cleaning up outdated phrases
This commit is contained in:
parent
1d18f061f2
commit
770339f94c
@ -24,7 +24,7 @@ LEMUR_TOKEN_SECRET = repr(os.environ.get('LEMUR_TOKEN_SECRET',
|
||||
LEMUR_ENCRYPTION_KEYS = repr(os.environ.get('LEMUR_ENCRYPTION_KEYS',
|
||||
base64.b64encode(get_random_secret(32).encode('utf8'))))
|
||||
|
||||
LEMUR_WHITELISTED_DOMAINS = []
|
||||
LEMUR_ALLOWED_DOMAINS = []
|
||||
|
||||
LEMUR_EMAIL = ''
|
||||
LEMUR_SECURITY_TEAM_EMAIL = []
|
||||
|
@ -100,7 +100,7 @@ Specifying the `SQLALCHEMY_MAX_OVERFLOW` to 0 will enforce limit to not create c
|
||||
|
||||
Specifies whether to allow certificates created by Lemur to expire on weekends. Default is True.
|
||||
|
||||
.. data:: LEMUR_WHITELISTED_DOMAINS
|
||||
.. data:: LEMUR_ALLOWED_DOMAINS
|
||||
:noindex:
|
||||
|
||||
List of regular expressions for domain restrictions; if the list is not empty, normal users can only issue
|
||||
|
@ -22,7 +22,7 @@ def common_name(value):
|
||||
|
||||
def sensitive_domain(domain):
|
||||
"""
|
||||
Checks if user has the admin role, the domain does not match sensitive domains and whitelisted domain patterns.
|
||||
Checks if user has the admin role, the domain does not match sensitive domains and allowed domain patterns.
|
||||
:param domain: domain name (str)
|
||||
:return:
|
||||
"""
|
||||
@ -30,10 +30,10 @@ def sensitive_domain(domain):
|
||||
# User has permission, no need to check anything
|
||||
return
|
||||
|
||||
whitelist = current_app.config.get("LEMUR_WHITELISTED_DOMAINS", [])
|
||||
if whitelist and not any(re.match(pattern, domain) for pattern in whitelist):
|
||||
allowlist = current_app.config.get("LEMUR_ALLOWED_DOMAINS", [])
|
||||
if allowlist and not any(re.match(pattern, domain) for pattern in allowlist):
|
||||
raise ValidationError(
|
||||
"Domain {0} does not match whitelisted domain patterns. "
|
||||
"Domain {0} does not match allowed domain patterns. "
|
||||
"Contact an administrator to issue the certificate.".format(domain)
|
||||
)
|
||||
|
||||
|
@ -95,7 +95,7 @@ LEMUR_TOKEN_SECRET = '{secret_token}'
|
||||
LEMUR_ENCRYPTION_KEYS = '{encryption_key}'
|
||||
|
||||
# List of domain regular expressions that non-admin users can issue
|
||||
LEMUR_WHITELISTED_DOMAINS = []
|
||||
LEMUR_ALLOWED_DOMAINS = []
|
||||
|
||||
# Mail Server
|
||||
|
||||
|
@ -36,7 +36,7 @@ LEMUR_ENCRYPTION_KEYS = base64.urlsafe_b64encode(get_random_secret(length=32).en
|
||||
|
||||
|
||||
# List of domain regular expressions that non-admin users can issue
|
||||
LEMUR_WHITELISTED_DOMAINS = [
|
||||
LEMUR_ALLOWED_DOMAINS = [
|
||||
r"^[a-zA-Z0-9-]+\.example\.com$",
|
||||
r"^[a-zA-Z0-9-]+\.example\.org$",
|
||||
r"^example\d+\.long\.com$",
|
||||
|
@ -397,7 +397,7 @@ def test_certificate_cn_admin(client, authority, logged_in_admin):
|
||||
from lemur.certificates.schemas import CertificateInputSchema
|
||||
|
||||
input_data = {
|
||||
"commonName": "*.admin-overrides-whitelist.com",
|
||||
"commonName": "*.admin-overrides-allowlist.com",
|
||||
"owner": "jim@example.com",
|
||||
"authority": {"id": authority.id},
|
||||
"description": "testtestest",
|
||||
@ -458,7 +458,7 @@ def test_certificate_incative_authority(client, authority, session, logged_in_us
|
||||
|
||||
|
||||
def test_certificate_disallowed_names(client, authority, session, logged_in_user):
|
||||
"""The CN and SAN are disallowed by LEMUR_WHITELISTED_DOMAINS."""
|
||||
"""The CN and SAN are disallowed by LEMUR_ALLOWED_DOMAINS."""
|
||||
from lemur.certificates.schemas import CertificateInputSchema
|
||||
|
||||
input_data = {
|
||||
@ -481,10 +481,10 @@ def test_certificate_disallowed_names(client, authority, session, logged_in_user
|
||||
|
||||
data, errors = CertificateInputSchema().load(input_data)
|
||||
assert errors["common_name"][0].startswith(
|
||||
"Domain *.example.com does not match whitelisted domain patterns"
|
||||
"Domain *.example.com does not match allowed domain patterns"
|
||||
)
|
||||
assert errors["extensions"]["sub_alt_names"]["names"][0].startswith(
|
||||
"Domain evilhacker.org does not match whitelisted domain patterns"
|
||||
"Domain evilhacker.org does not match allowed domain patterns"
|
||||
)
|
||||
|
||||
|
||||
@ -671,7 +671,7 @@ def test_csr_empty_san(client):
|
||||
|
||||
|
||||
def test_csr_disallowed_cn(client, logged_in_user):
|
||||
"""Domain name CN is disallowed via LEMUR_WHITELISTED_DOMAINS."""
|
||||
"""Domain name CN is disallowed via LEMUR_ALLOWED_DOMAINS."""
|
||||
from lemur.common import validators
|
||||
|
||||
request, pkey = create_csr(
|
||||
@ -680,12 +680,12 @@ def test_csr_disallowed_cn(client, logged_in_user):
|
||||
with pytest.raises(ValidationError) as err:
|
||||
validators.csr(request)
|
||||
assert str(err.value).startswith(
|
||||
"Domain evilhacker.org does not match whitelisted domain patterns"
|
||||
"Domain evilhacker.org does not match allowed domain patterns"
|
||||
)
|
||||
|
||||
|
||||
def test_csr_disallowed_san(client, logged_in_user):
|
||||
"""SAN name is disallowed by LEMUR_WHITELISTED_DOMAINS."""
|
||||
"""SAN name is disallowed by LEMUR_ALLOWED_DOMAINS."""
|
||||
from lemur.common import validators
|
||||
|
||||
request, pkey = create_csr(
|
||||
@ -701,7 +701,7 @@ def test_csr_disallowed_san(client, logged_in_user):
|
||||
with pytest.raises(ValidationError) as err:
|
||||
validators.csr(request)
|
||||
assert str(err.value).startswith(
|
||||
"Domain evilhacker.org does not match whitelisted domain patterns"
|
||||
"Domain evilhacker.org does not match allowed domain patterns"
|
||||
)
|
||||
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user