diff --git a/CHANGELOG.md b/CHANGELOG.md index eea9a1011..d2a4547f5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,7 +5,7 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). -## Unreleased +## [9.2.3] - 2024-10-09 - Adds validation to firstFactors and requiredSecondaryFactors names while creating tenants/apps/etc. to not allow special chars. diff --git a/src/main/java/io/supertokens/webserver/api/multitenancy/BaseCreateOrUpdate.java b/src/main/java/io/supertokens/webserver/api/multitenancy/BaseCreateOrUpdate.java index 52d96136d..1ae57140d 100644 --- a/src/main/java/io/supertokens/webserver/api/multitenancy/BaseCreateOrUpdate.java +++ b/src/main/java/io/supertokens/webserver/api/multitenancy/BaseCreateOrUpdate.java @@ -941,16 +941,16 @@ private static TenantConfig applyTenantUpdates_5_0(TenantConfig tenantConfig, Js private static void validateFactorsName(TenantConfig tenantConfig) throws ServletException{ if(!areFactorNamesValid(tenantConfig.firstFactors)){ - throw new ServletException(new BadRequestException("firstFactors should contain only 0-9,a-z,A-Z,_,- characters")); + throw new ServletException(new BadRequestException("firstFactors should contain only 0-9,a-z,A-Z,_,.,- characters")); } if(!areFactorNamesValid(tenantConfig.requiredSecondaryFactors)){ - throw new ServletException(new BadRequestException("requiredSecondaryFactors should contain only 0-9,a-z,A-Z,_,- characters")); + throw new ServletException(new BadRequestException("requiredSecondaryFactors should contain only 0-9,a-z,A-Z,_,.,- characters")); } } private static boolean areFactorNamesValid(String[] factors) { if(factors != null && factors.length > 0) { - String allowedPattern = "^[0-9a-zA-Z_-]+$"; + String allowedPattern = "^[0-9a-zA-Z_(\\.)-]+$"; for(String factor: factors){ if(factor != null && !factor.matches(allowedPattern)){ return false;