From 70f2e7527bf66d85cd7676b407acbaec6148f889 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Juan=20Pablo=20Villaf=C3=A1=C3=B1ez?= Date: Wed, 20 Dec 2023 13:51:35 +0100 Subject: [PATCH] fix: adjust min search length if double quotes are used --- services/graph/pkg/identity/odata.go | 5 +---- services/graph/pkg/service/v0/users.go | 12 +++++++++++- 2 files changed, 12 insertions(+), 5 deletions(-) diff --git a/services/graph/pkg/identity/odata.go b/services/graph/pkg/identity/odata.go index 556cdcfed08..ef102cd7eb4 100644 --- a/services/graph/pkg/identity/odata.go +++ b/services/graph/pkg/identity/odata.go @@ -41,9 +41,6 @@ func GetSearchValues(req *godata.GoDataQuery) (string, error) { return "", godata.NotImplementedError("complex search queries are not supported") } - searchValue := req.Search.Tree.Token.Value - if strings.HasPrefix(searchValue, "\"") && strings.HasSuffix(searchValue, "\"") { - searchValue = strings.Trim(searchValue, "\"") - } + searchValue := strings.Trim(req.Search.Tree.Token.Value, "\"") return searchValue, nil } diff --git a/services/graph/pkg/service/v0/users.go b/services/graph/pkg/service/v0/users.go index d048b7d9fb2..eec46b13d75 100644 --- a/services/graph/pkg/service/v0/users.go +++ b/services/graph/pkg/service/v0/users.go @@ -223,7 +223,17 @@ func (g Graph) GetUsers(w http.ResponseWriter, r *http.Request) { } ctxHasFullPerms := g.contextUserHasFullAccountPerms(r.Context()) - if !ctxHasFullPerms && (odataReq.Query == nil || odataReq.Query.Search == nil || len(odataReq.Query.Search.RawValue) < g.config.API.IdentitySearchMinLength) { + minSearchLength := g.config.API.IdentitySearchMinLength + searchHasAcceptableLength := false + if odataReq.Query != nil && odataReq.Query.Search != nil { + if strings.HasPrefix(odataReq.Query.Search.RawValue, "\"") { + // if search starts with double quotes then it must finish with double quotes + // add +2 to the minimum search length in this case + minSearchLength += 2 + } + searchHasAcceptableLength = len(odataReq.Query.Search.RawValue) >= minSearchLength + } + if !ctxHasFullPerms && !searchHasAcceptableLength { // for regular user the search term must have a minimum length logger.Debug().Interface("query", r.URL.Query()).Msgf("search with less than %d chars for a regular user", g.config.API.IdentitySearchMinLength) errorcode.AccessDenied.Render(w, r, http.StatusForbidden, "search term too short")