From d77cf77761a278dffcd012e6273a612e09cbcebc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Javi=20Mart=C3=ADn?= <javim@elretirao.net>
Date: Sun, 25 Sep 2022 16:48:23 +0200
Subject: [PATCH] Validate format of subdomains / schema names

Note we're using the `:HOST` regular expression since subdomains can
contain the same characters as domains do. This isn't 100% precise,
though, since subdomains have a maximum length of 63 characters, but is
good enough for our purposes.
---
 app/models/tenant.rb       |  3 ++-
 spec/models/tenant_spec.rb | 10 ++++++++++
 2 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/app/models/tenant.rb b/app/models/tenant.rb
index 5d8068cfc..ebfe0fdb4 100644
--- a/app/models/tenant.rb
+++ b/app/models/tenant.rb
@@ -2,7 +2,8 @@ class Tenant < ApplicationRecord
   validates :schema,
     presence: true,
     uniqueness: true,
-    exclusion: { in: ->(*) { excluded_subdomains }}
+    exclusion: { in: ->(*) { excluded_subdomains }},
+    format: { with: URI::DEFAULT_PARSER.regexp[:HOST] }
   validates :name, presence: true, uniqueness: true
 
   after_create :create_schema
diff --git a/spec/models/tenant_spec.rb b/spec/models/tenant_spec.rb
index 497ba4b5f..f22ef0d46 100644
--- a/spec/models/tenant_spec.rb
+++ b/spec/models/tenant_spec.rb
@@ -25,6 +25,16 @@ describe Tenant do
       end
     end
 
+    it "is valid with nested subdomains" do
+      tenant.schema = "multiple.sub.domains"
+      expect(tenant).to be_valid
+    end
+
+    it "is not valid with an invalid subdomain" do
+      tenant.schema = "my sub domain"
+      expect(tenant).not_to be_valid
+    end
+
     it "is not valid without a name" do
       tenant.name = ""
       expect(tenant).not_to be_valid