fix(error) validate credential store id when creating username/password credentials (#2231)

4 years ago · afd4437492
parent 9af6c09c36
commit afd4437492
2 changed files with 16 additions and 1 deletions
--- a/internal/daemon/controller/handlers/credentials/credential_service.go
+++ b/internal/daemon/controller/handlers/credentials/credential_service.go
@ -539,7 +539,7 @@ func validateCreateRequest(req *pbs.CreateCredentialRequest) error {
 		if req.Item.GetType() != static.UsernamePasswordSubtype.String() {
 			badFields[globals.TypeField] = fmt.Sprintf("Unsupported credential type %q", req.Item.GetType())
 		}
-		if req.Item.GetCredentialStoreId() == "" {
+		if !handlers.ValidId(handlers.Id(req.Item.GetCredentialStoreId()), static.CredentialStorePrefix) {
 			badFields[globals.CredentialStoreIdField] = "This field must be a valid credential store id."
 		}

--- a/internal/daemon/controller/handlers/credentials/credential_service_test.go
+++ b/internal/daemon/controller/handlers/credentials/credential_service_test.go
@ -346,6 +346,21 @@ func TestCreate(t *testing.T) {
 			res: nil,
 			err: handlers.ApiErrorWithCode(codes.InvalidArgument),
 		},
+		{
+			name: "Invalid Credential Store Id",
+			req: &pbs.CreateCredentialRequest{Item: &pb.Credential{
+				CredentialStoreId: "p_invalidid",
+				Type:              static.UsernamePasswordSubtype.String(),
+				Attrs: &pb.Credential_UsernamePasswordAttributes{
+					UsernamePasswordAttributes: &pb.UsernamePasswordAttributes{
+						Username: wrapperspb.String("username"),
+						Password: wrapperspb.String("password"),
+					},
+				},
+			}},
+			res: nil,
+			err: handlers.ApiErrorWithCode(codes.InvalidArgument),
+		},
 		{
 			name: "Can't specify Created Time",
 			req: &pbs.CreateCredentialRequest{Item: &pb.Credential{