Merge pull request #5562 from LibreSign/fix/validate-display-name

vitormattos · web-flow · commit cded452f36d4 · 2025-10-13T20:22:49.000-03:00
chore: valdiate display name at API side
diff --git a/lib/Helper/ValidateHelper.php b/lib/Helper/ValidateHelper.php
@@ -522,9 +522,17 @@ private function validateSignerData(mixed $signer): void {
 			throw new LibresignException($this->l10n->t('No signers'));
 		}
 
+		$this->validateSignerDisplayName($signer);
 		$this->validateSignerIdentifyMethods($signer);
 	}
 
+	private function validateSignerDisplayName(array $signer): void {
+		if (isset($signer['displayName']) && strlen($signer['displayName']) > 64) {
+			// It's an api error, don't translate
+			throw new LibresignException('Display name must not be longer than 64 characters');
+		}
+	}
+
 	private function validateSignerIdentifyMethods(array $signer): void {
 		$normalizedMethods = $this->normalizeIdentifyMethods($signer);
 
diff --git a/tests/php/Unit/Helper/ValidateHelperTest.php b/tests/php/Unit/Helper/ValidateHelperTest.php
@@ -851,6 +851,60 @@ public static function providerValidateIdentifySigners(): array {
 				true, // should throw
 				'Invalid identify method structure'
 			],
+			'valid displayName within 64 characters' => [
+				[
+					'users' => [
+						[
+							'displayName' => 'Valid Display Name',
+							'identify' => [
+								'account' => 'user@example.com'
+							]
+						]
+					]
+				],
+				false, // should not throw
+			],
+			'displayName exactly 64 characters' => [
+				[
+					'users' => [
+						[
+							'displayName' => str_repeat('A', 64),
+							'identify' => [
+								'account' => 'user@example.com'
+							]
+						]
+					]
+				],
+				false, // should not throw
+			],
+			'displayName too long - 65 characters' => [
+				[
+					'users' => [
+						[
+							'displayName' => str_repeat('A', 65),
+							'identify' => [
+								'account' => 'user@example.com'
+							]
+						]
+					]
+				],
+				true, // should throw
+				'Display name must not be longer than 64 characters'
+			],
+			'displayName too long - 100 characters' => [
+				[
+					'users' => [
+						[
+							'displayName' => str_repeat('B', 100),
+							'identify' => [
+								'account' => 'user@example.com'
+							]
+						]
+					]
+				],
+				true, // should throw
+				'Display name must not be longer than 64 characters'
+			],
 		];
 	}
 }
