Fixes https://github.com/umbraco/Umbraco-CMS/issues/17506 (#17536)

Now the validation of ClientId has a max of 255 characters
2024-11-15 09:40:26 +01:00
parent 5c8d460224
commit ba8092fac7
3 changed files with 3 additions and 2 deletions
--- a/src/Umbraco.Cms.Api.Management/Controllers/User/ClientCredentials/ClientCredentialsUserControllerBase.cs
+++ b/src/Umbraco.Cms.Api.Management/Controllers/User/ClientCredentials/ClientCredentialsUserControllerBase.cs
@@ -20,7 +20,7 @@ public abstract class ClientCredentialsUserControllerBase : UserControllerBase
                .Build()),
            BackOfficeUserClientCredentialsOperationStatus.InvalidClientId => BadRequest(problemDetailsBuilder
                .WithTitle("Invalid client ID")
-                .WithDetail("The specified client ID is invalid. A valid client ID can only contain [a-z], [A-Z], [0-9], and [-._~].")
+                .WithDetail("The specified client ID is invalid. A valid client ID can only contain [a-z], [A-Z], [0-9], and [-._~]. Furthermore, including the prefix it cannot be longer than 255 characters.")
                .Build()),
            _ => StatusCode(StatusCodes.Status500InternalServerError, problemDetailsBuilder
                .WithTitle("Unknown client credentials operation status.")
--- a/src/Umbraco.Core/Services/UserService.cs
+++ b/src/Umbraco.Core/Services/UserService.cs
@@ -2677,7 +2677,7 @@ internal partial class UserService : RepositoryService, IUserService
        }
    }

-    [GeneratedRegex(@"^[\w\d\-\._~]*$")]
+    [GeneratedRegex(@"^[\w\d\-\._~]{1,255}$")]
    private static partial Regex ValidClientId();

    #endregion
--- a/tests/Umbraco.Tests.Integration/Umbraco.Infrastructure/Services/UserServiceTests.cs
+++ b/tests/Umbraco.Tests.Integration/Umbraco.Infrastructure/Services/UserServiceTests.cs
@@ -1004,6 +1004,7 @@ public class UserServiceTests : UmbracoIntegrationTest
    [TestCase("@", UserClientCredentialsOperationStatus.InvalidClientId)]
    [TestCase("[", UserClientCredentialsOperationStatus.InvalidClientId)]
    [TestCase("]", UserClientCredentialsOperationStatus.InvalidClientId)]
+    [TestCase("More_Than_255_characters_012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789", UserClientCredentialsOperationStatus.InvalidClientId)]
    public async Task Can_Use_Only_Unreserved_Characters_For_ClientId(string clientId, UserClientCredentialsOperationStatus expectedResult)
    {
        // Arrange