Short username causes missing parameter exception on AuthRepository.UpdateUserAuth()

Drammy · September 18, 2020, 3:28pm

Hi,

Can anyone else confirm that with a 2 character username a call to AuthRepository.UpdateUserAuth() throws an exception?

If I go into the db and change the username to 3 chars and then run the same update (a change to password and salt) it works without exception.

mythz · September 18, 2020, 3:50pm

What’s the full Exception StackTrace?

Drammy · September 18, 2020, 3:56pm

   at ServiceStack.Auth.UserAuthRepositoryExtensions.ValidateNewUser(IUserAuth newUser, String password) in C:\BuildAgent\work\3481147c480f4a2f\src\ServiceStack\Auth\UserAuthRepositoryExtensions.cs:line 212
   at ServiceStack.Auth.OrmLiteAuthRepositoryBase`2.UpdateUserAuth(IUserAuth existingUser, IUserAuth newUser, String password) in C:\BuildAgent\work\3481147c480f4a2f\src\ServiceStack.Server\Auth\OrmLiteAuthRepository.cs:line 235
   at ServiceStack.Auth.UserAuthRepositoryExtensions.UpdateUserAuth(IAuthRepository authRepo, IUserAuth existingUser, IUserAuth newUser, String password) in C:\BuildAgent\work\3481147c480f4a2f\src\ServiceStack\Auth\UserAuthRepositoryExtensions.cs:line 170
   at Core.Services.ChangePasswordService.Post(ChangePassword request) in C:\workspace1\Source\Core\Services\ChangePasswordService.cs:line 38
   at ServiceStack.Host.ServiceRunner`1.<ExecuteAsync>d__15.MoveNext() in C:\BuildAgent\work\3481147c480f4a2f\src\ServiceStack\Host\ServiceRunner.cs:line 133

mythz · September 18, 2020, 4:04pm

This doesn’t contain the Exception message but I’m assuming it’s an Invalid Username:

github.com

ServiceStack/ServiceStack/blob/b3f3f3f3df9eae8f665aa3b02ce707c4902c62dc/src/ServiceStack/Auth/UserAuthRepositoryExtensions.cs#L210-L211


if (!HostContext.GetPlugin<AuthFeature>().IsValidUsername(newUser.UserName))
    throw new ArgumentException(ErrorMessages.IllegalUsername, "UserName");

Which defaults to these basic Username restrictions

//https://stackoverflow.com/q/3588623/85785
Regex ValidUserNameRegEx = new Regex(@"^(?=.{3,20}$)([A-Za-z0-9][._-]?)*$");

i.e. Must be between 3-20 characters.

You can override this default behavior in your AuthFeature plugin:

new AuthFeature(...) {
    ValidUserNameRegEx = ... //change Regex; or
    IsValidUsernameFn  = username => ... //Return true to allow Username
}

Drammy · September 18, 2020, 4:08pm

The exception is

System.ArgumentException: 'Username contains invalid characters
Parameter name: UserName'

OK, thanks for the guidance

mythz · September 18, 2020, 4:11pm

I doubt it can be created but not updated as they both use the same Validation:

github.com

ServiceStack/ServiceStack/blob/b3f3f3f3df9eae8f665aa3b02ce707c4902c62dc/src/ServiceStack.Server/Auth/OrmLiteAuthRepository.cs#L198


    Exec(db =>
    {
        db.DropAndCreateTable<TUserAuth>();
        db.DropAndCreateTable<TUserAuthDetails>();
        db.DropAndCreateTable<UserAuthRole>();
    });
}


public virtual IUserAuth CreateUserAuth(IUserAuth newUser, string password)
{
    newUser.ValidateNewUser(password);


    return Exec(db =>
    {
        AssertNoExistingUser(db, newUser);


        newUser.PopulatePasswordHashes(password);
        newUser.CreatedDate = DateTime.UtcNow;
        newUser.ModifiedDate = newUser.CreatedDate;


        db.Save((TUserAuth)newUser);

Drammy · September 18, 2020, 4:23pm

Yeah, thanks mythz. Sorry I tried to retract that statement before you read it as I realised we’re probably creating the UserAuth record ourselves. We’ll perform the same username check in our code.

Thanks for your time.