Merge branch 'master' into notification-plugin-field-fix

2020-10-28 08:50:46 -07:00 · 2020-10-28 08:50:46 -07:00 · 13e8421c78
parent 56a4200d2c adca20ade1
commit 13e8421c78
6 changed files with 22 additions and 21 deletions
--- a/.travis.yml
+++ b/.travis.yml
@ -1,5 +1,5 @@
 language: python
-dist: xenial
+dist: bionic

 node_js:
  - "6.2.0"
--- a/lemur/certificates/service.py
+++ b/lemur/certificates/service.py
@ -560,20 +560,21 @@ def query_common_name(common_name, args):
    :return:
    """
    owner = args.pop("owner")
-    if not owner:
-        owner = "%"
-
    # only not expired certificates
    current_time = arrow.utcnow()

-    result = (
-        Certificate.query.filter(Certificate.cn.ilike(common_name))
-        .filter(Certificate.owner.ilike(owner))
-        .filter(Certificate.not_after >= current_time.format("YYYY-MM-DD"))
-        .all()
-    )
+    query = Certificate.query.filter(Certificate.not_after >= current_time.format("YYYY-MM-DD"))\
+        .filter(not_(Certificate.revoked))\
+        .filter(not_(Certificate.replaced.any()))  # ignore rotated certificates to avoid duplicates

-    return result
+    if owner:
+        query = query.filter(Certificate.owner.ilike(owner))
+
+    if common_name != "%":
+        # if common_name is a wildcard ('%'), no need to include it in the query
+        query = query.filter(Certificate.cn.ilike(common_name))
+
+    return query.all()


 def create_csr(**csr_config):
--- a/requirements-dev.txt
+++ b/requirements-dev.txt
@ -11,7 +11,7 @@ cffi==1.14.0              # via cryptography
 cfgv==3.1.0               # via pre-commit
 chardet==3.0.4            # via requests
 colorama==0.4.3           # via twine
-cryptography==3.1.1       # via secretstorage
+cryptography==3.2         # via secretstorage
 distlib==0.3.0            # via virtualenv
 docutils==0.16            # via readme-renderer
 filelock==3.0.12          # via virtualenv
--- a/requirements-docs.txt
+++ b/requirements-docs.txt
@ -17,8 +17,8 @@ bcrypt==3.1.7             # via -r requirements.txt, flask-bcrypt, paramiko
 beautifulsoup4==4.9.1     # via -r requirements.txt, cloudflare
 billiard==3.6.3.0         # via -r requirements.txt, celery
 blinker==1.4              # via -r requirements.txt, flask-mail, flask-principal, raven
-boto3==1.15.16            # via -r requirements.txt
-botocore==1.18.18         # via -r requirements.txt, boto3, s3transfer
+boto3==1.16.5             # via -r requirements.txt
+botocore==1.19.5          # via -r requirements.txt, boto3, s3transfer
 celery[redis]==4.4.2      # via -r requirements.txt
 certifi==2020.6.20        # via -r requirements.txt, requests
 certsrv==2.1.1            # via -r requirements.txt
@ -26,7 +26,7 @@ cffi==1.14.0              # via -r requirements.txt, bcrypt, cryptography, pynac
 chardet==3.0.4            # via -r requirements.txt, requests
 click==7.1.1              # via -r requirements.txt, flask
 cloudflare==2.8.13        # via -r requirements.txt
-cryptography==3.1.1       # via -r requirements.txt, acme, josepy, paramiko, pyopenssl, requests
+cryptography==3.2         # via -r requirements.txt, acme, josepy, paramiko, pyopenssl, requests
 dnspython3==1.15.0        # via -r requirements.txt
 dnspython==1.15.0         # via -r requirements.txt, dnspython3
 docutils==0.15.2          # via sphinx
--- a/requirements-tests.txt
+++ b/requirements-tests.txt
@ -10,16 +10,16 @@ aws-sam-translator==1.22.0  # via cfn-lint
 aws-xray-sdk==2.5.0       # via moto
 bandit==1.6.2             # via -r requirements-tests.in
 black==20.8b1             # via -r requirements-tests.in
-boto3==1.15.16            # via aws-sam-translator, moto
+boto3==1.16.5             # via aws-sam-translator, moto
 boto==2.49.0              # via moto
-botocore==1.18.18         # via aws-xray-sdk, boto3, moto, s3transfer
+botocore==1.19.5          # via aws-xray-sdk, boto3, moto, s3transfer
 certifi==2020.6.20        # via requests
 cffi==1.14.0              # via cryptography
 cfn-lint==0.29.5          # via moto
 chardet==3.0.4            # via requests
 click==7.1.2              # via black, flask
 coverage==5.3             # via -r requirements-tests.in
-cryptography==3.1.1       # via moto, python-jose, sshpubkeys
+cryptography==3.2         # via moto, python-jose, sshpubkeys
 decorator==4.4.2          # via networkx
 docker==4.2.0             # via moto
 ecdsa==0.14.1             # via moto, python-jose, sshpubkeys
--- a/requirements.txt
+++ b/requirements.txt
@ -15,8 +15,8 @@ bcrypt==3.1.7             # via flask-bcrypt, paramiko
 beautifulsoup4==4.9.1     # via cloudflare
 billiard==3.6.3.0         # via celery
 blinker==1.4              # via flask-mail, flask-principal, raven
-boto3==1.15.16            # via -r requirements.in
-botocore==1.18.18         # via -r requirements.in, boto3, s3transfer
+boto3==1.16.5             # via -r requirements.in
+botocore==1.19.5          # via -r requirements.in, boto3, s3transfer
 celery[redis]==4.4.2      # via -r requirements.in
 certifi==2020.6.20        # via -r requirements.in, requests
 certsrv==2.1.1            # via -r requirements.in
@ -24,7 +24,7 @@ cffi==1.14.0              # via bcrypt, cryptography, pynacl
 chardet==3.0.4            # via requests
 click==7.1.1              # via flask
 cloudflare==2.8.13        # via -r requirements.in
-cryptography==3.1.1       # via -r requirements.in, acme, josepy, paramiko, pyopenssl, requests
+cryptography==3.2         # via -r requirements.in, acme, josepy, paramiko, pyopenssl, requests
 dnspython3==1.15.0        # via -r requirements.in
 dnspython==1.15.0         # via dnspython3
 dyn==1.8.1                # via -r requirements.in