From 752790f3c9b4370835e8b03e832df01a4f263a0c Mon Sep 17 00:00:00 2001 From: Adria Navarro Date: Mon, 8 May 2023 12:41:48 +0200 Subject: [PATCH 1/8] Do not allow undefined names on request --- packages/pro | 2 +- .../worker/src/api/routes/global/tests/groups.spec.ts | 8 ++++++++ packages/worker/src/tests/api/groups.ts | 4 ++-- 3 files changed, 11 insertions(+), 3 deletions(-) diff --git a/packages/pro b/packages/pro index 79bc94b17b..151e785f0a 160000 --- a/packages/pro +++ b/packages/pro @@ -1 +1 @@ -Subproject commit 79bc94b17baba885eb20e72f9abba3ac8b9c0eab +Subproject commit 151e785f0ac38054f3930ca4b04e191a31c733f5 diff --git a/packages/worker/src/api/routes/global/tests/groups.spec.ts b/packages/worker/src/api/routes/global/tests/groups.spec.ts index 9e136e58d9..76031ebe60 100644 --- a/packages/worker/src/api/routes/global/tests/groups.spec.ts +++ b/packages/worker/src/api/routes/global/tests/groups.spec.ts @@ -24,6 +24,14 @@ describe("/api/global/groups", () => { expect(events.group.updated).not.toBeCalled() expect(events.group.permissionsEdited).not.toBeCalled() }) + + it("should not allow undefined names", async () => { + const group = { ...structures.groups.UserGroup(), name: undefined } as any + const response = await config.api.groups.saveGroup(group, { expect: 400 }) + expect(JSON.parse(response.text).message).toEqual( + 'Invalid body - "name" is required' + ) + }) }) describe("update", () => { diff --git a/packages/worker/src/tests/api/groups.ts b/packages/worker/src/tests/api/groups.ts index 4522790d32..5524d2a811 100644 --- a/packages/worker/src/tests/api/groups.ts +++ b/packages/worker/src/tests/api/groups.ts @@ -7,13 +7,13 @@ export class GroupsAPI extends TestAPI { super(config) } - saveGroup = (group: UserGroup) => { + saveGroup = (group: UserGroup, { expect } = { expect: 200 }) => { return this.request .post(`/api/global/groups`) .send(group) .set(this.config.defaultHeaders()) .expect("Content-Type", /json/) - .expect(200) + .expect(expect) } deleteGroup = (id: string, rev: string) => { From 1b44f8b18bdb5925a02b6e5149d86a7a99ab2b95 Mon Sep 17 00:00:00 2001 From: Adria Navarro Date: Mon, 8 May 2023 12:42:51 +0200 Subject: [PATCH 2/8] Do not allow empty names on request --- packages/pro | 2 +- .../src/api/routes/global/tests/groups.spec.ts | 16 ++++++++++++++++ 2 files changed, 17 insertions(+), 1 deletion(-) diff --git a/packages/pro b/packages/pro index 151e785f0a..124280d24f 160000 --- a/packages/pro +++ b/packages/pro @@ -1 +1 @@ -Subproject commit 151e785f0ac38054f3930ca4b04e191a31c733f5 +Subproject commit 124280d24ff60446c166a005e3cc09c986565bb3 diff --git a/packages/worker/src/api/routes/global/tests/groups.spec.ts b/packages/worker/src/api/routes/global/tests/groups.spec.ts index 76031ebe60..ddc5a11ea6 100644 --- a/packages/worker/src/api/routes/global/tests/groups.spec.ts +++ b/packages/worker/src/api/routes/global/tests/groups.spec.ts @@ -32,6 +32,22 @@ describe("/api/global/groups", () => { 'Invalid body - "name" is required' ) }) + + it("should not allow empty names", async () => { + const group = { ...structures.groups.UserGroup(), name: "" } + const response = await config.api.groups.saveGroup(group, { expect: 400 }) + expect(JSON.parse(response.text).message).toEqual( + 'Invalid body - "name" is not allowed to be empty' + ) + }) + + it("should not allow whitespace names", async () => { + const group = { ...structures.groups.UserGroup(), name: " " } + const response = await config.api.groups.saveGroup(group, { expect: 400 }) + expect(JSON.parse(response.text).message).toEqual( + 'Invalid body - "name" is not allowed to be empty' + ) + }) }) describe("update", () => { From cd47bc20a22ac3a32bcf59a91a13846c9ce0357e Mon Sep 17 00:00:00 2001 From: Adria Navarro Date: Mon, 8 May 2023 12:45:30 +0200 Subject: [PATCH 3/8] Test name trimming --- .../worker/src/api/routes/global/tests/groups.spec.ts | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/packages/worker/src/api/routes/global/tests/groups.spec.ts b/packages/worker/src/api/routes/global/tests/groups.spec.ts index ddc5a11ea6..2dbf6edf30 100644 --- a/packages/worker/src/api/routes/global/tests/groups.spec.ts +++ b/packages/worker/src/api/routes/global/tests/groups.spec.ts @@ -13,6 +13,7 @@ describe("/api/global/groups", () => { }) beforeEach(async () => { + jest.resetAllMocks() mocks.licenses.useGroups() }) @@ -48,6 +49,14 @@ describe("/api/global/groups", () => { 'Invalid body - "name" is not allowed to be empty' ) }) + + it("should trim names", async () => { + const group = { ...structures.groups.UserGroup(), name: " group name " } + await config.api.groups.saveGroup(group) + expect(events.group.created).toBeCalledWith( + expect.objectContaining({ name: "group name" }) + ) + }) }) describe("update", () => { From 3a9c90ac6bbb5655f198fa1a1d70eae49287371d Mon Sep 17 00:00:00 2001 From: Adria Navarro Date: Mon, 8 May 2023 13:07:54 +0200 Subject: [PATCH 4/8] Show error pre-submit --- .../groups/_components/CreateEditGroupModal.svelte | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/packages/builder/src/pages/builder/portal/users/groups/_components/CreateEditGroupModal.svelte b/packages/builder/src/pages/builder/portal/users/groups/_components/CreateEditGroupModal.svelte index d8f3a81e28..af1b009dee 100644 --- a/packages/builder/src/pages/builder/portal/users/groups/_components/CreateEditGroupModal.svelte +++ b/packages/builder/src/pages/builder/portal/users/groups/_components/CreateEditGroupModal.svelte @@ -9,15 +9,23 @@ export let group export let saveGroup + + let nameError saveGroup(group)} + onConfirm={() => { + if (!group.name?.trim()) { + nameError = "Group name cannot be empty" + return false + } + saveGroup(group) + }} size="M" title={group?._rev ? "Edit group" : "Create group"} confirmText="Save" > - +