add rule validation

resource/locales/en-US/translation.json

@@ -125,7 +125,7 @@
   "Sign out": "Logout",
   "form_validation": {
     "required": "<code>%s</code> is required",
-    "invalid_syntax": "The syntax of <code>%s</code> is invalid."
+    "invalid_syntax": "The syntax of <code>{{target}}</code> is invalid."
   },
   "installer": {
     "setup": "Setup",

resource/locales/ja/translation.json

@@ -124,7 +124,7 @@
   "Sign out": "ログアウト",
   "form_validation": {
     "required": "<code>%s</code> に値を入力してください",
-    "invalid_syntax": "<code>%s</code> の構文が不正です"
+    "invalid_syntax": "<code>{{target}}</code> の構文が不正です"
   },
   "installer": {
     "setup": "セットアップ",

src/server/routes/apiv3/security-setting.js

@@ -642,6 +642,14 @@ module.exports = (crowi) => {
    *                  $ref: '#/components/schemas/SamlAuthSetting'
    */
   router.put('/saml', loginRequiredStrictly, adminRequired, csrf, validator.samlAuth, ApiV3FormValidator, async(req, res) => {
+
+    const rule = req.body.samlABLCRule;
+    // Empty string disables attribute-based login control.
+    // So, when rule is empty string, validation is passed.
+    if (rule !== '' && (rule == null || crowi.passportService.parseABLCRule(rule) == null)) {
+      return res.apiv3Err(req.t('form_validation.invalid_syntax', { target: req.t('security_setting.form_item_name.ABLCRule') }), 400);
+    }
+
     const requestParams = {
       'security:passport-saml:entryPoint': req.body.samlEntryPoint,
       'security:passport-saml:issuer': req.body.samlIssuer,