Improved webapps directive validation
This commit is contained in:
parent
c119ef9bc0
commit
ae0968f58f
3
TODO.md
3
TODO.md
|
@ -426,3 +426,6 @@ Case
|
|||
|
||||
# Discount prepaid metric should be more optimal https://orchestra.pangea.org/admin/orders/order/40/
|
||||
# -> order.billed_metric besides billed_until
|
||||
|
||||
|
||||
# websites directives: redirect strip() and allow empty URL_path
|
||||
|
|
|
@ -34,13 +34,11 @@ class ListSerializer(AccountSerializerMixin, SetPasswordHyperlinkedSerializer):
|
|||
fields = ('url', 'id', 'name', 'password', 'address_name', 'address_domain', 'admin_email')
|
||||
postonly_fields = ('name', 'password')
|
||||
|
||||
def validate_address_domain(self, attrs, source):
|
||||
address_domain = attrs.get(source)
|
||||
address_name = attrs.get('address_name')
|
||||
def validate_address_domain(self, address_name):
|
||||
if self.instance:
|
||||
address_domain = address_domain or self.instance.address_domain
|
||||
address_name = address_name or self.instance.address_name
|
||||
if address_name and not address_domain:
|
||||
raise serializers.ValidationError(
|
||||
_("address_domains should should be provided when providing an addres_name"))
|
||||
return attrs
|
||||
return address_name
|
||||
|
|
|
@ -11,13 +11,15 @@ class PaymentSourceSerializer(AccountSerializerMixin, serializers.HyperlinkedMod
|
|||
model = PaymentSource
|
||||
fields = ('url', 'id', 'method', 'data', 'is_active')
|
||||
|
||||
def validate_data(self, attrs, source):
|
||||
plugin = PaymentMethod.get(attrs['method'])
|
||||
def validate(self, data):
|
||||
""" validate data according to method """
|
||||
data = super(PaymentSourceSerializer, self).validate(data)
|
||||
plugin = PaymentMethod.get(data['method'])
|
||||
serializer_class = plugin().get_serializer()
|
||||
serializer = serializer_class(data=attrs[source])
|
||||
serializer = serializer_class(data=data['data'])
|
||||
if not serializer.is_valid():
|
||||
raise serializers.ValidationError(serializer.errors)
|
||||
return attrs
|
||||
return data
|
||||
|
||||
def transform_data(self, obj, value):
|
||||
if not obj:
|
||||
|
|
|
@ -48,9 +48,8 @@ def insert_resource_serializers():
|
|||
except KeyError:
|
||||
continue
|
||||
# TODO this is a fucking workaround, reimplement this on the proper place
|
||||
def validate_resources(self, attrs, source, _resources=resources):
|
||||
def validate_resources(self, posted, _resources=resources):
|
||||
""" Creates missing resources """
|
||||
posted = attrs.get(source, [])
|
||||
result = []
|
||||
resources = list(_resources)
|
||||
for data in posted:
|
||||
|
@ -67,8 +66,7 @@ def insert_resource_serializers():
|
|||
if not resource.on_demand:
|
||||
data.allocated = resource.default_allocation
|
||||
result.append(data)
|
||||
attrs[source] = result
|
||||
return attrs
|
||||
return result
|
||||
viewset = router.get_viewset(model)
|
||||
viewset.serializer_class.validate_resources = validate_resources
|
||||
|
||||
|
|
|
@ -62,6 +62,10 @@ class SystemUserFormMixin(object):
|
|||
};""" % username
|
||||
)
|
||||
|
||||
def clean_directory(self):
|
||||
directory = self.cleaned_data['directory']
|
||||
return directory.lstrip('/')
|
||||
|
||||
def clean(self):
|
||||
super(SystemUserFormMixin, self).clean()
|
||||
cleaned_data = self.cleaned_data
|
||||
|
@ -113,6 +117,10 @@ class PermissionForm(forms.Form):
|
|||
(user.get_base_home(), user.get_base_home()) for user in related_users
|
||||
)
|
||||
|
||||
def clean_home_extension(self):
|
||||
home_extension = self.cleaned_data['home_extension']
|
||||
return home_extension.lstrip('/')
|
||||
|
||||
def clean(self):
|
||||
cleaned_data = super(PermissionForm, self).clean()
|
||||
path = os.path.join(cleaned_data['base_home'], cleaned_data['home_extension'])
|
||||
|
|
|
@ -96,6 +96,7 @@ class SystemUser(models.Model):
|
|||
super(SystemUser, self).save(*args, **kwargs)
|
||||
|
||||
def clean(self):
|
||||
self.directory = self.directory.lstrip('/')
|
||||
if self.home:
|
||||
self.home = os.path.normpath(self.home)
|
||||
if self.directory:
|
||||
|
|
|
@ -24,20 +24,20 @@ class SystemUserSerializer(AccountSerializerMixin, SetPasswordHyperlinkedSeriali
|
|||
)
|
||||
postonly_fields = ('username', 'password')
|
||||
|
||||
def validate(self, attrs):
|
||||
attrs = super(SystemUserSerializer, self).validate(attrs)
|
||||
user = SystemUser(
|
||||
username=attrs.get('username') or self.instance.username,
|
||||
shell=attrs.get('shell') or self.instance.shell,
|
||||
)
|
||||
validate_home(user, attrs, self.get_account())
|
||||
return attrs
|
||||
def validate_directory(self, directory):
|
||||
return directory.lstrip('/')
|
||||
|
||||
def validate_groups(self, attrs, source):
|
||||
groups = attrs.get(source)
|
||||
def validate(self, data):
|
||||
data = super(SystemUserSerializer, self).validate(data)
|
||||
user = SystemUser(
|
||||
username=data.get('username') or self.instance.username,
|
||||
shell=data.get('shell') or self.instance.shell,
|
||||
)
|
||||
validate_home(user, data, self.get_account())
|
||||
groups = data.get('groups')
|
||||
if groups:
|
||||
for group in groups:
|
||||
if group.username == attrs['username']:
|
||||
if group.username == data['username']:
|
||||
raise serializers.ValidationError(
|
||||
_("Do not make the user member of its group"))
|
||||
return attrs
|
||||
return data
|
||||
|
|
|
@ -6,7 +6,7 @@ from django.utils.translation import ugettext_lazy as _
|
|||
from orchestra.contrib.orchestration import Operation
|
||||
|
||||
|
||||
def validate_path_exists(user, path, ):
|
||||
def validate_path_exists(user, path):
|
||||
user.path_to_validate = path
|
||||
log = Operation.execute_action(user, 'validate_path_exists')[0]
|
||||
if 'path does not exists' in log.stderr:
|
||||
|
|
|
@ -84,12 +84,13 @@ class SiteDirective(Plugin):
|
|||
if errors:
|
||||
raise ValidationError(errors)
|
||||
|
||||
def validate(self, website):
|
||||
if self.regex and not re.match(self.regex, website.value):
|
||||
def validate(self, directive):
|
||||
directive.value = directive.value.strip()
|
||||
if self.regex and not re.match(self.regex, directive.value):
|
||||
raise ValidationError({
|
||||
'value': ValidationError(_("'%(value)s' does not match %(regex)s."),
|
||||
params={
|
||||
'value': website.value,
|
||||
'value': directive.value,
|
||||
'regex': self.regex
|
||||
}),
|
||||
})
|
||||
|
@ -99,20 +100,25 @@ class Redirect(SiteDirective):
|
|||
name = 'redirect'
|
||||
verbose_name = _("Redirection")
|
||||
help_text = _("<tt><website path> <destination URL></tt>")
|
||||
regex = r'^[^ ]+\s[^ ]+$'
|
||||
regex = r'^[^ ]*\s[^ ]+$'
|
||||
group = SiteDirective.HTTPD
|
||||
unique_value = True
|
||||
unique_location = True
|
||||
|
||||
def validate(self, directive):
|
||||
""" inserts default url path if not provided """
|
||||
values = directive.value.strip().split()
|
||||
if len(values) == 1:
|
||||
values.insert(0, '/')
|
||||
directive.value = ' '.join(values)
|
||||
super(Redirect, self).validate(directive)
|
||||
|
||||
|
||||
class Proxy(SiteDirective):
|
||||
class Proxy(Redirect):
|
||||
name = 'proxy'
|
||||
verbose_name = _("Proxy")
|
||||
help_text = _("<tt><website path> <target URL></tt>")
|
||||
regex = r'^[^ ]+\shttp[^ ]+(timeout=[0-9]{1,3}|retry=[0-9]|\s)*$'
|
||||
group = SiteDirective.HTTPD
|
||||
unique_value = True
|
||||
unique_location = True
|
||||
|
||||
|
||||
class ErrorDocument(SiteDirective):
|
||||
|
@ -132,27 +138,21 @@ class SSLCA(SiteDirective):
|
|||
name = 'ssl-ca'
|
||||
verbose_name = _("SSL CA")
|
||||
help_text = _("Filesystem path of the CA certificate file.")
|
||||
regex = r'^[^ ]+$'
|
||||
regex = r'^/[^ ]+$'
|
||||
group = SiteDirective.SSL
|
||||
unique_name = True
|
||||
|
||||
|
||||
class SSLCert(SiteDirective):
|
||||
class SSLCert(SSLCA):
|
||||
name = 'ssl-cert'
|
||||
verbose_name = _("SSL cert")
|
||||
help_text = _("Filesystem path of the certificate file.")
|
||||
regex = r'^[^ ]+$'
|
||||
group = SiteDirective.SSL
|
||||
unique_name = True
|
||||
|
||||
|
||||
class SSLKey(SiteDirective):
|
||||
class SSLKey(SSLCA):
|
||||
name = 'ssl-key'
|
||||
verbose_name = _("SSL key")
|
||||
help_text = _("Filesystem path of the key file.")
|
||||
regex = r'^[^ ]+$'
|
||||
group = SiteDirective.SSL
|
||||
unique_name = True
|
||||
|
||||
|
||||
class SecRuleRemove(SiteDirective):
|
||||
|
@ -164,13 +164,11 @@ class SecRuleRemove(SiteDirective):
|
|||
unique_location = True
|
||||
|
||||
|
||||
class SecEngine(SiteDirective):
|
||||
class SecEngine(SecRuleRemove):
|
||||
name = 'sec-engine'
|
||||
verbose_name = _("SecRuleEngine Off")
|
||||
help_text = _("URL path with disabled modsecurity engine.")
|
||||
regex = r'^/[^ ]*$'
|
||||
group = SiteDirective.SEC
|
||||
unique_value = True
|
||||
|
||||
|
||||
class WordPressSaaS(SiteDirective):
|
||||
|
@ -183,21 +181,13 @@ class WordPressSaaS(SiteDirective):
|
|||
unique_location = True
|
||||
|
||||
|
||||
class DokuWikiSaaS(SiteDirective):
|
||||
class DokuWikiSaaS(WordPressSaaS):
|
||||
name = 'dokuwiki-saas'
|
||||
verbose_name = "DokuWiki SaaS"
|
||||
help_text = _("URL path for mounting wordpress multisite.")
|
||||
group = SiteDirective.SAAS
|
||||
regex = r'^/[^ ]*$'
|
||||
unique_value = True
|
||||
unique_location = True
|
||||
|
||||
|
||||
class DrupalSaaS(SiteDirective):
|
||||
class DrupalSaaS(WordPressSaaS):
|
||||
name = 'drupal-saas'
|
||||
verbose_name = "Drupdal SaaS"
|
||||
help_text = _("URL path for mounting wordpress multisite.")
|
||||
group = SiteDirective.SAAS
|
||||
regex = r'^/[^ ]*$'
|
||||
unique_value = True
|
||||
unique_location = True
|
||||
|
|
Loading…
Reference in a new issue