Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ACL mgmt url-decode fix #73

Merged
merged 2 commits into from
Sep 10, 2024
Merged

ACL mgmt url-decode fix #73

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
226a9a5
add tests for API /path/name;acl/access/role used by our hatrac CLI
karlcz Sep 9, 2024
b8e94c2
add URL quote handling for /path/name;acl/access/role
karlcz Sep 9, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion hatrac/model/directory/pgsql.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -95,7 +95,7 @@ def get_content(self, client_context, get_data=True):
def __getitem__(self, role):
if role not in self:
raise core.NotFound(
'ACL member %s;acl/%s/%s not found.' % (self.resource, self.access, role)
'ACL member %s;acl/%s/%s not found.' % (self.resource, self.access, urllib.parse.quote(role, safe=''))
)
entry = ACLEntry(role + '\n')
entry.resource = self.resource
Expand Down
4 changes: 4 additions & 0 deletions hatrac/rest/acl.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@

import json
from flask import request, g as hatrac_ctx
from urllib.parse import unquote

from . import app
from .core import RestHandler, \
Expand All @@ -20,6 +21,7 @@ def __init__(self):
def put(self, access, role, path="/", name="", version=""):
"""Add entry to ACL."""
self.enforce_firewall('manage_acl')
role = unquote(role)
resource = self.resolve_name_or_version(
path, name, version
)
Expand All @@ -35,6 +37,7 @@ def put(self, access, role, path="/", name="", version=""):
def delete(self, access, role, path="/", name="", version=""):
"""Remove entry from ACL."""
self.enforce_firewall('manage_acl')
role = unquote(role)
resource = self.resolve_name_or_version(
path, name, version
)
Expand All @@ -50,6 +53,7 @@ def delete(self, access, role, path="/", name="", version=""):
def get(self, access, role, path="/", name="", version=""):
"""Get entry from ACL."""
self.get_body = False if request.method == 'HEAD' else True
role = unquote(role)
resource = self.resolve_name_or_version(path, name, version).acls[access]
self.set_http_etag(hash_list(resource))
resource = resource[role]
Expand Down
15 changes: 14 additions & 1 deletion test/rest-smoketest.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -49,11 +49,19 @@ RESPONSE_HEADERS=/tmp/${RUNKEY}-response-headers
RESPONSE_CONTENT=/tmp/${RUNKEY}-response-content
TEST_DATA=/tmp/${RUNKEY}-test-data
TEST_ACL_ANON=/tmp/${RUNKEY}-test-acl-anon.json
TEST_ACL_URI=/tmp/${RUNKEY}-test-acl-uri.json

cat > ${TEST_ACL_ANON} <<EOF
["*"]
EOF

test_acl_uri_member='scheme://authority/path'
test_acl_uri_member_quoted='scheme%3A%2F%2Fauthority%2Fpath'

cat > ${TEST_ACL_URI} <<EOF
["unlikely value", "${test_acl_uri_member}"]
EOF

cleanup()
{
rm -f ${RESPONSE_HEADERS} ${RESPONSE_CONTENT} ${TEST_DATA} ${TEST_ACL_ANON}
Expand Down Expand Up @@ -788,7 +796,12 @@ dotest "200::application/json::*" "/ns-${RUNKEY}/foo;acl/"
dotest "200::application/json::*" "/ns-${RUNKEY}/foo;acl/owner"
dotest "200::application/json::*" "/ns-${RUNKEY}/foo;acl/owner" --head
dotest "200::application/json::*" "/ns-${RUNKEY}/foo;acl/create"
dotest "404::*::*" "/ns-${RUNKEY}/foo/bar;acl/create/DUMMY"
dotest "204::*::*" "/ns-${RUNKEY}/foo/bar;acl/create" -T ${TEST_ACL_URI} -H "Content-Type: application/json"
dotest "200::*::*" "/ns-${RUNKEY}/foo/bar;acl/create/${test_acl_uri_member_quoted}"
dotest "204::*::*" "/ns-${RUNKEY}/foo/bar;acl/create/${test_acl_uri_member_quoted}" -X DELETE
dotest "404::*::*" "/ns-${RUNKEY}/foo/bar;acl/create/${test_acl_uri_member_quoted}"
dotest "204::*::*" "/ns-${RUNKEY}/foo/bar;acl/create/${test_acl_uri_member_quoted}" -X PUT
dotest "200::*::*" "/ns-${RUNKEY}/foo/bar;acl/create/${test_acl_uri_member_quoted}"
dotest "204::*::*" "/ns-${RUNKEY}/foo/bar;acl/create/DUMMY" -X PUT
dotest "200::text/plain*::*" "/ns-${RUNKEY}/foo/bar;acl/create/DUMMY" --head
dotest "204::*::*" "/ns-${RUNKEY}/foo/bar;acl/create/DUMMY" -X DELETE -H "If-Match: *"
Expand Down
Loading