Merge pull request #588 from maxenced/fix-mysql-user-allowed-char

Improve checks for MySQL user's name.
xbezdick · Nov 7, 2014 · 1494412 · 1494412
2 parents d9e5c95 + cdd7132
commit 1494412
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 2 deletions.
diff --git a/lib/puppet/type/mysql_user.rb b/lib/puppet/type/mysql_user.rb
@@ -9,9 +9,13 @@
   newparam(:name, :namevar => true) do
     desc "The name of the user. This uses the 'username@hostname' or username@hostname."
     validate do |value|
-      # https://dev.mysql.com/doc/refman/5.1/en/account-names.html
+      # http://dev.mysql.com/doc/refman/5.5/en/identifiers.html
       # Regex should problably be more like this: /^[`'"]?[^`'"]*[`'"]?@[`'"]?[\w%\.]+[`'"]?$/
-      raise(ArgumentError, "Invalid database user #{value}") unless value =~ /[\w-]*@[\w%\.:]+/
+      # If at least one special char is used, string must be quoted
+      raise(ArgumentError, "Database user #{value} must be quotted as it contains special characters") if value =~ /^[^'`"].*[^0-9a-zA-Z$_].*[^'`"]@[\w%\.:]+/
+      # If no special char, quoted is not needed, but allowed
+      # I don't see any case where this could happen, as it should be covered by previous check
+      raise(ArgumentError, "Invalid database user #{value}") unless value =~ /^['`"]?[0-9a-zA-Z$_]*['`"]?@[\w%\.:]+/
       username = value.split('@')[0]
       if username.size > 16
         raise ArgumentError, 'MySQL usernames are limited to a maximum of 16 characters'

diff --git a/spec/unit/puppet/type/mysql_user_spec.rb b/spec/unit/puppet/type/mysql_user_spec.rb
@@ -37,6 +37,23 @@
     it 'should lowercase the user name' do
       expect(@user[:name]).to eq('foo@localhost')
     end
+  end
 
+  context 'using allo_wed$char@localhost' do
+    before :each do
+      @user = Puppet::Type.type(:mysql_user).new(:name => 'allo_wed$char@localhost', :password_hash => 'pass')
+    end
+
+    it 'should accept a user name' do
+      expect(@user[:name]).to eq('allo_wed$char@localhost')
+    end
+  end
+
+  context 'using in-valid@localhost' do
+    it 'should fail with an unquotted username with special char' do
+      expect {
+        Puppet::Type.type(:mysql_user).new(:name => 'in-valid@localhost', :password_hash => 'pass')
+      }.to raise_error /Database user in-valid@localhost must be quotted/
+    end
   end
 end