On 12/11/2012 09:27 AM, Martin Kosek wrote:
On 12/11/2012 09:24 AM, Lynn Root wrote:
The following raises ACIError because of failed authorization check, I think
its ok.

RequirementError is only thrown when a command option that is required is not
passed by the user. I am not fond of expanding its use to the validation of
user content, like CSR file.

NotFound error is used when an _entry_ is not found - so not an ideal candidate
either for this case.

IMHO, ValidationError is fine for this situation - but maybe somebody else may
have other opinion...

Martin
I assume no one is up in arms about electing to go for ValidationError :)

New patch attached.  Thanks for your help, Martin!

This is better. Though this raise statement would raise a different exception
that one would expect...

from ipalib import errors, _
raise errors.ValidationError(info=_("No hostname was found in subject of
request"))
Traceback (most recent call last):
   File "<stdin>", line 1, in <module>
   File "ipalib/errors.py", line 268, in __init__
     self.msg = self.format % kw
KeyError: 'name'

Martin
Try #3: added 'name' and 'error' parameters to ValidationError. Thanks again, Martin!

--
Lynn Root

@roguelynn
Associate Software Engineer
Red Hat, Inc

>From 9f4272276d945ef5bade4a0ede0263b311a331c3 Mon Sep 17 00:00:00 2001
From: Lynn Root <lr...@redhat.com>
Date: Mon, 10 Dec 2012 09:13:13 -0500
Subject: [PATCH] Raise ValidationError when CSR does not have a subject
 hostname

Raise ValidationError when CSR does not have a subject hostname.

Ticket: https://fedorahosted.org/freeipa/ticket/3123
---
 ipalib/plugins/cert.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/ipalib/plugins/cert.py b/ipalib/plugins/cert.py
index c4bbf8215341d1fdbf8b84cf70ee7ebd8e2b96c4..3aa01621dbb519a2f0f671a8df2489c03faa6f34 100644
--- a/ipalib/plugins/cert.py
+++ b/ipalib/plugins/cert.py
@@ -296,6 +296,10 @@ class cert_request(VirtualCommand):
 
         # Ensure that the hostname in the CSR matches the principal
         subject_host = get_csr_hostname(csr)
+        if not subject_host:
+            raise errors.ValidationError(name='csr',
+                error=_("No hostname was found in subject of request."))
+
         (servicename, hostname, realm) = split_principal(principal)
         if subject_host.lower() != hostname.lower():
             raise errors.ACIError(
-- 
1.8.0.1

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to