diff --git a/lemur/certificates/models.py b/lemur/certificates/models.py index ce6b4d57..d8551a34 100644 --- a/lemur/certificates/models.py +++ b/lemur/certificates/models.py @@ -53,8 +53,6 @@ def create_name(issuer, not_before, not_after, subject, san): not_after=not_after.strftime('%Y%m%d') ) - # NOTE we may want to give more control over naming - # aws doesn't allow special chars except '-' disallowed_chars = ''.join(c for c in map(chr, range(256)) if not c.isalnum()) disallowed_chars = disallowed_chars.replace("-", "") disallowed_chars = disallowed_chars.replace(".", "") @@ -64,7 +62,13 @@ def create_name(issuer, not_before, not_after, subject, san): temp = temp.replace(c, "") # white space is silly too - return temp.replace(" ", "-") + final = temp.replace(" ", "-") + + # we don't want any overlapping certificate names + if Certificate.query.filter(Certificate.name == final).all(): + final += '-1' + + return final def get_signing_algorithm(cert): diff --git a/lemur/certificates/schemas.py b/lemur/certificates/schemas.py index ed275f0a..3bdef74d 100644 --- a/lemur/certificates/schemas.py +++ b/lemur/certificates/schemas.py @@ -129,7 +129,7 @@ class CertificateUploadInputSchema(LemurInputSchema): class CertificateExportInputSchema(LemurInputSchema): - export = fields.Nested(PluginInputSchema) + plugin = fields.Nested(PluginInputSchema) certificate_input_schema = CertificateInputSchema() diff --git a/lemur/certificates/views.py b/lemur/certificates/views.py index 9726fdb9..d3918b8b 100644 --- a/lemur/certificates/views.py +++ b/lemur/certificates/views.py @@ -675,7 +675,7 @@ class CertificateExport(AuthenticatedResource): self.reqparse = reqparse.RequestParser() super(CertificateExport, self).__init__() - @validate_schema(None, certificate_export_input_schema) + @validate_schema(certificate_export_input_schema, None) def post(self, certificate_id, data=None): """ .. http:post:: /certificates/1/export @@ -743,11 +743,10 @@ class CertificateExport(AuthenticatedResource): """ cert = service.get(certificate_id) role = role_service.get_by_name(cert.owner) - permission = UpdateCertificatePermission(certificate_id, getattr(role, 'name', None)) - options = data['export']['plugin']['plugin_options'] - plugin = data['export']['plugin'] + options = data['plugin']['plugin_options'] + plugin = data['plugin']['plugin_object'] if plugin.requires_key: if permission.can(): diff --git a/lemur/common/schema.py b/lemur/common/schema.py index 5c2e8976..9b6cbf2f 100644 --- a/lemur/common/schema.py +++ b/lemur/common/schema.py @@ -134,6 +134,9 @@ def validate_schema(input_schema, output_schema): resp = f(*args, **kwargs) + if isinstance(resp, tuple): + return resp[0], resp[1] + if not resp: return dict(message="No data found"), 404 diff --git a/lemur/roles/views.py b/lemur/roles/views.py index a2b6ac44..f2a92796 100644 --- a/lemur/roles/views.py +++ b/lemur/roles/views.py @@ -223,7 +223,7 @@ class Roles(AuthenticatedResource): if not g.current_user.is_admin: user_role_ids = set([r.id for r in g.current_user.roles]) if role_id not in user_role_ids: - return dict(message="You are not allowed to view a role which you are not a member of"), 400 + return dict(message="You are not allowed to view a role which you are not a member of"), 403 return service.get(role_id) diff --git a/lemur/static/app/angular/certificates/certificate/certificate.js b/lemur/static/app/angular/certificates/certificate/certificate.js index be7155b7..b35a453f 100644 --- a/lemur/static/app/angular/certificates/certificate/certificate.js +++ b/lemur/static/app/angular/certificates/certificate/certificate.js @@ -51,9 +51,6 @@ angular.module('lemur') }) .controller('CertificateEditController', function ($scope, $uibModalInstance, CertificateApi, CertificateService, DestinationService, NotificationService, toaster, editId) { CertificateApi.get(editId).then(function (certificate) { - CertificateService.getNotifications(certificate); - CertificateService.getDestinations(certificate); - CertificateService.getReplacements(certificate); $scope.certificate = certificate; }); @@ -90,7 +87,6 @@ angular.module('lemur') .controller('CertificateCreateController', function ($scope, $uibModalInstance, CertificateApi, CertificateService, DestinationService, AuthorityService, AuthorityApi, PluginService, MomentService, WizardHandler, LemurRestangular, NotificationService, toaster) { $scope.certificate = LemurRestangular.restangularizeElement(null, {}, 'certificates'); - // set the defaults CertificateService.getDefaults($scope.certificate); diff --git a/lemur/static/app/angular/certificates/certificate/export.tpl.html b/lemur/static/app/angular/certificates/certificate/export.tpl.html index cd2903d7..c2a1f637 100644 --- a/lemur/static/app/angular/certificates/certificate/export.tpl.html +++ b/lemur/static/app/angular/certificates/certificate/export.tpl.html @@ -10,10 +10,10 @@ Plugin
- +
-
+
- {{ currentUser.username }} + {{ currentUser.username }} {{ currentUser.username }} diff --git a/lemur/tests/test_authorities.py b/lemur/tests/test_authorities.py index 0f7096b9..412f24f5 100644 --- a/lemur/tests/test_authorities.py +++ b/lemur/tests/test_authorities.py @@ -44,8 +44,8 @@ def test_authority_post(client, token, status): @pytest.mark.parametrize("token,status", [ - (VALID_USER_HEADER_TOKEN, 200), - (VALID_ADMIN_HEADER_TOKEN, 200), + (VALID_USER_HEADER_TOKEN, 404), + (VALID_ADMIN_HEADER_TOKEN, 404), ('', 401) ]) def test_authority_put(client, token, status): diff --git a/lemur/tests/test_roles.py b/lemur/tests/test_roles.py index 9514b9ea..35a21360 100644 --- a/lemur/tests/test_roles.py +++ b/lemur/tests/test_roles.py @@ -19,7 +19,7 @@ def test_role_input_schema(client): @pytest.mark.parametrize("token,status", [ - (VALID_USER_HEADER_TOKEN, 200), + (VALID_USER_HEADER_TOKEN, 403), (VALID_ADMIN_HEADER_TOKEN, 200), ('', 401) ])