From 967a38b7ac0f775938fe692639e51a9904318cd2 Mon Sep 17 00:00:00 2001 From: Jens L Date: Fri, 28 Apr 2023 14:35:59 +0300 Subject: [PATCH] crypto: make name field unique to prevent double certs (#5406) * crypto: make name field unique to prevent double certs Signed-off-by: Jens Langhammer * fix test Signed-off-by: Jens Langhammer --------- Signed-off-by: Jens Langhammer --- .../0003_alter_blueprintinstance_name.py | 20 +++++++++++++++++++ authentik/blueprints/models.py | 2 +- .../0004_alter_certificatekeypair_name.py | 20 +++++++++++++++++++ authentik/crypto/models.py | 2 +- authentik/crypto/tests.py | 6 ++++-- 5 files changed, 46 insertions(+), 4 deletions(-) create mode 100644 authentik/blueprints/migrations/0003_alter_blueprintinstance_name.py create mode 100644 authentik/crypto/migrations/0004_alter_certificatekeypair_name.py diff --git a/authentik/blueprints/migrations/0003_alter_blueprintinstance_name.py b/authentik/blueprints/migrations/0003_alter_blueprintinstance_name.py new file mode 100644 index 000000000..9cd613d7b --- /dev/null +++ b/authentik/blueprints/migrations/0003_alter_blueprintinstance_name.py @@ -0,0 +1,20 @@ +# Generated by Django 4.1.7 on 2023-04-28 10:49 + +from django.db import migrations, models + +from authentik.lib.migrations import fallback_names + + +class Migration(migrations.Migration): + dependencies = [ + ("authentik_blueprints", "0002_blueprintinstance_content"), + ] + + operations = [ + migrations.RunPython(fallback_names("authentik_blueprints", "blueprintinstance", "name")), + migrations.AlterField( + model_name="blueprintinstance", + name="name", + field=models.TextField(unique=True), + ), + ] diff --git a/authentik/blueprints/models.py b/authentik/blueprints/models.py index 1a2171f75..c6ca5a0a2 100644 --- a/authentik/blueprints/models.py +++ b/authentik/blueprints/models.py @@ -57,7 +57,7 @@ class BlueprintInstance(SerializerModel, ManagedModel, CreatedUpdatedModel): instance_uuid = models.UUIDField(primary_key=True, editable=False, default=uuid4) - name = models.TextField() + name = models.TextField(unique=True) metadata = models.JSONField(default=dict) path = models.TextField(default="", blank=True) content = models.TextField(default="", blank=True) diff --git a/authentik/crypto/migrations/0004_alter_certificatekeypair_name.py b/authentik/crypto/migrations/0004_alter_certificatekeypair_name.py new file mode 100644 index 000000000..e0eb7f9f1 --- /dev/null +++ b/authentik/crypto/migrations/0004_alter_certificatekeypair_name.py @@ -0,0 +1,20 @@ +# Generated by Django 4.1.7 on 2023-04-28 10:49 + +from django.db import migrations, models + +from authentik.lib.migrations import fallback_names + + +class Migration(migrations.Migration): + dependencies = [ + ("authentik_crypto", "0003_certificatekeypair_managed"), + ] + + operations = [ + migrations.RunPython(fallback_names("authentik_crypto", "certificatekeypair", "name")), + migrations.AlterField( + model_name="certificatekeypair", + name="name", + field=models.TextField(unique=True), + ), + ] diff --git a/authentik/crypto/models.py b/authentik/crypto/models.py index 52a640876..ecba00901 100644 --- a/authentik/crypto/models.py +++ b/authentik/crypto/models.py @@ -26,7 +26,7 @@ class CertificateKeyPair(SerializerModel, ManagedModel, CreatedUpdatedModel): kp_uuid = models.UUIDField(primary_key=True, editable=False, default=uuid4) - name = models.TextField() + name = models.TextField(unique=True) certificate_data = models.TextField(help_text=_("PEM-encoded Certificate data")) key_data = models.TextField( help_text=_( diff --git a/authentik/crypto/tests.py b/authentik/crypto/tests.py index 527720a42..5f96e7ac2 100644 --- a/authentik/crypto/tests.py +++ b/authentik/crypto/tests.py @@ -37,20 +37,22 @@ class TestCrypto(APITestCase): keypair = create_test_cert() self.assertTrue( CertificateKeyPairSerializer( + instance=keypair, data={ "name": keypair.name, "certificate_data": keypair.certificate_data, "key_data": keypair.key_data, - } + }, ).is_valid() ) self.assertFalse( CertificateKeyPairSerializer( + instance=keypair, data={ "name": keypair.name, "certificate_data": "test", "key_data": "test", - } + }, ).is_valid() )