Thanks to visit codestin.com
Credit goes to github.com

Skip to content

feat: Add template display name (backend) #4966

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 30 commits into from
Nov 10, 2022
Merged

feat: Add template display name (backend) #4966

Changes from 1 commit
Commits
Show all changes
30 commits
Select commit Hold shift + click to select a range
03d8456
Rename to nameValidator
mtojek Nov 8, 2022
e3a1b7d
Merge branch 'main' into 3321-template-space-b
mtojek Nov 9, 2022
9c7cae6
Refactor: NameValid
mtojek Nov 9, 2022
5fac8e9
Fix: comment
mtojek Nov 9, 2022
61074d9
Define new migration
mtojek Nov 9, 2022
dbd96c0
Include display_name
mtojek Nov 9, 2022
bf26ba9
Update typesGenerated.ts
mtojek Nov 9, 2022
9a7d35f
Update meta
mtojek Nov 9, 2022
4aaff3e
Adjust tests
mtojek Nov 9, 2022
c3532a1
CLI tests
mtojek Nov 9, 2022
fa778d3
Fix: audit
mtojek Nov 9, 2022
64c6fe2
Fix: omitempty
mtojek Nov 9, 2022
b2c122b
site: display_name is optional
mtojek Nov 9, 2022
75c79d3
unit: TestUsernameValid
mtojek Nov 9, 2022
cfa4ca7
entities.ts: add display_name
mtojek Nov 9, 2022
9eb443e
site: TemplateSettingsPage.test.tsx
mtojek Nov 9, 2022
20018f8
Fix: TemplateSettingsForm.tsx
mtojek Nov 9, 2022
53c463d
Adjust tests
mtojek Nov 9, 2022
a24eac4
Add comment to display_name column
mtojek Nov 9, 2022
ed56c3b
Merge branch 'main' into 3321-template-space-b
mtojek Nov 9, 2022
7490d45
Fix: rename
mtojek Nov 9, 2022
88c6ddc
Fix: make
mtojek Nov 9, 2022
01dae76
Merge branch 'main' into 3321-template-space-b
mtojek Nov 10, 2022
361a428
Loosen regexp
mtojek Nov 10, 2022
d935a41
Fix: err check
mtojek Nov 10, 2022
a837fae
Fix: template name length
mtojek Nov 10, 2022
d32247d
Merge branch 'main' into 3321-template-space-b
mtojek Nov 10, 2022
2da0147
Allow for whitespaces
mtojek Nov 10, 2022
2301f5c
Merge branch 'main' into 3321-template-space-b
mtojek Nov 10, 2022
a3652b2
Update migration number
mtojek Nov 10, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
unit: TestUsernameValid
  • Loading branch information
@mtojek
mtojek committed Nov 9, 2022
commit 75c79d3e2d910e460b6b25daf33a029d80719e86
59 changes: 58 additions & 1 deletion coderd/httpapi/name_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ import (
"github.com/coder/coder/coderd/httpapi"
)

func TestValid(t *testing.T) {
func TestUsernameValid(t *testing.T) {
t.Parallel()
// Tests whether usernames are valid or not.
testCases := []struct {
Expand Down Expand Up @@ -65,6 +65,63 @@ func TestValid(t *testing.T) {
}
}

func TestTemplateDisplayNameValid(t *testing.T) {
t.Parallel()
// Tests whether display names are valid.
testCases := []struct {
Username string
Valid bool
}{
{"", true},
{"1", true},
{"12", true},
{"1 2", true},
{"1234 678901234567890", true},
{"1234567890123 5678901", true},
{"S", true},
{"a1", true},
{"a1K2", true},
{"a1b2c3 4e5f6g7h8i9j0", true},
{"a1b2c3d4e5f6g h8i9j0k", true},
{"aa", true},
{"aNc", true},
{"abcdefghijklmnopqrst", true},
{"abcdefghijklmnopqrstu", true},
{"Wow Test", true},

{" ", false},
{" a", false},
{" a ", false},
{" 1", false},
{"1 ", false},
{" aa", false},
{"aa ", false},
{" 12", false},
{"12 ", false},
{" a1", false},
{"a1 ", false},
{"-abcdefghijKLmnopqrstu", false},
{"abcdefghijklmnopqrstu-", false},
{"-123456789012345678901", false},
{"-a1b2c3d4e5f6g7h8i9j0k", false},
{"a1b2c3d4e5f6g7h8i9j0k-", false},
{"BANANAS_wow", false},
{"test--now", false},
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why are these not valid for a human readable name? I mean, they're not pretty but a user wants what a user wants.. 😂

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh that's basically because of character set _-. I think that you're right, let's extend the regexp.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I replaced the regexp with a more free form: ^[a-zA-Z0-9](.*[^ ])?$. We can translate it to:

  • must start with a-z, A-Z, 0-9
  • can't end with a space
  • everything in the middle is allowed.

Although, I'm not sure if it's safe enough...

Copy link
Member

@mafredri mafredri Nov 10, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think we need to sanitize the input here, tbh. For instance, what if someone wants for the display name to be a bunch of emojis? Sanitation shouldn't really be a problem in the frontend unless someone is doing something weird with React.

Or what say you @coder/frontend? Is it bad if we don't limit display names to "safe" characters?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For instance, what if someone wants for the display name to be a bunch of emojis?

That is correct, but should preserve the basic sanitation level. For instance: <space><space> or M<space><space><space> doesn't make any logical sense.

unless someone is doing something weird with React.

.. or customers are writing unsafe characters to logs (e.g. audit or access logs). Using emojis and allowing for a wide set of characters may increase the "shellshock" attack risk. This may not be applicable in our case, but still a security concern.

I guess that we perform proper sanitization, so it won't be easy to inject the XSS snippet.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What do you think about just blocking whitespace at the beginning and ends? I think people will want to use emojis in names (we probably will too).

Copy link
Member Author

@mtojek mtojek Nov 10, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's an option to introduce this pattern, but then we need to verify if it doesn't introduce any extra risk, something like "shellshock" against audit logs. I believe that we can track this effort in a separate issue.

EDIT:

It looks like the majority prefers a more permissive pattern, so I adjusted the validation.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some thoughts from the FE:

  • To my knowledge, we don't sanitize other fields. It would be nice to have some consistency however we decide to move forward. Some documentation would be nice, too.
  • React escapes any values embedded in JSX before rendering them, unless you use dangerouslySetInnerHTML.
  • Current approach looks fine to me.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you, Kira!


{"123456789012345678901234567890123", false},
{"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", false},
{"123456789012345678901234567890123123456789012345678901234567890123", false},
}
for _, testCase := range testCases {
testCase := testCase
t.Run(testCase.Username, func(t *testing.T) {
t.Parallel()
valid := httpapi.TemplateDisplayNameValid(testCase.Username)
require.Equal(t, testCase.Valid, valid == nil)
})
}
}

func TestFrom(t *testing.T) {
t.Parallel()
testCases := []struct {
Expand Down