External Authentication IDs are truncated when the value entered has more than 200 characters #4799

New Issue

OVERLORD · 2026-02-05T09:16:37+03:00

OVERLORD commented

2026-02-05 09:16:37 +03:00

Originally created by @cdrfun on GitHub (May 30, 2024).

Describe the Bug

When editing a Role and linking it to multiple External Authentication IDs, you may extend the 200 character length the field has in the database. When this happens, no error is shown. Instead, the string is silently truncated.

Steps to Reproduce

Open Role
Add more than 200 characters
Save
Open Role
Only 200 characters are present

Expected Behaviour

One could argue it should be possible to add more than 200 characters, as you can enter a list of any number of external ids.

But at least there should be a warning, that the string is being truncated. The user won't recognize this otherwise.

Screenshots or Additional Context

No response

Browser Details

Firefox 24.02.3 Windows 10

Exact BookStack Version

v24.02.3

Originally created by @cdrfun on GitHub (May 30, 2024). ### Describe the Bug When editing a Role and linking it to multiple External Authentication IDs, you may extend the 200 character length the field has in the database. When this happens, no error is shown. Instead, the string is silently truncated. ### Steps to Reproduce 1. Open Role 2. Add more than 200 characters 3. Save 4. Open Role 5. Only 200 characters are present ### Expected Behaviour One could argue it should be possible to add more than 200 characters, as you can enter a list of any number of external ids. But at least there should be a warning, that the string is being truncated. The user won't recognize this otherwise. ### Screenshots or Additional Context _No response_ ### Browser Details Firefox 24.02.3 Windows 10 ### Exact BookStack Version v24.02.3

OVERLORD added the 🐛 Bug label 2026-02-05 09:16:37 +03:00

OVERLORD closed this issue

2026-02-05 09:16:38 +03:00

OVERLORD commented

2026-02-05 09:16:39 +03:00

@ssddanbrown commented on GitHub (Jun 8, 2024):

Thanks for reporting @cdrfun, this has been patched in bddc6ae66b to be part of the next release to add validation for this.

During editing, I found that the existing max was 180, not 200. If you're confident it's 200 in your environment (and that's non-modified from default) please let me know as I'd need to do some further investigation.

@ssddanbrown commented on GitHub (Jun 8, 2024): Thanks for reporting @cdrfun, this has been patched in bddc6ae66bb8094c2c16df64d55663901d5eebd6 to be part of the next release to add validation for this. During editing, I found that the existing max was 180, not 200. If you're confident it's 200 in your environment (and that's non-modified from default) please let me know as I'd need to do some further investigation.

OVERLORD commented

2026-02-05 09:16:40 +03:00

@cdrfun commented on GitHub (Jun 11, 2024):

Hi @ssddanbrown, I've doubled checked with our instance which was updated to 24.05.01 in the meantime. For me it's indeed 200 characters:

I'll update to 24.05.2 later this week and test again.

@cdrfun commented on GitHub (Jun 11, 2024): Hi @ssddanbrown, I've doubled checked with our instance which was updated to 24.05.01 in the meantime. For me it's indeed 200 characters: ![200chars](https://github.com/BookStackApp/BookStack/assets/146877/9c9034f9-a322-4886-90c3-5ef67a070185) I'll update to 24.05.2 later this week and test again.

OVERLORD commented

2026-02-05 09:16:41 +03:00

@ssddanbrown commented on GitHub (Jun 12, 2024):

Ah, okay, I think instances created between 2018 and mid 2021 would have 200 here instead of 180.
Not sure best approach, I don't want to add a whole lot of field-checking complexity to the validation step where this may affect such a narrow scenario. Right now, saving with 180 - 200 on those instances will show validation warnings to users, but the value would remain unless provided under 180 chars.

If that's a significant issue to some we could change the field if really needed.

@ssddanbrown commented on GitHub (Jun 12, 2024): Ah, okay, I think instances created between 2018 and mid 2021 would have 200 here instead of 180. Not sure best approach, I don't want to add a whole lot of field-checking complexity to the validation step where this may affect such a narrow scenario. Right now, saving with 180 - 200 on those instances will show validation warnings to users, but the value would remain unless provided under 180 chars. If that's a significant issue to some we could change the field if really needed.

OVERLORD commented

2026-02-05 09:16:43 +03:00

@cdrfun commented on GitHub (Jun 12, 2024):

Yeah, ours was created mid 2020. For us, the 180 chars limit is sufficient, we created another group in active directory to group the groups...

@cdrfun commented on GitHub (Jun 12, 2024): Yeah, ours was created mid 2020. For us, the 180 chars limit is sufficient, we created another group in active directory to group the groups...

Sign in to join this conversation.

Branches Tags

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/BookStack#4799