fix(core): Better input validation for the changeRole endpoint #8189
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
n8n-assistant
bot
added
core
also refactored the code to 1. stop passing around `scope === 'global'`, since this code can be used only for changing globalRole. 2. leak less details when input validation fails.
netroy
force-pushed
the
fix-changeRole-input-validation
branch
from
e7a5646 to
0912e57
Compare
netroy
force-pushed
the
fix-changeRole-input-validation
branch
from
a2f2ddf to
a14d5e9
Compare
|
✅ All Cypress E2E specs passed |
1 flaky test on run #3559 ↗︎
Details:
|
|||||||||||||||||||||
| Test | Artifacts | |
|---|---|---|
| Templates > should save template id with the workflow |
Screenshots
Video
|
|
Review all test suite changes for PR #8189 ↗︎
ivov
approved these changes
Jan 3, 2024
|
✅ All Cypress E2E specs passed |
Merged
ivov
added a commit
that referenced
this pull request
Jan 3, 2024
# [1.23.0](https://github.com/n8n-io/n8n/compare/[email protected]@1.23.0) (2024-01-03) ### Bug Fixes * **Asana Node:** Omit body from GET, HEAD, and DELETE requests ([#8057](#8057)) ([15ffd4f](15ffd4f)) * **core:** Better input validation for the changeRole endpoint ([#8189](#8189)) ([cfe9525](cfe9525)) * **core:** Fix issue that pinnedData is not used with Test-Webhooks ([#8123](#8123)) ([fa8bd8b](fa8bd8b)) * **core:** Handle empty executions table in pruning in migrations ([#8121](#8121)) ([ffaa30d](ffaa30d)) * **core:** Remove circular dependency in WorkflowService and ActiveWorkflowRunner ([#8128](#8128)) ([21788d9](21788d9)) * **core:** Use pinned data only for manual mode ([#8164](#8164)) ([ea7e76f](ea7e76f)) * **Discord Node:** Remove unnecessary requirement on parameters ([#8060](#8060)) ([ef3a577](ef3a577)) * **editor:** Avoid sanitizing output to search node data ([#8126](#8126)) ([c83d9f4](c83d9f4)) * **editor:** Enable explicit undo keyboard shortcut across all code editors ([#8178](#8178)) ([cf7f668](cf7f668)) * **editor:** Fix operation change failing in certain conditions ([#8114](#8114)) ([711fa2b](711fa2b)) * **editor:** Fix templates view layout ([#8196](#8196)) ([d01e42a](d01e42a)) * **editor:** Fix UI urls when hosted behind a path prefix ([#8198](#8198)) ([5c078f1](5c078f1)) * **editor:** Prevent browser zoom when scrolling inside sticky edit mode ([#8116](#8116)) ([e928210](e928210)) * **editor:** Prevent canvas undo/redo when NDV is open ([#8118](#8118)) ([39e45d8](39e45d8)) * **editor:** Prevent storing pairedItem data inside of pinData ([#8173](#8173)) ([405e267](405e267)) * **GitHub Node:** Fix issue that File->Get did not run once per item ([#8190](#8190)) ([11cda41](11cda41)) * **Invoice Ninja Node:** Fix issue with custom invoice numbers not working with v5 ([#8200](#8200)) ([3b6ae2d](3b6ae2d)) * **Microsoft Excel 365 Node:** Ensure arg is string during worksheet table search ([#8154](#8154)) ([8e873ca](8e873ca)) * **Notion Node:** Ensure arg is string during page ID extraction ([#8153](#8153)) ([e94b8a6](e94b8a6)) * **Redis Trigger Node:** Activating a workflow with a Redis trigger fails ([#8129](#8129)) ([a169b74](a169b74)) * **Schedule Trigger Node:** Use the correct `moment` import ([#8185](#8185)) ([17a4e2e](17a4e2e)) * Show public API upgrade CTA when feature is not enabled ([#8109](#8109)) ([e9c7fd7](e9c7fd7)) ### Features * **core:** Add closeFunction support to Sub-Nodes ([#7708](#7708)) ([bec0fae](bec0fae)) * **core:** Add user.profile.beforeUpdate hook ([#8144](#8144)) ([e126ed7](e126ed7)) * **core:** Improvements/overhaul for nodes working with binary data ([#7651](#7651)) ([5e16dd4](5e16dd4)) * **core:** Remove discontinued crypto-js ([#8104](#8104)) ([01e9a79](01e9a79)) * **core:** Unify application components shutdown ([#8097](#8097)) ([3a881be](3a881be)) * **editor:** Add node execution status indicator to output panel ([#8124](#8124)) ([ab74bad](ab74bad)) * **editor:** Add template Id to workflow metadata ([#8088](#8088)) ([517b050](517b050)) * **Home Assistant Node:** Use the new Home Assistant logo ([#8150](#8150)) ([518a99e](518a99e)) * **Qdrant Vector Store Node:** Qdrant vector store support ([#8080](#8080)) ([66460f6](66460f6)) * **Wordpress Node:** Add option to ignore error when using self signed certificates ([#8199](#8199)) ([65c8e12](65c8e12)) Co-authored-by: ivov <[email protected]>
|
Got released with |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
also refactored the code to
scope === 'global', since this code can be used only for changing globalRole.Review / Merge checklist