 src/core/api/robot_test.go | 13 +++++++++++++
 3 files changed, 24 insertions(+), 5 deletions(-)

diff --git a/src/common/models/robot.go b/src/common/models/robot.go
index 6ca89d093..2e64ca8d2 100644
--- a/src/common/models/robot.go
+++ b/src/common/models/robot.go
@@ -17,6 +17,7 @@ package models
 import (
 	"github.com/astaxie/beego/validation"
 	"github.com/goharbor/harbor/src/common/rbac"
+	"github.com/goharbor/harbor/src/common/utils"
 	"time"
 )
 
@@ -52,9 +53,14 @@ type RobotReq struct {
 	Access      []*rbac.Policy `json:"access"`
 }
 
-// Valid put request validation
+// Valid ...
 func (rq *RobotReq) Valid(v *validation.Validation) {
-	// ToDo: add validation for access info.
+	if utils.IsIllegalLength(rq.Name, 1, 255) {
+		v.SetError("name", "robot name with illegal length")
+	}
+	if utils.IsContainIllegalChar(rq.Name, []string{",", "~", "#", "$", "%"}) {
+		v.SetError("name", "robot name contains illegal characters")
+	}
 }
 
 // RobotRep ...
diff --git a/src/core/api/robot.go b/src/core/api/robot.go
index 96fb7339f..be49983a4 100644
--- a/src/core/api/robot.go
+++ b/src/core/api/robot.go
@@ -107,7 +107,8 @@ func (r *RobotAPI) Post() {
 	}
 
 	var robotReq models.RobotReq
-	if err := r.DecodeJSONReq(&robotReq); err != nil {
+	isValid, err := r.DecodeJSONReqAndValidate(&robotReq)
+	if !isValid {
 		r.SendBadRequestError(err)
 		return
 	}
@@ -230,8 +231,7 @@ func (r *RobotAPI) Put() {
 	}
 
 	var robotReq models.RobotReq
-	isValid, err := r.DecodeJSONReqAndValidate(&robotReq)
-	if !isValid {
+	if err := r.DecodeJSONReq(&robotReq); err != nil {
 		r.SendBadRequestError(err)
 		return
 	}
diff --git a/src/core/api/robot_test.go b/src/core/api/robot_test.go
index 0ece3a667..baecb67b5 100644
--- a/src/core/api/robot_test.go
+++ b/src/core/api/robot_test.go
@@ -70,6 +70,19 @@ func TestRobotAPIPost(t *testing.T) {
 			},
 			code: http.StatusCreated,
 		},
+		// 400
+		{
+			request: &testingRequest{
+				method: http.MethodPost,
+				url:    robotPath,
+				bodyJSON: &models.RobotReq{
+					Name:        "testIllgel#",
+					Description: "test desc",
+				},
+				credential: projAdmin4Robot,
+			},
+			code: http.StatusBadRequest,
+		},
 		// 403 -- developer
 		{
 			request: &testingRequest{