-
Notifications
You must be signed in to change notification settings - Fork 297
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
use CustomURLValidator in custom_button #1398
Conversation
Hey @hoptical, thanks for the contribution. Could you please add test for validation of url without TLD and example of your use-case. Also your custom validator should be used only if DANGEROUS_WEBHOOKS_ENABLED is set to true, since this settings makes webhooks checks rules less strict and we don't want to allow less validation in our cloud. |
engine/common/api_helpers/utils.py
Outdated
@@ -45,6 +48,41 @@ def __repr__(self): | |||
return "%s()" % self.__class__.__name__ | |||
|
|||
|
|||
class CustomURLValidator(URLValidator): |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is there any reason to override whole class? Isn't it enough to override just this part of URLValidator, removing tld_re from that?
tld_re = (
r'\.' # dot
r'(?!-)' # can't start with a dash
r'(?:[a-z' + ul + '-]{2,63}' # domain label
r'|xn--[a-z0-9]{1,59})' # or punycode label
r'(?<!-)' # can't end with a dash
r'\.?' # may have a trailing dot
)
host_re = '(' + hostname_re + domain_re + tld_re + '|localhost)'
Also I propose to rename that to "URLValidatorWithoutTLD" or something more meaningful.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I tried it. However, the overridden process is not effective unless we override the regex attribute. To override it I've to bring all other necessary variables (ip4_re, ip6_re, host_re).
I couldn't find a way to make it more concise. It would be great if you found a better way.
In terms of the class name, I will change it to what you proposed.
Hello @hoptical, can I help you to finish this PR? |
Hi @joeyorlando, I've signed the CLA. But I guess my commit email is not assigned to my GitHub account, so I'm not sure if my CLA signing is working properly. In terms of changelog, surely I do that.| Thanks. |
Hi @Konstantinov-Innokentii, No, it's fine. I'll apply your review comments ASAP and get back to you. |
7a0f04d
to
e03cfeb
Compare
I've added the DANGEROUS_WEBHOOKS_ENABLED option. Regarding the tests, would you please guide me through the file to which I should add the test? Furthermore, I'll update the changelog.md and squash the commits once you've approved the PR. |
@hoptical you can place validator tests in the common.tests folder, just create new test_urlvalidator_without_tld.py file there. If you want to test how validator works while making requests to the api add a new test in the apps/api/tests/test_custom_button.py file ( see test_create_custom_button for refefence). |
hi there @hoptical 👋 just wanted to check in regarding @Konstantinov-Innokentii's comment |
Hi @joeyorlando, |
@joeyorlando I've added the unit tests in Additionally, please inform me if there are other works to do. |
@hoptical merge conflicts have been resolved 👍 |
Hello @hoptical. Thanks for tests. I was able to simplify your validator based on examples from tests and that discussion
Could you confirm, that this Validator works for you? @joeyorlando, @hoptical I'm not sure we need to require e2e tests for such change. It affects only OSS, it's small and doesn't introduce any UI changes. Just API unittest in apps/api/tests/test_custom_button.py is enough.
|
This will also have an impact on cloud deployments
I believe the motivation for this PR was a bug that originated in the UI; inability to create a webhook which had these types of URLs, via the UI form. |
@joeyorlando It will not affect cloud. This feature will be under DANGEROUS_WEBHOOK_ENABLED flag, we will not allow create webhooks which will point to urls withour TLD in cloud (mostly docker containers urls). |
…o custom_url_validator
@Konstantinov-Innokentii Thanks for your simplification and test recommendation. I recommend squashing the PR commits. What do you think? |
@hoptical all good, approved that. Last thing - ci/lint job fails on markdown with:
run Upd: I fixed that and some linting errors by myself, didn't want to bother you with minor stuff. For next contributions make sure you set pre-commit locally: |
@hoptical merged, thanks for your contribution! |
Thanks @Konstantinov-Innokentii |
@joeyorlando Is something wrong with the merge process? I see that the PR is being added to Merge Queue but then is removed from the queue by GitHub-merge-queue. |
merge conflict resolution
What this PR does
This PR, overrides Django URLValidator with a CustomURLValidator. It just removes tld_re part from the regex, and the other behaviour remains the same.
The CustomURLValidator is defined in common.api_helpers.utils.py file and is utilized in custom_button.py.
Please inform me if it needs to be defined somewhere else or be implemented with some other methods.
Which issue(s) this PR fixes
Currently, URLValidator raises exception for URLs that don't have TLD. This leads to not being able to use containers URL for outgoing webhooks as they usually don't have TLD.
Checklist
CHANGELOG.md
updated