From 3a9c038090e06a30745bffbc2c1c4718429c811c Mon Sep 17 00:00:00 2001
From: StNicolay <stnicolay2007@mail.ru>
Date: Sun, 7 May 2023 19:04:48 +0300
Subject: [PATCH] Added basic checks for the account fields

---
 src/handlers/commands/import.rs        |  9 ++++++++-
 src/handlers/state/get_account_name.rs | 14 ++++++++++++--
 src/handlers/state/get_login.rs        | 14 ++++++++++++--
 src/handlers/state/get_password.rs     | 14 ++++++++++++--
 src/handlers/utils.rs                  |  8 ++++++++
 src/models.rs                          | 14 ++++++++++++++
 6 files changed, 66 insertions(+), 7 deletions(-)

diff --git a/src/handlers/commands/import.rs b/src/handlers/commands/import.rs
index 3447486..bd91ca9 100644
--- a/src/handlers/commands/import.rs
+++ b/src/handlers/commands/import.rs
@@ -29,7 +29,14 @@ async fn get_master_pass(
             let db = db.clone();
             let name = account.name.clone();
             async move {
-                match spawn_blocking(move || account.into_account(user_id, &master_pass)).await {
+                let result = spawn_blocking(move || {
+                    if !account.validate() {
+                        return Err(());
+                    }
+                    account.into_account(user_id, &master_pass).map_err(|_| ())
+                })
+                .await;
+                match result {
                     Ok(Ok(account)) => match account.insert(&db).await {
                         Ok(_) => (),
                         Err(_) => failed.lock().await.push(name),
diff --git a/src/handlers/state/get_account_name.rs b/src/handlers/state/get_account_name.rs
index 64d7ec6..2eae066 100644
--- a/src/handlers/state/get_account_name.rs
+++ b/src/handlers/state/get_account_name.rs
@@ -3,7 +3,7 @@ use teloxide::{adaptors::Throttle, prelude::*};
 
 use crate::{
     errors::NoMessageText,
-    handlers::{MainDialogue, PackagedHandler},
+    handlers::{markups::deletion_markup, utils::validate_field, MainDialogue, PackagedHandler},
 };
 
 pub async fn get_account_name(
@@ -20,7 +20,17 @@ pub async fn get_account_name(
         msg,
         db,
         dialogue,
-        |_, _, _, _| Box::pin(async { Ok(true) }),
+        |bot, msg, _, name| {
+            Box::pin(async move {
+                let is_valid = validate_field(name);
+                if !is_valid {
+                    bot.send_message(msg.chat.id, "Invalid account name")
+                        .reply_markup(deletion_markup())
+                        .await?;
+                }
+                Ok(is_valid)
+            })
+        },
         next,
     )
     .await
diff --git a/src/handlers/state/get_login.rs b/src/handlers/state/get_login.rs
index 2af1b86..8804f73 100644
--- a/src/handlers/state/get_login.rs
+++ b/src/handlers/state/get_login.rs
@@ -3,7 +3,7 @@ use teloxide::{adaptors::Throttle, prelude::*};
 
 use crate::{
     errors::NoMessageText,
-    handlers::{MainDialogue, PackagedHandler},
+    handlers::{markups::deletion_markup, utils::validate_field, MainDialogue, PackagedHandler},
 };
 
 pub async fn get_login(
@@ -20,7 +20,17 @@ pub async fn get_login(
         msg,
         db,
         dialogue,
-        |_, _, _, _| Box::pin(async { Ok(true) }),
+        |bot, msg, _, login| {
+            Box::pin(async move {
+                let is_valid = validate_field(login);
+                if !is_valid {
+                    bot.send_message(msg.chat.id, "Invalid login")
+                        .reply_markup(deletion_markup())
+                        .await?;
+                }
+                Ok(is_valid)
+            })
+        },
         next,
     )
     .await
diff --git a/src/handlers/state/get_password.rs b/src/handlers/state/get_password.rs
index 1d1155e..dec8ba3 100644
--- a/src/handlers/state/get_password.rs
+++ b/src/handlers/state/get_password.rs
@@ -3,7 +3,7 @@ use teloxide::{adaptors::Throttle, prelude::*};
 
 use crate::{
     errors::NoMessageText,
-    handlers::{MainDialogue, PackagedHandler},
+    handlers::{markups::deletion_markup, utils::validate_field, MainDialogue, PackagedHandler},
 };
 
 pub async fn get_password(
@@ -20,7 +20,17 @@ pub async fn get_password(
         msg,
         db,
         dialogue,
-        |_, _, _, _| Box::pin(async { Ok(true) }),
+        |bot, msg, _, password| {
+            Box::pin(async move {
+                let is_valid = validate_field(password);
+                if !is_valid {
+                    bot.send_message(msg.chat.id, "Invalid password")
+                        .reply_markup(deletion_markup())
+                        .await?;
+                }
+                Ok(is_valid)
+            })
+        },
         next,
     )
     .await
diff --git a/src/handlers/utils.rs b/src/handlers/utils.rs
index 7a64475..2ff722a 100644
--- a/src/handlers/utils.rs
+++ b/src/handlers/utils.rs
@@ -31,3 +31,11 @@ pub async fn delete_optional(bot: &Throttle<Bot>, msg: &Option<Message>) {
         let _ = bot.delete_message(msg.chat.id, msg.id).await;
     }
 }
+
+/// Returns true if the field is valid
+#[inline]
+pub fn validate_field(field: &str) -> bool {
+    field
+        .chars()
+        .all(|char| char != '`' && char != '\\' && char != '\n')
+}
diff --git a/src/models.rs b/src/models.rs
index e497920..4f61758 100644
--- a/src/models.rs
+++ b/src/models.rs
@@ -27,6 +27,20 @@ impl DecryptedAccount {
         let (name, login, password) = (self.name, self.login, self.password);
         account::ActiveModel::from_unencrypted(user_id, name, &login, &password, master_pass)
     }
+
+    /// Returns true if the account is valid
+    #[inline]
+    pub fn validate(&self) -> bool {
+        for string in [&self.name, &self.login, &self.password] {
+            let is_invalid = string
+                .chars()
+                .any(|char| char == '`' || char == '\\' || char == '\n');
+            if is_invalid {
+                return false;
+            }
+        }
+        true
+    }
 }
 
 #[derive(Serialize, Deserialize)]