Skip to content

Full-stack: Make "Server url" validation conditions consistent across Fleet, update Web Address form validation and submission logic per Fleet best practices (frontend/docs/patterns.md) #27455

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
jacobshandling merged 23 commits into from
Mar 27, 2025
Merged

Full-stack: Make "Server url" validation conditions consistent across Fleet, update Web Address form validation and submission logic per Fleet best practices (frontend/docs/patterns.md) #27455

jacobshandling merged 23 commits into from
Mar 27, 2025

Conversation

@jacobshandling
Copy link
Member

@jacobshandling jacobshandling commented Mar 24, 2025
edited
Loading

For #27454

Consider Fleet web URL to be valid if it:

  • (Front end and back end): uses “https://” or “http://” scheme
    and
  • (Front end) accepts only valid or "localhost" hosts (e.g., "a.b.cc" or "localhost", but not "a.b")
  • (Back end) accepts any host (e.g., "localhost", "a.b.cc", or even "a.b")

Setup flow UI URL validation:

setup

Org settings UI URL validation:

org-settings

Server URL validation:

invalid-url-server

Invalid Fleet server URL in DB error:

invalid-url-in-db

  • Changes file added for user-visible changes in changes/,
  • Added/updated automated tests
  • A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it)
  • Manual QA for all new/changed functionality

@jacobshandling jacobshandling requested review from a team as code owners March 24, 2025 16:38
sgress454
sgress454 reviewed Mar 24, 2025
View reviewed changes
@codecov
Copy link

codecov bot commented Mar 24, 2025
edited
Loading

Codecov Report

Attention: Patch coverage is 60.86957% with 9 lines in your changes missing coverage. Please review.

Project coverage is 63.76%. Comparing base (67e5541) to head (96be402).
Report is 49 commits behind head on main.

Files with missing lines Patch % Lines
server/service/validation_setup.go 45.45% 3 Missing and 3 partials ⚠️
server/service/appconfig.go 57.14% 2 Missing and 1 partial ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main   #27455      +/-   ##
==========================================
- Coverage   63.78%   63.76%   -0.03%     
==========================================
  Files        1742     1746       +4     
  Lines      165562   165854     +292     
  Branches     4534     4536       +2     
==========================================
+ Hits       105605   105756     +151     
- Misses      51731    51836     +105     
- Partials     8226     8262      +36
Flag Coverage Δ
backend 64.57% <50.00%> (-0.03%) ⬇️
frontend 54.28% <100.00%> (+0.01%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@jacobshandling jacobshandling changed the title Full-stack: Remove server url validations Full-stack: Make "Server url" validation conditions consistent across Fleet, update Web Address form validation and submission logic per Fleet best practices (frontend/patterns.md) Mar 24, 2025
@jacobshandling jacobshandling marked this pull request as draft March 24, 2025 20:24
@jacobshandling
Copy link
Member Author

jacobshandling commented Mar 24, 2025
edited
Loading

Okay, so: PR currently has everywhere on front and backend following the same rules, and validation + submission logic on the Web Address org settings form up-to-date with Fleet's best practices

Before these updates, there were different conditions enforced in different places. The conditions for validation are now, everywhere:

If we want to refine these conditions, we can.

Significantly - this adds the requirement of a valid scheme to the Web Address org settings form, unless the URL begins with "localhost". An alternative is to not require a scheme more generally, and apply that to all 4 places outlined in this PR description. Another alternative is to only require a scheme. This could interfere with any users who have saved Fleet server URLs without schemes, which @sgress454 and I confirmed is, while not a great practice and pretty unlikely, a possible scenario.

@jacobshandling jacobshandling mentioned this pull request Mar 24, 2025
Closed
21 tasks
@jacobshandling jacobshandling changed the title Full-stack: Make "Server url" validation conditions consistent across Fleet, update Web Address form validation and submission logic per Fleet best practices (frontend/patterns.md) Full-stack: Make "Server url" validation conditions consistent across Fleet, update Web Address form validation and submission logic per (Fleet best practices)[https://github.com/fleetdm/fleet/blob/c70141f042f86bf28662aefff98e44b4137c4184/frontend/docs/patterns.md#forms] Mar 24, 2025
@jacobshandling jacobshandling changed the title Full-stack: Make "Server url" validation conditions consistent across Fleet, update Web Address form validation and submission logic per (Fleet best practices)[https://github.com/fleetdm/fleet/blob/c70141f042f86bf28662aefff98e44b4137c4184/frontend/docs/patterns.md#forms] Full-stack: Make "Server url" validation conditions consistent across Fleet, update Web Address form validation and submission logic per [Fleet best practices](https://github.com/fleetdm/fleet/blob/c70141f042f86bf28662aefff98e44b4137c4184/frontend/docs/patterns.md#forms) Mar 24, 2025
sgress454
sgress454 reviewed Mar 25, 2025
View reviewed changes
sgress454
sgress454 previously approved these changes Mar 25, 2025
View reviewed changes
Copy link
Contributor

@sgress454 sgress454 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, may as well hold off merging until after meeting w/ product later today.

frontend/components/forms/validators/valid_url/valid_url.ts Outdated
protocols,
allowAnyLocalHost = false,
}: IValidUrl): boolean => {
if (allowAnyLocalHost && url.includes("localhost")) return true;
Copy link
Contributor

@sgress454 sgress454 Mar 25, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This still allows "localhost.com" etc., which would then be blocked by the back end. I don't think it's worth the effort to handle that here before we talk to the product team about this though.

@jacobshandling
update backend validation per finalized specs
7e48d93
@jacobshandling
Only allow Fleet server URLs with "https://" or "http://"
d5ddf5e 
- Front and backend validation
- Any users with now invalid Fleet server URLs, e.g. "localhost:8080" (no protocol)
    now get an informative error whenever they try to change another setting
jacobshandling
jacobshandling commented Mar 26, 2025
View reviewed changes
frontend/utilities/error_messages.ts
@@ -1,3 +1,3 @@
const INVALID_SERVER_URL_MESSAGE = `Fleet server URL must use “https” or “http”.`;
const INVALID_SERVER_URL_MESSAGE = `Fleet server address must be a valid “https” or “http” URL.`;
Copy link
Member Author

@jacobshandling jacobshandling Mar 26, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is because the frontend actually does validate both the scheme and a valid hostname

sgress454
sgress454 reviewed Mar 27, 2025
View reviewed changes
sgress454
sgress454 reviewed Mar 27, 2025
View reviewed changes
@jacobshandling jacobshandling merged commit 748b5bc into main Mar 27, 2025
38 checks passed
@jacobshandling jacobshandling deleted the 27454-remove-server-url-validations branch March 27, 2025 20:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sharon-fdm sharon-fdm sharon-fdm left review comments

@sgress454 sgress454 sgress454 approved these changes

Assignees

@sgress454 sgress454

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@jacobshandling @sgress454 @sharon-fdm