Fixes (#476)
* Ensures that Vault can accept bytes and strings. * Make restricted domains optional. * Fixing notify flag.
This commit is contained in:
parent
2b79474060
commit
4afedaf537
|
@ -102,20 +102,20 @@ def export(cert, export_plugin):
|
|||
return plugin.export(cert.body, cert.chain, cert.private_key, export_plugin['pluginOptions'])
|
||||
|
||||
|
||||
def update(cert_id, owner, description, active, destinations, notifications, replaces, roles):
|
||||
def update(cert_id, owner, description, notify, destinations, notifications, replaces, roles):
|
||||
"""
|
||||
Updates a certificate
|
||||
:param cert_id:
|
||||
:param owner:
|
||||
:param description:
|
||||
:param active:
|
||||
:param notify:
|
||||
:param destinations:
|
||||
:param notifications:
|
||||
:param replaces:
|
||||
:return:
|
||||
"""
|
||||
cert = get(cert_id)
|
||||
cert.active = active
|
||||
cert.notify = notify
|
||||
cert.description = description
|
||||
cert.destinations = destinations
|
||||
cert.notifications = notifications
|
||||
|
|
|
@ -593,7 +593,7 @@ class Certificates(AuthenticatedResource):
|
|||
certificate_id,
|
||||
data['owner'],
|
||||
data['description'],
|
||||
data['active'],
|
||||
data['notify'],
|
||||
data['destinations'],
|
||||
data['notifications'],
|
||||
data['replacements'],
|
||||
|
|
|
@ -46,15 +46,16 @@ def sensitive_domain(domain):
|
|||
:param domain:
|
||||
:return:
|
||||
"""
|
||||
restricted_domains = current_app.config['LEMUR_RESTRICTED_DOMAINS']
|
||||
domains = domain_service.get_by_name(domain)
|
||||
for domain in domains:
|
||||
# we only care about non-admins
|
||||
if not SensitiveDomainPermission().can():
|
||||
if domain.sensitive or any([re.match(pattern, domain.name) for pattern in restricted_domains]):
|
||||
raise ValidationError(
|
||||
'Domain {0} has been marked as sensitive, contact and administrator \
|
||||
to issue the certificate.'.format(domain))
|
||||
restricted_domains = current_app.config.get('LEMUR_RESTRICTED_DOMAINS', [])
|
||||
if restricted_domains:
|
||||
domains = domain_service.get_by_name(domain)
|
||||
for domain in domains:
|
||||
# we only care about non-admins
|
||||
if not SensitiveDomainPermission().can():
|
||||
if domain.sensitive or any([re.match(pattern, domain.name) for pattern in restricted_domains]):
|
||||
raise ValidationError(
|
||||
'Domain {0} has been marked as sensitive, contact and administrator \
|
||||
to issue the certificate.'.format(domain))
|
||||
|
||||
|
||||
def encoding(oid_encoding):
|
||||
|
|
|
@ -7,6 +7,7 @@
|
|||
"""
|
||||
import os
|
||||
import sys
|
||||
import six
|
||||
from flask import current_app
|
||||
from cryptography.fernet import Fernet, MultiFernet
|
||||
import sqlalchemy.types as types
|
||||
|
@ -96,10 +97,14 @@ class Vault(types.TypeDecorator):
|
|||
if not value:
|
||||
return
|
||||
|
||||
# we only support strings and they should be of type bytes for Fernet
|
||||
if sys.version_info[0] >= 3:
|
||||
return MultiFernet(self.keys).encrypt(value)
|
||||
return MultiFernet(self.keys).encrypt(bytes(value))
|
||||
if sys.version_info[0] <= 2:
|
||||
return MultiFernet(self.keys).encrypt(bytes(value))
|
||||
|
||||
# ensure bytes for fernet
|
||||
if isinstance(value, six.string_types):
|
||||
value = value.encode('utf-8')
|
||||
|
||||
return MultiFernet(self.keys).encrypt(value)
|
||||
|
||||
def process_result_value(self, value, dialect):
|
||||
"""
|
||||
|
@ -117,6 +122,6 @@ class Vault(types.TypeDecorator):
|
|||
if not value:
|
||||
return
|
||||
|
||||
if sys.version_info[0] >= 3:
|
||||
return str(MultiFernet(self.keys).decrypt(value), 'utf8')
|
||||
return MultiFernet(self.keys).decrypt(value)
|
||||
if sys.version_info[0] <= 2:
|
||||
return MultiFernet(self.keys).decrypt(value)
|
||||
return MultiFernet(self.keys).decrypt(value).decode('utf8')
|
||||
|
|
Loading…
Reference in New Issue