From 700c62174103c2238470a9e1aa59e224352f769f Mon Sep 17 00:00:00 2001
From: Midigo Frank <39288959+midigofrank@users.noreply.github.com>
Date: Thu, 6 Feb 2025 14:55:38 +0300
Subject: [PATCH]  Dont allow special characters in credential names (#2909)

---
 lib/lightning/credentials/credential.ex          | 3 +++
 test/lightning_web/live/credential_live_test.exs | 4 ++++
 2 files changed, 7 insertions(+)

diff --git a/lib/lightning/credentials/credential.ex b/lib/lightning/credentials/credential.ex
index 5c33e85b66..c1130ef833 100644
--- a/lib/lightning/credentials/credential.ex
+++ b/lib/lightning/credentials/credential.ex
@@ -49,6 +49,9 @@ defmodule Lightning.Credentials.Credential do
     )
     |> assoc_constraint(:user)
     |> assoc_constraint(:oauth_client)
+    |> validate_format(:name, ~r/^[a-zA-Z0-9_\- ]*$/,
+      message: "credential name has invalid format"
+    )
     |> validate_oauth()
     |> validate_transfer_ownership()
   end
diff --git a/test/lightning_web/live/credential_live_test.exs b/test/lightning_web/live/credential_live_test.exs
index 5f2e8289df..f409fdb868 100644
--- a/test/lightning_web/live/credential_live_test.exs
+++ b/test/lightning_web/live/credential_live_test.exs
@@ -299,6 +299,10 @@ defmodule LightningWeb.CredentialLiveTest do
              |> form("#credential-form-new", credential: %{name: ""})
              |> render_change() =~ "can&#39;t be blank"
 
+      assert index_live
+             |> form("#credential-form-new", credential: %{name: "MailChimp'24"})
+             |> render_change() =~ "credential name has invalid format"
+
       {:ok, _index_live, html} =
         index_live
         |> form("#credential-form-new", credential: @create_attrs)