From c394b85a23711206a83ac419f3cf2bc1c79d904e Mon Sep 17 00:00:00 2001 From: Valentin Deniaud Date: Thu, 28 Oct 2021 16:48:35 +0200 Subject: [PATCH] authentic2_auth_oidc: add template syntax check to claim (#58024) --- src/authentic2/utils/template.py | 8 ++++++++ .../migrations/0007_auto_20200317_1732.py | 6 +++++- src/authentic2_auth_oidc/models.py | 3 ++- 3 files changed, 15 insertions(+), 2 deletions(-) diff --git a/src/authentic2/utils/template.py b/src/authentic2/utils/template.py index c6ce2420..e63adf6c 100644 --- a/src/authentic2/utils/template.py +++ b/src/authentic2/utils/template.py @@ -14,6 +14,7 @@ # You should have received a copy of the GNU Affero General Public License # along with this program. If not, see . +from django.core.exceptions import ValidationError from django.template import TemplateSyntaxError, VariableDoesNotExist, engines from django.utils.encoding import force_str from django.utils.translation import ugettext_lazy as _ @@ -52,3 +53,10 @@ class Template: def null_render(self, context=None): return str(self.value) + + +def validate_template(value): + try: + Template(value, raises=True) + except TemplateError as e: + raise ValidationError('%s' % e) diff --git a/src/authentic2_auth_oidc/migrations/0007_auto_20200317_1732.py b/src/authentic2_auth_oidc/migrations/0007_auto_20200317_1732.py index 13d6a113..9632a603 100644 --- a/src/authentic2_auth_oidc/migrations/0007_auto_20200317_1732.py +++ b/src/authentic2_auth_oidc/migrations/0007_auto_20200317_1732.py @@ -2,6 +2,8 @@ from django.db import migrations, models +import authentic2.utils.template + class Migration(migrations.Migration): @@ -13,6 +15,8 @@ class Migration(migrations.Migration): migrations.AlterField( model_name='oidcclaimmapping', name='claim', - field=models.CharField(max_length=128, verbose_name='claim'), + field=models.CharField( + max_length=128, verbose_name='claim', validators=[authentic2.utils.template.validate_template] + ), ), ] diff --git a/src/authentic2_auth_oidc/models.py b/src/authentic2_auth_oidc/models.py index 7109f445..5de202ca 100644 --- a/src/authentic2_auth_oidc/models.py +++ b/src/authentic2_auth_oidc/models.py @@ -24,6 +24,7 @@ from django.db import models from django.utils.translation import ugettext_lazy as _ from jwcrypto.jwk import InvalidJWKValue, JWKSet +from authentic2.utils.template import validate_template from django_rbac.utils import get_ou_model_name from . import managers @@ -146,7 +147,7 @@ class OIDCClaimMapping(models.Model): provider = models.ForeignKey( to='OIDCProvider', verbose_name=_('provider'), related_name='claim_mappings', on_delete=models.CASCADE ) - claim = models.CharField(max_length=128, verbose_name=_('claim')) + claim = models.CharField(max_length=128, verbose_name=_('claim'), validators=[validate_template]) attribute = models.CharField(max_length=64, verbose_name=_('attribute')) verified = models.PositiveIntegerField( default=NOT_VERIFIED, choices=VERIFIED_CHOICES, verbose_name=_('verified') -- 2.30.2