username validation for special chars

Signed-off-by: Rutuja Surve <[email protected]>
opensearch-project · Nov 25, 2022 · 39b2627 · 39b2627
1 parent 7cad5e4
commit 39b2627
Showing 1 changed file with 8 additions and 0 deletions.
diff --git a/src/main/java/org/opensearch/security/dlic/rest/api/InternalUsersApiAction.java b/src/main/java/org/opensearch/security/dlic/rest/api/InternalUsersApiAction.java
@@ -14,6 +14,8 @@
 import java.io.IOException;
 import java.nio.file.Path;
 import java.util.List;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
 
 import com.fasterxml.jackson.databind.JsonNode;
 import com.fasterxml.jackson.databind.node.ObjectNode;
@@ -93,6 +95,12 @@ protected void handlePut(RestChannel channel, final RestRequest request, final C
             return;
         }
 
+        Pattern usernamePattern = Pattern.compile("[$&+,:;=\\\\?@#|/'<>.^*()%!-]");
+        if (usernamePattern.matcher(username).find()) {
+            badRequestResponse(channel, "Username has special characters, not permitted.");
+            return;
+        }
+
         // TODO it might be sensible to consolidate this with the overridden method in
         // order to minimize duplicated logic