Skip to content

Commit

Permalink
Do not allow white space at the start or end of a group name
Browse files Browse the repository at this point in the history
  • Loading branch information
phil-davis committed Dec 14, 2021
1 parent fcec0eb commit 2987544
Show file tree
Hide file tree
Showing 11 changed files with 101 additions and 58 deletions.
4 changes: 4 additions & 0 deletions apps/provisioning_api/lib/Groups.php
Original file line number Diff line number Diff line change
Expand Up @@ -136,6 +136,10 @@ public function addGroup($parameters) {
\OCP\Util::writeLog('provisioning_api', 'Group name not supplied', \OCP\Util::ERROR);
return new OC_OCS_Result(null, 101, 'Invalid group name');
}
if (\trim($groupId) !== $groupId) {
\OCP\Util::writeLog('provisioning_api', 'Group name must not start or end with white space', \OCP\Util::ERROR);
return new OC_OCS_Result(null, 101, 'Invalid group name');
}
// Check if it exists
if ($this->groupManager->groupExists($groupId)) {
return new OC_OCS_Result(null, 102);
Expand Down
19 changes: 17 additions & 2 deletions apps/provisioning_api/tests/GroupsTest.php
Original file line number Diff line number Diff line change
Expand Up @@ -333,11 +333,26 @@ public function testGetSubAdminsOfGroupEmptyList() {
$this->assertEquals([], $result->getData());
}

public function testAddGroupEmptyGroup() {
public function dataAddGroupWithInvalidName() {
return [
[''],
[' '],
[' white-space-at-start'],
['white-space-at-end '],
[' white-space-at-both-ends '],
];
}

/**
* @dataProvider dataAddGroupWithInvalidName
*
* @param string $groupName
*/
public function testAddGroupWithInvalidName($groupName) {
$this->request
->method('getParam')
->with('groupid')
->willReturn('');
->willReturn($groupName);

$result = $this->api->addGroup([]);

Expand Down
3 changes: 3 additions & 0 deletions changelog/unreleased/39540
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
Bugfix: Prevent group names starting or ending with white space

https://github.com/owncloud/core/pull/39540
2 changes: 1 addition & 1 deletion lib/private/Group/Manager.php
Original file line number Diff line number Diff line change
Expand Up @@ -210,7 +210,7 @@ public function groupExists($gid) {
* @return \OC\Group\Group
*/
public function createGroup($gid) {
if ($gid === '' || $gid === null) {
if ($gid === '' || $gid === null || \trim($gid) !== $gid) {
return false;
} elseif ($group = $this->get($gid)) {
return $group;
Expand Down
20 changes: 10 additions & 10 deletions tests/acceptance/features/apiProvisioningGroups-v1/addGroup.feature
Original file line number Diff line number Diff line change
Expand Up @@ -154,28 +154,28 @@ Feature: add groups
And the HTTP status code should be "401"
And group "another-new-group" should not exist

@issue-39533 @skipOnOcV10
Scenario: admin creates a group that has white space at the end of the name

Scenario: admin tries to create a group that has white space at the end of the name
When the administrator sends a group creation request for group "white-space-at-end " using the provisioning API
Then the OCS status code should be "100"
Then the OCS status code should be "101"
And the HTTP status code should be "200"
And group "white-space-at-end " should exist
And group "white-space-at-end " should not exist
And group "white-space-at-end" should not exist


Scenario: admin creates a group that has white space at the start of the name
Scenario: admin tries to create a group that has white space at the start of the name
When the administrator sends a group creation request for group " white-space-at-start" using the provisioning API
Then the OCS status code should be "100"
Then the OCS status code should be "101"
And the HTTP status code should be "200"
And group " white-space-at-start" should exist
And group " white-space-at-start" should not exist
But group "white-space-at-start" should not exist


Scenario: admin creates a group that is a single space
Scenario: admin tries to create a group that is a single space
When the administrator sends a group creation request for group " " using the provisioning API
Then the OCS status code should be "100"
Then the OCS status code should be "101"
And the HTTP status code should be "200"
And group " " should exist
And group " " should not exist


Scenario: admin tries to create a group that is the empty string
Expand Down

This file was deleted.

28 changes: 14 additions & 14 deletions tests/acceptance/features/apiProvisioningGroups-v2/addGroup.feature
Original file line number Diff line number Diff line change
Expand Up @@ -150,28 +150,28 @@ Feature: add groups
And the HTTP status code should be "401"
And group "another-new-group" should not exist

@issue-39533 @skipOnOcV10
Scenario: admin creates a group that has white space at the end of the name

Scenario: admin tries to create a group that has white space at the end of the name
When the administrator sends a group creation request for group "white-space-at-end " using the provisioning API
Then the OCS status code should be "200"
And the HTTP status code should be "200"
And group "white-space-at-end " should exist
Then the OCS status code should be "400"
And the HTTP status code should be "400"
And group "white-space-at-end " should not exist
And group "white-space-at-end" should not exist


Scenario: admin creates a group that has white space at the start of the name
Scenario: admin tries to create a group that has white space at the start of the name
When the administrator sends a group creation request for group " white-space-at-start" using the provisioning API
Then the OCS status code should be "200"
And the HTTP status code should be "200"
And group " white-space-at-start" should exist
But group "white-space-at-start" should not exist
Then the OCS status code should be "400"
And the HTTP status code should be "400"
And group " white-space-at-start" should not exist
And group "white-space-at-start" should not exist


Scenario: admin creates a group that is a single space
Scenario: admin tries to create a group that is a single space
When the administrator sends a group creation request for group " " using the provisioning API
Then the OCS status code should be "200"
And the HTTP status code should be "200"
And group " " should exist
Then the OCS status code should be "400"
And the HTTP status code should be "400"
And group " " should not exist


Scenario: admin tries to create a group that is the empty string
Expand Down

This file was deleted.

6 changes: 6 additions & 0 deletions tests/acceptance/features/bootstrap/OccUsersGroupsContext.php
Original file line number Diff line number Diff line change
Expand Up @@ -422,6 +422,12 @@ public function theAdministratorRetrievesTheUserReportUsingTheOccCommand():void
* @throws Exception
*/
public function theAdministratorCreatesGroupUsingTheOccCommand(string $group):void {
if (($group === '') || (\trim($group) !== $group)) {
// The group name is empty or has white space at the start or end.
// Quote the group name so that the white space is really sent to the
// occ command as part of the requested group name.
$group = "'$group'";
}
$this->occContext->invokingTheCommand(
"group:add $group"
);
Expand Down
27 changes: 26 additions & 1 deletion tests/acceptance/features/cliProvisioning/addGroup.feature
Original file line number Diff line number Diff line change
Expand Up @@ -32,4 +32,29 @@ Feature: add group
Given group "brand-new-group" has been created
When the administrator creates group "brand-new-group" using the occ command
Then the command should have failed with exit code 1
And the command output should contain the text 'The group "brand-new-group" already exists'
And the command output should contain the text 'The group "brand-new-group" already exists'

Scenario: admin tries to create a group that has white space at the end of the name
When the administrator creates group "white-space-at-end " using the occ command
Then the command should have failed with exit code 1
And the command output should contain the text 'Group "white-space-at-end " could not be created'
And group "white-space-at-end " should not exist
And group "white-space-at-end" should not exist

Scenario: admin tries to create a group that has white space at the start of the name
When the administrator creates group " white-space-at-start" using the occ command
Then the command should have failed with exit code 1
And the command output should contain the text 'Group " white-space-at-start" could not be created'
And group " white-space-at-start" should not exist
And group "white-space-at-start" should not exist

Scenario: admin tries to create a group that is a single space
When the administrator creates group " " using the occ command
Then the command should have failed with exit code 1
And the command output should contain the text 'Group " " could not be created'
And group " " should not exist

Scenario: admin tries to create a group that is the empty string
When the administrator creates group "" using the occ command
Then the command should have failed with exit code 1
And the command output should contain the text 'Group "" could not be created'
20 changes: 20 additions & 0 deletions tests/lib/Group/ManagerTest.php
Original file line number Diff line number Diff line change
Expand Up @@ -243,6 +243,26 @@ public function testCreate() {
$this->assertEquals('group1', $group->getGID());
}

public function dataCreateGroupWithInvalidName() {
return [
[''],
[' '],
[' white-space-at-start'],
['white-space-at-end '],
[' white-space-at-both-ends '],
];
}

/**
* @dataProvider dataCreateGroupWithInvalidName
*
* @param string $groupName
*/
public function testCreateInvalidGroupName(string $groupName) {
$group = $this->manager->createGroup($groupName);
$this->assertFalse($group);
}

public function testCreateWithDispatcher() {
/**
* @var \PHPUnit\Framework\MockObject\MockObject | \OC\Group\Backend $backend
Expand Down

0 comments on commit 2987544

Please sign in to comment.