Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Resolves issue #609, Added validators and sanitizers for role creation and update #1033

Merged
merged 3 commits into from
Feb 20, 2023
Merged

Resolves issue #609, Added validators and sanitizers for role creation and update #1033

merged 3 commits into from
Feb 20, 2023
+214 −16

Conversation

brettp
Copy link
Collaborator

@brettp brettp commented Feb 17, 2023
edited by jdaigneau5
Loading

Closes Issue #609

Summary

Added additional data validation and sanitization for role fields in POST and PUT requests

Important Changes

src/middleware/middleware.js

  • Added validator isFlatStringArray() and sanitizer toUpperCaseArray()

src/controller/org.controller/index.js

  • Refactored controllers to use new validator and sanitizer
  • Code cleanup

Testing

Steps to manually test updated functionality, if possible:

POST /org/:shortname/user - Confirm each of the follow values for the active_roles field fails with a 400 status, valid JSON response, and error Parameter must be a one-dimensional array of strings

  • [[ "ADMIN" ]]
  • { "a": "ADMIN" }
  • [{ "a": "ADMIN" }]

PUT /org/:shortname/user - Confirm the following query strings fail with the same error as above:

  • active_roles.add[][a]=CNA
  • active_roles.add[][CNA]

POST /org - Repeat the same process as the POST create user endpoint

PUT /org/:shortname - Repeat the same process as the PUT update user endpoint

Notes

  • HTTP tests are included.

Sorry, something went wrong.

@brettp brettp linked an issue Feb 17, 2023 that may be closed by this pull request
type confusion for createUser authority.active_roles #609
Closed
@brettp brettp requested a review from jdaigneau5 February 17, 2023 20:49
@jdaigneau5
Merge branch 'dev' into bep-609-role-data-type-validation

Verified

This commit was signed with the committer’s verified signature.
b1ek blek!
GPG key ID: 14546221E3595D0C
Verified
Learn about vigilant mode
ecadf18
@jdaigneau5 jdaigneau5 merged commit 26095c9 into dev Feb 20, 2023
@ekmixon ekmixon mentioned this pull request Dec 1, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jdaigneau5 jdaigneau5

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

type confusion for createUser authority.active_roles
2 participants
@brettp @jdaigneau5