fix(identity): check for bad chars in user names (#1622)

hgw77 · web-flow · commit 7bd29913b072 · 2025-06-26T15:19:56.000+02:00
diff --git a/plugins/identity/app/controllers/identity/projects/role_assignments_controller.rb b/plugins/identity/app/controllers/identity/projects/role_assignments_controller.rb
@@ -30,6 +30,13 @@ def update
         new_roles = params[:roles]
         new_role_assignments = []
 
+        begin
+          URI.parse(user_id)
+        rescue URI::InvalidURIError
+          render json: { errors: "Invalid user Name/ID format, do not use special characters" }
+          return
+        end
+
         # render empty list if no project id provided
         render json: { roles: [] } && return if scope_project_id.blank?
 
