This is an automated email from the ASF dual-hosted git repository.
amagyar pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ambari.git
The following commit(s) were added to refs/heads/trunk by this push:
new 7a318d9 [AMBARI-23334] Using the proper regular expression to
validate SSO provider URL (#760)
7a318d9 is described below
commit 7a318d95d7c142dbfd10eb4c26c2cb2d8ad89c1f
Author: smolnar82 <[email protected]>
AuthorDate: Wed Mar 28 18:32:37 2018 +0200
[AMBARI-23334] Using the proper regular expression to validate SSO provider
URL (#760)
* AMBARI-23334. Using the proper regular expression to validate SSO
provider URL
* AMBARI-23334. Changing re.search to re.match to enforce proper
sso-provider-url setup
---
.../src/main/python/ambari_server/setupSso.py | 10 ++++++----
ambari-server/src/test/python/TestSetupSso.py | 18 +++++++++++++++++-
2 files changed, 23 insertions(+), 5 deletions(-)
diff --git a/ambari-server/src/main/python/ambari_server/setupSso.py
b/ambari-server/src/main/python/ambari_server/setupSso.py
index d065849..dc97f22 100644
--- a/ambari-server/src/main/python/ambari_server/setupSso.py
+++ b/ambari-server/src/main/python/ambari_server/setupSso.py
@@ -30,7 +30,7 @@ from ambari_commons.exceptions import FatalException,
NonFatalException
from ambari_commons.logging_utils import get_silent, print_info_msg
from ambari_server.userInput import get_validated_string_input, get_YN_input,
get_multi_line_input
from ambari_server.serverUtils import is_server_runing,
get_ambari_server_api_base, get_ambari_admin_username_password_pair,
get_cluster_name, perform_changes_via_rest_api
-from ambari_server.setupSecurity import REGEX_HOSTNAME_PORT, REGEX_TRUE_FALSE
+from ambari_server.setupSecurity import REGEX_TRUE_FALSE
from ambari_server.serverConfiguration import get_ambari_properties,
get_value_from_properties, update_properties, \
store_password_file
from contextlib import closing
@@ -54,6 +54,8 @@ JWT_PUBLIC_KEY_FILENAME = "jwt-cert.pem"
JWT_PUBLIC_KEY_HEADER = "-----BEGIN CERTIFICATE-----\n"
JWT_PUBLIC_KEY_FOOTER = "\n-----END CERTIFICATE-----\n"
+REGEX_URL =
"http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+\S*$"
+
SSO_MANAGE_SERVICES = "ambari.sso.manage_services"
SSO_ENABLED_SERVICES = "ambari.sso.enabled_services"
WILDCARD_FOR_ALL_SERVICES = "*"
@@ -65,7 +67,7 @@ SETUP_SSO_CONFIG_URL =
'services/AMBARI/components/AMBARI_SERVER/configurations/
def validate_options(options):
errors = []
- if options.sso_enabled and not re.search(REGEX_TRUE_FALSE,
options.sso_enabled):
+ if options.sso_enabled and not re.match(REGEX_TRUE_FALSE,
options.sso_enabled):
errors.append("--sso-enabled should be to either 'true' or 'false'")
if options.sso_enabled == 'true':
@@ -73,7 +75,7 @@ def validate_options(options):
errors.append("Missing option: --sso-provider-url")
if not options.sso_public_cert_file:
errors.append("Missing option: --sso-public-cert-file")
- if options.sso_provider_url and not re.search(REGEX_HOSTNAME_PORT,
options.sso_provider_url):
+ if options.sso_provider_url and not re.match(REGEX_URL,
options.sso_provider_url):
errors.append("Invalid --sso-provider-url")
if len(errors) > 0:
@@ -84,7 +86,7 @@ def validate_options(options):
def populate_sso_provider_url(options, properties):
if not options.sso_provider_url:
provider_url = get_value_from_properties(properties,
JWT_AUTH_PROVIDER_URL, JWT_AUTH_PROVIDER_URL_DEFAULT)
- provider_url = get_validated_string_input("Provider URL [URL]
({0}):".format(provider_url), provider_url, REGEX_HOSTNAME_PORT,
+ provider_url = get_validated_string_input("Provider URL [URL]
({0}):".format(provider_url), provider_url, REGEX_URL,
"Invalid provider URL", False)
else:
provider_url = options.sso_provider_url
diff --git a/ambari-server/src/test/python/TestSetupSso.py
b/ambari-server/src/test/python/TestSetupSso.py
index 8e7112c..53455a6 100644
--- a/ambari-server/src/test/python/TestSetupSso.py
+++ b/ambari-server/src/test/python/TestSetupSso.py
@@ -218,6 +218,22 @@ class TestSetupSso(unittest.TestCase):
self.assertTrue("Invalid --sso-provider-url" in e.reason)
pass
+ options.sso_provider_url = 'The SSO provider URL is
https://c7402.ambari.apache.org:8443/gateway/knoxsso/api/v1/websso'
+ try:
+ setup_sso(options)
+ self.fail("Should fail with fatal exception")
+ except FatalException as e:
+ self.assertTrue("Invalid --sso-provider-url" in e.reason)
+ pass
+
+ options.sso_provider_url =
'https://c7402.ambari.apache.org:8443/gateway/knoxsso/api/v1/websso is the SSO
provider URL'
+ try:
+ setup_sso(options)
+ self.fail("Should fail with fatal exception")
+ except FatalException as e:
+ self.assertTrue("Invalid --sso-provider-url" in e.reason)
+ pass
+
sys.stdout = sys.__stdout__
pass
@@ -242,7 +258,7 @@ class TestSetupSso(unittest.TestCase):
sso_enabled = 'true'
sso_enabled_services = 'Ambari, SERVICE1, SERVICE2'
- sso_provider_url = 'http://testHost:8080'
+ sso_provider_url =
'https://c7402.ambari.apache.org:8443/gateway/knoxsso/api/v1/websso'
sso_public_cert_file = '/test/file/path'
sso_jwt_cookie_name = 'test_cookie'
sso_jwt_audience_list = 'test, audience, list'
--
To stop receiving notification emails like this one, please contact
[email protected].
