public inbox for pmg-devel@lists.proxmox.com
 help / color / mirror / Atom feed
From: Stoiko Ivanov <s.ivanov@proxmox.com>
To: Gabriel Goller <g.goller@proxmox.com>
Cc: pmg-devel@lists.proxmox.com
Subject: Re: [pmg-devel] [PATCH] utils: cleanup username/userid regex and verify
Date: Wed, 14 Feb 2024 12:55:37 +0100	[thread overview]
Message-ID: <20240214125537.5af34979@rosa.proxmox.com> (raw)
In-Reply-To: <20240214091503.16979-1-g.goller@proxmox.com>

Thanks for addressing this so promptly

a few notes inline:
On Wed, 14 Feb 2024 10:15:01 +0100
Gabriel Goller <g.goller@proxmox.com> wrote:

> Cleaned up the verify_username function and userid regex after the
> recent changes to minLength have been applied [0].
> 
> [0]: https://lists.proxmox.com/pipermail/pmg-devel/2023-September/002521.html
> 
> Signed-off-by: Gabriel Goller <g.goller@proxmox.com>
> ---
>  src/PMG/Utils.pm | 7 +++----
>  1 file changed, 3 insertions(+), 4 deletions(-)
> 
> diff --git a/src/PMG/Utils.pm b/src/PMG/Utils.pm
> index 12b3ed5..8f7d438 100644
> --- a/src/PMG/Utils.pm
> +++ b/src/PMG/Utils.pm
> @@ -72,13 +72,12 @@ PVE::JSONSchema::register_standard_option('pmg-endtime', {
>      optional => 1,
>  });
>  
> -PVE::JSONSchema::register_format('pmg-userid', \&verify_username);
why deregister the format here? (verify_username does a bit more than a
regex match - and reusing the same verification we use in the auth-code
also in the parts where the API comes in helps in not getting even more
matches-almost-the-same-regexes matching auth-data) - Currently I'd rather
aim to reduce those and if possible unify PMG::UserConfig::verify_entry
with verify_username here as far as possible - see also:
https://lists.proxmox.com/pipermail/pmg-devel/2023-March/002381.html
and Fabian's follow-up to it.


>  sub verify_username {
>      my ($username, $noerr) = @_;
>  
>      $username = '' if !$username;
>      my $len = length($username);
> -    if ($len < 3) {
> +    if ($len < 1) {
this "username" here is actually the one with the realm...
e.g. root@pam vs. root - so limiting the length to 1 is too little
restrictive - probably at least renaming the variable name to user_id
might help in reducing confusion..


>  	die "user name '$username' is too short\n" if !$noerr;
>  	return undef;
>      }
> @@ -102,8 +101,8 @@ sub verify_username {
>  
>  PVE::JSONSchema::register_standard_option('userid', {
>      description => "User ID",
> -    type => 'string', format => 'pmg-userid',
> -    minLength => 4,
> +    type => 'string',
> +    pattern => '[^\s:\/]{1,60}',
the pattern you add here.. 
>      maxLength => 64,
effectively sets the maxLength to 60 here (you get a different
error-message if you're over 64, but still cannot enter anything over 60..)

some thorough testing (especially with corner-cases) would be appreciated
(not only for your direct patch) 

>  });
>  





  reply	other threads:[~2024-02-14 11:56 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-02-14  9:15 Gabriel Goller
2024-02-14 11:55 ` Stoiko Ivanov [this message]
2024-02-14 13:54   ` Gabriel Goller

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20240214125537.5af34979@rosa.proxmox.com \
    --to=s.ivanov@proxmox.com \
    --cc=g.goller@proxmox.com \
    --cc=pmg-devel@lists.proxmox.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal