providers/oauth2: don't allow spaces in scope_name

closes #4094 Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-13 15:42:35 +01:00 · 2023-01-13 15:42:35 +01:00 · 31c6ea9fda
parent 20931ccc1d
commit 31c6ea9fda
2 changed files with 14 additions and 3 deletions
--- a/authentik/providers/oauth2/api/scopes.py
+++ b/authentik/providers/oauth2/api/scopes.py
@ -3,6 +3,8 @@ from django_filters.filters import AllValuesMultipleFilter
 from django_filters.filterset import FilterSet
 from drf_spectacular.types import OpenApiTypes
 from drf_spectacular.utils import extend_schema_field
+from rest_framework.fields import CharField
+from rest_framework.serializers import ValidationError
 from rest_framework.viewsets import ModelViewSet

 from authentik.core.api.propertymappings import PropertyMappingSerializer
@ -10,9 +12,18 @@ from authentik.core.api.used_by import UsedByMixin
 from authentik.providers.oauth2.models import ScopeMapping


+def no_space(value: str) -> str:
+    """Ensure value contains no spaces"""
+    if " " in value:
+        raise ValidationError("Value must not contain spaces.")
+    return value
+
+
 class ScopeMappingSerializer(PropertyMappingSerializer):
    """ScopeMapping Serializer"""

+    scope_name = CharField(help_text="Scope name requested by the client", validators=[no_space])
+
    class Meta:

        model = ScopeMapping
--- a/schema.yml
+++ b/schema.yml
@ -34599,7 +34599,7 @@ components:
        scope_name:
          type: string
          minLength: 1
-          description: Scope used by the client
+          description: Scope name requested by the client
        description:
          type: string
          description: Description shown to the user when consenting. If left empty,
@ -36604,7 +36604,7 @@ components:
          readOnly: true
        scope_name:
          type: string
-          description: Scope used by the client
+          description: Scope name requested by the client
        description:
          type: string
          description: Description shown to the user when consenting. If left empty,
@ -36640,7 +36640,7 @@ components:
        scope_name:
          type: string
          minLength: 1
-          description: Scope used by the client
+          description: Scope name requested by the client
        description:
          type: string
          description: Description shown to the user when consenting. If left empty,