From f957bbd9da48480c7f11480f584767ce97b248db Mon Sep 17 00:00:00 2001
From: h7x4 <h7x4@nani.wtf>
Date: Sat, 17 Aug 2024 22:30:30 +0200
Subject: [PATCH] Don't validate prefixes and postfixes for db item ownership

---
 src/core/database_privileges.rs       |  4 ++-
 src/core/protocol/server_responses.rs |  9 +------
 src/server/input_sanitization.rs      | 36 ++++++---------------------
 3 files changed, 11 insertions(+), 38 deletions(-)

diff --git a/src/core/database_privileges.rs b/src/core/database_privileges.rs
index b1f185a..847108f 100644
--- a/src/core/database_privileges.rs
+++ b/src/core/database_privileges.rs
@@ -160,7 +160,9 @@ pub fn generate_editor_content_from_privilege_data(
     database_name: Option<&str>,
 ) -> String {
     let example_user = format!("{}_user", unix_user);
-    let example_db = database_name.unwrap_or(&format!("{}_db", unix_user)).to_string();
+    let example_db = database_name
+        .unwrap_or(&format!("{}_db", unix_user))
+        .to_string();
 
     // NOTE: `.max()`` fails when the iterator is empty.
     //       In this case, we know that the only fields in the
diff --git a/src/core/protocol/server_responses.rs b/src/core/protocol/server_responses.rs
index 23b89c2..e5f56ec 100644
--- a/src/core/protocol/server_responses.rs
+++ b/src/core/protocol/server_responses.rs
@@ -95,8 +95,7 @@ impl OwnerValidationError {
                     .join("\n"),
             )
             .to_owned(),
-
-            _ => format!(
+            OwnerValidationError::StringEmpty => format!(
                 "'{}' is not a valid {} name.",
                 name,
                 db_or_user.lowercased()
@@ -113,12 +112,6 @@ pub enum OwnerValidationError {
 
     // The name is empty, which is invalid
     StringEmpty,
-
-    // The name is in the format "_<postfix>", which is invalid
-    MissingPrefix,
-
-    // The name is in the format "<prefix>_", which is invalid
-    MissingPostfix,
 }
 
 pub type CreateDatabasesOutput = BTreeMap<String, Result<(), CreateDatabaseError>>;
diff --git a/src/server/input_sanitization.rs b/src/server/input_sanitization.rs
index 6ce5201..3026f05 100644
--- a/src/server/input_sanitization.rs
+++ b/src/server/input_sanitization.rs
@@ -43,18 +43,14 @@ pub fn validate_ownership_by_prefixes(
         return Err(OwnerValidationError::StringEmpty);
     }
 
-    if name.starts_with('_') {
-        return Err(OwnerValidationError::MissingPrefix);
-    }
-
-    let (prefix, _) = match name.split_once('_') {
-        Some(pair) => pair,
-        None => return Err(OwnerValidationError::MissingPostfix),
-    };
-
-    if !prefixes.iter().any(|g| g == prefix) {
+    if prefixes
+        .iter()
+        .filter(|p| name.starts_with(*p))
+        .collect::<Vec<_>>()
+        .is_empty()
+    {
         return Err(OwnerValidationError::NoMatch);
-    }
+    };
 
     Ok(())
 }
@@ -115,24 +111,6 @@ mod tests {
             Err(OwnerValidationError::StringEmpty)
         );
 
-        assert_eq!(
-            validate_ownership_by_prefixes("user", &prefixes),
-            Err(OwnerValidationError::MissingPostfix)
-        );
-        assert_eq!(
-            validate_ownership_by_prefixes("something", &prefixes),
-            Err(OwnerValidationError::MissingPostfix)
-        );
-        assert_eq!(
-            validate_ownership_by_prefixes("user-testdb", &prefixes),
-            Err(OwnerValidationError::MissingPostfix)
-        );
-
-        assert_eq!(
-            validate_ownership_by_prefixes("_testdb", &prefixes),
-            Err(OwnerValidationError::MissingPrefix)
-        );
-
         assert_eq!(
             validate_ownership_by_prefixes("user_testdb", &prefixes),
             Ok(())