providers/proxy: add domainless URL Validator

2020-09-13 21:52:34 +02:00 · 2020-09-13 21:52:34 +02:00 · 7fe9b8f0b4
parent 696aa7e5f6
commit 7fe9b8f0b4
5 changed files with 91 additions and 5 deletions
--- a/passbook/lib/models.py
+++ b/passbook/lib/models.py
@ -1,5 +1,9 @@
 """Generic models"""
 import re
 from django.core.validators import URLValidator
 from django.db import models
 from django.utils.regex_helper import _lazy_re_compile
 from model_utils.managers import InheritanceManager
 from rest_framework.serializers import BaseSerializer
@ -48,3 +52,21 @@ class InheritanceForeignKey(models.ForeignKey):
    """Custom ForeignKey that uses InheritanceForwardManyToOneDescriptor"""
    forward_related_accessor_class = InheritanceForwardManyToOneDescriptor
 class DomainlessURLValidator(URLValidator):
    """Subclass of URLValidator which doesn't check the domain
    (to allow hostnames without domain)"""
    def __init__(self, *args, **kwargs) -> None:
        super().__init__(*args, **kwargs)
        self.host_re = "(" + self.hostname_re + self.domain_re + "|localhost)"
        self.regex = _lazy_re_compile(
            r"^(?:[a-z0-9.+-]*)://"  # scheme is validated separately
            r"(?:[^\s:@/]+(?::[^\s:@/]*)?@)?"  # user:pass authentication
            r"(?:" + self.ipv4_re + "|" + self.ipv6_re + "|" + self.host_re + ")"
            r"(?::\d{2,5})?"  # port
            r"(?:[/?#][^\s]*)?"  # resource path
            r"\Z",
            re.IGNORECASE,
        )
--- a/passbook/providers/proxy/migrations/0004_auto_20200913_1947.py
+++ b/passbook/providers/proxy/migrations/0004_auto_20200913_1947.py
@ -0,0 +1,37 @@
 # Generated by Django 3.1.1 on 2020-09-13 19:47
 from django.db import migrations, models
 import passbook.lib.models
 class Migration(migrations.Migration):
    dependencies = [
        ("passbook_providers_proxy", "0003_proxyprovider_certificate"),
    ]
    operations = [
        migrations.AlterField(
            model_name="proxyprovider",
            name="external_host",
            field=models.TextField(
                validators=[
                    passbook.lib.models.DomainlessURLValidator(
                        schemes=("http", "https")
                    )
                ]
            ),
        ),
        migrations.AlterField(
            model_name="proxyprovider",
            name="internal_host",
            field=models.TextField(
                validators=[
                    passbook.lib.models.DomainlessURLValidator(
                        schemes=("http", "https")
                    )
                ]
            ),
        ),
    ]
--- a/passbook/providers/proxy/models.py
+++ b/passbook/providers/proxy/models.py
@ -4,12 +4,12 @@ from random import SystemRandom
 from typing import Iterable, Type
 from urllib.parse import urljoin
 from django.core.validators import URLValidator
 from django.db import models
 from django.forms import ModelForm
 from django.utils.translation import gettext as _
 from passbook.crypto.models import CertificateKeyPair
 from passbook.lib.models import DomainlessURLValidator
 from passbook.outposts.models import OutpostModel
 from passbook.providers.oauth2.constants import (
    SCOPE_OPENID,
@ -41,10 +41,10 @@ class ProxyProvider(OutpostModel, OAuth2Provider):
    Protocols by using a Reverse-Proxy."""
    internal_host = models.TextField(
-        validators=[URLValidator(schemes=("http", "https"))]
+        validators=[DomainlessURLValidator(schemes=("http", "https"))]
    )
    external_host = models.TextField(
-        validators=[URLValidator(schemes=("http", "https"))]
+        validators=[DomainlessURLValidator(schemes=("http", "https"))]
    )
    cookie_secret = models.TextField(default=get_cookie_secret)
--- a/passbook/sources/ldap/migrations/0005_auto_20200913_1947.py
+++ b/passbook/sources/ldap/migrations/0005_auto_20200913_1947.py
@ -0,0 +1,27 @@
 # Generated by Django 3.1.1 on 2020-09-13 19:47
 from django.db import migrations, models
 import passbook.lib.models
 class Migration(migrations.Migration):
    dependencies = [
        ("passbook_sources_ldap", "0004_auto_20200524_1146"),
    ]
    operations = [
        migrations.AlterField(
            model_name="ldapsource",
            name="server_uri",
            field=models.TextField(
                validators=[
                    passbook.lib.models.DomainlessURLValidator(
                        schemes=["ldap", "ldaps"]
                    )
                ],
                verbose_name="Server URI",
            ),
        ),
    ]
--- a/passbook/sources/ldap/models.py
+++ b/passbook/sources/ldap/models.py
@ -1,20 +1,20 @@
 """passbook LDAP Models"""
 from typing import Optional, Type
 from django.core.validators import URLValidator
 from django.db import models
 from django.forms import ModelForm
 from django.utils.translation import gettext_lazy as _
 from ldap3 import Connection, Server
 from passbook.core.models import Group, PropertyMapping, Source
 from passbook.lib.models import DomainlessURLValidator
 class LDAPSource(Source):
    """Federate LDAP Directory with passbook, or create new accounts in LDAP."""
    server_uri = models.TextField(
-        validators=[URLValidator(schemes=["ldap", "ldaps"])],
+        validators=[DomainlessURLValidator(schemes=["ldap", "ldaps"])],
        verbose_name=_("Server URI"),
    )
    bind_cn = models.TextField(verbose_name=_("Bind CN"))