project: Fixes issue handling project names with URI encodable characters

tomponline on Github Wed, 14 Aug 2019 06:57:23 -0700

The following pull request was submitted through Github.
It can be accessed and reviewed at: https://github.com/lxc/lxd/pull/6081


This e-mail was sent by the LXC bot, direct replies will not reach the author
unless they happen to be subscribed to this list.

=== Description (from pull-request) ===
It was possible to do:

`lxc project create "test project"`

But one could not then do:

`lxc project delete "test project"`

As the project name was encoded on the URL as "test+project", but was not decoded when being passed to the database query.

Signed-off-by: Thomas Parrott <thomas.parr...@canonical.com>

From ce3c6581b0fd4c8e39e3da34087624c7434a7fff Mon Sep 17 00:00:00 2001
From: Thomas Parrott <thomas.parr...@canonical.com>
Date: Wed, 14 Aug 2019 14:54:37 +0100
Subject: [PATCH] api/project: Fixes issue with handling project names with URI
 encodable characters in

Signed-off-by: Thomas Parrott <thomas.parr...@canonical.com>
---
 lxd/api_project.go | 37 +++++++++++++++++++++++++++----------
 1 file changed, 27 insertions(+), 10 deletions(-)

diff --git a/lxd/api_project.go b/lxd/api_project.go
index bcac34b722..083ad3db6d 100644
--- a/lxd/api_project.go
+++ b/lxd/api_project.go
@@ -6,6 +6,7 @@ import (
        "fmt"
        "io/ioutil"
        "net/http"
+       "net/url"
        "strings"
 
        "github.com/gorilla/mux"
@@ -15,6 +16,7 @@ import (
        "github.com/lxc/lxd/lxd/device/config"
        "github.com/lxc/lxd/lxd/util"
        "github.com/lxc/lxd/shared"
+
        "github.com/lxc/lxd/shared/api"
        "github.com/lxc/lxd/shared/version"
 )
@@ -178,7 +180,10 @@ func projectCreateDefaultProfile(tx *db.ClusterTx, project 
string) error {
 }
 
 func projectGet(d *Daemon, r *http.Request) Response {
-       name := mux.Vars(r)["name"]
+       name, err := url.QueryUnescape(mux.Vars(r)["name"])
+       if err != nil {
+               return SmartError(err)
+       }
 
        // Check user permissions
        if !d.userHasPermission(r, name, "view") {
@@ -187,7 +192,7 @@ func projectGet(d *Daemon, r *http.Request) Response {
 
        // Get the database entry
        var project *api.Project
-       err := d.cluster.Transaction(func(tx *db.ClusterTx) error {
+       err = d.cluster.Transaction(func(tx *db.ClusterTx) error {
                var err error
                project, err = tx.ProjectGet(name)
                return err
@@ -206,7 +211,10 @@ func projectGet(d *Daemon, r *http.Request) Response {
 }
 
 func projectPut(d *Daemon, r *http.Request) Response {
-       name := mux.Vars(r)["name"]
+       name, err := url.QueryUnescape(mux.Vars(r)["name"])
+       if err != nil {
+               return SmartError(err)
+       }
 
        // Check user permissions
        if !d.userHasPermission(r, name, "manage-projects") {
@@ -215,7 +223,7 @@ func projectPut(d *Daemon, r *http.Request) Response {
 
        // Get the current data
        var project *api.Project
-       err := d.cluster.Transaction(func(tx *db.ClusterTx) error {
+       err = d.cluster.Transaction(func(tx *db.ClusterTx) error {
                var err error
                project, err = tx.ProjectGet(name)
                return err
@@ -247,7 +255,10 @@ func projectPut(d *Daemon, r *http.Request) Response {
 }
 
 func projectPatch(d *Daemon, r *http.Request) Response {
-       name := mux.Vars(r)["name"]
+       name, err := url.QueryUnescape(mux.Vars(r)["name"])
+       if err != nil {
+               return SmartError(err)
+       }
 
        // Check user permissions
        if !d.userHasPermission(r, name, "manage-projects") {
@@ -256,7 +267,7 @@ func projectPatch(d *Daemon, r *http.Request) Response {
 
        // Get the current data
        var project *api.Project
-       err := d.cluster.Transaction(func(tx *db.ClusterTx) error {
+       err = d.cluster.Transaction(func(tx *db.ClusterTx) error {
                var err error
                project, err = tx.ProjectGet(name)
                return err
@@ -367,12 +378,15 @@ func projectChange(d *Daemon, project *api.Project, req 
api.ProjectPut) Response
 }
 
 func projectPost(d *Daemon, r *http.Request) Response {
-       name := mux.Vars(r)["name"]
+       name, err := url.QueryUnescape(mux.Vars(r)["name"])
+       if err != nil {
+               return SmartError(err)
+       }
 
        // Parse the request
        req := api.ProjectPost{}
 
-       err := json.NewDecoder(r.Body).Decode(&req)
+       err = json.NewDecoder(r.Body).Decode(&req)
        if err != nil {
                return BadRequest(err)
        }
@@ -434,7 +448,10 @@ func projectPost(d *Daemon, r *http.Request) Response {
 }
 
 func projectDelete(d *Daemon, r *http.Request) Response {
-       name := mux.Vars(r)["name"]
+       name, err := url.QueryUnescape(mux.Vars(r)["name"])
+       if err != nil {
+               return SmartError(err)
+       }
 
        // Sanity checks
        if name == "default" {
@@ -442,7 +459,7 @@ func projectDelete(d *Daemon, r *http.Request) Response {
        }
 
        var id int64
-       err := d.cluster.Transaction(func(tx *db.ClusterTx) error {
+       err = d.cluster.Transaction(func(tx *db.ClusterTx) error {
                project, err := tx.ProjectGet(name)
                if err != nil {
                        return errors.Wrapf(err, "Fetch project %q", name)

_______________________________________________
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel

[lxc-devel] [lxd/master] api/project: Fixes issue handling project names with URI encodable characters

Reply via email to