Validate groups on user create/update

truenas · Jan 24, 2025 · e8a2bf0 · e8a2bf0
1 parent 0b6a11f
commit e8a2bf0
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 0 deletions.
diff --git a/src/middlewared/middlewared/plugins/account.py b/src/middlewared/middlewared/plugins/account.py
@@ -1370,7 +1370,15 @@ async def common_validation(self, verrors, data, schema, group_ids, old=None):
                     'A user cannot belong to more than 64 auxiliary groups.'
                 )
 
+            existing_groups = {g['id'] for g in await self.middleware.call('datastore.query', 'account_bsdgroups')}
+
             for idx, dbid in enumerate(data.get('groups') or []):
+                if dbid not in existing_groups:
+                    verrors.add(
+                        f'{schema}.groups.{idx}',
+                        'This group does not exist.'
+                    )
+
                 if dbid >= BASE_SYNTHETIC_DATASTORE_ID:
                     verrors.add(
                         f'{schema}.groups.{idx}',

diff --git a/tests/api2/test_account.py b/tests/api2/test_account.py
@@ -166,3 +166,17 @@ def test_create_local_user_ds_group():
             pass
 
     assert DS_GRP_VERR_STR in str(ve)
+
+
+def test_create_account_invalid_gid():
+    with pytest.raises(ValidationErrors) as ve:
+        with user({
+            "username": "invalid_user",
+            "groups": [BASE_SYNTHETIC_DATASTORE_ID - 1],
+            "full_name": "invalid_user",
+            "group_create": True,
+            "password": "test1234",
+        }):
+            pass
+
+    assert "This group does not exist." in str(ve)