Roles: Added max validation for role external auth id field

For #5037

diff --git a/app/Users/Controllers/RoleApiController.php b/app/Users/Controllers/RoleApiController.php
index 5f4f2999b79decf2d8825508dabaf4429618a019..2e96602faae181c7d9b95ac4c5ecdb70fb3686ce 100644 (file)
--- a/app/Users/Controllers/RoleApiController.php
+++ b/app/Users/Controllers/RoleApiController.php
@@ -21,7 +21,7 @@ class RoleApiController extends ApiController
             'display_name'  => ['required', 'string', 'min:3', 'max:180'],
             'description'   => ['string', 'max:180'],
             'mfa_enforced'  => ['boolean'],
-            'external_auth_id' => ['string'],
+            'external_auth_id' => ['string', 'max:180'],
             'permissions'   => ['array'],
             'permissions.*' => ['string'],
         ],
@@ -29,7 +29,7 @@ class RoleApiController extends ApiController
             'display_name'  => ['string', 'min:3', 'max:180'],
             'description'   => ['string', 'max:180'],
             'mfa_enforced'  => ['boolean'],
-            'external_auth_id' => ['string'],
+            'external_auth_id' => ['string', 'max:180'],
             'permissions'   => ['array'],
             'permissions.*' => ['string'],
         ]

diff --git a/app/Users/Controllers/RoleController.php b/app/Users/Controllers/RoleController.php
index a874ce4d60fc6e207579148be1fdd1104ca605c0..0a7fdcc9ba87b28903b9328290c2002194ad9847 100644 (file)
--- a/app/Users/Controllers/RoleController.php
+++ b/app/Users/Controllers/RoleController.php
@@ -75,7 +75,7 @@ class RoleController extends Controller
         $data = $this->validate($request, [
             'display_name' => ['required', 'min:3', 'max:180'],
             'description'  => ['max:180'],
-            'external_auth_id' => ['string'],
+            'external_auth_id' => ['string', 'max:180'],
             'permissions'  => ['array'],
             'mfa_enforced' => ['string'],
         ]);
@@ -109,7 +109,7 @@ class RoleController extends Controller
         $data = $this->validate($request, [
             'display_name' => ['required', 'min:3', 'max:180'],
             'description'  => ['max:180'],
-            'external_auth_id' => ['string'],
+            'external_auth_id' => ['string', 'max:180'],
             'permissions'  => ['array'],
             'mfa_enforced' => ['string'],
         ]);

diff --git a/tests/User/RoleManagementTest.php b/tests/User/RoleManagementTest.php
index 9e5cf78dd8463c4267acdf902b6a50b2890263a4..8683fcb6e86b7d914cea03d95b66c905e7fb9bc0 100644 (file)
--- a/tests/User/RoleManagementTest.php
+++ b/tests/User/RoleManagementTest.php
@@ -96,6 +96,31 @@ class RoleManagementTest extends TestCase
         $this->assertActivityExists(ActivityType::ROLE_DELETE);
     }
 
+    public function test_role_external_auth_id_validation()
+    {
+        config()->set('auth.method', 'oidc');
+        $role = Role::query()->first();
+        $routeByMethod = [
+            'post' => '/settings/roles/new',
+            'put' => "/settings/roles/{$role->id}",
+        ];
+
+        foreach ($routeByMethod as $method => $route) {
+            $resp = $this->asAdmin()->get($route);
+            $resp->assertDontSee('The external auth id');
+
+            $resp = $this->asAdmin()->call($method, $route, [
+                'display_name' => 'Test role for auth id validation',
+                'description'  => '',
+                'external_auth_id' => str_repeat('a', 181),
+            ]);
+
+            $resp->assertRedirect($route);
+            $resp = $this->followRedirects($resp);
+            $resp->assertSee('The external auth id may not be greater than 180 characters.');
+        }
+    }
+
     public function test_admin_role_cannot_be_removed_if_user_last_admin()
     {
         /** @var Role $adminRole */