From 4afedaf5378bf2746f9807620a7ecd67f5c2b40b Mon Sep 17 00:00:00 2001 From: kevgliss Date: Fri, 4 Nov 2016 09:16:41 -0700 Subject: [PATCH] Fixes (#476) * Ensures that Vault can accept bytes and strings. * Make restricted domains optional. * Fixing notify flag. --- lemur/certificates/service.py | 6 +++--- lemur/certificates/views.py | 2 +- lemur/common/validators.py | 19 ++++++++++--------- lemur/utils.py | 19 ++++++++++++------- 4 files changed, 26 insertions(+), 20 deletions(-) diff --git a/lemur/certificates/service.py b/lemur/certificates/service.py index b7ef156f..9f249e39 100644 --- a/lemur/certificates/service.py +++ b/lemur/certificates/service.py @@ -102,20 +102,20 @@ def export(cert, export_plugin): return plugin.export(cert.body, cert.chain, cert.private_key, export_plugin['pluginOptions']) -def update(cert_id, owner, description, active, destinations, notifications, replaces, roles): +def update(cert_id, owner, description, notify, destinations, notifications, replaces, roles): """ Updates a certificate :param cert_id: :param owner: :param description: - :param active: + :param notify: :param destinations: :param notifications: :param replaces: :return: """ cert = get(cert_id) - cert.active = active + cert.notify = notify cert.description = description cert.destinations = destinations cert.notifications = notifications diff --git a/lemur/certificates/views.py b/lemur/certificates/views.py index 32c70327..9f5f827b 100644 --- a/lemur/certificates/views.py +++ b/lemur/certificates/views.py @@ -593,7 +593,7 @@ class Certificates(AuthenticatedResource): certificate_id, data['owner'], data['description'], - data['active'], + data['notify'], data['destinations'], data['notifications'], data['replacements'], diff --git a/lemur/common/validators.py b/lemur/common/validators.py index f5468e05..439d4865 100644 --- a/lemur/common/validators.py +++ b/lemur/common/validators.py @@ -46,15 +46,16 @@ def sensitive_domain(domain): :param domain: :return: """ - restricted_domains = current_app.config['LEMUR_RESTRICTED_DOMAINS'] - domains = domain_service.get_by_name(domain) - for domain in domains: - # we only care about non-admins - if not SensitiveDomainPermission().can(): - if domain.sensitive or any([re.match(pattern, domain.name) for pattern in restricted_domains]): - raise ValidationError( - 'Domain {0} has been marked as sensitive, contact and administrator \ - to issue the certificate.'.format(domain)) + restricted_domains = current_app.config.get('LEMUR_RESTRICTED_DOMAINS', []) + if restricted_domains: + domains = domain_service.get_by_name(domain) + for domain in domains: + # we only care about non-admins + if not SensitiveDomainPermission().can(): + if domain.sensitive or any([re.match(pattern, domain.name) for pattern in restricted_domains]): + raise ValidationError( + 'Domain {0} has been marked as sensitive, contact and administrator \ + to issue the certificate.'.format(domain)) def encoding(oid_encoding): diff --git a/lemur/utils.py b/lemur/utils.py index 47b25f35..31e810eb 100644 --- a/lemur/utils.py +++ b/lemur/utils.py @@ -7,6 +7,7 @@ """ import os import sys +import six from flask import current_app from cryptography.fernet import Fernet, MultiFernet import sqlalchemy.types as types @@ -96,10 +97,14 @@ class Vault(types.TypeDecorator): if not value: return - # we only support strings and they should be of type bytes for Fernet - if sys.version_info[0] >= 3: - return MultiFernet(self.keys).encrypt(value) - return MultiFernet(self.keys).encrypt(bytes(value)) + if sys.version_info[0] <= 2: + return MultiFernet(self.keys).encrypt(bytes(value)) + + # ensure bytes for fernet + if isinstance(value, six.string_types): + value = value.encode('utf-8') + + return MultiFernet(self.keys).encrypt(value) def process_result_value(self, value, dialect): """ @@ -117,6 +122,6 @@ class Vault(types.TypeDecorator): if not value: return - if sys.version_info[0] >= 3: - return str(MultiFernet(self.keys).decrypt(value), 'utf8') - return MultiFernet(self.keys).decrypt(value) + if sys.version_info[0] <= 2: + return MultiFernet(self.keys).decrypt(value) + return MultiFernet(self.keys).decrypt(value).decode('utf8')