Skip to content

Commit

Permalink
fix: validating firstFactors not to contain special chars
Browse files Browse the repository at this point in the history
  • Loading branch information
tamassoltesz committed Sep 27, 2024
1 parent d91003c commit 280fa7a
Show file tree
Hide file tree
Showing 3 changed files with 15 additions and 1 deletion.
2 changes: 2 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,8 @@ to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).

## Unreleased

- Adds validation to firstFactors name while creating tenants/apps/etc. to not allow special chars.

## [9.2.2] - 2024-09-04

- Adds index on `last_active_time` for `user_last_active` table to improve the performance of MAU computation.
Expand Down
2 changes: 1 addition & 1 deletion build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ compileTestJava { options.encoding = "UTF-8" }
// }
//}

version = "9.2.2"
version = "9.2.3"


repositories {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -102,6 +102,7 @@ protected void handle(HttpServletRequest req, HttpServletResponse resp, TenantId

// Apply updates based on CDI version
tenantConfig = applyTenantUpdates(tenantConfig, getVersionFromRequest(req), isV2, input);
validateFirstFactorsName(tenantConfig);

// Write tenant config to db
createOrUpdate(req, sourceTenantIdentifier, tenantConfig);
Expand Down Expand Up @@ -938,6 +939,17 @@ private static TenantConfig applyTenantUpdates_5_0(TenantConfig tenantConfig, Js
return tenantConfig;
}

private static void validateFirstFactorsName(TenantConfig tenantConfig) throws ServletException {
if(tenantConfig.firstFactors != null && tenantConfig.firstFactors.length > 0) {
String allowedPattern = "^[0-9a-z-]+$";
for(String firstFactor: tenantConfig.firstFactors){
if(firstFactor != null && !firstFactor.matches(allowedPattern)){
throw new ServletException(new BadRequestException("firstFactors should not contain only 0-9,a-z,- characters"));
}
}
}
}

private static TenantConfig applyV2TenantUpdates_5_1(TenantConfig tenantConfig, JsonObject input)
throws ServletException {
if (input.has("emailPasswordEnabled")) {
Expand Down

0 comments on commit 280fa7a

Please sign in to comment.