diff --git a/kairon/shared/account/processor.py b/kairon/shared/account/processor.py index abcc1ec65..b006035af 100644 --- a/kairon/shared/account/processor.py +++ b/kairon/shared/account/processor.py @@ -169,6 +169,9 @@ def add_bot( if Utility.check_empty_string(name): raise AppException("Bot Name cannot be empty or blank spaces") + if name and Utility.special_match(name): + raise AppException("Invalid name! Only letters, numbers, and underscores (_) are allowed.") + if not Utility.check_character_limit(name): raise AppException("Bot Name cannot be more than 60 characters.") @@ -221,6 +224,10 @@ def list_bots(account_id: int): def update_bot(name: Text, bot: Text): if Utility.check_empty_string(name): raise AppException('Name cannot be empty') + + if name and Utility.special_match(name): + raise AppException("Invalid name! Only letters, numbers, and underscores (_) are allowed.") + if not Utility.check_character_limit(name): raise AppException("Bot Name cannot be more than 60 characters.") try: diff --git a/kairon/shared/data/processor.py b/kairon/shared/data/processor.py index bfc3fc674..65c37e5eb 100644 --- a/kairon/shared/data/processor.py +++ b/kairon/shared/data/processor.py @@ -4131,6 +4131,9 @@ def update_http_config(self, request_data: Dict, user: str, bot: str): :param bot: bot id :return: Http configuration id for updated Http action config """ + if request_data.get("action_name") and Utility.special_match(request_data.get("action_name")): + raise AppException("Invalid name! Only letters, numbers, and underscores (_) are allowed.") + if not Utility.is_exist( HttpActionConfig, raise_error=False, @@ -4328,6 +4331,8 @@ def update_pyscript_action(self, request_data: Dict, user: str, bot: str): :param bot: bot id :return: Pyscript configuration id for updated Pyscript action config """ + if request_data.get("name") and Utility.special_match(request_data.get("name")): + raise AppException("Invalid name! Only letters, numbers, and underscores (_) are allowed.") if not Utility.is_exist( PyscriptActionConfig, @@ -4380,6 +4385,8 @@ def update_db_action(self, request_data: Dict, user: str, bot: str): :param bot: bot id :return: VectorDb configuration id for updated VectorDb action config """ + if request_data.get("name") and Utility.special_match(request_data.get("name")): + raise AppException("Invalid name! Only letters, numbers, and underscores (_) are allowed.") if not Utility.is_exist( DatabaseAction, @@ -4604,6 +4611,9 @@ def edit_google_search_action(self, action_config: dict, bot: Text, user: Text): :param user: user id :return: None """ + if action_config.get("name") and Utility.special_match(action_config.get("name")): + raise AppException("Invalid name! Only letters, numbers, and underscores (_) are allowed.") + if not Utility.is_exist( GoogleSearchAction, raise_error=False, @@ -5720,6 +5730,9 @@ def edit_synonym( :return: None :raises: AppException """ + if not Utility.check_empty_string(name) and Utility.special_match(name): + raise AppException("Invalid name! Only letters, numbers, and underscores (_) are allowed.") + values = list( EntitySynonyms.objects( name__iexact=name, value__exact=value, bot=bot, status=True @@ -6157,6 +6170,10 @@ def edit_regex(self, regex_dict: Dict, bot, user): regex_dict.get("name") ) or Utility.check_empty_string(regex_dict.get("pattern")): raise AppException("Regex name and pattern cannot be empty or blank spaces") + + if regex_dict.get("name") and Utility.special_match(regex_dict.get("name")): + raise AppException("Invalid name! Only letters, numbers, and underscores (_) are allowed.") + try: regex = RegexFeatures.objects( name__iexact=regex_dict.get("name"), bot=bot, status=True @@ -6329,6 +6346,9 @@ def edit_lookup_value( :return: None :raises: AppException """ + if not Utility.check_empty_string(name) and Utility.special_match(name): + raise AppException("Invalid name! Only letters, numbers, and underscores (_) are allowed.") + lookup_exist = Utility.is_exist( Lookup, raise_error=False, name__iexact=name, bot=bot, status=True ) @@ -6820,6 +6840,9 @@ def list_slot_set_actions(bot: Text, with_doc_id: bool = True): @staticmethod def edit_slot_set_action(action: dict, bot: Text, user: Text): + if action.get("name") and Utility.special_match(action.get("name")): + raise AppException("Invalid name! Only letters, numbers, and underscores (_) are allowed.") + set_slots = [] try: for slot in action["set_slots"]: @@ -6982,6 +7005,9 @@ def edit_email_action(self, action: dict, bot: Text, user: Text): :param user: user id :return: None """ + if action.get("action_name") and Utility.special_match(action.get("action_name")): + raise AppException("Invalid name! Only letters, numbers, and underscores (_) are allowed.") + if not Utility.is_exist( EmailActionConfig, raise_error=False, @@ -7069,6 +7095,9 @@ def edit_jira_action(self, action: dict, bot: Text, user: Text): :param user: user id :return: None """ + if action.get("name") and Utility.special_match(action.get("name")): + raise AppException("Invalid name! Only letters, numbers, and underscores (_) are allowed.") + if not Utility.is_exist( JiraAction, raise_error=False, name=action.get("name"), bot=bot, status=True ): @@ -7148,6 +7177,9 @@ def edit_zendesk_action(self, action: dict, bot: Text, user: Text): :param user: user id :return: None """ + if action.get("name") and Utility.special_match(action.get("name")): + raise AppException("Invalid name! Only letters, numbers, and underscores (_) are allowed.") + if not Utility.is_exist( ZendeskAction, raise_error=False, @@ -7218,6 +7250,9 @@ def edit_pipedrive_action(self, action: dict, bot: Text, user: Text): :param user: user id :return: None """ + if action.get("name") and Utility.special_match(action.get("name")): + raise AppException("Invalid name! Only letters, numbers, and underscores (_) are allowed.") + if not Utility.is_exist( PipedriveLeadsAction, raise_error=False, @@ -7290,6 +7325,9 @@ def edit_hubspot_forms_action(self, action: dict, bot: Text, user: Text): :param user: user id :return: None """ + if action.get("name") and Utility.special_match(action.get("name")): + raise AppException("Invalid name! Only letters, numbers, and underscores (_) are allowed.") + if not Utility.is_exist( HubspotFormsAction, raise_error=False, @@ -7765,6 +7803,9 @@ def edit_prompt_action( :param bot: bot id :param user: user """ + if request_data.get("name") and Utility.special_match(request_data.get("name")): + raise AppException("Invalid name! Only letters, numbers, and underscores (_) are allowed.") + if not Utility.is_exist( PromptAction, id=prompt_action_id, raise_error=False, bot=bot, status=True ): @@ -8186,6 +8227,9 @@ def edit_razorpay_action(self, request_data: dict, bot: Text, user: Text): :param user: user :param name: action name """ + if request_data.get("name") and Utility.special_match(request_data.get("name")): + raise AppException("Invalid name! Only letters, numbers, and underscores (_) are allowed.") + if not Utility.is_exist( RazorpayAction, raise_error=False, @@ -8308,6 +8352,7 @@ def is_live_agent_enabled(self, bot: Text, check_in_utils: bool = True): if not check_in_utils: return True return Utility.is_exist(LiveAgentActionConfig, raise_error=False, bot=bot, status=True) + def add_callback(self, request_data: dict, bot: Text): """ Add callback config. @@ -8439,6 +8484,9 @@ def edit_callback_action(self, request_data: dict, bot: Text, user: Text): if not name: raise AppException("Action name is required!") + if name and Utility.special_match(name): + raise AppException("Invalid name! Only letters, numbers, and underscores (_) are allowed.") + request_data.pop('name') callback_name = request_data.get("callback_name") @@ -8541,6 +8589,9 @@ def update_schedule_action(self, request_data: dict, bot: Text, user: Text): :param bot: bot id :param user: user who edit/update this """ + if request_data.get("name") and Utility.special_match(request_data.get("name")): + raise AppException("Invalid name! Only letters, numbers, and underscores (_) are allowed.") + if not Utility.is_exist( ScheduleAction, raise_error=False, diff --git a/tests/unit_test/api/api_processor_test.py b/tests/unit_test/api/api_processor_test.py index 203ed60eb..a93c1bb3d 100644 --- a/tests/unit_test/api/api_processor_test.py +++ b/tests/unit_test/api/api_processor_test.py @@ -101,6 +101,49 @@ def test_add_bot_with_character_limit_exceeded(self): AccountProcessor.add_bot(name=name, account=pytest.account, user="fshaikh@digite.com", is_new_account=True) + def test_add_bot_with_invalid_name(self): + import re + + account = pytest.account + user = "fshaikh@digite.com" + is_new_account = True + with pytest.raises(AppException, + match=re.escape("Invalid name! Only letters, numbers, and underscores (_) are allowed.")): + name = "test#21" + AccountProcessor.add_bot(name=name, account=account, user=user, is_new_account=is_new_account) + + with pytest.raises(AppException, + match=re.escape("Invalid name! Only letters, numbers, and underscores (_) are allowed.")): + name = "test@3" + AccountProcessor.add_bot(name=name, account=account, user=user, is_new_account=is_new_account) + + with pytest.raises(AppException, + match=re.escape("Invalid name! Only letters, numbers, and underscores (_) are allowed.")): + name = " test 5" + AccountProcessor.add_bot(name=name, account=account, user=user, is_new_account=is_new_account) + + def test_update_bot_with_invalid_name(self): + import re + + account = pytest.account + user = "fshaikh@digite.com" + is_new_account = True + bot = "test_bot" + with pytest.raises(AppException, + match=re.escape("Invalid name! Only letters, numbers, and underscores (_) are allowed.")): + name = "test?17" + AccountProcessor.update_bot(name=name, bot=bot) + + with pytest.raises(AppException, + match=re.escape("Invalid name! Only letters, numbers, and underscores (_) are allowed.")): + name = "test-7" + AccountProcessor.update_bot(name=name, bot=bot) + + with pytest.raises(AppException, + match=re.escape("Invalid name! Only letters, numbers, and underscores (_) are allowed.")): + name = "18" + AccountProcessor.update_bot(name=name, bot=bot) + def test_add_bot(self): bot_response = AccountProcessor.add_bot("test", pytest.account, "fshaikh@digite.com", True) bot = Bot.objects(name="test").get().to_mongo().to_dict() diff --git a/tests/unit_test/data_processor/data_processor2_test.py b/tests/unit_test/data_processor/data_processor2_test.py index 07682c5bf..b7d20d574 100644 --- a/tests/unit_test/data_processor/data_processor2_test.py +++ b/tests/unit_test/data_processor/data_processor2_test.py @@ -214,6 +214,76 @@ def test_add_lookup_with_invalid_name(): processor.add_lookup("lookup'name", bot, user) +def test_edit_lookup_with_invalid_name(): + processor = MongoProcessor() + bot = 'test_add_lookup_value' + user = 'test_user' + with pytest.raises(AppException, + match=re.escape("Invalid name! Only letters, numbers, and underscores (_) are allowed.")): + processor.edit_lookup_value("test_lookup_id", "two", "lookup-name", bot, user) + + with pytest.raises(AppException, + match=re.escape("Invalid name! Only letters, numbers, and underscores (_) are allowed.")): + processor.edit_lookup_value("test_lookup_id", "two", "lookup^name", bot, user) + + with pytest.raises(AppException, + match=re.escape("Invalid name! Only letters, numbers, and underscores (_) are allowed.")): + processor.edit_lookup_value("test_lookup_id", "two", "lookup`name", bot, user) + + with pytest.raises(AppException, + match=re.escape("Invalid name! Only letters, numbers, and underscores (_) are allowed.")): + processor.edit_lookup_value("test_lookup_id", "two", "lookup/name", bot, user) + + with pytest.raises(AppException, + match=re.escape("Invalid name! Only letters, numbers, and underscores (_) are allowed.")): + processor.edit_lookup_value("test_lookup_id", "two", "lookup'name", bot, user) + + +def test_edit_synonym_with_invalid_name(): + processor = MongoProcessor() + bot = 'add_synonym' + user = 'test_user' + with pytest.raises(AppException, + match=re.escape("Invalid name! Only letters, numbers, and underscores (_) are allowed.")): + processor.edit_synonym("test_synonym_id", "exp2", "synonym*name", bot, user) + + with pytest.raises(AppException, + match=re.escape("Invalid name! Only letters, numbers, and underscores (_) are allowed.")): + processor.edit_synonym("test_synonym_id", "exp2", "synonym%name", bot, user) + + with pytest.raises(AppException, + match=re.escape("Invalid name! Only letters, numbers, and underscores (_) are allowed.")): + processor.edit_synonym("test_synonym_id", "exp2", "synonym#name", bot, user) + + with pytest.raises(AppException, + match=re.escape("Invalid name! Only letters, numbers, and underscores (_) are allowed.")): + processor.edit_synonym("test_synonym_id", "exp2", "synonym|name", bot, user) + + with pytest.raises(AppException, + match=re.escape("Invalid name! Only letters, numbers, and underscores (_) are allowed.")): + processor.edit_synonym("test_synonym_id", "exp2", "synonym-name", bot, user) + + with pytest.raises(AppException, + match=re.escape("Invalid name! Only letters, numbers, and underscores (_) are allowed.")): + processor.edit_synonym("test_synonym_id", "exp2", "synonym+name", bot, user) + + with pytest.raises(AppException, + match=re.escape("Invalid name! Only letters, numbers, and underscores (_) are allowed.")): + processor.edit_synonym("test_synonym_id", "exp2", "synonym,name", bot, user) + + with pytest.raises(AppException, + match=re.escape("Invalid name! Only letters, numbers, and underscores (_) are allowed.")): + processor.edit_synonym("test_synonym_id", "exp2", "synonym?name", bot, user) + + with pytest.raises(AppException, + match=re.escape("Invalid name! Only letters, numbers, and underscores (_) are allowed.")): + processor.edit_synonym("test_synonym_id", "exp2", "synonym_>name", bot, user) + + with pytest.raises(AppException, + match=re.escape("Invalid name! Only letters, numbers, and underscores (_) are allowed.")): + processor.edit_synonym("test_synonym_id", "exp2", "synonym\name", bot, user) + + def test_add_synonym_with_invalid_name(): processor = MongoProcessor() bot = 'add_synonym' @@ -284,6 +354,31 @@ def test_add_regex_with_invalid_name(): processor.add_regex({"name": "regex name", "pattern": "exp"}, bot, user) +def test_edit_regex_with_invalid_name(): + processor = MongoProcessor() + bot = 'test_add_regex' + user = 'test_user' + with pytest.raises(AppException, + match=re.escape("Invalid name! Only letters, numbers, and underscores (_) are allowed.")): + processor.edit_regex({"name": "regex name", "pattern": "exp"}, bot, user) + + with pytest.raises(AppException, + match=re.escape("Invalid name! Only letters, numbers, and underscores (_) are allowed.")): + processor.edit_regex({"name": "regex.name", "pattern": "exp"}, bot, user) + + with pytest.raises(AppException, + match=re.escape("Invalid name! Only letters, numbers, and underscores (_) are allowed.")): + processor.edit_regex({"name": " regex-name", "pattern": "exp"}, bot, user) + + with pytest.raises(AppException, + match=re.escape("Invalid name! Only letters, numbers, and underscores (_) are allowed.")): + processor.edit_regex({"name": "regex*name", "pattern": "exp"}, bot, user) + + with pytest.raises(AppException, + match=re.escape("Invalid name! Only letters, numbers, and underscores (_) are allowed.")): + processor.edit_regex({"name": "regex name", "pattern": "exp"}, bot, user) + + def test_add_http_action_config_with_invalid_name(): processor = MongoProcessor() bot = 'test_bot' @@ -302,6 +397,24 @@ def test_add_http_action_config_with_invalid_name(): processor.add_http_action_config(config, user, bot) +def test_update_http_config_with_invalid_name(): + processor = MongoProcessor() + bot = 'test_bot' + user = 'test_user' + config = { + "action_name": "http-action", + "response": {"value": "string"}, + "http_url": "http://www.google.com", + "request_method": "GET", + "http_params_list": [ + {"key": "testParam1", "parameter_type": "value", "value": "testValue1"} + ], + } + with pytest.raises(AppException, + match=re.escape("Invalid name! Only letters, numbers, and underscores (_) are allowed.")): + processor.update_http_config(config, user, bot) + + def test_add_slot_set_action_with_invalid_name(): processor = MongoProcessor() bot = 'test_bot' @@ -318,6 +431,22 @@ def test_add_slot_set_action_with_invalid_name(): processor.add_slot_set_action(config, user, bot) +def test_edit_slot_set_action_with_invalid_name(): + processor = MongoProcessor() + bot = 'test_bot' + user = 'test_user' + config = { + "name": "action-set-name-slot", + "set_slots": [ + {"name": "name", "type": "from_value", "value": 5}, + {"name": "age", "type": "reset_slot"}, + ], + } + with pytest.raises(AppException, + match=re.escape("Invalid name! Only letters, numbers, and underscores (_) are allowed.")): + processor.edit_slot_set_action(config, user, bot) + + def test_add_email_action_with_invalid_name(): processor = MongoProcessor() bot = 'test_bot' @@ -339,6 +468,27 @@ def test_add_email_action_with_invalid_name(): processor.add_email_action(config, user, bot) +def test_edit_email_action_with_invalid_name(): + processor = MongoProcessor() + bot = 'test_bot' + user = 'test_user' + config = { + "action_name": "email~config", + "smtp_url": "test.test.com", + "smtp_port": 25, + "smtp_userid": None, + "smtp_password": {"value": "test"}, + "from_email": {"value": "from_email", "parameter_type": "slot"}, + "to_email": {"value": ["test@test.com", "test1@test.com"], "parameter_type": "value"}, + "subject": "Test Subject", + "response": "Test Response", + "tls": False, + } + with pytest.raises(AppException, + match=re.escape("Invalid name! Only letters, numbers, and underscores (_) are allowed.")): + processor.edit_email_action(config, user, bot) + + def test_add_google_action_with_invalid_name(): processor = MongoProcessor() bot = 'test_bot' @@ -355,6 +505,22 @@ def test_add_google_action_with_invalid_name(): processor.add_google_search_action(config, user, bot) +def test_edit_google_search_action_with_invalid_name(): + processor = MongoProcessor() + bot = 'test_bot' + user = 'test_user' + config = { + "name": "google>custom