Fixes (#476)

* Ensures that Vault can accept bytes and strings. * Make restricted domains optional. * Fixing notify flag.
2016-11-04 09:16:41 -07:00 · 2016-11-04 09:16:41 -07:00 · 4afedaf537
parent 2b79474060
commit 4afedaf537
4 changed files with 26 additions and 20 deletions
--- a/lemur/certificates/service.py
+++ b/lemur/certificates/service.py
@ -102,20 +102,20 @@ def export(cert, export_plugin):
    return plugin.export(cert.body, cert.chain, cert.private_key, export_plugin['pluginOptions'])


-def update(cert_id, owner, description, active, destinations, notifications, replaces, roles):
+def update(cert_id, owner, description, notify, destinations, notifications, replaces, roles):
    """
    Updates a certificate
    :param cert_id:
    :param owner:
    :param description:
-    :param active:
+    :param notify:
    :param destinations:
    :param notifications:
    :param replaces:
    :return:
    """
    cert = get(cert_id)
-    cert.active = active
+    cert.notify = notify
    cert.description = description
    cert.destinations = destinations
    cert.notifications = notifications
--- a/lemur/certificates/views.py
+++ b/lemur/certificates/views.py
@ -593,7 +593,7 @@ class Certificates(AuthenticatedResource):
                certificate_id,
                data['owner'],
                data['description'],
-                data['active'],
+                data['notify'],
                data['destinations'],
                data['notifications'],
                data['replacements'],
--- a/lemur/common/validators.py
+++ b/lemur/common/validators.py
@ -46,7 +46,8 @@ def sensitive_domain(domain):
    :param domain:
    :return:
    """
-    restricted_domains = current_app.config['LEMUR_RESTRICTED_DOMAINS']
+    restricted_domains = current_app.config.get('LEMUR_RESTRICTED_DOMAINS', [])
+    if restricted_domains:
        domains = domain_service.get_by_name(domain)
        for domain in domains:
            # we only care about non-admins
--- a/lemur/utils.py
+++ b/lemur/utils.py
@ -7,6 +7,7 @@
 """
 import os
 import sys
+import six
 from flask import current_app
 from cryptography.fernet import Fernet, MultiFernet
 import sqlalchemy.types as types
@ -96,11 +97,15 @@ class Vault(types.TypeDecorator):
        if not value:
            return

-        # we only support strings and they should be of type bytes for Fernet
-        if sys.version_info[0] >= 3:
-            return MultiFernet(self.keys).encrypt(value)
+        if sys.version_info[0] <= 2:
            return MultiFernet(self.keys).encrypt(bytes(value))

+        # ensure bytes for fernet
+        if isinstance(value, six.string_types):
+            value = value.encode('utf-8')
+
+        return MultiFernet(self.keys).encrypt(value)
+
    def process_result_value(self, value, dialect):
        """
        Decrypt values on the way out of the database.
@ -117,6 +122,6 @@ class Vault(types.TypeDecorator):
        if not value:
            return

-        if sys.version_info[0] >= 3:
-            return str(MultiFernet(self.keys).decrypt(value), 'utf8')
+        if sys.version_info[0] <= 2:
            return MultiFernet(self.keys).decrypt(value)
+        return MultiFernet(self.keys).decrypt(value).decode('utf8')