Quote username in error message

tcdowney · tcdowney · commit 4824bcba54b8 · 2025-06-16T14:59:44.000-06:00
diff --git a/app/models/runtime/constraints/process_user_policy.rb b/app/models/runtime/constraints/process_user_policy.rb
@@ -11,12 +11,16 @@ def validate
     return if @process.user.blank?
     return if @allowed_users.map(&:downcase).include?(@process.user.downcase)
 
-    @errors.add(:user, sprintf(ERROR_MSG, requested_user: @process.user, allowed_users: formatted_users_for_error))
+    @errors.add(:user, sprintf(ERROR_MSG, requested_user: quote_user(@process.user), allowed_users: formatted_users_for_error))
   end
 
   private
 
   def formatted_users_for_error
-    @allowed_users.map { |u| "'#{u}'" }.join(', ')
+    @allowed_users.map { |u| quote_user(u) }.join(', ')
+  end
+
+  def quote_user(user)
+    "'#{user}'"
   end
 end
diff --git a/spec/unit/models/runtime/constraints/process_user_policy_spec.rb b/spec/unit/models/runtime/constraints/process_user_policy_spec.rb
@@ -40,7 +40,7 @@
     let(:process_user) { 'vcarp' }
 
     it 'is not valid' do
-      expect(validator).to validate_with_error(process, :user, sprintf(ProcessUserPolicy::ERROR_MSG, requested_user: process.user, allowed_users: "'vcap', 'ContainerUser'"))
+      expect(validator).to validate_with_error(process, :user, sprintf(ProcessUserPolicy::ERROR_MSG, requested_user: "'vcarp'", allowed_users: "'vcap', 'ContainerUser'"))
     end
   end
 
