[Bug] Server-to-Server OAuth Credential name input is not properly validated #237
Description
I am following [1] to upgrade an app to support aio-cli@11. When adding the I/O Management API to the app, users are prompted to configure a credential name. During the setup, I accidentally prepended a credential name with a space, then used Download All to download the JSON file I need to feed into aio-cli.
When I tried to use aio app use, I got error [2], which was not very helpful. Looking at the app in the Dev Console doesn't show the prepended space, which you CAN see if you use the Edit button next to name on the OAuth Server-to-Server management page. Then I was able to see the space and remove it.
Further poking at this name field reveals the following:
- The form input requires the credential name to be between 6 and 45 characters, but
aio-cliregex allows 255 [3] - The UI does not state specifically which characters are allowed in the credential name
- The input field does not warn a user about potentially invalid characters in the string as the user types
- The UI does not give a helpful error when invalid characters are submitted
- The portal UI does not properly show that a name is prepended with a space
See video at [4] for demonstration.
[1]
https://developer.adobe.com/app-builder/docs/guides/app_builder_guides/deployment/cicd-custom
[2]
[casalino@macoscasalino2 ~/chimera-io (MWPW-171159-v3-security-updates|✚1…1⚑1) ]$ node_modules/.bin/aio app use ~/Downloads/chimera-14257-Dev.json
You are currently in:
1. Org: <no org selected>
2. Project: <no project selected>
3. Workspace: <no workspace selected>
› Error: Missing or invalid keys in config: [
› {
› "instancePath": "/project/workspace/details/credentials/0/name",
› "schemaPath": "#/properties/name/pattern",
› "keyword": "pattern",
› "params": {
› "pattern": "^(?=\\S).{0,255}(?<=\\S)$"
› },
› "message": "must match pattern \"^(?=\\S).{0,255}(?<=\\S)$\""
› }
› ]
[3]
^(?=\S).{0,255}(?<=\S)$