Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add supplemental regex setting to validate username #592

Merged
merged 9 commits into from
Oct 25, 2023

Conversation

mishaschwartz
Copy link
Collaborator

@mishaschwartz mishaschwartz commented Oct 18, 2023

Create an additional settings/environment variable MAGPIE_SUPPLEMENTAL_USERNAME_REGEX that acts as an additional check for whether a username is valid. This creates a further restriction on this value which is useful when there are additional limits on the username that should be enforced by Magpie.

Resolves #497

@mishaschwartz
Copy link
Collaborator Author

@fmigneault I'd like to add some tests to this as well.

I was unable to find the current tests that check the user creation routes. I'm probably just looking in the wrong place. Any help would be greatly appreciated.

magpie/api/management/user/user_utils.py Outdated Show resolved Hide resolved
config/magpie.ini Outdated Show resolved Hide resolved

(Default: ``None``)

.. versionadded:: 3.36.1
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

3.37 instead

if supplemental_regex:
ax.verify_param(user_name, matches=True, param_name="user_name", param_compare=supplemental_regex,
http_error=HTTPBadRequest,
msg_on_fail=s.Users_CheckInfo_UserNameValue_BadRequestResponseSchema.description)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this msg_on_fail error message displayed also to the web UI or only in the logs?

Can I have a sample content of this msg_on_fail error message? Is is understandable by someone not well versed with Magpie, like a new node admin.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Right, it does not say "why" and there is no way to add supplemental info that the reason is the new regex. I hope the node admin will be able to guess it.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

and there is no way to add supplemental info that the reason is the new regex

I can make or respond with a different message. How about: "Invalid 'user_name' specified. Does not match the supplemental user name regex."

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sure that would be better if it does not take to much of your time. Creating a new sub-class with a new hardcoded message?

Copy link
Collaborator

@fmigneault fmigneault Oct 19, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

msg_on_fail is only the generic message value in the API body.
For the "why", that would be reported in the API response body. It provides the param_name, param_compare, the input value and so on with more details about the specific check that failed.

On the UI, it would simply be a red message next to the input text field because the contents are limited in the code. That could be improved.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The message in the UI I mentioned is here:

%if invalid_user_name:
${reason_user_name}
%endif

It uses the property obtained from this:
@view_config(route_name="add_user", renderer="templates/add_user.mako")
def add_user(self):

Which default to this:

Magpie/magpie/ui/utils.py

Lines 304 to 308 in 92ff2d2

# plain message 'Invalid' used as default in case pre-checks did not find anything, but API returned 400
"reason_user_name": "Invalid",
"reason_group_name": "Invalid",
"reason_user_email": "Invalid",
"reason_password": "Invalid",

That value could be overridden with more explicit details according to the contents parsed from the API response obtained here before returning the UI response:

return_data = self.create_user(return_data)
if return_data["is_error"]:
return self.add_template_data(return_data)

Copy link
Collaborator Author

@mishaschwartz mishaschwartz Oct 19, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@fmigneault @tlvu with the current update to msg_on_fail the UI looks like this:

image

Is this sufficient or are there other changes you would suggest?

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Still need rename of the variable/setting to MAGPIE_USER_NAME_EXTRA_REGEX.
This is to align with other variable names, such as MAGPIE_USER_NAME_MAX_LENGTH, for similar checks.

@fmigneault
Copy link
Collaborator

@mishaschwartz

I was unable to find the current tests that check the user creation routes. I'm probably just looking in the wrong place. Any help would be greatly appreciated.

Should be in https://github.com/Ouranosinc/Magpie/blob/master/tests/interfaces.py.
Classes in there are reused by https://github.com/Ouranosinc/Magpie/blob/master/tests/test_magpie_api.py and https://github.com/Ouranosinc/Magpie/blob/master/tests/test_magpie_ui.py for various local/remote admin/public testing combinations.

tests/interfaces.py Show resolved Hide resolved
tests/interfaces.py Show resolved Hide resolved
tlvu
tlvu previously approved these changes Oct 20, 2023
Copy link
Contributor

@tlvu tlvu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks to both of you. This would relieve new users from a long time annoyance.

Copy link
Collaborator

@fmigneault fmigneault left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just a few editorial fixes to apply. Code feature looks good.

CHANGES.rst Outdated Show resolved Hide resolved
docs/configuration.rst Outdated Show resolved Hide resolved
magpie/api/management/user/user_utils.py Outdated Show resolved Hide resolved
fmigneault
fmigneault previously approved these changes Oct 24, 2023
docs/configuration.rst Outdated Show resolved Hide resolved
@fmigneault fmigneault added the feature New feature to be developed label Oct 24, 2023
@codecov
Copy link

codecov bot commented Oct 24, 2023

Codecov Report

All modified and coverable lines are covered by tests ✅

Comparison is base (36208d8) 80.84% compared to head (436c7f9) 80.92%.
Report is 1 commits behind head on master.

Additional details and impacted files
@@            Coverage Diff             @@
##           master     #592      +/-   ##
==========================================
+ Coverage   80.84%   80.92%   +0.07%     
==========================================
  Files          73       73              
  Lines       10188    10194       +6     
  Branches     1823     1824       +1     
==========================================
+ Hits         8236     8249      +13     
+ Misses       1630     1622       -8     
- Partials      322      323       +1     
Files Coverage Δ
magpie/api/management/user/user_utils.py 97.23% <100.00%> (+0.02%) ⬆️
magpie/api/schemas.py 99.69% <100.00%> (+<0.01%) ⬆️

... and 3 files with indirect coverage changes

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@fmigneault fmigneault merged commit 4356c01 into Ouranosinc:master Oct 25, 2023
16 of 17 checks passed
@fmigneault
Copy link
Collaborator

@mishaschwartz Thanks for the PR and tests! https://github.com/Ouranosinc/Magpie/tree/3.37.0 pushed 🚀

@mishaschwartz mishaschwartz deleted the extra-username-regex branch October 25, 2023 12:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
feature New feature to be developed
Projects
None yet
Development

Successfully merging this pull request may close these issues.

[Feature] How to specify whitelist of allowed character in username
3 participants