nielsperetzke
/
healthchecks
1
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 32 Wiki Activity
Browse Source

Remove mentions of "whitelist"

pull/419/head
Pēteris Caune 4 years ago
parent
b2a1c0d343
commit
e424176a1f
No known key found for this signature in database GPG Key ID: E28D7679E9A9EDE2
2 changed files with 7 additions and 11 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +6
    -10
      hc/accounts/views.py
  2. +1
    -1
      hc/api/tests/test_create_check.py

+ 6
- 10
hc/accounts/views.py View File

@ -11,11 +11,7 @@ from django.contrib.auth import authenticate
from django.contrib.auth.decorators import login_required
from django.contrib.auth.models import User
from django.core import signing
from django.http import (
HttpResponseForbidden,
HttpResponseBadRequest,
HttpResponseNotFound,
)
from django.http import HttpResponseForbidden, HttpResponseBadRequest
from django.shortcuts import get_object_or_404, redirect, render
from django.utils.timezone import now
from django.urls import resolve, Resolver404
@ -27,7 +23,7 @@ from hc.api.models import Channel, Check, TokenBucket
from hc.lib.date import choose_next_report_date
from hc.payments.models import Subscription
NEXT_WHITELIST = (
POST_LOGIN_ROUTES = (
"hc-checks",
"hc-details",
"hc-log",
@ -39,7 +35,7 @@ NEXT_WHITELIST = (
)
def _is_whitelisted(redirect_url):
def _allow_redirect(redirect_url):
if not redirect_url:
return False
@ -49,7 +45,7 @@ def _is_whitelisted(redirect_url):
except Resolver404:
return False
return match.url_name in NEXT_WHITELIST
return match.url_name in POST_LOGIN_ROUTES
def _make_user(email, with_project=True):
@ -86,7 +82,7 @@ def _redirect_after_login(request):
""" Redirect to the URL indicated in ?next= query parameter. """
redirect_url = request.GET.get("next")
if _is_whitelisted(redirect_url):
if _allow_redirect(redirect_url):
return redirect(redirect_url)
if request.user.project_set.count() == 1:
@ -111,7 +107,7 @@ def login(request):
magic_form = forms.EmailLoginForm(request.POST)
if magic_form.is_valid():
redirect_url = request.GET.get("next")
if not _is_whitelisted(redirect_url):
if not _allow_redirect(redirect_url):
redirect_url = None
profile = Profile.objects.for_user(magic_form.user)


+ 1
- 1
hc/api/tests/test_create_check.py View File

@ -149,7 +149,7 @@ class CreateCheckTestCase(BaseTestCase):
expected_fragment="name is too long",
)
def test_unique_accepts_only_whitelisted_values(self):
def test_unique_accepts_only_specific_values(self):
self.post(
{"api_key": "X" * 32, "name": "Foo", "unique": ["status"]},
expected_fragment="unexpected value",


Write Preview
Loading…
Cancel
Save