bots: Add validation to add_bot_backend to prevent empty short names

Fixes #5487

zerver/lib/users.py

@@ -18,6 +18,13 @@ def check_full_name(full_name_raw):
         raise JsonableError(_("Invalid characters in name!"))
     return full_name
 
+def check_short_name(short_name_raw):
+    # type: (Text) -> Text
+    short_name = short_name_raw.strip()
+    if len(short_name) == 0:
+        raise JsonableError(_("Bad name or username"))
+    return short_name
+
 def check_change_full_name(user_profile, full_name_raw, acting_user):
     # type: (UserProfile, Text, UserProfile) -> Text
     """Verifies that the user's proposed full name is valid.  The caller

zerver/tests/test_bots.py

@@ -62,6 +62,8 @@ class BotTest(ZulipTestCase, UploadSerializeMixin):
         # type: () -> None
         self.login(self.example_email('hamlet'))
         self.assert_num_bots_equal(0)
+
+        # Invalid username
         bot_info = dict(
             full_name='My bot name',
             short_name='@',
@@ -70,6 +72,15 @@ class BotTest(ZulipTestCase, UploadSerializeMixin):
         self.assert_json_error(result, 'Bad name or username')
         self.assert_num_bots_equal(0)
 
+        # Empty username
+        bot_info = dict(
+            full_name='My bot name',
+            short_name='',
+        )
+        result = self.client_post("/json/bots", bot_info)
+        self.assert_json_error(result, 'Bad name or username')
+        self.assert_num_bots_equal(0)
+
     def test_add_bot_with_no_name(self):
         # type: () -> None
         self.login(self.example_email('hamlet'))

zerver/views/users.py

@@ -23,7 +23,8 @@ from zerver.lib.response import json_error, json_success
 from zerver.lib.streams import access_stream_by_name
 from zerver.lib.upload import upload_avatar_image
 from zerver.lib.validator import check_bool, check_string, check_int, check_url
-from zerver.lib.users import check_valid_bot_type, check_change_full_name, check_full_name
+from zerver.lib.users import check_valid_bot_type, check_change_full_name, \
+    check_full_name, check_short_name
 from zerver.lib.utils import generate_random_token
 from zerver.models import UserProfile, Stream, Realm, Message, get_user_profile_by_email, \
     email_allowed_for_realm, get_user_profile_by_id, get_user, Service
@@ -239,13 +240,14 @@ def add_outgoing_webhook_service(name, user_profile, base_url, interface, token)
                            token=token)
 
 @has_request_variables
-def add_bot_backend(request, user_profile, full_name_raw=REQ("full_name"), short_name=REQ(),
+def add_bot_backend(request, user_profile, full_name_raw=REQ("full_name"), short_name_raw=REQ("short_name"),
                     bot_type=REQ(validator=check_int, default=UserProfile.DEFAULT_BOT),
                     payload_url=REQ(validator=check_url, default=None),
                     default_sending_stream_name=REQ('default_sending_stream', default=None),
                     default_events_register_stream_name=REQ('default_events_register_stream', default=None),
                     default_all_public_streams=REQ(validator=check_bool, default=None)):
     # type: (HttpRequest, UserProfile, Text, Text, int, Optional[Text], Optional[Text], Optional[Text], Optional[bool]) -> HttpResponse
+    short_name = check_short_name(short_name_raw)
     service_name = short_name
     short_name += "-bot"
     full_name = check_full_name(full_name_raw)