bynt-1364: implement username and email validation for user endpoints#126
Merged
bynt-1364: implement username and email validation for user endpoints#126
Conversation
…or WebAuthn device names. Addresses XSS concerns by rejecting HTML tags/entities instead of cleaning them, providing clear user feedback.
- Add Unicode-aware username validation (letters, numbers, underscore, hyphen) - Add email validation with IDN support using email-validator - Enhance Pydantic models with field validators for username (4-255 chars) and email - Remove manual validation from controllers, centralize in validation utils
level09
requested changes
Jul 9, 2025
- Refactor username validation to use plain text field validation utility (reduces code complexity/indirections) - Remove tests that were testing pydantic itself.
cango91
commented
Jul 10, 2025
…lask-security behavior
… email validation
…ext_field to allow/disallow whitespace when unicode is not allowed
level09
approved these changes
Jul 22, 2025
## Jira Issue 1. [1385](https://syriajustice.atlassian.net/browse/BYNT-1385) ## Description Add vuetify form validations to create/edit users form, display server errors next to inputs, and conditionally show snack messages ## Checklist - [ ] Tests added/updated - [ ] Documentation updated (if needed) - [ ] New strings prepared for translations ## API Changes (if applicable) - [ ] Permissions checked - [ ] Endpoint tests added ## Additional Notes [Any other relevant information] [BYNT-1386]: https://syriajustice.atlassian.net/browse/BYNT-1386?atlOrigin=eyJpIjoiNWRkNTljNzYxNjVmNDY3MDlhMDU5Y2ZhYzA5YTRkZjUiLCJwIjoiZ2l0aHViLWNvbS1KU1cifQ --------- Co-authored-by: tarekio <7659394+tarekio@users.noreply.github.com>
- Centralized duplicate validation code into single validate_username_constraints() function - Eliminated ~30 lines of repeated logic across model validators - Unified error handling to consistent ValueError types - Updated tests to match new validation interface
level09
approved these changes
Aug 2, 2025
Resolved conflicts by: - Keeping checkUsername function from main in users.html template - Preserving our cleaner validation logic in admin views - Our centralized username validation supersedes the manual character validation from main
tarekio
approved these changes
Aug 8, 2025
level09
added a commit
that referenced
this pull request
Mar 2, 2026
…lp (#273) ## Summary - **yt-dlp**: bump to `>=2026.2.21` to fix high-severity arbitrary command injection via `--netrc-cmd` (Dependabot alert #126) - **extraction.py**: replace raw `str(e)` in error responses with generic messages to prevent internal exception leakage to API clients (CodeQL alert #132) - **app.py**: replace substring check on `MAPS_API_ENDPOINT` with `urlparse` hostname check to prevent crafted URLs from bypassing CSP allowlist (CodeQL alert #122) ## Notes All three endpoints are behind authentication, but defense-in-depth applies. Exception strings are still logged in full server-side.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Jira Issue
Description
25532 chars) and emailChecklist
API Changes (if applicable)
Additional Notes
[Any other relevant information]