From bddc6ae66bb8094c2c16df64d55663901d5eebd6 Mon Sep 17 00:00:00 2001 From: Dan Brown Date: Sat, 8 Jun 2024 20:33:34 +0100 Subject: [PATCH] Roles: Added max validation for role external auth id field For #5037 --- app/Users/Controllers/RoleApiController.php | 4 ++-- app/Users/Controllers/RoleController.php | 4 ++-- tests/User/RoleManagementTest.php | 25 +++++++++++++++++++++ 3 files changed, 29 insertions(+), 4 deletions(-) diff --git a/app/Users/Controllers/RoleApiController.php b/app/Users/Controllers/RoleApiController.php index 5f4f2999b..2e96602fa 100644 --- a/app/Users/Controllers/RoleApiController.php +++ b/app/Users/Controllers/RoleApiController.php @@ -21,7 +21,7 @@ class RoleApiController extends ApiController 'display_name' => ['required', 'string', 'min:3', 'max:180'], 'description' => ['string', 'max:180'], 'mfa_enforced' => ['boolean'], - 'external_auth_id' => ['string'], + 'external_auth_id' => ['string', 'max:180'], 'permissions' => ['array'], 'permissions.*' => ['string'], ], @@ -29,7 +29,7 @@ class RoleApiController extends ApiController 'display_name' => ['string', 'min:3', 'max:180'], 'description' => ['string', 'max:180'], 'mfa_enforced' => ['boolean'], - 'external_auth_id' => ['string'], + 'external_auth_id' => ['string', 'max:180'], 'permissions' => ['array'], 'permissions.*' => ['string'], ] diff --git a/app/Users/Controllers/RoleController.php b/app/Users/Controllers/RoleController.php index a874ce4d6..0a7fdcc9b 100644 --- a/app/Users/Controllers/RoleController.php +++ b/app/Users/Controllers/RoleController.php @@ -75,7 +75,7 @@ class RoleController extends Controller $data = $this->validate($request, [ 'display_name' => ['required', 'min:3', 'max:180'], 'description' => ['max:180'], - 'external_auth_id' => ['string'], + 'external_auth_id' => ['string', 'max:180'], 'permissions' => ['array'], 'mfa_enforced' => ['string'], ]); @@ -109,7 +109,7 @@ class RoleController extends Controller $data = $this->validate($request, [ 'display_name' => ['required', 'min:3', 'max:180'], 'description' => ['max:180'], - 'external_auth_id' => ['string'], + 'external_auth_id' => ['string', 'max:180'], 'permissions' => ['array'], 'mfa_enforced' => ['string'], ]); diff --git a/tests/User/RoleManagementTest.php b/tests/User/RoleManagementTest.php index 9e5cf78dd..8683fcb6e 100644 --- a/tests/User/RoleManagementTest.php +++ b/tests/User/RoleManagementTest.php @@ -96,6 +96,31 @@ class RoleManagementTest extends TestCase $this->assertActivityExists(ActivityType::ROLE_DELETE); } + public function test_role_external_auth_id_validation() + { + config()->set('auth.method', 'oidc'); + $role = Role::query()->first(); + $routeByMethod = [ + 'post' => '/settings/roles/new', + 'put' => "/settings/roles/{$role->id}", + ]; + + foreach ($routeByMethod as $method => $route) { + $resp = $this->asAdmin()->get($route); + $resp->assertDontSee('The external auth id'); + + $resp = $this->asAdmin()->call($method, $route, [ + 'display_name' => 'Test role for auth id validation', + 'description' => '', + 'external_auth_id' => str_repeat('a', 181), + ]); + + $resp->assertRedirect($route); + $resp = $this->followRedirects($resp); + $resp->assertSee('The external auth id may not be greater than 180 characters.'); + } + } + public function test_admin_role_cannot_be_removed_if_user_last_admin() { /** @var Role $adminRole */