NotificationsYou must be signed in to change notification settings
Fork913
Star10.1k

Commit01a904c

authored

feat(codersdk): export name validators (#14550)

* feat(codersdk): export name validators* review

1 parent093d243 commit01a904cCopy full SHA for 01a904c

File tree

10 files changed

+154

-31

lines changed

cli
- usercreate.go
coderd
- externalauth
  - externalauth.go
- httpapi
  - httpapi.go
  - name.go
- userauth.go
- users.go
codersdk
- name.go
- name_test.go
enterprise/coderd
- roles.go
- scim.go

10 files changed

+154

-31

lines changed

`‎cli/usercreate.go`

Lines changed: 1 addition & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -11,7 +11,6 @@ import (`
`11`	`11`	`"github.com/coder/pretty"`
`12`	`12`
`13`	`13`	`"github.com/coder/coder/v2/cli/cliui"`
`14`		`-"github.com/coder/coder/v2/coderd/httpapi"`
`15`	`14`	`"github.com/coder/coder/v2/codersdk"`
`16`	`15`	`"github.com/coder/coder/v2/cryptorand"`
`17`	`16`	`"github.com/coder/serpent"`
`@@ -72,7 +71,7 @@ func (r RootCmd) userCreate() serpent.Command {`
`72`	`71`	`iferr!=nil {`
`73`	`72`	`returnerr`
`74`	`73`	`}`
`75`		`-name=httpapi.NormalizeRealUsername(rawName)`
	`74`	`+name=codersdk.NormalizeRealUsername(rawName)`
`76`	`75`	`if!strings.EqualFold(rawName,name) {`
`77`	`76`	`cliui.Warnf(inv.Stderr,"Normalized name to %q",name)`
`78`	`77`	`}`

`‎coderd/externalauth/externalauth.go`

Lines changed: 1 addition & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -23,7 +23,6 @@ import (`
`23`	`23`
`24`	`24`	`"github.com/coder/coder/v2/coderd/database"`
`25`	`25`	`"github.com/coder/coder/v2/coderd/database/dbtime"`
`26`		`-"github.com/coder/coder/v2/coderd/httpapi"`
`27`	`26`	`"github.com/coder/coder/v2/coderd/promoauth"`
`28`	`27`	`"github.com/coder/coder/v2/codersdk"`
`29`	`28`	`"github.com/coder/retry"`
`@@ -486,7 +485,7 @@ func ConvertConfig(instrument *promoauth.Factory, entries []codersdk.ExternalAut`
`486`	`485`	`// apply their client secret and ID, and have the UI appear nicely.`
`487`	`486`	`applyDefaultsToConfig(&entry)`
`488`	`487`
`489`		`-valid:=httpapi.NameValid(entry.ID)`
	`488`	`+valid:=codersdk.NameValid(entry.ID)`
`490`	`489`	`ifvalid!=nil {`
`491`	`490`	`returnnil,xerrors.Errorf("external auth provider %q doesn't have a valid id: %w",entry.ID,valid)`
`492`	`491`	`}`

`‎coderd/httpapi/httpapi.go`

Lines changed: 5 additions & 5 deletions

Original file line number	Diff line number	Diff line change
`@@ -43,7 +43,7 @@ func init() {`
`43`	`43`	`if!ok {`
`44`	`44`	`returnfalse`
`45`	`45`	`}`
`46`		`-valid:=NameValid(str)`
	`46`	`+valid:=codersdk.NameValid(str)`
`47`	`47`	`returnvalid==nil`
`48`	`48`	`}`
`49`	`49`	`for_,tag:=range []string{"username","organization_name","template_name","workspace_name","oauth2_app_name"} {`
`@@ -59,7 +59,7 @@ func init() {`
`59`	`59`	`if!ok {`
`60`	`60`	`returnfalse`
`61`	`61`	`}`
`62`		`-valid:=DisplayNameValid(str)`
	`62`	`+valid:=codersdk.DisplayNameValid(str)`
`63`	`63`	`returnvalid==nil`
`64`	`64`	`}`
`65`	`65`	`for_,displayNameTag:=range []string{"organization_display_name","template_display_name","group_display_name"} {`
`@@ -75,7 +75,7 @@ func init() {`
`75`	`75`	`if!ok {`
`76`	`76`	`returnfalse`
`77`	`77`	`}`
`78`		`-valid:=TemplateVersionNameValid(str)`
	`78`	`+valid:=codersdk.TemplateVersionNameValid(str)`
`79`	`79`	`returnvalid==nil`
`80`	`80`	`}`
`81`	`81`	`err:=Validate.RegisterValidation("template_version_name",templateVersionNameValidator)`
`@@ -89,7 +89,7 @@ func init() {`
`89`	`89`	`if!ok {`
`90`	`90`	`returnfalse`
`91`	`91`	`}`
`92`		`-valid:=UserRealNameValid(str)`
	`92`	`+valid:=codersdk.UserRealNameValid(str)`
`93`	`93`	`returnvalid==nil`
`94`	`94`	`}`
`95`	`95`	`err=Validate.RegisterValidation("user_real_name",userRealNameValidator)`
`@@ -103,7 +103,7 @@ func init() {`
`103`	`103`	`if!ok {`
`104`	`104`	`returnfalse`
`105`	`105`	`}`
`106`		`-valid:=GroupNameValid(str)`
	`106`	`+valid:=codersdk.GroupNameValid(str)`
`107`	`107`	`returnvalid==nil`
`108`	`108`	`}`
`109`	`109`	`err=Validate.RegisterValidation("group_name",groupNameValidator)`

`‎coderd/httpapi/name.go`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -38,7 +38,7 @@ func UsernameFrom(str string) string {`
`38`	`38`	`}`
`39`	`39`
`40`	`40`	`// NameValid returns whether the input string is a valid name.`
`41`		`-// It is a generic validator for any name(user, workspace, template, role name, etc.).`
	`41`	`+// It is a generic validator for any namethat doesn't have it's own validator.`
`42`	`42`	`funcNameValid(strstring)error {`
`43`	`43`	`iflen(str)>32 {`
`44`	`44`	`returnxerrors.New("must be <= 32 characters")`

`‎coderd/userauth.go`

Lines changed: 5 additions & 5 deletions

Original file line number	Diff line number	Diff line change
`@@ -602,7 +602,7 @@ func (api API) userOAuth2Github(rw http.ResponseWriter, r http.Request) {`
`602`	`602`	`}`
`603`	`603`
`604`	`604`	`ghName:=ghUser.GetName()`
`605`		`-normName:=httpapi.NormalizeRealUsername(ghName)`
	`605`	`+normName:=codersdk.NormalizeRealUsername(ghName)`
`606`	`606`
`607`	`607`	`// If we have a nil GitHub ID, that is a big problem. That would mean we link`
`608`	`608`	`// this user and all other users with this bug to the same uuid.`
`@@ -951,15 +951,15 @@ func (api API) userOIDC(rw http.ResponseWriter, r http.Request) {`
`951`	`951`	`// The username is a required property in Coder. We make a best-effort`
`952`	`952`	`// attempt at using what the claims provide, but if that fails we will`
`953`	`953`	`// generate a random username.`
`954`		`-usernameValid:=httpapi.NameValid(username)`
	`954`	`+usernameValid:=codersdk.NameValid(username)`
`955`	`955`	`ifusernameValid!=nil {`
`956`	`956`	`// If no username is provided, we can default to use the email address.`
`957`	`957`	`// This will be converted in the from function below, so it's safe`
`958`	`958`	`// to keep the domain.`
`959`	`959`	`ifusername=="" {`
`960`	`960`	`username=email`
`961`	`961`	`}`
`962`		`-username=httpapi.UsernameFrom(username)`
	`962`	`+username=codersdk.UsernameFrom(username)`
`963`	`963`	`}`
`964`	`964`
`965`	`965`	`iflen(api.OIDCConfig.EmailDomain)>0 {`
`@@ -994,7 +994,7 @@ func (api API) userOIDC(rw http.ResponseWriter, r http.Request) {`
`994`	`994`	`nameRaw,ok:=mergedClaims[api.OIDCConfig.NameField]`
`995`	`995`	`ifok {`
`996`	`996`	`name,_=nameRaw.(string)`
`997`		`-name=httpapi.NormalizeRealUsername(name)`
	`997`	`+name=codersdk.NormalizeRealUsername(name)`
`998`	`998`	`}`
`999`	`999`
`1000`	`1000`	`varpicturestring`
`@@ -1389,7 +1389,7 @@ func (api API) oauthLogin(r http.Request, params oauthLoginParams) ([]http.C`
`1389`	`1389`	`fori:=0;i<10;i++ {`
`1390`	`1390`	`alternate:=fmt.Sprintf("%s-%s",original,namesgenerator.GetRandomName(1))`
`1391`	`1391`
`1392`		`-params.Username=httpapi.UsernameFrom(alternate)`
	`1392`	`+params.Username=codersdk.UsernameFrom(alternate)`
`1393`	`1393`
`1394`	`1394`	`//nolint:gocritic`
`1395`	`1395`	`_,err:=tx.GetUserByEmailOrUsername(dbauthz.AsSystemRestricted(ctx), database.GetUserByEmailOrUsernameParams{`

`‎coderd/users.go`

Lines changed: 2 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -1287,7 +1287,7 @@ type CreateUserRequest struct {`
`1287`	`1287`	`func (api*API)CreateUser(ctx context.Context,store database.Store,reqCreateUserRequest) (database.User,error) {`
`1288`	`1288`	`// Ensure the username is valid. It's the caller's responsibility to ensure`
`1289`	`1289`	`// the username is valid and unique.`
`1290`		`-ifusernameValid:=httpapi.NameValid(req.Username);usernameValid!=nil {`
	`1290`	`+ifusernameValid:=codersdk.NameValid(req.Username);usernameValid!=nil {`
`1291`	`1291`	`return database.User{},xerrors.Errorf("invalid username %q: %w",req.Username,usernameValid)`
`1292`	`1292`	`}`
`1293`	`1293`
`@@ -1299,7 +1299,7 @@ func (api *API) CreateUser(ctx context.Context, store database.Store, req Create`
`1299`	`1299`	`ID:uuid.New(),`
`1300`	`1300`	`Email:req.Email,`
`1301`	`1301`	`Username:req.Username,`
`1302`		`-Name:httpapi.NormalizeRealUsername(req.Name),`
	`1302`	`+Name:codersdk.NormalizeRealUsername(req.Name),`
`1303`	`1303`	`CreatedAt:dbtime.Now(),`
`1304`	`1304`	`UpdatedAt:dbtime.Now(),`
`1305`	`1305`	`HashedPassword: []byte{},`

`‎codersdk/name.go`

Lines changed: 125 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,125 @@`
	`1`	`+package codersdk`
	`2`	`+`
	`3`	`+import (`
	`4`	`+"regexp"`
	`5`	`+"strings"`
	`6`	`+`
	`7`	`+"github.com/moby/moby/pkg/namesgenerator"`
	`8`	`+"golang.org/x/xerrors"`
	`9`	`+)`
	`10`	`+`
	`11`	`+var (`
	`12`	`+UsernameValidRegex=regexp.MustCompile("^[a-zA-Z0-9]+(?:-[a-zA-Z0-9]+)*$")`
	`13`	`+usernameReplace=regexp.MustCompile("[^a-zA-Z0-9-]*")`
	`14`	`+`
	`15`	+templateVersionName=regexp.MustCompile(`^[a-zA-Z0-9]+(?:[_.-]{1}[a-zA-Z0-9]+)*$`)
	`16`	+templateDisplayName=regexp.MustCompile(`^[^\s](.*[^\s])?$`)
	`17`	`+)`
	`18`	`+`
	`19`	`+// UsernameFrom returns a best-effort username from the provided string.`
	`20`	`+//`
	`21`	`+// It first attempts to validate the incoming string, which will`
	`22`	`+// be returned if it is valid. It then will attempt to extract`
	`23`	`+// the username from an email address. If no success happens during`
	`24`	`+// these steps, a random username will be returned.`
	`25`	`+funcUsernameFrom(strstring)string {`
	`26`	`+ifvalid:=NameValid(str);valid==nil {`
	`27`	`+returnstr`
	`28`	`+}`
	`29`	`+emailAt:=strings.LastIndex(str,"@")`
	`30`	`+ifemailAt>=0 {`
	`31`	`+str=str[:emailAt]`
	`32`	`+}`
	`33`	`+str=usernameReplace.ReplaceAllString(str,"")`
	`34`	`+ifvalid:=NameValid(str);valid==nil {`
	`35`	`+returnstr`
	`36`	`+}`
	`37`	`+returnstrings.ReplaceAll(namesgenerator.GetRandomName(1),"_","-")`
	`38`	`+}`
	`39`	`+`
	`40`	`+// NameValid returns whether the input string is a valid name.`
	`41`	`+// It is a generic validator for any name (user, workspace, template, role name, etc.).`
	`42`	`+funcNameValid(strstring)error {`
	`43`	`+iflen(str)>32 {`
	`44`	`+returnxerrors.New("must be <= 32 characters")`
	`45`	`+}`
	`46`	`+iflen(str)<1 {`
	`47`	`+returnxerrors.New("must be >= 1 character")`
	`48`	`+}`
	`49`	`+// Avoid conflicts with routes like /templates/new and /groups/create.`
	`50`	`+ifstr=="new"\|\|str=="create" {`
	`51`	`+returnxerrors.Errorf("cannot use %q as a name",str)`
	`52`	`+}`
	`53`	`+matched:=UsernameValidRegex.MatchString(str)`
	`54`	`+if!matched {`
	`55`	`+returnxerrors.New("must be alphanumeric with hyphens")`
	`56`	`+}`
	`57`	`+returnnil`
	`58`	`+}`
	`59`	`+`
	`60`	`+// TemplateVersionNameValid returns whether the input string is a valid template version name.`
	`61`	`+funcTemplateVersionNameValid(strstring)error {`
	`62`	`+iflen(str)>64 {`
	`63`	`+returnxerrors.New("must be <= 64 characters")`
	`64`	`+}`
	`65`	`+matched:=templateVersionName.MatchString(str)`
	`66`	`+if!matched {`
	`67`	`+returnxerrors.New("must be alphanumeric with underscores and dots")`
	`68`	`+}`
	`69`	`+returnnil`
	`70`	`+}`
	`71`	`+`
	`72`	`+// DisplayNameValid returns whether the input string is a valid template display name.`
	`73`	`+funcDisplayNameValid(strstring)error {`
	`74`	`+iflen(str)==0 {`
	`75`	`+returnnil// empty display_name is correct`
	`76`	`+}`
	`77`	`+iflen(str)>64 {`
	`78`	`+returnxerrors.New("must be <= 64 characters")`
	`79`	`+}`
	`80`	`+matched:=templateDisplayName.MatchString(str)`
	`81`	`+if!matched {`
	`82`	`+returnxerrors.New("must be alphanumeric with spaces")`
	`83`	`+}`
	`84`	`+returnnil`
	`85`	`+}`
	`86`	`+`
	`87`	`+// UserRealNameValid returns whether the input string is a valid real user name.`
	`88`	`+funcUserRealNameValid(strstring)error {`
	`89`	`+iflen(str)>128 {`
	`90`	`+returnxerrors.New("must be <= 128 characters")`
	`91`	`+}`
	`92`	`+`
	`93`	`+ifstrings.TrimSpace(str)!=str {`
	`94`	`+returnxerrors.New("must not have leading or trailing whitespace")`
	`95`	`+}`
	`96`	`+returnnil`
	`97`	`+}`
	`98`	`+`
	`99`	`+// GroupNameValid returns whether the input string is a valid group name.`
	`100`	`+funcGroupNameValid(strstring)error {`
	`101`	`+// 36 is to support using UUIDs as the group name.`
	`102`	`+iflen(str)>36 {`
	`103`	`+returnxerrors.New("must be <= 36 characters")`
	`104`	`+}`
	`105`	`+// Avoid conflicts with routes like /groups/new and /groups/create.`
	`106`	`+ifstr=="new"\|\|str=="create" {`
	`107`	`+returnxerrors.Errorf("cannot use %q as a name",str)`
	`108`	`+}`
	`109`	`+matched:=UsernameValidRegex.MatchString(str)`
	`110`	`+if!matched {`
	`111`	`+returnxerrors.New("must be alphanumeric with hyphens")`
	`112`	`+}`
	`113`	`+returnnil`
	`114`	`+}`
	`115`	`+`
	`116`	`+// NormalizeUserRealName normalizes a user name such that it will pass`
	`117`	`+// validation by UserRealNameValid. This is done to avoid blocking`
	`118`	`+// little Bobby Whitespace from using Coder.`
	`119`	`+funcNormalizeRealUsername(strstring)string {`
	`120`	`+s:=strings.TrimSpace(str)`
	`121`	`+iflen(s)>128 {`
	`122`	`+s=s[:128]`
	`123`	`+}`
	`124`	`+returns`
	`125`	`+}`

`‎coderd/httpapi/name_test.gorenamed to‎codersdk/name_test.go`

Lines changed: 11 additions & 11 deletions

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-packagehttpapi_test`
	`1`	`+packagecodersdk_test`
`2`	`2`
`3`	`3`	`import (`
`4`	`4`	`"strings"`
`@@ -7,7 +7,7 @@ import (`
`7`	`7`	`"github.com/stretchr/testify/assert"`
`8`	`8`	`"github.com/stretchr/testify/require"`
`9`	`9`
`10`		`-"github.com/coder/coder/v2/coderd/httpapi"`
	`10`	`+"github.com/coder/coder/v2/codersdk"`
`11`	`11`	`"github.com/coder/coder/v2/testutil"`
`12`	`12`	`)`
`13`	`13`
`@@ -62,7 +62,7 @@ func TestUsernameValid(t *testing.T) {`
`62`	`62`	`testCase:=testCase`
`63`	`63`	`t.Run(testCase.Username,func(t*testing.T) {`
`64`	`64`	`t.Parallel()`
`65`		`-valid:=httpapi.NameValid(testCase.Username)`
	`65`	`+valid:=codersdk.NameValid(testCase.Username)`
`66`	`66`	`require.Equal(t,testCase.Valid,valid==nil)`
`67`	`67`	`})`
`68`	`68`	`}`
`@@ -117,7 +117,7 @@ func TestTemplateDisplayNameValid(t *testing.T) {`
`117`	`117`	`testCase:=testCase`
`118`	`118`	`t.Run(testCase.Name,func(t*testing.T) {`
`119`	`119`	`t.Parallel()`
`120`		`-valid:=httpapi.DisplayNameValid(testCase.Name)`
	`120`	`+valid:=codersdk.DisplayNameValid(testCase.Name)`
`121`	`121`	`require.Equal(t,testCase.Valid,valid==nil)`
`122`	`122`	`})`
`123`	`123`	`}`
`@@ -158,7 +158,7 @@ func TestTemplateVersionNameValid(t *testing.T) {`
`158`	`158`	`testCase:=testCase`
`159`	`159`	`t.Run(testCase.Name,func(t*testing.T) {`
`160`	`160`	`t.Parallel()`
`161`		`-valid:=httpapi.TemplateVersionNameValid(testCase.Name)`
	`161`	`+valid:=codersdk.TemplateVersionNameValid(testCase.Name)`
`162`	`162`	`require.Equal(t,testCase.Valid,valid==nil)`
`163`	`163`	`})`
`164`	`164`	`}`
`@@ -169,7 +169,7 @@ func TestGeneratedTemplateVersionNameValid(t *testing.T) {`
`169`	`169`
`170`	`170`	`fori:=0;i<1000;i++ {`
`171`	`171`	`name:=testutil.GetRandomName(t)`
`172`		`-err:=httpapi.TemplateVersionNameValid(name)`
	`172`	`+err:=codersdk.TemplateVersionNameValid(name)`
`173`	`173`	`require.NoError(t,err,"invalid template version name: %s",name)`
`174`	`174`	`}`
`175`	`175`	`}`
`@@ -199,9 +199,9 @@ func TestFrom(t *testing.T) {`
`199`	`199`	`testCase:=testCase`
`200`	`200`	`t.Run(testCase.From,func(t*testing.T) {`
`201`	`201`	`t.Parallel()`
`202`		`-converted:=httpapi.UsernameFrom(testCase.From)`
	`202`	`+converted:=codersdk.UsernameFrom(testCase.From)`
`203`	`203`	`t.Log(converted)`
`204`		`-valid:=httpapi.NameValid(converted)`
	`204`	`+valid:=codersdk.NameValid(converted)`
`205`	`205`	`require.True(t,valid==nil)`
`206`	`206`	`iftestCase.Match=="" {`
`207`	`207`	`require.NotEqual(t,testCase.From,converted)`
`@@ -245,9 +245,9 @@ func TestUserRealNameValid(t *testing.T) {`
`245`	`245`	`testCase:=testCase`
`246`	`246`	`t.Run(testCase.Name,func(t*testing.T) {`
`247`	`247`	`t.Parallel()`
`248`		`-err:=httpapi.UserRealNameValid(testCase.Name)`
`249`		`-norm:=httpapi.NormalizeRealUsername(testCase.Name)`
`250`		`-normErr:=httpapi.UserRealNameValid(norm)`
	`248`	`+err:=codersdk.UserRealNameValid(testCase.Name)`
	`249`	`+norm:=codersdk.NormalizeRealUsername(testCase.Name)`
	`250`	`+normErr:=codersdk.UserRealNameValid(norm)`
`251`	`251`	`assert.NoError(t,normErr)`
`252`	`252`	`assert.Equal(t,testCase.Valid,err==nil)`
`253`	`253`	`assert.Equal(t,testCase.Valid,norm==testCase.Name,"invalid name should be different after normalization")`

`‎enterprise/coderd/roles.go`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -266,7 +266,7 @@ func validOrganizationRoleRequest(ctx context.Context, req codersdk.CustomRoleRe`
`266`	`266`	`returnfalse`
`267`	`267`	`}`
`268`	`268`
`269`		`-iferr:=httpapi.NameValid(req.Name);err!=nil {`
	`269`	`+iferr:=codersdk.NameValid(req.Name);err!=nil {`
`270`	`270`	`httpapi.Write(ctx,rw,http.StatusBadRequest, codersdk.Response{`
`271`	`271`	`Message:"Invalid role name",`
`272`	`272`	`Detail:err.Error(),`

`‎enterprise/coderd/scim.go`

Lines changed: 2 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -206,15 +206,15 @@ func (api API) scimPostUser(rw http.ResponseWriter, r http.Request) {`
`206`	`206`	`// The username is a required property in Coder. We make a best-effort`
`207`	`207`	`// attempt at using what the claims provide, but if that fails we will`
`208`	`208`	`// generate a random username.`
`209`		`-usernameValid:=httpapi.NameValid(sUser.UserName)`
	`209`	`+usernameValid:=codersdk.NameValid(sUser.UserName)`
`210`	`210`	`ifusernameValid!=nil {`
`211`	`211`	`// If no username is provided, we can default to use the email address.`
`212`	`212`	`// This will be converted in the from function below, so it's safe`
`213`	`213`	`// to keep the domain.`
`214`	`214`	`ifsUser.UserName=="" {`
`215`	`215`	`sUser.UserName=email`
`216`	`216`	`}`
`217`		`-sUser.UserName=httpapi.UsernameFrom(sUser.UserName)`
	`217`	`+sUser.UserName=codersdk.UsernameFrom(sUser.UserName)`
`218`	`218`	`}`
`219`	`219`
`220`	`220`	`// TODO: This is a temporary solution that does not support multi-org`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit01a904c

File tree

10 files changed

10 files changed

`‎cli/usercreate.go`

`‎coderd/externalauth/externalauth.go`

`‎coderd/httpapi/httpapi.go`

`‎coderd/httpapi/name.go`

`‎coderd/userauth.go`

`‎coderd/users.go`

`‎codersdk/name.go`

`‎coderd/httpapi/name_test.gorenamed to‎codersdk/name_test.go`

`‎enterprise/coderd/roles.go`

`‎enterprise/coderd/scim.go`

0 commit comments