harmacist/healthchecks
1
0
Fork 0
forked from GithubBackups/healthchecks
Code Issues Pull Requests Projects Releases Wiki Activity

Remove mentions of "whitelist"

Browse Source
This commit is contained in:
Pēteris Caune 2020-08-26 16:38:29 +03:00
parent b2a1c0d343
commit e424176a1f
No known key found for this signature in database
GPG Key ID: E28D7679E9A9EDE2
2 changed files with 7 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
hc/accounts/views.py
View File

@ -11,11 +11,7 @@ from django.contrib.auth import authenticate
from django.contrib.auth.decorators import login_required from django.contrib.auth.decorators import login_required
from django.contrib.auth.models import User from django.contrib.auth.models import User
from django.core import signing from django.core import signing
from django.http import ( from django.http import HttpResponseForbidden, HttpResponseBadRequest
HttpResponseForbidden,
HttpResponseBadRequest,
HttpResponseNotFound,
)
from django.shortcuts import get_object_or_404, redirect, render from django.shortcuts import get_object_or_404, redirect, render
from django.utils.timezone import now from django.utils.timezone import now
from django.urls import resolve, Resolver404 from django.urls import resolve, Resolver404
@ -27,7 +23,7 @@ from hc.api.models import Channel, Check, TokenBucket
from hc.lib.date import choose_next_report_date from hc.lib.date import choose_next_report_date
from hc.payments.models import Subscription from hc.payments.models import Subscription
NEXT_WHITELIST = ( POST_LOGIN_ROUTES = (
"hc-checks", "hc-checks",
"hc-details", "hc-details",
"hc-log", "hc-log",
@ -39,7 +35,7 @@ NEXT_WHITELIST = (
) )
def _is_whitelisted(redirect_url): def _allow_redirect(redirect_url):
if not redirect_url: if not redirect_url:
return False return False
@ -49,7 +45,7 @@ def _is_whitelisted(redirect_url):
except Resolver404: except Resolver404:
return False return False
return match.url_name in NEXT_WHITELIST return match.url_name in POST_LOGIN_ROUTES
def _make_user(email, with_project=True): def _make_user(email, with_project=True):
@ -86,7 +82,7 @@ def _redirect_after_login(request):
""" Redirect to the URL indicated in ?next= query parameter. """ """ Redirect to the URL indicated in ?next= query parameter. """
redirect_url = request.GET.get("next") redirect_url = request.GET.get("next")
if _is_whitelisted(redirect_url): if _allow_redirect(redirect_url):
return redirect(redirect_url) return redirect(redirect_url)
if request.user.project_set.count() == 1: if request.user.project_set.count() == 1:
@ -111,7 +107,7 @@ def login(request):
magic_form = forms.EmailLoginForm(request.POST) magic_form = forms.EmailLoginForm(request.POST)
if magic_form.is_valid(): if magic_form.is_valid():
redirect_url = request.GET.get("next") redirect_url = request.GET.get("next")
if not _is_whitelisted(redirect_url): if not _allow_redirect(redirect_url):
redirect_url = None redirect_url = None
profile = Profile.objects.for_user(magic_form.user) profile = Profile.objects.for_user(magic_form.user)

2
hc/api/tests/test_create_check.py
View File

@ -149,7 +149,7 @@ class CreateCheckTestCase(BaseTestCase):
expected_fragment="name is too long", expected_fragment="name is too long",
) )
def test_unique_accepts_only_whitelisted_values(self): def test_unique_accepts_only_specific_values(self):
self.post( self.post(
{"api_key": "X" * 32, "name": "Foo", "unique": ["status"]}, {"api_key": "X" * 32, "name": "Foo", "unique": ["status"]},
expected_fragment="unexpected value", expected_fragment="unexpected value",