Skip to content

Commit

Permalink
Do not validate the email
Browse files Browse the repository at this point in the history
Signed-off-by: Radoslav Dimitrov <radoslav@stacklok.com>
  • Loading branch information
rdimitrov committed Jun 20, 2024
1 parent d727e2a commit 62fadcc
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 42 deletions.
15 changes: 3 additions & 12 deletions internal/controlplane/handlers_authz.go
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,6 @@ import (
"context"
"database/sql"
"errors"
"regexp"
"time"

"github.com/google/uuid"
Expand Down Expand Up @@ -323,11 +322,11 @@ func (s *Server) AssignRole(ctx context.Context, req *minder.AssignRoleRequest)
if errors.Is(err, sql.ErrNoRows) {
return nil, util.UserVisibleError(codes.InvalidArgument, "target project with ID %s not found", targetProject)
}
return nil, status.Errorf(codes.InvalidArgument, "error getting project: %v", err)
return nil, status.Errorf(codes.Internal, "error getting project: %v", err)
}

// Validate the subject and email - decide if it's an invitation or a role assignment
if sub == "" && email != "" && isEmail(email) {
if sub == "" && email != "" {
if flags.Bool(ctx, s.featureFlags, flags.UserManagement) {
return s.inviteUser(ctx, targetProject, authzRole, email)
}
Expand Down Expand Up @@ -513,7 +512,7 @@ func (s *Server) RemoveRole(ctx context.Context, req *minder.RemoveRoleRequest)
}

// Validate the subject and email - decide if it's about removing an invitation or a role assignment
if sub == "" && email != "" && isEmail(email) {
if sub == "" && email != "" {
if flags.Bool(ctx, s.featureFlags, flags.UserManagement) {
return s.removeInvite(ctx, targetProject, authzRole, email)
}
Expand Down Expand Up @@ -604,14 +603,6 @@ func (s *Server) removeRole(
}, nil
}

// isEmail checks if the subject is an email address or not
func isEmail(subject string) bool {
// Define the regular expression for validating an email address
const emailRegexPattern = `^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$`
emailRegex := regexp.MustCompile(emailRegexPattern)
return emailRegex.MatchString(subject)
}

// UpdateRole updates a role for a user on a project
func (s *Server) UpdateRole(ctx context.Context, req *minder.UpdateRoleRequest) (*minder.UpdateRoleResponse, error) {
// For the time being, ensure only one role is updated at a time
Expand Down
30 changes: 0 additions & 30 deletions internal/controlplane/handlers_authz_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -594,36 +594,6 @@ func (_ *SimpleResolver) Validate(_ context.Context, _ jwt.Token) (*auth.Identit
panic("unimplemented")
}

func TestIsSubjectEmail(t *testing.T) {
t.Parallel()

tests := []struct {
name string
subject string
expected bool
}{
{"Valid email", "test@example.com", true},
{"Invalid email missing @", "testexample.com", false},
{"Invalid email missing domain", "test@", false},
{"Invalid email missing tld", "test@example", false},
{"Valid email with subdomain", "user.name+tag+sorting@example.com", true},
{"Valid email with multiple dots", "another.test@sub.domain.co.uk", true},
{"Invalid email missing domain and tld", "example@com", false},
{"Invalid email with spaces", "user @example.com", false},
{"Invalid email with special characters", "user@exa!mple.com", false},
{"Invalid email", "91abede98a29dbfec05daa22e2bf80850ba4ca3d209bd78d0f84adc402638446", false},
}

for _, tt := range tests {
tt := tt
t.Run(tt.name, func(t *testing.T) {
t.Parallel()
result := isEmail(tt.subject)
require.Equal(t, tt.expected, result)
})
}
}

// createSignedJWTToken creates a signed JWT token with the specified subject and email.
func createSignedJWTToken(subject, email string, privateKey *rsa.PrivateKey) (string, error) {
token := gojwt.NewWithClaims(gojwt.SigningMethodRS256, gojwt.MapClaims{
Expand Down

0 comments on commit 62fadcc

Please sign in to comment.