Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fixes #36919 - Add URL validation to HTTP Proxy URL field. #9903

Merged
merged 1 commit into from
Jun 20, 2024

Conversation

chris1984
Copy link
Member

Before PR:
prproxybefore

After PR:
prproxy

To Test:

  • Apply PR
  • Create an HTTP Proxy with a nonfqdn value
  • Hit Test Connection

@lfu
Copy link
Contributor

lfu commented Nov 16, 2023

Could we have a clear error message, something like: Please enter a valid proxy URL.

@chris1984
Copy link
Member Author

@lfu PR updated, here is the new screenshot
prproxynew

@@ -34,6 +34,7 @@ class HttpProxy < ApplicationRecord

def full_url
uri = URI(url)
raise URI::InvalidURIError, _("Please enter a valid proxy URL.") unless uri.is_a?(URI::HTTP)
Copy link
Contributor

@lfu lfu Nov 16, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

raise URI::InvalidURIError, _("Please enter a valid proxy URL. ") if !uri.is_a?(URI::HTTP) || uri.host.nil?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the catch @lfu, updated it

@chris1984 chris1984 force-pushed the proxyurl-validate branch 2 times, most recently from 3297c33 to a18bf52 Compare November 17, 2023 16:05
Copy link
Member

@ekohl ekohl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If you raise an exception, you can't properly see it in the form. Normally we use valiations to display errors inline. In fact, we already have that:

validates :url, :format => { :with => /\Ahttps?:\/\// }, :presence => true

So why is this not working? Is the validation somehow skipped?

@ekohl
Copy link
Member

ekohl commented Nov 17, 2023

To a bit more guiding: I suspect that you can change this bit:

def test_connection
http_proxy = HttpProxy.new(http_proxy_params)
http_proxy.test_connection(params[:test_url])
render :json => {:status => 'success', :message => _("HTTP Proxy connection successful.")}, :status => :ok
rescue => e
render :json => {:status => 'failure', :message => e.message}, :status => :unprocessable_entity
end

To

  def test_connection
    http_proxy = HttpProxy.new(http_proxy_params)
    if http_proxy.invalid?
      # TODO: convert http_proxy.errors to some exception somehow
    end
    http_proxy.test_connection(params[:test_url])

    render :json => {:status => 'success', :message => _("HTTP Proxy connection successful.")}, :status => :ok
  rescue => e
    render :json => {:status => 'failure', :message => e.message}, :status => :unprocessable_entity
  end

See https://guides.rubyonrails.org/active_record_validations.html#valid-questionmark-and-invalid-questionmark & https://guides.rubyonrails.org/active_record_validations.html#validations-overview-errors as well

The main benefit is that you reuse the already existing validations. It may error out if the name is not specified though, which not be what you want.

@chris1984
Copy link
Member Author

To a bit more guiding: I suspect that you can change this bit:

def test_connection
http_proxy = HttpProxy.new(http_proxy_params)
http_proxy.test_connection(params[:test_url])
render :json => {:status => 'success', :message => _("HTTP Proxy connection successful.")}, :status => :ok
rescue => e
render :json => {:status => 'failure', :message => e.message}, :status => :unprocessable_entity
end

To

  def test_connection
    http_proxy = HttpProxy.new(http_proxy_params)
    if http_proxy.invalid?
      # TODO: convert http_proxy.errors to some exception somehow
    end
    http_proxy.test_connection(params[:test_url])

    render :json => {:status => 'success', :message => _("HTTP Proxy connection successful.")}, :status => :ok
  rescue => e
    render :json => {:status => 'failure', :message => e.message}, :status => :unprocessable_entity
  end

See https://guides.rubyonrails.org/active_record_validations.html#valid-questionmark-and-invalid-questionmark & https://guides.rubyonrails.org/active_record_validations.html#validations-overview-errors as well

The main benefit is that you reuse the already existing validations. It may error out if the name is not specified though, which not be what you want.

Ok will go with this approach

@chris1984
Copy link
Member Author

@lfu updated, @ekohl how does this look?

@chris1984
Copy link
Member Author

@ekohl when you get a chance can this one get a review, I have added tests.

@chris1984
Copy link
Member Author

@ekohl can this one get back on your radar to review? It should be a quick one and I did tests as you asked.

Copy link
Contributor

@ianballou ianballou left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Working well for me! I see the right error when I pass in an invalid proxy URL. The proxy test still works for valid proxies as well, and fails for invalid proxies with valid URLs.

@ianballou
Copy link
Contributor

@ekohl I'd like to merge this, but your previous change request is blocking it.

@ekohl ekohl merged commit 8a5b270 into theforeman:develop Jun 20, 2024
16 of 17 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants