From 31c6ea9fda5aa2f23e3b002639f19f2d8f34350f Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Fri, 13 Jan 2023 15:42:35 +0100 Subject: [PATCH] providers/oauth2: don't allow spaces in scope_name closes #4094 Signed-off-by: Jens Langhammer --- authentik/providers/oauth2/api/scopes.py | 11 +++++++++++ schema.yml | 6 +++--- 2 files changed, 14 insertions(+), 3 deletions(-) diff --git a/authentik/providers/oauth2/api/scopes.py b/authentik/providers/oauth2/api/scopes.py index 685715394..576110fc2 100644 --- a/authentik/providers/oauth2/api/scopes.py +++ b/authentik/providers/oauth2/api/scopes.py @@ -3,6 +3,8 @@ from django_filters.filters import AllValuesMultipleFilter from django_filters.filterset import FilterSet from drf_spectacular.types import OpenApiTypes from drf_spectacular.utils import extend_schema_field +from rest_framework.fields import CharField +from rest_framework.serializers import ValidationError from rest_framework.viewsets import ModelViewSet from authentik.core.api.propertymappings import PropertyMappingSerializer @@ -10,9 +12,18 @@ from authentik.core.api.used_by import UsedByMixin from authentik.providers.oauth2.models import ScopeMapping +def no_space(value: str) -> str: + """Ensure value contains no spaces""" + if " " in value: + raise ValidationError("Value must not contain spaces.") + return value + + class ScopeMappingSerializer(PropertyMappingSerializer): """ScopeMapping Serializer""" + scope_name = CharField(help_text="Scope name requested by the client", validators=[no_space]) + class Meta: model = ScopeMapping diff --git a/schema.yml b/schema.yml index 1cd8d2eb7..4db618ae8 100644 --- a/schema.yml +++ b/schema.yml @@ -34599,7 +34599,7 @@ components: scope_name: type: string minLength: 1 - description: Scope used by the client + description: Scope name requested by the client description: type: string description: Description shown to the user when consenting. If left empty, @@ -36604,7 +36604,7 @@ components: readOnly: true scope_name: type: string - description: Scope used by the client + description: Scope name requested by the client description: type: string description: Description shown to the user when consenting. If left empty, @@ -36640,7 +36640,7 @@ components: scope_name: type: string minLength: 1 - description: Scope used by the client + description: Scope name requested by the client description: type: string description: Description shown to the user when consenting. If left empty,