From abd185a63087da6bb63595e5bf7f39665e07b0bd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Sas=C3=A1k?= Date: Mon, 27 Nov 2023 16:48:43 +0100 Subject: [PATCH] fix(manager): allow UI referer to be other envs --- manager/base.py | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/manager/base.py b/manager/base.py index 67c23cb4c..7e400d3bb 100644 --- a/manager/base.py +++ b/manager/base.py @@ -3,6 +3,7 @@ """ import csv import json +import re from dataclasses import dataclass from datetime import datetime from datetime import timezone @@ -63,7 +64,7 @@ CVE_SYNOPSIS_SORT = [fn.SUBSTRING(SQL("cve_name"), r"-(\d+)-").cast("integer"), fn.SUBSTRING(SQL("cve_name"), r"-(\d+)$").cast("integer")] -UI_REFERER = "console.redhat.com" +UI_REFERER = re.compile("console(.*).redhat.com") API_SOURCE = "API" UI_SOURCE = "UI" @@ -171,7 +172,7 @@ def auth_common(identity, x_rh_identity): # pylint: disable=unused-argument rbac_manager = RbacManager() g.rbac_perms, g.group_ids = rbac_manager.fetch_permissions(x_rh_identity) # pylint: disable=assigning-non-slot - ACCOUNT_REQUESTS.labels(org_id, UI_SOURCE if UI_REFERER in connexion.request.headers.get("referer", "") else API_SOURCE).inc() + ACCOUNT_REQUESTS.labels(org_id, UI_SOURCE if UI_REFERER.search(connexion.request.headers.get("referer", "")) else API_SOURCE).inc() return {"uid": {"account_number": account_number, "org_id": org_id}} @@ -276,7 +277,7 @@ def _parse_list_arguments(cls, kwargs): if data_format not in ["json", "csv"]: raise InvalidArgumentException(f"Invalid data format: {kwargs.get('data_format', None)}") - if limit > CFG.maximum_page_size and UI_REFERER not in connexion.request.headers.get("referer", ""): + if limit > CFG.maximum_page_size and not UI_REFERER.search(connexion.request.headers.get("referer", "")): raise InvalidArgumentException(f"Page limit of size: {limit} is too high, maximum is {CFG.maximum_page_size}") return {