fix: issue with querying private apps by path or apps with paths over 30 characters (!3552) · Merge requests · Appsemble / Appsemble

Nikolay Gruychev requested to merge hotfix-app-paths-security into main Apr 19, 2024

Before assigning a reviewer go through the following checklist, and make sure to test your changes manually (if possible).

Make sure to read the CONTRIBUTING.md for best practices and guidelines.
~~Make sure to put the merge request on draft: if it's not ready.~~
~~If this merge requests closes an issue, make sure the merge request description contains, closes #the-issue-number.~~
~~If this merge request only relates to an issue, refer to the issue with refs #the-issue-number.~~
If there is no related issue, consider adding a description and add labels accordingly.
If this is a bug fix, consider adding regression tests.
~~If this is blocked by another merge request, make sure to make it depend.~~

Steps to reproduce:

Log in to appsemble.app
Create or visit a Private app's page in the studio that you should have access to (e.g. Owner in organizatio)
Error

For the second issue:

Visit https://appsemble.app/en/apps/werkplek-reservering-17c36c2bb3
Error

Reason for the second issue: if a suitable app path cannot be generated, a random suffix is added - a dash and 5 random bytes, a total of 11 characters. If an app's name is 20 characters or more, that breaks appPath path parameter in the API schema, resulting in runtime errors upon request

Edited Apr 19, 2024 by Nikolay Gruychev

fix: issue with querying private apps by path or apps with paths over 30 characters

Merge request reports