Fixes #17506 (#17536)

bergmania · web-flow · commit ba8092fac7c5 · 2024-11-15T09:40:26.000+01:00
Now the validation of ClientId has a max of 255 characters
diff --git a/src/Umbraco.Cms.Api.Management/Controllers/User/ClientCredentials/ClientCredentialsUserControllerBase.cs b/src/Umbraco.Cms.Api.Management/Controllers/User/ClientCredentials/ClientCredentialsUserControllerBase.cs
@@ -20,7 +20,7 @@ protected IActionResult BackOfficeUserClientCredentialsOperationStatusResult(Bac
                 .Build()),
             BackOfficeUserClientCredentialsOperationStatus.InvalidClientId => BadRequest(problemDetailsBuilder
                 .WithTitle("Invalid client ID")
-                .WithDetail("The specified client ID is invalid. A valid client ID can only contain [a-z], [A-Z], [0-9], and [-._~].")
+                .WithDetail("The specified client ID is invalid. A valid client ID can only contain [a-z], [A-Z], [0-9], and [-._~]. Furthermore, including the prefix it cannot be longer than 255 characters.")
                 .Build()),
             _ => StatusCode(StatusCodes.Status500InternalServerError, problemDetailsBuilder
                 .WithTitle("Unknown client credentials operation status.")
diff --git a/src/Umbraco.Core/Services/UserService.cs b/src/Umbraco.Core/Services/UserService.cs
@@ -2677,7 +2677,7 @@ private static void AddAdditionalPermissions(ISet<string> assignedPermissions, I
         }
     }
 
-    [GeneratedRegex(@"^[\w\d\-\._~]*$")]
+    [GeneratedRegex(@"^[\w\d\-\._~]{1,255}$")]
     private static partial Regex ValidClientId();
 
     #endregion
diff --git a/tests/Umbraco.Tests.Integration/Umbraco.Infrastructure/Services/UserServiceTests.cs b/tests/Umbraco.Tests.Integration/Umbraco.Infrastructure/Services/UserServiceTests.cs
@@ -1004,6 +1004,7 @@ public async Task Can_Assign_ClientId_To_Api_User(UserKind userKind, UserClientC
     [TestCase("@", UserClientCredentialsOperationStatus.InvalidClientId)]
     [TestCase("[", UserClientCredentialsOperationStatus.InvalidClientId)]
     [TestCase("]", UserClientCredentialsOperationStatus.InvalidClientId)]
+    [TestCase("More_Than_255_characters_012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789", UserClientCredentialsOperationStatus.InvalidClientId)]
     public async Task Can_Use_Only_Unreserved_Characters_For_ClientId(string clientId, UserClientCredentialsOperationStatus expectedResult)
     {
         // Arrange

Original file line number	Diff line number	Diff line change
`@@ -2677,7 +2677,7 @@ private static void AddAdditionalPermissions(ISet<string> assignedPermissions, I`
`2677`	`2677`	`}`
`2678`	`2678`	`}`
`2679`	`2679`
`2680`		`- [GeneratedRegex(@"^[\w\d\-\._~]*$")]`
	`2680`	`+ [GeneratedRegex(@"^[\w\d\-\._~]{1,255}$")]`
`2681`	`2681`	`private static partial Regex ValidClientId();`
`2682`	`2682`
`2683`	`2683`	`#endregion`
Original file line number	Diff line number	Diff line change
`@@ -1004,6 +1004,7 @@ public async Task Can_Assign_ClientId_To_Api_User(UserKind userKind, UserClientC`
`1004`	`1004`	`[TestCase("@", UserClientCredentialsOperationStatus.InvalidClientId)]`
`1005`	`1005`	`[TestCase("[", UserClientCredentialsOperationStatus.InvalidClientId)]`
`1006`	`1006`	`[TestCase("]", UserClientCredentialsOperationStatus.InvalidClientId)]`
	`1007`	`+ [TestCase("More_Than_255_characters_012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789", UserClientCredentialsOperationStatus.InvalidClientId)]`
`1007`	`1008`	`public async Task Can_Use_Only_Unreserved_Characters_For_ClientId(string clientId, UserClientCredentialsOperationStatus expectedResult)`
`1008`	`1009`	`{`
`1009`	`1010`	`// Arrange`