LibertaCasa/takahe
Archived
9
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Support deeper subdomains in domain validation (#110)

Browse Source 
Use a new validator class with regex based on the URLValidator from Django
This commit is contained in:
Tom Usher 2022-12-07 16:25:10 +00:00 committed by GitHub
parent 25b8bf6a2e
commit 1440ee9ceb
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 64 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
tests/users/views/test_domains.py Normal file
View File

@ -0,0 +1,40 @@
import pytest
from django.core.exceptions import ValidationError
from users.views.admin.domains import DomainValidator
VALID_DOMAINS = [
"takahe.social",
"subdomain.takahe.social",
"another.subdomain.takahe.social",
"jointakahe.org",
"xn--c6h.com",
"takahe.xn--social",
"example.com",
"www.example.com",
"example.co.uk",
]
INVALID_DOMAINS = [
"example.c",
"example,com",
"example,com.com",
"example",
".com",
"example.com/example",
"-example.com",
"example-.com",
"example.com-",
"https://example.com",
]
@pytest.mark.parametrize("domain", VALID_DOMAINS)
def test_domain_validation_accepts_valid_domains(domain):
DomainValidator()(domain)
@pytest.mark.parametrize("domain", INVALID_DOMAINS)
def test_domain_validation_raises_exception_for_invalid_domains(domain):
with pytest.raises(ValidationError):
DomainValidator()(domain)

34
users/views/admin/domains.py
View File

@ -1,6 +1,5 @@
import re
from django import forms from django import forms
from django.core.validators import RegexValidator
from django.db import models from django.db import models
from django.shortcuts import get_object_or_404, redirect from django.shortcuts import get_object_or_404, redirect
from django.utils.decorators import method_decorator from django.utils.decorators import method_decorator
@ -10,6 +9,27 @@ from users.decorators import admin_required
from users.models import Domain from users.models import Domain
class DomainValidator(RegexValidator):
ul = "\u00a1-\uffff" # Unicode letters range (must not be a raw string).
# Host patterns
hostname_re = (
r"[a-z" + ul + r"0-9](?:[a-z" + ul + r"0-9-]{0,61}[a-z" + ul + r"0-9])?"
)
# Max length for domain name labels is 63 characters per RFC 1034 sec. 3.1
domain_re = r"(?:\.(?!-)[a-z" + ul + r"0-9-]{1,63}(?<!-))*"
tld_re = (
r"\." # dot
r"(?!-)" # can't start with a dash
r"(?:[a-z" + ul + "-]{2,63}" # domain label
r"|xn--[a-z0-9]{1,59})" # or punycode label
r"(?<!-)" # can't end with a dash
r"\.?" # may have a trailing dot
)
regex = "^" + hostname_re + domain_re + tld_re + "$"
message = "This does not look like a domain name"
@method_decorator(admin_required, name="dispatch") @method_decorator(admin_required, name="dispatch")
class Domains(TemplateView): class Domains(TemplateView):
@ -31,10 +51,12 @@ class DomainCreate(FormView):
class form_class(forms.Form): class form_class(forms.Form):
domain = forms.CharField( domain = forms.CharField(
help_text="The domain displayed as part of a user's identity.\nCannot be changed after the domain has been created.", help_text="The domain displayed as part of a user's identity.\nCannot be changed after the domain has been created.",
validators=[DomainValidator()],
) )
service_domain = forms.CharField( service_domain = forms.CharField(
help_text="Optional - a domain that serves Takahē if it is not running on the main domain.\nCannot be changed after the domain has been created.", help_text="Optional - a domain that serves Takahē if it is not running on the main domain.\nCannot be changed after the domain has been created.",
required=False, required=False,
validators=[DomainValidator()],
) )
public = forms.BooleanField( public = forms.BooleanField(
help_text="If any user on this server can create identities here", help_text="If any user on this server can create identities here",
@ -47,13 +69,7 @@ class DomainCreate(FormView):
required=False, required=False,
) )
domain_regex = re.compile(
r"^((?!-))(xn--)?[a-z0-9][a-z0-9-_]{0,61}[a-z0-9]{0,1}\.(xn--)?([a-z0-9\-]{1,61}|[a-z0-9-]{1,30}\.[a-z]{2,})$"
)
def clean_domain(self): def clean_domain(self):
if not self.domain_regex.match(self.cleaned_data["domain"]):
raise forms.ValidationError("This does not look like a domain name")
if Domain.objects.filter( if Domain.objects.filter(
models.Q(domain=self.cleaned_data["domain"]) models.Q(domain=self.cleaned_data["domain"])
| models.Q(service_domain=self.cleaned_data["domain"]) | models.Q(service_domain=self.cleaned_data["domain"])
@ -64,8 +80,6 @@ class DomainCreate(FormView):
def clean_service_domain(self): def clean_service_domain(self):
if not self.cleaned_data["service_domain"]: if not self.cleaned_data["service_domain"]:
return None return None
if not self.domain_regex.match(self.cleaned_data["service_domain"]):
raise forms.ValidationError("This does not look like a domain name")
if Domain.objects.filter( if Domain.objects.filter(
models.Q(domain=self.cleaned_data["service_domain"]) models.Q(domain=self.cleaned_data["service_domain"])
| models.Q(service_domain=self.cleaned_data["service_domain"]) | models.Q(service_domain=self.cleaned_data["service_domain"])