fix(enterprise): ensure scim usernames are validated (#7925)

2025-07-03 16:13:58 +00:00 · 2023-06-08 17:59:49 -05:00
parent a4cc883be1
commit 30a635aa5f
3 changed files with 53 additions and 4 deletions
--- a/coderd/users.go
+++ b/coderd/users.go
@ -983,6 +983,12 @@ type CreateUserRequest struct {
 }

 func (api *API) CreateUser(ctx context.Context, store database.Store, req CreateUserRequest) (database.User, uuid.UUID, error) {
+	// Ensure the username is valid. It's the caller's responsibility to ensure
+	// the username is valid and unique.
+	if usernameValid := httpapi.NameValid(req.Username); usernameValid != nil {
+		return database.User{}, uuid.Nil, xerrors.Errorf("invalid username %q: %w", req.Username, usernameValid)
+	}
+
 	var user database.User
 	return user, req.OrganizationID, store.InTx(func(tx database.Store) error {
 		orgRoles := make([]string, 0)