update username

pcrespov · pcrespov · commit 76dffd5b68a0 · 2024-12-05T17:16:33.000+01:00
diff --git a/services/web/server/src/simcore_service_webserver/users/_handlers.py b/services/web/server/src/simcore_service_webserver/users/_handlers.py
@@ -82,6 +82,7 @@ async def get_my_profile(request: web.Request) -> web.Response:
 async def update_my_profile(request: web.Request) -> web.Response:
     req_ctx = UsersRequestContext.model_validate(request)
     profile_update = await parse_request_body_as(ProfileUpdate, request)
+
     await api.update_user_profile(
         request.app, user_id=req_ctx.user_id, update=profile_update
     )
diff --git a/services/web/server/src/simcore_service_webserver/users/api.py b/services/web/server/src/simcore_service_webserver/users/api.py
@@ -164,6 +164,7 @@ async def update_user_profile(
             include={
                 "first_name": True,
                 "last_name": True,
+                "user_name": True,
                 "privacy": {
                     "hide_email",
                     "hide_fullname",
diff --git a/services/web/server/src/simcore_service_webserver/users/schemas.py b/services/web/server/src/simcore_service_webserver/users/schemas.py
@@ -1,3 +1,4 @@
+import re
 from datetime import date
 from typing import Annotated, Literal
 from uuid import UUID
@@ -103,7 +104,7 @@ def _to_upper_string(cls, v):
 class ProfileUpdate(BaseModel):
     first_name: FirstNameStr | None = None
     last_name: LastNameStr | None = None
-
+    user_name: IDStr | None = None
     privacy: ProfilePrivacyUpdate | None = None
 
     model_config = ConfigDict(
@@ -115,6 +116,46 @@ class ProfileUpdate(BaseModel):
         }
     )
 
+    @field_validator("user_name")
+    @classmethod
+    def _validate_user_name(cls, value):
+        # Ensure valid characters (alphanumeric + . _ -)
+        if not re.match(r"^[a-zA-Z][a-zA-Z0-9_]*$", value):
+            msg = "Username must start with a letter and can only contain letters, numbers and '_'."
+            raise ValueError(msg)
+
+        # Ensure no consecutive special characters
+        if re.search(r"[_]{2,}", value):
+            msg = "Username cannot contain consecutive special characters like '__'."
+            raise ValueError(msg)
+
+        # Ensure it doesn't end with a special character
+        if value[-1] in {".", "_", "-"}:
+            msg = "Username cannot end with a special character."
+            raise ValueError(msg)
+
+        # Check reserved words (example list; extend as needed)
+        reserved_words = {
+            "admin",
+            "root",
+            "system",
+            "null",
+            "undefined",
+            "support",
+            "moderator",
+        }
+        if value.lower() in reserved_words:
+            msg = f"Username '{value}' is reserved and cannot be used."
+            raise ValueError(msg)
+
+        # Ensure no offensive content
+        offensive_terms = {"badword1", "badword2"}
+        if any(term in value.lower() for term in offensive_terms):
+            msg = "Username contains prohibited or offensive content"
+            raise ValueError(msg)
+
+        return value
+
 
 #
 # Permissions
diff --git a/services/web/server/tests/unit/with_dbs/03/test_users.py b/services/web/server/tests/unit/with_dbs/03/test_users.py
@@ -217,7 +217,8 @@ async def test_profile_workflow(
     resp = await client.patch(
         f"{url}",
         json={
-            "first_name": "Odei",
+            "firstName": "Odei",
+            "userName": "odei123",
             "privacy": {"hide_fullname": False},
         },
     )
@@ -232,11 +233,52 @@ async def test_profile_workflow(
     assert updated_profile.last_name == my_profile.last_name
     assert updated_profile.login == my_profile.login
 
+    assert updated_profile.user_name != my_profile.user_name
+    assert updated_profile.user_name == "odei123"
+
     assert updated_profile.privacy != my_profile.privacy
     assert updated_profile.privacy.hide_email == my_profile.privacy.hide_email
     assert updated_profile.privacy.hide_fullname != my_profile.privacy.hide_fullname
 
 
+@pytest.mark.parametrize(
+    "user_role",
+    [UserRole.USER],
+)
+async def test_update_wrong_user_name(
+    logged_user: UserInfoDict,
+    client: TestClient,
+    user_role: UserRole,
+):
+    assert client.app
+
+    # update with INVALID username
+    url = client.app.router["update_my_profile"].url_for()
+
+    for invalid_username in ("_foo", "superadmin", "foo..-123"):
+        resp = await client.patch(
+            f"{url}",
+            json={
+                "userName": invalid_username,
+            },
+        )
+        await assert_status(resp, status.HTTP_422_UNPROCESSABLE_ENTITY)
+
+    #  update with SAME username (i.e. existing)
+    url = client.app.router["get_my_profile"].url_for()
+    resp = await client.get(f"{url}")
+    data, _ = await assert_status(resp, status.HTTP_200_OK)
+
+    url = client.app.router["update_my_profile"].url_for()
+    resp = await client.patch(
+        f"{url}",
+        json={
+            "userName": data["userName"],
+        },
+    )
+    await assert_status(resp, status.HTTP_409_CONFLICT)
+
+
 @pytest.fixture
 def mock_failing_database_connection(mocker: Mock) -> MagicMock:
     """

Original file line number	Diff line number	Diff line change
`@@ -82,6 +82,7 @@ async def get_my_profile(request: web.Request) -> web.Response:`
`82`	`82`	`async def update_my_profile(request: web.Request) -> web.Response:`
`83`	`83`	`req_ctx = UsersRequestContext.model_validate(request)`
`84`	`84`	`profile_update = await parse_request_body_as(ProfileUpdate, request)`
	`85`	`+`
`85`	`86`	`await api.update_user_profile(`
`86`	`87`	`request.app, user_id=req_ctx.user_id, update=profile_update`
`87`	`88`	`)`