Canonical SSO provider

Merge lp:~deadlight/canonical-identity-provider/ssh-form into lp:canonical-identity-provider/release

  1. ssh-form
  2. Merge into trunk
Proposed by Karl Williams
Status: Merged
Approved by: Daniel Manrique
Approved revision: no longer in the source branch.
Merge reported by: Otto Co-Pilot
Merged at revision: not available
Proposed branch: lp:~deadlight/canonical-identity-provider/ssh-form
Merge into: lp:canonical-identity-provider/release
Diff against target: 163 lines (+54/-53)
3 files modified
src/webui/forms.py (+15/-32)
src/webui/templates/account/ssh_keys.html (+19/-19)
src/webui/tests/test_forms.py (+20/-2)
To merge this branch: bzr merge lp:~deadlight/canonical-identity-provider/ssh-form
Reviewer Review Type Date Requested Status
Daniel Manrique (community) Approve
Anthony Dillon (community) Approve
Maximiliano Bertacchini Approve
Review via email: mp+377940@code.launchpad.net

Commit message

Fixed the display bug on the SSH key form.

Modified the data passed to the form and removed the full HTML generation in favour of explicit validation of the data fields.

Description of the change

Fixed the display bug on the SSH key form.

Modified the data passed to the form and removed the full HTML generation in favour of explicit validation of the data fields.

QA:

To test, you can fake the SSH behaviour of the live app by applying this patch: https://code.launchpad.net/~maxiberta/canonical-identity-provider/vanilla-sshkeys-debug/+merge/377722

To post a comment you must log in.
Revision history for this message
Karl Williams (deadlight) wrote :

Fixes 1859194

Revision history for this message
Maximiliano Bertacchini (maxiberta) wrote :

Sorry, didn't seem to work locally. Maybe am I missing something? Check inline for suggested fixes.
Please let me know if I can help.
Thanks!

review: Needs Fixing
Revision history for this message
Karl Williams (deadlight) wrote :

> Sorry, didn't seem to work locally. Maybe am I missing something? Check inline
> for suggested fixes.
> Please let me know if I can help.
> Thanks!

Yeah, thanks for the feedback. I made some changes to the template and neglected to revert them when I changed my plan with the python. I'll rework it.

Revision history for this message
Karl Williams (deadlight) :
Revision history for this message
Karl Williams (deadlight) wrote :

This is now ready for re-review.

Revision history for this message
Maximiliano Bertacchini (maxiberta) wrote :

Looks good to me, thanks +1.

review: Approve
Revision history for this message
Anthony Dillon (ya-bo-ng) wrote :

LGTM thanks +1

review: Approve
Revision history for this message
Daniel Manrique (roadmr) wrote :

The status had been set to merged in error apparently :/ I set to approved now, let the bot do its job.

Revision history for this message
Otto Co-Pilot (otto-copilot) wrote :

A commit message must be set
https://jenkins.ols.canonical.com/online-services/job/canonical-identity-provider/276/

Revision history for this message
Daniel Manrique (roadmr) wrote :

I hate you jenkins

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
=== modified file 'src/webui/forms.py'
--- src/webui/forms.py 2018-07-19 15:46:28 +0000
+++ src/webui/forms.py 2020-01-27 16:55:59 +0000
@@ -5,7 +5,7 @@
5import unicodedata5import unicodedata
66
7from django import forms7from django import forms
8from django.utils.html import escape, format_html8from django.utils.html import escape
9from django.utils.translation import ugettext_lazy as _9from django.utils.translation import ugettext_lazy as _
1010
11from webservices.launchpad import (11from webservices.launchpad import (
@@ -83,7 +83,7 @@
8383
8484
85def format_ssh_key(ssh_key):85def format_ssh_key(ssh_key):
86 """Decide how to display 'ssh_key'.86 """Parse and split 'ssh_key'.
8787
88 SSH keys are freeform text, so users absolutely *will* try and add keys88 SSH keys are freeform text, so users absolutely *will* try and add keys
89 that contain javascript, so we need to make sure they're escaped when89 that contain javascript, so we need to make sure they're escaped when
@@ -96,37 +96,20 @@
96 # valid ssh key format. However, we need to exercise this code path96 # valid ssh key format. However, we need to exercise this code path
97 # in tests to ensure that users malicously POST'ing bad key formats97 # in tests to ensure that users malicously POST'ing bad key formats
98 # will get a ValidationError.98 # will get a ValidationError.
99 # Just return the escaped data - this will never be run in production:99 # This should never happen in production but it returns a valid dict:
100 return format_html(100 ssh_key_info = dict()
101 '<label>Bad Key Data: <span>{key}</span></label>',101 ssh_key_info['ssh_key'] = ssh_key
102 key=escape(ssh_key))102 ssh_key_info['label'] = "Invalid key"
103 ssh_key_info['type'] = "Invalid key"
104 ssh_key_info['text'] = escape(ssh_key)
105 return ssh_key_info
103 else:106 else:
104 return format_html(107 ssh_key_info = dict()
105 u'<div class="key-display">'108 ssh_key_info['ssh_key'] = escape(ssh_key)
106 u' <h4>{comment}</h4> '109 ssh_key_info['label'] = escape(comment)
107 u' <ul>'110 ssh_key_info['type'] = escape(key_type)
108 u' <li>'111 ssh_key_info['text'] = escape(key_text)
109 u' <dl>'112 return ssh_key_info
110 u' <dt>{key_type_label}</dt>'
111 u' <dd>{key_type}</dt>'
112 u' </dl>'
113 u' </li>'
114 u' <li>'
115 u' <dl>'
116 u' <dt>{key_text_label}</dt>'
117 u' <dd class="key-text">'
118 u' <a href="#">{key_text}</a>'
119 u' </dt>'
120 u' </dl>'
121 u' </li>'
122 u' </ul>'
123 u'</div>',
124 comment=comment,
125 key_type_label=_("Type: "),
126 key_type=key_type,
127 key_text_label=_("Text: "),
128 key_text=key_text,
129 )
130113
131114
132class DeleteSSHKeyForm(forms.Form):115class DeleteSSHKeyForm(forms.Form):
133116
=== modified file 'src/webui/templates/account/ssh_keys.html'
--- src/webui/templates/account/ssh_keys.html 2020-01-22 12:52:26 +0000
+++ src/webui/templates/account/ssh_keys.html 2020-01-27 16:55:59 +0000
@@ -17,27 +17,27 @@
17 {% if delete_key_form.fields.ssh_keys.choices %}17 {% if delete_key_form.fields.ssh_keys.choices %}
18 <section class="delete-ssh-keys">18 <section class="delete-ssh-keys">
19 <form action="" method="POST">19 <form action="" method="POST">
20 <ul class="p-list--divided">20 <ul class="p-list--divided">
21 {% csrf_token %}21 {% csrf_token %}
22 {% for value, key_info in delete_key_form.fields.ssh_keys.choices %}22 {% for value, key_info in delete_key_form.fields.ssh_keys.choices %}
23 <li class="p-list__item">23 <li class="p-list__item">
24 <input id="id_ssh_keys_{{ forloop.counter0 }}" name="ssh_keys" type="checkbox" value="{{ value }}"><label for="id_ssh_keys_{{ forloop.counter0 }}">{{ key_info.label }}</label>24 <input id="id_ssh_keys_{{ forloop.counter0 }}" name="ssh_keys" type="checkbox" value="{{ value }}"><label for="id_ssh_keys_{{ forloop.counter0 }}">{{ key_info.label }}</label>
25 <aside class="p-accordion" role="tablist" aria-multiselect="true">25 <aside class="p-accordion" role="tablist" aria-multiselect="true">
26 <ul class="p-accordion__list" style="margin-bottom: 0;">26 <ul class="p-accordion__list" style="margin-bottom: 0;">
27 <li class="p-accordion__group">27 <li class="p-accordion__group">
28 <button type="button" class="p-accordion__tab" id="tab{{ forloop.counter0 }}" role="tab" aria-controls="#tab{{ forloop.counter0 }}-section" aria-expanded="false">{% trans "Key details" %}</button>28 <button type="button" class="p-accordion__tab" id="tab{{ forloop.counter0 }}" role="tab" aria-controls="#tab{{ forloop.counter0 }}-section" aria-expanded="false">{% trans "Key details" %}</button>
29 <section class="p-accordion__panel" id="tab{{ forloop.counter0 }}-section" role="tabpanel" aria-hidden="true" aria-labelledby="tab{{ forloop.counter0 }}-section">29 <section class="p-accordion__panel" id="tab{{ forloop.counter0 }}-section" role="tabpanel" aria-hidden="true" aria-labelledby="tab{{ forloop.counter0 }}-section">
30 <dl>30 <dl>
31 <dt>Type</dt>31 <dt>Type</dt>
32 <dd>{{ key_info.type }}</dd>32 <dd>{{ key_info.type }}</dd>
33 <dt>Text</dt>33 <dt>Text</dt>
34 <dd><code>{{ key_info.text }}</code></dd>34 <dd><code>{{ key_info.text }}</code></dd>
35 </dl>35 </dl>
36 </section>36 </section>
37 </li>37 </li>
38 </ul>38 </ul>
39 </aside>39 </aside>
40 </li>40 </li>
41 {% endfor %}41 {% endfor %}
42 </ul>42 </ul>
43 <input class="p-button--negative" type="submit" name="delete_keys" value="{% trans "Delete selected keys" %}"/>43 <input class="p-button--negative" type="submit" name="delete_keys" value="{% trans "Delete selected keys" %}"/>
4444
=== modified file 'src/webui/tests/test_forms.py'
--- src/webui/tests/test_forms.py 2018-07-19 16:05:43 +0000
+++ src/webui/tests/test_forms.py 2020-01-27 16:55:59 +0000
@@ -250,7 +250,19 @@
250 self.assertNotIn(bad_content, formatted_key)250 self.assertNotIn(bad_content, formatted_key)
251 self.assertIn(251 self.assertIn(
252 '&lt;script&gt;window.alert(&quot;boo!&quot;);&lt;/script&gt;',252 '&lt;script&gt;window.alert(&quot;boo!&quot;);&lt;/script&gt;',
253 formatted_key253 formatted_key['text']
254 )
255 self.assertIn(
256 '&lt;script&gt;window.alert(&quot;boo!&quot;);&lt;/script&gt;',
257 formatted_key['label']
258 )
259 self.assertIn(
260 '&lt;script&gt;window.alert(&quot;boo!&quot;);&lt;/script&gt;',
261 formatted_key['type']
262 )
263 self.assertIn(
264 '&lt;script&gt;window.alert(&quot;boo!&quot;);&lt;/script&gt;',
265 formatted_key['ssh_key']
254 )266 )
255267
256 def test_unicode(self):268 def test_unicode(self):
@@ -258,7 +270,13 @@
258 # previously this would raise UnicodeDecodeError. Now it works as270 # previously this would raise UnicodeDecodeError. Now it works as
259 # expected.271 # expected.
260 formatted_key = format_ssh_key(keytext)272 formatted_key = format_ssh_key(keytext)
261 self.assertIn('¿ʇuǝɯɯoɔ', formatted_key)273 self.assertIn('¿ʇuǝɯɯoɔ', formatted_key['label'])
274
275 def test_invalid_keys(self):
276 invalid_key_text = "INVALID"
277 formatted_key = format_ssh_key(invalid_key_text)
278 self.assertIn(invalid_key_text, formatted_key['ssh_key'])
279 self.assertIn('Invalid key', formatted_key['label'])
262280
263281
264class DeleteSSHKeyFormTestCase(SSOBaseTestCase):282class DeleteSSHKeyFormTestCase(SSOBaseTestCase):