Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Only allow latin-1 encodable characters in username and password #1402

Merged
merged 11 commits into from
Mar 9, 2023
Merged

Only allow latin-1 encodable characters in username and password #1402

merged 11 commits into from
Mar 9, 2023

Conversation

i-oden
Copy link
Member

@i-oden i-oden commented Mar 6, 2023
edited
Loading

1. This PR contains the following changes...

See ScilifelabDataCentre/dds_cli#617 for background.

This adds a new validation to make sure that accepted usernames and passwords are able to be passed through the requests package from the CLI.

2. The following additional changes are required for this to work

X

3. The PR fixes the following GitHub issue / Jira task

  • GitHub issue (link):
  • Jira task (ID, DDS-xxxx): DDS-1489
  • The PR does not fix a specific GitHub issue or Jira task

4. What type of change(s) does the PR contain?

  • New feature
    • Breaking: Please describe the reason for the break and how we can fix it.
    • Non-breaking
  • Database change
    • Migration included in PR
    • Migration not needed
  • Bug fix
    • Breaking: Not breaking but some users could potentially need to reset their passwords. Not likely though, in this case they'd have contacted us about the UnicodeEncodeError.
    • Non-breaking
  • Security Alert fix
  • Documentation
  • Tests (only)
  • Workflow

5. Checklist

Always

  • Changelog
    • Added
    • Not needed (E.g. PR contains only tests)
  • Rebase / Update / Merge from base branch (the branch from which the current is forked)
    • Done
    • Not needed
  • Blocking PRs
    • Merged
    • No blocking PRs
  • PR to master branch

If PR consists of code change(s)

  • Self review
    • Done
  • Comments, docstrings, etc
    • Added / Updated
  • Documentation
    • Updated
    • Update not needed

6. Actions / Scans

  • Black: Python code formatter. Does not execute. Only tests.
    Run black . locally to execute formatting.
    • Passed
  • Prettier: General code formatter. Our use case: MD and yaml mainly.
    Run npx prettier --write . locally to execute formatting.
    • Passed
  • Yamllint: Linting of yaml files.
    • Passed
  • Tests: Pytest to verify that functionality works as expected.
    • New tests added
    • No new tests
    • Passed
  • CodeQL: Scan for security vulnerabilities, bugs, errors
    • New alerts: Go through them and either fix, dismiss och ignore. Add reasoning in items below.
    • Alerts fixed: What?
    • Alerts ignored / dismissed: Why?
    • Passed
  • Trivy: Security scanner
    • New alerts: Go through them and either fix, dismiss och ignore. Add reasoning in items below.
    • Alerts fixed: What?
    • Alerts ignored / dismissed: Why?
    • Passed
  • Snyk: Security scanner
    • New alerts: Go through them and either fix, dismiss och ignore. Add reasoning in items below.
    • Alerts fixed: What?
    • Alerts ignored / dismissed: Why?
    • Passed

@i-oden i-oden self-assigned this Mar 6, 2023
github-advanced-security[bot]
github-advanced-security bot found potential problems Mar 6, 2023
View reviewed changes
tests/test_user_reset_password.py
db.session.commit()

# Need to use a valid token for the get request to get the form token
valid_reset_token = get_valid_reset_token("unitadmin")

Check notice

Code scanning / SnykCode

Use of Hardcoded Credentials

Do not hardcode credentials in code. Found hardcoded credential used in username.
i-oden
i-oden commented Mar 6, 2023
View reviewed changes
dds_web/utils.py Outdated Show resolved Hide resolved
@i-oden i-oden mentioned this pull request Mar 8, 2023
Merged
44 tasks
@i-oden i-oden marked this pull request as ready for review March 8, 2023 10:02
@i-oden i-oden requested a review from valyo March 8, 2023 10:02
valyo
valyo requested changes Mar 9, 2023
View reviewed changes
Copy link
Member

@valyo valyo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Apart from that comment, it works and I didn't noticed anything strange

tests/test_user_confirm_invites_and_register.py Outdated Show resolved Hide resolved
@i-oden i-oden merged commit 6e1d57b into dev Mar 9, 2023
@i-oden i-oden deleted the DDS-1489-unicode-encode-error-when-non-latin-1-chars-in-password branch March 9, 2023 14:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@valyo valyo valyo approved these changes

Assignees

@i-oden i-oden

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@i-oden @valyo