From 3f19181028857fed506e7bd0372efb1704487121 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?P=C4=93teris=20Caune?= <cuu508@gmail.com>
Date: Wed, 27 Nov 2019 16:33:36 +0200
Subject: [PATCH] "Filtering Rules" dialog, an option to require HTTP POST.
 Fixes #297

---
 CHANGELOG.md                                  |  8 +++++
 hc/api/migrations/0065_auto_20191127_1240.py  | 23 +++++++++++++
 hc/api/models.py                              |  2 ++
 hc/api/tests/test_ping.py                     | 15 ++++++++
 hc/api/views.py                               |  3 ++
 hc/front/forms.py                             |  3 +-
 hc/front/tests/test_filtering_rules.py        | 31 +++++++++++++++++
 hc/front/urls.py                              |  2 +-
 hc/front/views.py                             |  7 ++--
 static/js/details.js                          |  4 +--
 templates/front/details.html                  | 12 ++++---
 ..._modal.html => filtering_rules_modal.html} | 34 ++++++++++++++++---
 12 files changed, 129 insertions(+), 15 deletions(-)
 create mode 100644 hc/api/migrations/0065_auto_20191127_1240.py
 create mode 100644 hc/front/tests/test_filtering_rules.py
 rename templates/front/{email_settings_modal.html => filtering_rules_modal.html} (50%)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 7f93f4a9..b57adf9a 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,6 +1,12 @@
 # Changelog
 All notable changes to this project will be documented in this file.
 
+## Unreleased
+
+### Improvements
+- "Filtering Rules" dialog, an option to require HTTP POST (#297)
+
+
 ## 1.11.0 - 2019-11-22
 
 ### Improvements
@@ -14,6 +20,7 @@ All notable changes to this project will be documented in this file.
  - On mobile, "My Checks" page, always show the gear (Details) button (#286)
  - Make log events fit better on mobile screens
 
+
 ## 1.10.0 - 2019-10-21
 
 ### Improvements
@@ -80,6 +87,7 @@ All notable changes to this project will be documented in this file.
 - Show the Description section even if the description is missing. (#246)
 - Include the description in email alerts. (#247)
 
+
 ## 1.6.0 - 2019-04-01
 
 ### Improvements
diff --git a/hc/api/migrations/0065_auto_20191127_1240.py b/hc/api/migrations/0065_auto_20191127_1240.py
new file mode 100644
index 00000000..435f88db
--- /dev/null
+++ b/hc/api/migrations/0065_auto_20191127_1240.py
@@ -0,0 +1,23 @@
+# Generated by Django 2.2.6 on 2019-11-27 12:40
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('api', '0064_auto_20191119_1346'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='check',
+            name='methods',
+            field=models.CharField(blank=True, max_length=30),
+        ),
+        migrations.AlterField(
+            model_name='channel',
+            name='kind',
+            field=models.CharField(choices=[('email', 'Email'), ('webhook', 'Webhook'), ('hipchat', 'HipChat'), ('slack', 'Slack'), ('pd', 'PagerDuty'), ('pagertree', 'PagerTree'), ('pagerteam', 'Pager Team'), ('po', 'Pushover'), ('pushbullet', 'Pushbullet'), ('opsgenie', 'OpsGenie'), ('victorops', 'VictorOps'), ('discord', 'Discord'), ('telegram', 'Telegram'), ('sms', 'SMS'), ('zendesk', 'Zendesk'), ('trello', 'Trello'), ('matrix', 'Matrix'), ('whatsapp', 'WhatsApp'), ('apprise', 'Apprise'), ('mattermost', 'Mattermost'), ('msteams', 'Microsoft Teams'), ('shell', 'Shell Command')], max_length=20),
+        ),
+    ]
diff --git a/hc/api/models.py b/hc/api/models.py
index 04893b03..dfb57129 100644
--- a/hc/api/models.py
+++ b/hc/api/models.py
@@ -72,6 +72,8 @@ class Check(models.Model):
     schedule = models.CharField(max_length=100, default="* * * * *")
     tz = models.CharField(max_length=36, default="UTC")
     subject = models.CharField(max_length=100, blank=True)
+    methods = models.CharField(max_length=30, blank=True)
+
     n_pings = models.IntegerField(default=0)
     last_ping = models.DateTimeField(null=True, blank=True)
     last_start = models.DateTimeField(null=True, blank=True)
diff --git a/hc/api/tests/test_ping.py b/hc/api/tests/test_ping.py
index fb183bc6..72aa5022 100644
--- a/hc/api/tests/test_ping.py
+++ b/hc/api/tests/test_ping.py
@@ -186,3 +186,18 @@ class PingTestCase(BaseTestCase):
 
         self.check.refresh_from_db()
         self.assertTrue(self.check.last_duration.total_seconds() >= 10)
+
+    def test_it_requires_post(self):
+        self.check.methods = "POST"
+        self.check.save()
+
+        r = self.client.get("/ping/%s/" % self.check.code)
+        self.assertEqual(r.status_code, 200)
+
+        self.check.refresh_from_db()
+        self.assertEqual(self.check.status, "new")
+        self.assertIsNone(self.check.last_ping)
+
+        ping = Ping.objects.latest("id")
+        self.assertEqual(ping.scheme, "http")
+        self.assertEqual(ping.kind, "ign")
diff --git a/hc/api/views.py b/hc/api/views.py
index 0520f1d9..00496930 100644
--- a/hc/api/views.py
+++ b/hc/api/views.py
@@ -34,6 +34,9 @@ def ping(request, code, action="success"):
     ua = headers.get("HTTP_USER_AGENT", "")
     body = request.body.decode()
 
+    if check.methods == "POST" and method != "POST":
+        action = "ign"
+
     check.ping(remote_addr, scheme, method, ua, body, action)
 
     response = HttpResponse("OK")
diff --git a/hc/front/forms.py b/hc/front/forms.py
index 64f84102..cd974cd9 100644
--- a/hc/front/forms.py
+++ b/hc/front/forms.py
@@ -62,8 +62,9 @@ class NameTagsForm(forms.Form):
         return " ".join(result)
 
 
-class EmailSettingsForm(forms.Form):
+class FilteringRulesForm(forms.Form):
     subject = forms.CharField(max_length=100)
+    methods = forms.ChoiceField(required=False, choices=(("", "Any"), ("POST", "POST")))
 
 
 class TimeoutForm(forms.Form):
diff --git a/hc/front/tests/test_filtering_rules.py b/hc/front/tests/test_filtering_rules.py
new file mode 100644
index 00000000..2ed4f956
--- /dev/null
+++ b/hc/front/tests/test_filtering_rules.py
@@ -0,0 +1,31 @@
+from hc.api.models import Check
+from hc.test import BaseTestCase
+
+
+class FilteringRulesTestCase(BaseTestCase):
+    def setUp(self):
+        super(FilteringRulesTestCase, self).setUp()
+        self.check = Check.objects.create(project=self.project)
+
+        self.url = "/checks/%s/filtering_rules/" % self.check.code
+        self.redirect_url = "/checks/%s/details/" % self.check.code
+
+    def test_it_works(self):
+        self.client.login(username="alice@example.org", password="password")
+        r = self.client.post(self.url, data={"subject": "SUCCESS", "methods": "POST"})
+        self.assertRedirects(r, self.redirect_url)
+
+        self.check.refresh_from_db()
+        self.assertEqual(self.check.subject, "SUCCESS")
+        self.assertEqual(self.check.methods, "POST")
+
+    def test_it_clears_method(self):
+        self.check.method = "POST"
+        self.check.save()
+
+        self.client.login(username="alice@example.org", password="password")
+        r = self.client.post(self.url, data={"subject": "SUCCESS", "methods": ""})
+        self.assertRedirects(r, self.redirect_url)
+
+        self.check.refresh_from_db()
+        self.assertEqual(self.check.methods, "")
diff --git a/hc/front/urls.py b/hc/front/urls.py
index a30c3ad0..97ed384a 100644
--- a/hc/front/urls.py
+++ b/hc/front/urls.py
@@ -5,7 +5,7 @@ from hc.front import views
 check_urls = [
     path("name/", views.update_name, name="hc-update-name"),
     path("details/", views.details, name="hc-details"),
-    path("email_settings/", views.email_settings, name="hc-email-settings"),
+    path("filtering_rules/", views.filtering_rules, name="hc-filtering-rules"),
     path("timeout/", views.update_timeout, name="hc-update-timeout"),
     path("pause/", views.pause, name="hc-pause"),
     path("remove/", views.remove_check, name="hc-remove-check"),
diff --git a/hc/front/views.py b/hc/front/views.py
index 7b654f4a..7c9f050b 100644
--- a/hc/front/views.py
+++ b/hc/front/views.py
@@ -45,7 +45,7 @@ from hc.front.forms import (
     AddWebhookForm,
     ChannelNameForm,
     CronForm,
-    EmailSettingsForm,
+    FilteringRulesForm,
     NameTagsForm,
     TimeoutForm,
 )
@@ -334,11 +334,12 @@ def update_name(request, code):
 
 @require_POST
 @login_required
-def email_settings(request, code):
+def filtering_rules(request, code):
     check = _get_check_for_user(request, code)
-    form = EmailSettingsForm(request.POST)
+    form = FilteringRulesForm(request.POST)
     if form.is_valid():
         check.subject = form.cleaned_data["subject"]
+        check.methods = form.cleaned_data["methods"]
         check.save()
 
     return redirect("hc-details", code)
diff --git a/static/js/details.js b/static/js/details.js
index 8aecb87f..cf364d4f 100644
--- a/static/js/details.js
+++ b/static/js/details.js
@@ -25,7 +25,7 @@ $(function () {
 
     $("#ping-now").click(function(e) {
         var button = this;
-        $.get(this.dataset.url, function() {
+        $.post(this.dataset.url, function() {
             button.textContent = "Success!";
         });
     });
@@ -119,7 +119,7 @@ $(function () {
             format == "local" ? dt.local() : dt.tz(format);
 
             $(".date", row).text(dt.format("MMM D"));
-            $(".time", row).text(dt.format("HH:mm"));                
+            $(".time", row).text(dt.format("HH:mm"));
         })
 
         // The table is initially hidden to avoid flickering as we convert dates.
diff --git a/templates/front/details.html b/templates/front/details.html
index d9986c0a..e6a3152a 100644
--- a/templates/front/details.html
+++ b/templates/front/details.html
@@ -67,7 +67,11 @@
         <div id="how-to-ping" class="details-block">
             <h2>How To Ping</h2>
             <div>
-                <p>Keep this check up by making HTTP requests to this URL:</p>
+                <p>
+                    Keep this check up by making HTTP
+                    {% if check.methods == "POST" %}POST{% endif %}
+                    requests to this URL:
+                </p>
                 <code>{{ check.url }}</code>
                 <p>
                     {% if check.subject %}
@@ -90,8 +94,8 @@
             <div class="text-right">
                 <button
                     data-toggle="modal"
-                    data-target="#email-settings-modal"
-                    class="btn btn-sm btn-default">Email Settings&hellip;</button>
+                    data-target="#filtering-rules-modal"
+                    class="btn btn-sm btn-default">Filtering Rules&hellip;</button>
                 <button
                     data-toggle="modal"
                     data-target="#show-usage-modal"
@@ -281,7 +285,7 @@
 {% include "front/update_timeout_modal.html" %}
 {% include "front/show_usage_modal.html" %}
 {% include "front/remove_check_modal.html" %}
-{% include "front/email_settings_modal.html" %}
+{% include "front/filtering_rules_modal.html" %}
 {% include "front/copy_modal.html" %}
 
 {% endblock %}
diff --git a/templates/front/email_settings_modal.html b/templates/front/filtering_rules_modal.html
similarity index 50%
rename from templates/front/email_settings_modal.html
rename to templates/front/filtering_rules_modal.html
index 8319dd39..e6576669 100644
--- a/templates/front/email_settings_modal.html
+++ b/templates/front/filtering_rules_modal.html
@@ -1,18 +1,44 @@
 {% load hc_extras %}
 
-<div id="email-settings-modal" class="modal">
+<div id="filtering-rules-modal" class="modal">
     <div class="modal-dialog">
         <form
-            action="{% url 'hc-email-settings' check.code %}"
+            action="{% url 'hc-filtering-rules' check.code %}"
             class="form-horizontal"
             method="post">
             {% csrf_token %}
             <div class="modal-content">
                 <div class="modal-header">
-                    <button type="button" class="close" data-dismiss="modal">&times;</button>
-                    <h4 class="update-timeout-title">Inbound Email Settings</h4>
+                    <h4>Filtering Rules</h4>
                 </div>
                 <div class="modal-body">
+                    <p>Allowed request methods for HTTP requests:</p>
+                    <label class="radio-container">
+                        <input
+                            type="radio"
+                            name="methods"
+                            value=""
+                            {% if check.methods == "" %} checked {% endif %}>
+                        <span class="radiomark"></span>
+                        HEAD, GET, POST, PUT
+                    </label>
+                    <label class="radio-container">
+                        <input
+                            type="radio"
+                            name="methods"
+                            value="POST"
+                            {% if check.methods == "POST" %} checked {% endif %}>
+                        <span class="radiomark"></span>
+                        Only POST
+                        <span class="help-block">
+                            If set, {% site_name %} will ignore HTTP requests
+                            using any other request method.
+                        </span>
+                    </label>
+                </div>
+
+                <div class="modal-body">
+                    <p>Filtering of Inbound Email Messages</p>
                     <div class="form-group">
                         <label for="update-name-input" class="col-sm-4 control-label">
                             Subject Must Contain