From 11bb2a8dbfb03f3f90d10f106c1a43168f2e9f5d Mon Sep 17 00:00:00 2001
From: Valentin Deniaud <vdeniaud@entrouvert.com>
Date: Mon, 6 Jan 2020 17:08:56 +0100
Subject: [PATCH] environment: add network checks on service url (#35341)

---
 hobo/environment/forms.py                    |  6 +++++
 hobo/environment/management/commands/cook.py | 13 +++++------
 hobo/environment/validators.py               | 20 +++++++++++++++++
 tests/test_environment.py                    | 23 +++++++++++++++++++-
 4 files changed, 54 insertions(+), 8 deletions(-)
 create mode 100644 hobo/environment/validators.py

diff --git a/hobo/environment/forms.py b/hobo/environment/forms.py
index b07a8a3..afc0e08 100644
--- a/hobo/environment/forms.py
+++ b/hobo/environment/forms.py
@@ -25,6 +25,7 @@ from django.utils.translation import ugettext_lazy as _
 from .models import (Authentic, Wcs, Passerelle, Variable, Combo, Fargo, Welco,
                      MandayeJS, Chrono, Corbo, BiJoe, Hobo)
 from .utils import get_variable
+from .validators import validate_service_url
 
 EXCLUDED_FIELDS = ('last_operational_check_timestamp',
                    'last_operational_success_timestamp', 'secret_key',
@@ -60,6 +61,11 @@ class BaseForm(forms.ModelForm):
         service_id = self.Meta.model.Extra.service_id
         return settings.SERVICE_TEMPLATES.get(service_id, [])
 
+    def clean_base_url(self):
+        url = self.cleaned_data['base_url']
+        validate_service_url(url)
+        return url
+
     def save(self, commit=True):
         if not self.instance.slug:
             base_slug = slugify(self.instance.title)
diff --git a/hobo/environment/management/commands/cook.py b/hobo/environment/management/commands/cook.py
index 0776748..a63b7e7 100644
--- a/hobo/environment/management/commands/cook.py
+++ b/hobo/environment/management/commands/cook.py
@@ -37,7 +37,8 @@ from hobo.agent.common.management.commands.hobo_deploy import (
 from hobo.multitenant.middleware import TenantMiddleware
 from hobo.environment.models import (AVAILABLE_SERVICES, Authentic, Wcs, Hobo,
         Passerelle, Combo, Fargo, Welco, MandayeJS, Chrono, Corbo, BiJoe,
-        Variable, ServiceBase)
+        Variable)
+from hobo.environment.validators import validate_service_url
 from hobo.deploy.signals import notify_agents
 from hobo.theme.utils import set_theme
 from hobo.profile.models import AttributeDefinition
@@ -298,9 +299,7 @@ class Command(BaseCommand):
         if not hasattr(self, action.replace('-', '_')):
             raise CommandError('Error: Unknown action %s' % action)
         if 'url' in action_args.keys():
-            url = action_args['url']
-            service = ServiceBase(title='dummy', base_url=url)
-            if not service.is_resolvable():
-                raise CommandError('Error: %s is not resolvable' % url)
-            if not service.has_valid_certificate():
-                raise CommandError('Error: %s has no valid certificate' % url)
+            try:
+                validate_service_url(action_args['url'])
+            except ValidationError as e:
+                raise CommandError(e)
diff --git a/hobo/environment/validators.py b/hobo/environment/validators.py
new file mode 100644
index 0000000..0853d97
--- /dev/null
+++ b/hobo/environment/validators.py
@@ -0,0 +1,20 @@
+from django.core.exceptions import ValidationError
+from django.utils.translation import gettext_lazy as _
+
+from hobo.environment.models import ServiceBase
+
+
+def validate_service_url(url):
+    service = ServiceBase(title='dummy', base_url=url)
+    if not service.is_resolvable():
+        raise ValidationError(
+            _('Error: %(url)s is not resolvable'),
+            code='not-resolvable',
+            params={'url': url}
+        )
+    if not service.has_valid_certificate():
+        raise ValidationError(
+            _('Error: %(url)s has no valid certificate'),
+            code='invalid-certificate',
+            params={'url': url}
+        )
diff --git a/tests/test_environment.py b/tests/test_environment.py
index bd26942..a66812f 100644
--- a/tests/test_environment.py
+++ b/tests/test_environment.py
@@ -5,7 +5,7 @@ from django.contrib.auth.models import User
 from django.core.exceptions import ValidationError
 from django.utils import timezone
 
-from hobo.environment.models import AVAILABLE_SERVICES, Combo, Passerelle
+from hobo.environment.models import AVAILABLE_SERVICES, Combo, Passerelle, ServiceBase
 
 pytestmark = pytest.mark.django_db
 
@@ -84,3 +84,24 @@ def test_service_creation_filling(app, admin_user, monkeypatch):
     app = login(app)
     response = app.get('/sites/new-combo')
     assert 'value="http://portal-test.example.net"' in response.text
+
+
+def test_service_creation_url_validation(app, admin_user, monkeypatch):
+    app = login(app)
+    response = app.get('/sites/new-combo')
+    form = response.form
+    form['title'] = "test"
+    form['base_url'] = "http://portal-test.example.net"
+    response = form.submit()
+    assert 'not resolvable' in response
+
+    monkeypatch.setattr(ServiceBase, 'is_resolvable', lambda x: True)
+    form = response.form
+    response = form.submit()
+    assert 'no valid certificate' in response
+
+    assert not Combo.objects.exists()
+    monkeypatch.setattr(ServiceBase, 'has_valid_certificate', lambda x: True)
+    form = response.form
+    response = form.submit()
+    assert Combo.objects.exists()
-- 
2.20.1