Commit f6bccb57 authored by Giorgos Korfiatis's avatar Giorgos Korfiatis

astakos: Restrict project naming in API call

Use the same regex as in the UI, which matches domain-name-like strings.
parent 6b9f1b3f
......@@ -31,6 +31,7 @@
# interpreted as representing official policies, either expressed
# or implied, of GRNET S.A.
import re
from django.utils import simplejson as json
from django.views.decorators.csrf import csrf_exempt
from django.http import HttpResponse
......@@ -362,6 +363,15 @@ def _get_maybe_string(d, key):
return value
DOMAIN_VALUE_REGEX = re.compile(
r'^([a-zA-Z0-9]([a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])?\.)+[a-zA-Z]{2,6}$',
re.IGNORECASE)
def valid_project_name(name):
return DOMAIN_VALUE_REGEX.match(name) is not None
def submit_application(app_data, user, project_id=None):
uuid = app_data.get("owner")
if uuid is None:
......@@ -377,6 +387,9 @@ def submit_application(app_data, user, project_id=None):
except KeyError:
raise faults.BadRequest("Name missing.")
if not valid_project_name(name):
raise faults.BadRequest("Project name should be in domain format")
join_policy = app_data.get("join_policy", "moderated")
try:
join_policy = MEMBERSHIP_POLICY[join_policy]
......
......@@ -557,6 +557,10 @@ class ProjectAPITest(TestCase):
status, body = self.create(ap, h_owner)
self.assertEqual(status, 201)
ap["name"] = "non_domain_name"
status, body = self.create(ap, h_owner)
self.assertEqual(status, 400)
filters = {"filter": {"state": "nonex"}}
req = {"body": json.dumps(filters)}
r = client.get(reverse("api_projects"), req, **h_owner)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment