Add validation to org subdomain during signup, and add a list of reserved subdomains. #3066
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
dnephin
requested review from
ssoroka,
hoyyeva,
jmorganca,
pdevine and
BruceMacD
as code owners
dnephin
force-pushed
the
dnephin/orgs-reserve-sub-domains
branch
from
4506104
to
b06786f
Compare
mxyng
reviewed
Aug 30, 2022
| @@ -12,6 +12,33 @@ type SignupOrg struct { | |||
| Subdomain string `json:"subDomain"` | |||
| } | |||
|
|
|||
| var reservedSubDomains = []string{ | |||
There was a problem hiding this comment.
@ssoroka also had a list of reserved subdomains. Perhaps you should work together on this
There was a problem hiding this comment.
I'm happy to add or edit this list! I should have mentioned that in the PR description.
Please do suggest changes to this list and I can update it.
dnephin
force-pushed
the
dnephin/orgs-reserve-sub-domains
branch
from
b06786f
to
6f60a09
Compare
ssoroka
approved these changes
Aug 30, 2022
Comment on lines
+24
to
+30
| validate.StringRule{ | ||
| Name: "token", | ||
| Value: r.Token, | ||
| MinLength: 10, | ||
| MaxLength: 10, | ||
| CharacterRanges: validate.AlphaNumeric, | ||
| }, |
| validate.Required("name", r.Name), | ||
| validate.Required("subDomain", r.Subdomain), | ||
| validate.ReservedStrings("subDomain", r.Subdomain, reservedSubDomains), | ||
| validate.StringRule{ |
There was a problem hiding this comment.
not necessarily a blocker, but it's missing the can't-start-with-dash case
There was a problem hiding this comment.
I added first character validation to the StringRule and added it here as well
dnephin
force-pushed
the
dnephin/orgs-reserve-sub-domains
branch
from
6f60a09
to
e373105
Compare
So that the openAPI doc is generated correctly. The validation rules continue to work the same way.
Functions with more than 3 arguments are hard to use, especially when some of the args have the same type. From the caller it's not easy to see what the values represent. Using a string makes the code more obvious because we can see the value 10 is for length. The field names help document what the values mean. Also remove a TODO, the password critiera are validated in the access package.
Add a new validation rule for restricting strings, and use it to validate the org subdomain. Also add min/max length and character restrictions.
dnephin
force-pushed
the
dnephin/orgs-reserve-sub-domains
branch
from
92d1740
to
b63ed2c
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
This PR adds validation to the org subdomain, including min/max length, character restrictions, and a list of reserved words that we should not allow to be subdomains.
Best viewed by individual commit, more details in commit messages.