Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add supplemental regex setting to validate username #592

Merged
merged 9 commits into from
Oct 25, 2023
Merged

Add supplemental regex setting to validate username #592

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
a1bd0e1
add supplemental regex setting to validate username
mishaschwartz Oct 18, 2023
98507b2
review suggestions
mishaschwartz Oct 19, 2023
8ef11a4
code cleanup, review suggestions, and tests
mishaschwartz Oct 19, 2023
6d20577
fix param_content value
mishaschwartz Oct 19, 2023
733d359
api tests and variable rename
mishaschwartz Oct 20, 2023
15c9328
style (pep8) fixes
mishaschwartz Oct 20, 2023
9c0a518
documentation typos/fixes
mishaschwartz Oct 24, 2023
ae147c1
doc updates
mishaschwartz Oct 24, 2023
436c7f9
Merge branch 'master' into extra-username-regex
fmigneault Oct 24, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 6 additions & 1 deletion CHANGES.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,12 @@ Changes
`Unreleased <https://github.com/Ouranosinc/Magpie/tree/master>`_ (latest)
------------------------------------------------------------------------------------

* Nothing new for the moment.
Features / Changes
~~~~~~~~~~~~~~~~~~

* Create an additional settings/environment variable ``MAGPIE_SUPPLEMENTAL_USERNAME_REGEX`` that acts as an additional
check for whether a ``username`` is valid. This creates a further restriction on this value which is useful when there
are additional limits on the ``username`` that should be enforced by `Magpie`.
fmigneault marked this conversation as resolved.
Show resolved Hide resolved

.. _changes_3.36.0:

Expand Down
4 changes: 4 additions & 0 deletions config/magpie.ini
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -61,6 +61,10 @@ magpie.user_registration_notify_enabled = false
magpie.user_registration_notify_email_recipient =
magpie.user_registration_notify_email_template =

# --- user validation settings ---

#magpie.supplemental_username_regex =
mishaschwartz marked this conversation as resolved.
Show resolved Hide resolved

# --- user assignment to groups with t&c ---
magpie.group_terms_submission_email_template =
magpie.group_terms_approved_email_template =
Expand Down
22 changes: 22 additions & 0 deletions docs/configuration.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1428,6 +1428,28 @@ approval procedures.
obtained from the :term:`Pending User`. Parameter ``approval_required`` is provided to generate alternative
`Mako Template`_ contents in case different messages should be sent for each situation.

.. _config_user_validation_settings

User Validation Settings
~~~~~~~~~~~~~~~~~~~~~~~~

.. envvar:: MAGPIE_SUPPLEMENTAL_USERNAME_REGEX

(Default: ``None``)

.. versionadded:: 3.36.1
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

3.37 instead


A (python3 syntax) regular expression used to validate a ``username`` when creating or updating a `User`.

For example, if ``MAGPIE_SUPPLEMENTAL_USERNAME_REGEX='^\w+$'``, then a `User` can have ``userA`` as a ``username``
but not ``user.A`` or ``user-A``.

Note that `Magpie` enforces other restrictions that must also be met for a ``username`` to be considered valid.
This creates an additional restriction, it does not replace an existing restriction on the ``username``.

If this variable is empty or unset, then no additional ``username`` validations will be performed.


.. envvar:: MAGPIE_USER_REGISTRATION_DECLINED_EMAIL_TEMPLATE

(Default: |email_ur_declined_mako|_)
Expand Down
5 changes: 5 additions & 0 deletions magpie/api/management/user/user_utils.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -872,6 +872,11 @@ def check_user_info(user_name=None, email=None, password=None, group_name=None,
ax.verify_param(user_name, matches=True, param_name="user_name", param_compare=ax.PARAM_REGEX,
http_error=HTTPBadRequest,
msg_on_fail=s.Users_CheckInfo_UserNameValue_BadRequestResponseSchema.description)
supplemental_regex = get_constant("MAGPIE_SUPPLEMENTAL_USERNAME_REGEX", raise_missing=False)
if supplemental_regex:
ax.verify_param(user_name, matches=True, param_name="user_name", param_compare=supplemental_regex,
http_error=HTTPBadRequest,
fmigneault marked this conversation as resolved.
Show resolved Hide resolved
msg_on_fail=s.Users_CheckInfo_UserNameValue_BadRequestResponseSchema.description)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this msg_on_fail error message displayed also to the web UI or only in the logs?

Can I have a sample content of this msg_on_fail error message? Is is understandable by someone not well versed with Magpie, like a new node admin.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The value is defined here: https://github.com/mishaschwartz/Magpie/blob/a1bd0e15c88d353df51f5ca7988e7ffbc34d202f/magpie/api/schemas.py#L1961C1-L1961C57

and says: "Invalid 'user_name' value specified."

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Right, it does not say "why" and there is no way to add supplemental info that the reason is the new regex. I hope the node admin will be able to guess it.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

and there is no way to add supplemental info that the reason is the new regex

I can make or respond with a different message. How about: "Invalid 'user_name' specified. Does not match the supplemental user name regex."

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sure that would be better if it does not take to much of your time. Creating a new sub-class with a new hardcoded message?

Copy link
Collaborator

@fmigneault fmigneault Oct 19, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

msg_on_fail is only the generic message value in the API body.
For the "why", that would be reported in the API response body. It provides the param_name, param_compare, the input value and so on with more details about the specific check that failed.

On the UI, it would simply be a red message next to the input text field because the contents are limited in the code. That could be improved.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The message in the UI I mentioned is here:

Magpie/magpie/ui/management/templates/add_user.mako

Lines 39 to 41 in 92ff2d2

%if invalid_user_name:
${reason_user_name}
%endif

It uses the property obtained from this:

Magpie/magpie/ui/management/views.py

Lines 87 to 88 in 92ff2d2

@view_config(route_name="add_user", renderer="templates/add_user.mako")
def add_user(self):

Which default to this:

Magpie/magpie/ui/utils.py

Lines 304 to 308 in 92ff2d2

# plain message 'Invalid' used as default in case pre-checks did not find anything, but API returned 400
"reason_user_name": "Invalid",
"reason_group_name": "Invalid",
"reason_user_email": "Invalid",
"reason_password": "Invalid",

That value could be overridden with more explicit details according to the contents parsed from the API response obtained here before returning the UI response:

Magpie/magpie/ui/management/views.py

Lines 106 to 108 in 92ff2d2

return_data = self.create_user(return_data)
if return_data["is_error"]:
return self.add_template_data(return_data)

Copy link
Collaborator Author

@mishaschwartz mishaschwartz Oct 19, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@fmigneault @tlvu with the current update to msg_on_fail the UI looks like this:

image

Is this sufficient or are there other changes you would suggest?

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Still need rename of the variable/setting to MAGPIE_USER_NAME_EXTRA_REGEX.
This is to align with other variable names, such as MAGPIE_USER_NAME_MAX_LENGTH, for similar checks.

name_range = range(1, 1 + get_constant("MAGPIE_USER_NAME_MAX_LENGTH"))
ax.verify_param(len(user_name), is_in=True, param_name="user_name", param_compare=name_range,
http_error=HTTPBadRequest,
Expand Down