Skip to content

Commit bcdade7

Browse files
cstyancstyan
authored
fix: add database constraint to enforce minimum username length (#19453)
Username length and format, via regex, are already enforced at the application layer, but we have some code paths with database queries where we could optimize away many of the DB query calls if we could be sure at the database level that the username is never an empty string. For example: #19395 --------- Signed-off-by: Callum Styan <callumstyan@gmail.com>
1 parent 72f58c0 commit bcdade7

File tree

5 files changed

+13
-3
lines changed

5 files changed

+13
-3
lines changed

coderd/database/check_constraint.go

Lines changed: 1 addition & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

coderd/database/dump.sql

Lines changed: 2 additions & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

coderd/database/migrations/000361_username_length_constraint.down.sql

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,2 @@
1+
ALTER TABLE users
2+
DROP CONSTRAINT IF EXISTS users_username_min_length;

coderd/database/migrations/000361_username_length_constraint.up.sql

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,3 @@
1+
ALTER TABLE users
2+
ADD CONSTRAINT users_username_min_length
3+
CHECK (length(username) >= 1);

coderd/database/querier_test.go

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1552,8 +1552,11 @@ func TestUpdateSystemUser(t *testing.T) {
15521552

15531553
// When: attempting to update a system user's name.
15541554
_, err = db.UpdateUserProfile(ctx, database.UpdateUserProfileParams{
1555-
ID: systemUser.ID,
1556-
Name: "not prebuilds",
1555+
ID: systemUser.ID,
1556+
Email: systemUser.Email,
1557+
Username: systemUser.Username,
1558+
AvatarURL: systemUser.AvatarURL,
1559+
Name: "not prebuilds",
15571560
})
15581561
// Then: the attempt is rejected by a postgres trigger.
15591562
// require.ErrorContains(t, err, "Cannot modify or delete system users")

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy