Skip to content

Commit e987ad1

Browse files
aslilacaslilac
authored
fix: don't allow "new" or "create" as url-friendly names (#13596)
1 parent 3a1fa04 commit e987ad1

File tree

12 files changed

+117
-108
lines changed

12 files changed

+117
-108
lines changed

coderd/apidoc/docs.go

+3-2
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

coderd/apidoc/swagger.json

+2-8
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

coderd/httpapi/httpapi.go

+2-2
Original file line numberDiff line numberDiff line change
@@ -46,7 +46,7 @@ func init() {
4646
valid := NameValid(str)
4747
return valid == nil
4848
}
49-
for _, tag := range []string{"username", "organization_name", "template_name", "workspace_name", "oauth2_app_name"} {
49+
for _, tag := range []string{"username", "organization_name", "template_name", "group_name", "workspace_name", "oauth2_app_name"} {
5050
err := Validate.RegisterValidation(tag, nameValidator)
5151
if err != nil {
5252
panic(err)
@@ -62,7 +62,7 @@ func init() {
6262
valid := DisplayNameValid(str)
6363
return valid == nil
6464
}
65-
for _, displayNameTag := range []string{"organization_display_name", "template_display_name"} {
65+
for _, displayNameTag := range []string{"organization_display_name", "template_display_name", "group_display_name"} {
6666
err := Validate.RegisterValidation(displayNameTag, displayNameValidator)
6767
if err != nil {
6868
panic(err)

coderd/httpapi/name.go

+4
Original file line numberDiff line numberDiff line change
@@ -46,6 +46,10 @@ func NameValid(str string) error {
4646
if len(str) < 1 {
4747
return xerrors.New("must be >= 1 character")
4848
}
49+
// Avoid conflicts with routes like /templates/new and /groups/create.
50+
if str == "new" || str == "create" {
51+
return xerrors.Errorf("cannot use %q as a name", str)
52+
}
4953
matched := UsernameValidRegex.MatchString(str)
5054
if !matched {
5155
return xerrors.New("must be alphanumeric with hyphens")

coderd/organizations_test.go

+27-27
Original file line numberDiff line numberDiff line change
@@ -140,14 +140,14 @@ func TestPostOrganizationsByUser(t *testing.T) {
140140
ctx := testutil.Context(t, testutil.WaitLong)
141141

142142
o, err := client.CreateOrganization(ctx, codersdk.CreateOrganizationRequest{
143-
Name: "new",
144-
DisplayName: "New",
143+
Name: "new-org",
144+
DisplayName: "New organization",
145145
Description: "A new organization to love and cherish forever.",
146146
Icon: "/emojis/1f48f-1f3ff.png",
147147
})
148148
require.NoError(t, err)
149-
require.Equal(t, "new", o.Name)
150-
require.Equal(t, "New", o.DisplayName)
149+
require.Equal(t, "new-org", o.Name)
150+
require.Equal(t, "New organization", o.DisplayName)
151151
require.Equal(t, "A new organization to love and cherish forever.", o.Description)
152152
require.Equal(t, "/emojis/1f48f-1f3ff.png", o.Icon)
153153
})
@@ -159,11 +159,11 @@ func TestPostOrganizationsByUser(t *testing.T) {
159159
ctx := testutil.Context(t, testutil.WaitLong)
160160

161161
o, err := client.CreateOrganization(ctx, codersdk.CreateOrganizationRequest{
162-
Name: "new",
162+
Name: "new-org",
163163
})
164164
require.NoError(t, err)
165-
require.Equal(t, "new", o.Name)
166-
require.Equal(t, "new", o.DisplayName) // should match the given `Name`
165+
require.Equal(t, "new-org", o.Name)
166+
require.Equal(t, "new-org", o.DisplayName) // should match the given `Name`
167167
})
168168
}
169169

@@ -238,16 +238,16 @@ func TestPatchOrganizationsByUser(t *testing.T) {
238238
ctx := testutil.Context(t, testutil.WaitMedium)
239239

240240
o, err := client.CreateOrganization(ctx, codersdk.CreateOrganizationRequest{
241-
Name: "new",
242-
DisplayName: "New",
241+
Name: "new-org",
242+
DisplayName: "New organization",
243243
})
244244
require.NoError(t, err)
245245

246246
o, err = client.UpdateOrganization(ctx, o.ID.String(), codersdk.UpdateOrganizationRequest{
247-
Name: "new-new",
247+
Name: "new-new-org",
248248
})
249249
require.NoError(t, err)
250-
require.Equal(t, "new-new", o.Name)
250+
require.Equal(t, "new-new-org", o.Name)
251251
})
252252

253253
t.Run("UpdateByName", func(t *testing.T) {
@@ -257,17 +257,17 @@ func TestPatchOrganizationsByUser(t *testing.T) {
257257
ctx := testutil.Context(t, testutil.WaitMedium)
258258

259259
o, err := client.CreateOrganization(ctx, codersdk.CreateOrganizationRequest{
260-
Name: "new",
261-
DisplayName: "New",
260+
Name: "new-org",
261+
DisplayName: "New organization",
262262
})
263263
require.NoError(t, err)
264264

265265
o, err = client.UpdateOrganization(ctx, o.Name, codersdk.UpdateOrganizationRequest{
266-
Name: "new-new",
266+
Name: "new-new-org",
267267
})
268268
require.NoError(t, err)
269-
require.Equal(t, "new-new", o.Name)
270-
require.Equal(t, "New", o.DisplayName) // didn't change
269+
require.Equal(t, "new-new-org", o.Name)
270+
require.Equal(t, "New organization", o.DisplayName) // didn't change
271271
})
272272

273273
t.Run("UpdateDisplayName", func(t *testing.T) {
@@ -277,16 +277,16 @@ func TestPatchOrganizationsByUser(t *testing.T) {
277277
ctx := testutil.Context(t, testutil.WaitMedium)
278278

279279
o, err := client.CreateOrganization(ctx, codersdk.CreateOrganizationRequest{
280-
Name: "new",
281-
DisplayName: "New",
280+
Name: "new-org",
281+
DisplayName: "New organization",
282282
})
283283
require.NoError(t, err)
284284

285285
o, err = client.UpdateOrganization(ctx, o.Name, codersdk.UpdateOrganizationRequest{
286286
DisplayName: "The Newest One",
287287
})
288288
require.NoError(t, err)
289-
require.Equal(t, "new", o.Name) // didn't change
289+
require.Equal(t, "new-org", o.Name) // didn't change
290290
require.Equal(t, "The Newest One", o.DisplayName)
291291
})
292292

@@ -297,8 +297,8 @@ func TestPatchOrganizationsByUser(t *testing.T) {
297297
ctx := testutil.Context(t, testutil.WaitMedium)
298298

299299
o, err := client.CreateOrganization(ctx, codersdk.CreateOrganizationRequest{
300-
Name: "new",
301-
DisplayName: "New",
300+
Name: "new-org",
301+
DisplayName: "New organization",
302302
})
303303
require.NoError(t, err)
304304

@@ -307,8 +307,8 @@ func TestPatchOrganizationsByUser(t *testing.T) {
307307
})
308308

309309
require.NoError(t, err)
310-
require.Equal(t, "new", o.Name) // didn't change
311-
require.Equal(t, "New", o.DisplayName) // didn't change
310+
require.Equal(t, "new-org", o.Name) // didn't change
311+
require.Equal(t, "New organization", o.DisplayName) // didn't change
312312
require.Equal(t, "wow, this organization description is so updated!", o.Description)
313313
})
314314

@@ -319,8 +319,8 @@ func TestPatchOrganizationsByUser(t *testing.T) {
319319
ctx := testutil.Context(t, testutil.WaitMedium)
320320

321321
o, err := client.CreateOrganization(ctx, codersdk.CreateOrganizationRequest{
322-
Name: "new",
323-
DisplayName: "New",
322+
Name: "new-org",
323+
DisplayName: "New organization",
324324
})
325325
require.NoError(t, err)
326326

@@ -329,8 +329,8 @@ func TestPatchOrganizationsByUser(t *testing.T) {
329329
})
330330

331331
require.NoError(t, err)
332-
require.Equal(t, "new", o.Name) // didn't change
333-
require.Equal(t, "New", o.DisplayName) // didn't change
332+
require.Equal(t, "new-org", o.Name) // didn't change
333+
require.Equal(t, "New organization", o.DisplayName) // didn't change
334334
require.Equal(t, "/emojis/1f48f-1f3ff.png", o.Icon)
335335
})
336336
}

0 commit comments

Comments
 (0)