Add validation to org slug

2025-03-25 14:05:03 +00:00 · 2024-02-07 09:39:06 -08:00
parent fc7015de83
commit 9011394c34
3 changed files with 23 additions and 5 deletions
--- a/backend/src/server/routes/v1/organization-router.ts
+++ b/backend/src/server/routes/v1/organization-router.ts
@ -88,7 +88,11 @@ export const registerOrgRouter = async (server: FastifyZodProvider) => {
      params: z.object({ organizationId: z.string().trim() }),
      body: z.object({
        name: z.string().trim().optional(),
-        slug: z.string().trim().optional(),
+        slug: z
+          .string()
+          .trim()
+          .regex(/^[a-zA-Z0-9-]+$/, "Name must only contain alphanumeric characters or hyphens")
+          .optional(),
        authEnforced: z.boolean().optional()
      }),
      response: {
--- a/backend/src/services/org/org-service.ts
+++ b/backend/src/services/org/org-service.ts
@ -121,11 +121,17 @@ export const orgServiceFactory = ({
  /*
   * Update organization details
   * */
-  const updateOrg = async ({ actor, actorId, actorOrgScope, orgId, data }: TUpdateOrgDTO) => {
+  const updateOrg = async ({
+    actor,
+    actorId,
+    actorOrgScope,
+    orgId,
+    data: { name, slug, authEnforced }
+  }: TUpdateOrgDTO) => {
    const { permission } = await permissionService.getOrgPermission(actor, actorId, orgId, actorOrgScope);
    ForbiddenError.from(permission).throwUnlessCan(OrgPermissionActions.Edit, OrgPermissionSubjects.Settings);

-    if (data.authEnforced) {
+    if (authEnforced) {
      const samlCfg = await samlConfigDAL.findEnforceableSamlCfg(orgId);
      if (!samlCfg)
        throw new BadRequestError({
@ -134,7 +140,11 @@ export const orgServiceFactory = ({
        });
    }

-    const org = await orgDAL.updateById(orgId, data);
+    const org = await orgDAL.updateById(orgId, {
+      name,
+      slug: slug ? slugify(slug) : slug,
+      authEnforced
+    });
    if (!org) throw new BadRequestError({ name: "Org not found", message: "Organization not found" });
    return org;
  };
--- a/frontend/src/views/Settings/OrgSettingsPage/components/OrgSlugChangeSection/OrgSlugChangeSection.tsx
+++ b/frontend/src/views/Settings/OrgSettingsPage/components/OrgSlugChangeSection/OrgSlugChangeSection.tsx
@ -10,7 +10,11 @@ import { OrgPermissionActions, OrgPermissionSubjects, useOrganization } from "@a
 import { useUpdateOrg } from "@app/hooks/api";

 const formSchema = yup.object({
-    slug: yup.string().required().label("Project Slug")
+    slug: yup
+        .string()
+        .matches(/^[a-zA-Z0-9-]+$/, "Name must only contain alphanumeric characters or hyphens")
+        .required()
+        .label("Project Slug")
 });

 type FormData = yup.InferType<typeof formSchema>;