Skip to content

Commit e987ad1

Browse files
aslilacaslilac
authored
fix: don't allow "new" or "create" as url-friendly names (#13596)
1 parent 3a1fa04 commit e987ad1

File tree

12 files changed

+117
-108
lines changed

12 files changed

+117
-108
lines changed

coderd/apidoc/docs.go

Lines changed: 3 additions & 2 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

coderd/apidoc/swagger.json

Lines changed: 2 additions & 8 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

coderd/httpapi/httpapi.go

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -46,7 +46,7 @@ func init() {
4646
valid := NameValid(str)
4747
return valid == nil
4848
}
49-
for _, tag := range []string{"username", "organization_name", "template_name", "workspace_name", "oauth2_app_name"} {
49+
for _, tag := range []string{"username", "organization_name", "template_name", "group_name", "workspace_name", "oauth2_app_name"} {
5050
err := Validate.RegisterValidation(tag, nameValidator)
5151
if err != nil {
5252
panic(err)
@@ -62,7 +62,7 @@ func init() {
6262
valid := DisplayNameValid(str)
6363
return valid == nil
6464
}
65-
for _, displayNameTag := range []string{"organization_display_name", "template_display_name"} {
65+
for _, displayNameTag := range []string{"organization_display_name", "template_display_name", "group_display_name"} {
6666
err := Validate.RegisterValidation(displayNameTag, displayNameValidator)
6767
if err != nil {
6868
panic(err)

coderd/httpapi/name.go

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -46,6 +46,10 @@ func NameValid(str string) error {
4646
if len(str) < 1 {
4747
return xerrors.New("must be >= 1 character")
4848
}
49+
// Avoid conflicts with routes like /templates/new and /groups/create.
50+
if str == "new" || str == "create" {
51+
return xerrors.Errorf("cannot use %q as a name", str)
52+
}
4953
matched := UsernameValidRegex.MatchString(str)
5054
if !matched {
5155
return xerrors.New("must be alphanumeric with hyphens")

coderd/organizations_test.go

Lines changed: 27 additions & 27 deletions
Original file line numberDiff line numberDiff line change
@@ -140,14 +140,14 @@ func TestPostOrganizationsByUser(t *testing.T) {
140140
ctx := testutil.Context(t, testutil.WaitLong)
141141

142142
o, err := client.CreateOrganization(ctx, codersdk.CreateOrganizationRequest{
143-
Name: "new",
144-
DisplayName: "New",
143+
Name: "new-org",
144+
DisplayName: "New organization",
145145
Description: "A new organization to love and cherish forever.",
146146
Icon: "/emojis/1f48f-1f3ff.png",
147147
})
148148
require.NoError(t, err)
149-
require.Equal(t, "new", o.Name)
150-
require.Equal(t, "New", o.DisplayName)
149+
require.Equal(t, "new-org", o.Name)
150+
require.Equal(t, "New organization", o.DisplayName)
151151
require.Equal(t, "A new organization to love and cherish forever.", o.Description)
152152
require.Equal(t, "/emojis/1f48f-1f3ff.png", o.Icon)
153153
})
@@ -159,11 +159,11 @@ func TestPostOrganizationsByUser(t *testing.T) {
159159
ctx := testutil.Context(t, testutil.WaitLong)
160160

161161
o, err := client.CreateOrganization(ctx, codersdk.CreateOrganizationRequest{
162-
Name: "new",
162+
Name: "new-org",
163163
})
164164
require.NoError(t, err)
165-
require.Equal(t, "new", o.Name)
166-
require.Equal(t, "new", o.DisplayName) // should match the given `Name`
165+
require.Equal(t, "new-org", o.Name)
166+
require.Equal(t, "new-org", o.DisplayName) // should match the given `Name`
167167
})
168168
}
169169

@@ -238,16 +238,16 @@ func TestPatchOrganizationsByUser(t *testing.T) {
238238
ctx := testutil.Context(t, testutil.WaitMedium)
239239

240240
o, err := client.CreateOrganization(ctx, codersdk.CreateOrganizationRequest{
241-
Name: "new",
242-
DisplayName: "New",
241+
Name: "new-org",
242+
DisplayName: "New organization",
243243
})
244244
require.NoError(t, err)
245245

246246
o, err = client.UpdateOrganization(ctx, o.ID.String(), codersdk.UpdateOrganizationRequest{
247-
Name: "new-new",
247+
Name: "new-new-org",
248248
})
249249
require.NoError(t, err)
250-
require.Equal(t, "new-new", o.Name)
250+
require.Equal(t, "new-new-org", o.Name)
251251
})
252252

253253
t.Run("UpdateByName", func(t *testing.T) {
@@ -257,17 +257,17 @@ func TestPatchOrganizationsByUser(t *testing.T) {
257257
ctx := testutil.Context(t, testutil.WaitMedium)
258258

259259
o, err := client.CreateOrganization(ctx, codersdk.CreateOrganizationRequest{
260-
Name: "new",
261-
DisplayName: "New",
260+
Name: "new-org",
261+
DisplayName: "New organization",
262262
})
263263
require.NoError(t, err)
264264

265265
o, err = client.UpdateOrganization(ctx, o.Name, codersdk.UpdateOrganizationRequest{
266-
Name: "new-new",
266+
Name: "new-new-org",
267267
})
268268
require.NoError(t, err)
269-
require.Equal(t, "new-new", o.Name)
270-
require.Equal(t, "New", o.DisplayName) // didn't change
269+
require.Equal(t, "new-new-org", o.Name)
270+
require.Equal(t, "New organization", o.DisplayName) // didn't change
271271
})
272272

273273
t.Run("UpdateDisplayName", func(t *testing.T) {
@@ -277,16 +277,16 @@ func TestPatchOrganizationsByUser(t *testing.T) {
277277
ctx := testutil.Context(t, testutil.WaitMedium)
278278

279279
o, err := client.CreateOrganization(ctx, codersdk.CreateOrganizationRequest{
280-
Name: "new",
281-
DisplayName: "New",
280+
Name: "new-org",
281+
DisplayName: "New organization",
282282
})
283283
require.NoError(t, err)
284284

285285
o, err = client.UpdateOrganization(ctx, o.Name, codersdk.UpdateOrganizationRequest{
286286
DisplayName: "The Newest One",
287287
})
288288
require.NoError(t, err)
289-
require.Equal(t, "new", o.Name) // didn't change
289+
require.Equal(t, "new-org", o.Name) // didn't change
290290
require.Equal(t, "The Newest One", o.DisplayName)
291291
})
292292

@@ -297,8 +297,8 @@ func TestPatchOrganizationsByUser(t *testing.T) {
297297
ctx := testutil.Context(t, testutil.WaitMedium)
298298

299299
o, err := client.CreateOrganization(ctx, codersdk.CreateOrganizationRequest{
300-
Name: "new",
301-
DisplayName: "New",
300+
Name: "new-org",
301+
DisplayName: "New organization",
302302
})
303303
require.NoError(t, err)
304304

@@ -307,8 +307,8 @@ func TestPatchOrganizationsByUser(t *testing.T) {
307307
})
308308

309309
require.NoError(t, err)
310-
require.Equal(t, "new", o.Name) // didn't change
311-
require.Equal(t, "New", o.DisplayName) // didn't change
310+
require.Equal(t, "new-org", o.Name) // didn't change
311+
require.Equal(t, "New organization", o.DisplayName) // didn't change
312312
require.Equal(t, "wow, this organization description is so updated!", o.Description)
313313
})
314314

@@ -319,8 +319,8 @@ func TestPatchOrganizationsByUser(t *testing.T) {
319319
ctx := testutil.Context(t, testutil.WaitMedium)
320320

321321
o, err := client.CreateOrganization(ctx, codersdk.CreateOrganizationRequest{
322-
Name: "new",
323-
DisplayName: "New",
322+
Name: "new-org",
323+
DisplayName: "New organization",
324324
})
325325
require.NoError(t, err)
326326

@@ -329,8 +329,8 @@ func TestPatchOrganizationsByUser(t *testing.T) {
329329
})
330330

331331
require.NoError(t, err)
332-
require.Equal(t, "new", o.Name) // didn't change
333-
require.Equal(t, "New", o.DisplayName) // didn't change
332+
require.Equal(t, "new-org", o.Name) // didn't change
333+
require.Equal(t, "New organization", o.DisplayName) // didn't change
334334
require.Equal(t, "/emojis/1f48f-1f3ff.png", o.Icon)
335335
})
336336
}

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy