ONYX-13637: Nested claims input validation #2403

semyon-estrin · 2021-11-01T18:30:39Z

Desired Outcome

Verify that invalid characters validation is enforced in Claim Aliases.

Implemented Changes

Applied new regex from ONYX-13638: Added claim name validation according to new host annotat… #2401 on all claims (alias and enforced claims)
Claim alias structure is name:value
Added additinal validation on Claim Alias name to not allow use of '/' character. (Claim Alias value still can use '/')
Added UT for both General Claims validation and Claim Alias Specific validation.

Connected Issue/Story

Resolves CyberArk internal issue link: ONYX-13637

Changelog

The CHANGELOG has been updated, or
This PR does not include user-facing changes and doesn't require a
CHANGELOG update

Test coverage

This PR includes new unit tests to go with the code.
The changes in this PR do not require tests

Documentation

Docs (e.g. READMEs) were updated in this PR
A follow-up issue to update official docs has been filed here: insert issue ID
This PR does not require updating any documentation.

Behavior

This PR changes product behavior and has been reviewed by a PO, or
These changes are part of a larger initiative that will be reviewed later, or
No behavior was changed with this PR

Security

Security architect has reviewed the changes in this PR,
These changes are part of a larger initiative with a separate security review, or
There are no security aspects to these changes

sashaCher

see comments

app/domain/authentication/authn_jwt/input_validation/validate_claim_name.rb

app/domain/errors.rb

spec/app/domain/authentication/authn-jwt/input_validation/parse_claim_aliases_spec.rb

app/domain/authentication/authn_jwt/input_validation/parse_claim_aliases.rb

spec/app/domain/authentication/authn-jwt/input_validation/parse_claim_aliases_spec.rb

sashaCher · 2021-11-02T07:13:20Z

@semyon-estrin please pay your attention on broken cucumber tests

app/domain/authentication/authn_jwt/input_validation/parse_claim_aliases.rb

codeclimate · 2021-11-02T12:23:24Z

Code Climate has analyzed commit 4a54cec and detected 1 issue on this pull request.

Here's the issue category breakdown:

Category	Count
Style	1

The test coverage on the diff in this pull request is 100.0% (50% is the threshold).

This pull request will bring the total coverage in the repository to 90.8% (-0.1% change).

View more on Code Climate.

sashaCher

See comments

spec/app/domain/authentication/authn-jwt/input_validation/validate_claim_name_spec.rb

…rk/conjur into nested-claims-input-valid

sashaCher

LGTM

sashaCher

LGTM

Disable support for slash character in claim name

f718d53

semyon-estrin requested a review from a team as a code owner November 1, 2021 18:30

Rollback mistakenly removed code

8991ed9

semyon-estrin self-assigned this Nov 1, 2021

semyon-estrin requested review from sashaCher and tzheleznyak November 1, 2021 18:35

sashaCher reviewed Nov 2, 2021

View reviewed changes

semyon-estrin added 2 commits November 2, 2021 12:14

Fix failed integration tests

7ac0df3

Fix failing tests

4a54cec

codeclimate bot reviewed Nov 2, 2021

View reviewed changes

app/domain/authentication/authn_jwt/input_validation/parse_claim_aliases.rb Show resolved Hide resolved

Resolve PR comments

4f543ee

sashaCher suggested changes Nov 2, 2021

View reviewed changes

semyon-estrin and others added 4 commits November 2, 2021 15:02

Merge branch 'master' into nested-claims-input-valid

9010347

Resolve PR comments

107af05

Merge branch 'nested-claims-input-valid' of https://github.com/cybera…

5e93774

…rk/conjur into nested-claims-input-valid

Fix typo

3ad7708

sashaCher previously approved these changes Nov 2, 2021

View reviewed changes

Ammend changelog

cc6e197

semyon-estrin dismissed sashaCher’s stale review via cc6e197 November 2, 2021 14:05

semyon-estrin requested a review from sashaCher November 2, 2021 14:05

sashaCher approved these changes Nov 2, 2021

View reviewed changes

semyon-estrin merged commit 8d912ad into master Nov 2, 2021

semyon-estrin deleted the nested-claims-input-valid branch November 2, 2021 14:53

This was referenced Nov 3, 2021

ONYX-13812: Claim Validation - Cucumber Integration Tests #2407

Closed

ONYX-13812: Claim Validation - Cucumber Integration Tests #2408

Merged

jtuttle mentioned this pull request Nov 12, 2021

Bump version for v1.14.1+suite.1 release cyberark/conjur-oss-suite-release#237

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

ONYX-13637: Nested claims input validation #2403

ONYX-13637: Nested claims input validation #2403

semyon-estrin commented Nov 1, 2021

sashaCher left a comment

sashaCher commented Nov 2, 2021

codeclimate bot commented Nov 2, 2021

sashaCher left a comment

sashaCher left a comment

sashaCher left a comment

ONYX-13637: Nested claims input validation #2403

ONYX-13637: Nested claims input validation #2403

Conversation

semyon-estrin commented Nov 1, 2021

Desired Outcome

Implemented Changes

Connected Issue/Story

Changelog

Test coverage

Documentation

Behavior

Security

sashaCher left a comment

Choose a reason for hiding this comment

sashaCher commented Nov 2, 2021

codeclimate bot commented Nov 2, 2021

sashaCher left a comment

Choose a reason for hiding this comment

sashaCher left a comment

Choose a reason for hiding this comment

sashaCher left a comment

Choose a reason for hiding this comment