Skip to content

Commit

Permalink
[BUG] uuid pattern change and pattern checking openwisp#682
Browse files Browse the repository at this point in the history 
Changed regex for uuid pattern and uuid pattern check in admin.py

Fixes openwisp#682

Signed-off-by: chahatsagarmain <[email protected]>
  • Loading branch information
@chahatsagarmain
chahatsagarmain committed Nov 6, 2024
1 parent 1b1645c commit be5a5ff
Show file tree
Hide file tree
Showing 4 changed files with 37 additions and 28 deletions.
10 changes: 8 additions & 2 deletions openwisp_controller/config/admin.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -108,6 +108,11 @@ def get_extra_context(self, pk=None):
if not issubclass(self.model, AbstractVpn):
ctx['CONFIG_BACKEND_FIELD_SHOWN'] = app_settings.CONFIG_BACKEND_FIELD_SHOWN
if pk:
UUID_PATTERN = re.compile(
'^[a-fA-F0-9]{8}-?[a-fA-F0-9]{4}-?[a-fA-F0-9]{4}-?[a-fA-F0-9]{4}-?[a-fA-F0-9]{12}$'
)
if not UUID_PATTERN.match(str(pk)):
raise Http404()
ctx['download_url'] = reverse('{0}_download'.format(prefix), args=[pk])
try:
has_config = True
Expand Down Expand Up @@ -137,9 +142,10 @@ def change_view(self, request, object_id, form_url='', extra_context=None):
def get_urls(self):
options = getattr(self.model, '_meta')
url_prefix = '{0}_{1}'.format(options.app_label, options.model_name)
UUID_PATTERN = r'([a-fA-F0-9]{8}-?[a-fA-F0-9]{4}-?[a-fA-F0-9]{4}-?[a-fA-F0-9]{4}-?[a-fA-F0-9]{12})'
return [
re_path(
r'^download/(?P<pk>[^/]+)/$',
r'^download/{0}/$'.format(UUID_PATTERN),
self.admin_site.admin_view(self.download_view),
name='{0}_download'.format(url_prefix),
),
Expand All @@ -149,7 +155,7 @@ def get_urls(self):
name='{0}_preview'.format(url_prefix),
),
re_path(
r'^(?P<pk>[^/]+)/context\.json$',
r'^{0}/context\.json$'.format(UUID_PATTERN),
self.admin_site.admin_view(self.context_view),
name='{0}_context'.format(url_prefix),
),
Expand Down
31 changes: 16 additions & 15 deletions openwisp_controller/config/tests/pytest.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,21 +11,22 @@
from ..base.channels_consumer import BaseDeviceConsumer
from .utils import CreateDeviceMixin

Device = load_model('config', 'Device')
Device = load_model("config", "Device")


@pytest.mark.asyncio
@pytest.mark.django_db(transaction=True)
class TestDeviceConsumer(CreateDeviceMixin):
model = Device
UUID_PATTERN = "[a-fA-F0-9]{8}-?[a-fA-F0-9]{4}-?[a-fA-F0-9]{4}-?[a-fA-F0-9]{4}-?[a-fA-F0-9]{12}"
application = ProtocolTypeRouter(
{
'websocket': AllowedHostsOriginValidator(
"websocket": AllowedHostsOriginValidator(
AuthMiddlewareStack(
URLRouter(
[
re_path(
r'^ws/controller/device/(?P<pk>[^/]+)/$',
f"^ws/controller/device/(?P<pk>{UUID_PATTERN})/$",
BaseDeviceConsumer.as_asgi(),
)
]
Expand All @@ -36,14 +37,14 @@ class TestDeviceConsumer(CreateDeviceMixin):
)

async def _get_communicator(self, admin_client, device_id):
session_id = admin_client.cookies['sessionid'].value
session_id = admin_client.cookies["sessionid"].value
communicator = WebsocketCommunicator(
self.application,
path=f'ws/controller/device/{device_id}/',
path=f"ws/controller/device/{device_id}/",
headers=[
(
b'cookie',
f'sessionid={session_id}'.encode('ascii'),
b"cookie",
f"sessionid={session_id}".encode("ascii"),
)
],
)
Expand All @@ -55,15 +56,15 @@ async def _get_communicator(self, admin_client, device_id):
def _add_model_permissions(self, user, add=True, change=True, delete=True):
permissions = []
if add:
permissions.append(f'add_{self.model._meta.model_name}')
permissions.append(f"add_{self.model._meta.model_name}")
if change:
permissions.append(f'change_{self.model._meta.model_name}')
permissions.append(f"change_{self.model._meta.model_name}")
if delete:
permissions.append(f'delete_{self.model._meta.model_name}')
permissions.append(f"delete_{self.model._meta.model_name}")
user.user_permissions.set(Permission.objects.filter(codename__in=permissions))

async def test_unauthenticated_user(self, client):
client.cookies['sessionid'] = 'random'
client.cookies["sessionid"] = "random"
device = await database_sync_to_async(self._create_device)()
with pytest.raises(AssertionError):
await self._get_communicator(client, device.id)
Expand Down Expand Up @@ -91,14 +92,14 @@ async def test_user_authorization(self, client, django_user_model):

async def test_silent_disconnection(self, admin_user, admin_client):
device = await database_sync_to_async(self._create_device)()
session_id = admin_client.cookies['sessionid'].value
session_id = admin_client.cookies["sessionid"].value
communicator = WebsocketCommunicator(
self.application,
path=f'ws/controller/device/{device.pk}/',
path=f"ws/controller/device/{device.pk}/",
headers=[
(
b'cookie',
f'sessionid={session_id}'.encode('ascii'),
b"cookie",
f"sessionid={session_id}".encode("ascii"),
)
],
)
Expand Down
21 changes: 11 additions & 10 deletions openwisp_controller/config/utils.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -114,24 +114,25 @@ def get_controller_urls(views_module):
"""
used by third party apps to reduce boilerplate
"""
UUID_PATTERN = '[a-fA-F0-9]{8}-?[a-fA-F0-9]{4}-?[a-fA-F0-9]{4}-?[a-fA-F0-9]{4}-?[a-fA-F0-9]{12}'
urls = [
re_path(
'controller/device/checksum/(?P<pk>[^/]+)/$',
f'controller/device/checksum/(?P<pk>{UUID_PATTERN})/$',
views_module.device_checksum,
name='device_checksum',
),
re_path(
'controller/device/download-config/(?P<pk>[^/]+)/$',
f'controller/device/download-config/(?P<pk>{UUID_PATTERN})/$',
views_module.device_download_config,
name='device_download_config',
),
re_path(
'controller/device/update-info/(?P<pk>[^/]+)/$',
f'controller/device/update-info/(?P<pk>{UUID_PATTERN})/$',
views_module.device_update_info,
name='device_update_info',
),
re_path(
'controller/device/report-status/(?P<pk>[^/]+)/$',
f'controller/device/report-status/(?P<pk>{UUID_PATTERN})/$',
views_module.device_report_status,
name='device_report_status',
),
Expand All @@ -141,33 +142,33 @@ def get_controller_urls(views_module):
name='device_register',
),
re_path(
'controller/vpn/checksum/(?P<pk>[^/]+)/$',
f'controller/vpn/checksum/(?P<pk>{UUID_PATTERN})/$',
views_module.vpn_checksum,
name='vpn_checksum',
),
re_path(
'controller/vpn/download-config/(?P<pk>[^/]+)/$',
f'controller/vpn/download-config/(?P<pk>{UUID_PATTERN})/$',
views_module.vpn_download_config,
name='vpn_download_config',
),
# legacy URLs
re_path(
'controller/checksum/(?P<pk>[^/]+)/$',
f'controller/checksum/(?P<pk>{UUID_PATTERN})/$',
views_module.device_checksum,
name='checksum_legacy',
),
re_path(
'controller/download-config/(?P<pk>[^/]+)/$',
f'controller/download-config/(?P<pk>{UUID_PATTERN})/$',
views_module.device_download_config,
name='download_config_legacy',
),
re_path(
'controller/update-info/(?P<pk>[^/]+)/$',
f'controller/update-info/(?P<pk>{UUID_PATTERN})/$',
views_module.device_update_info,
name='update_info_legacy',
),
re_path(
'controller/report-status/(?P<pk>[^/]+)/$',
f'controller/report-status/(?P<pk>{UUID_PATTERN})/$',
views_module.device_report_status,
name='report_status_legacy',
),
Expand Down
3 changes: 2 additions & 1 deletion openwisp_controller/connection/channels/routing.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,9 +4,10 @@


def get_routes(consumer=ow_consumer):
UUID_PATTERN = '[a-fA-F0-9]{8}-?[a-fA-F0-9]{4}-?[a-fA-F0-9]{4}-?[a-fA-F0-9]{4}-?[a-fA-F0-9]{12}'
return [
re_path(
r'^ws/controller/device/(?P<pk>[^/]+)/command$',
f'^ws/controller/device/(?P<pk>{UUID_PATTERN})/command$',
consumer.CommandConsumer.as_asgi(),
)
]

0 comments on commit be5a5ff

Please sign in to comment.