cleaning up outdated phrases

This commit is contained in:
Hossein Shafagh 2020-10-09 18:04:16 -07:00
parent 1d18f061f2
commit 770339f94c
6 changed files with 16 additions and 16 deletions

View File

@ -24,7 +24,7 @@ LEMUR_TOKEN_SECRET = repr(os.environ.get('LEMUR_TOKEN_SECRET',
LEMUR_ENCRYPTION_KEYS = repr(os.environ.get('LEMUR_ENCRYPTION_KEYS', LEMUR_ENCRYPTION_KEYS = repr(os.environ.get('LEMUR_ENCRYPTION_KEYS',
base64.b64encode(get_random_secret(32).encode('utf8')))) base64.b64encode(get_random_secret(32).encode('utf8'))))
LEMUR_WHITELISTED_DOMAINS = [] LEMUR_ALLOWED_DOMAINS = []
LEMUR_EMAIL = '' LEMUR_EMAIL = ''
LEMUR_SECURITY_TEAM_EMAIL = [] LEMUR_SECURITY_TEAM_EMAIL = []

View File

@ -100,7 +100,7 @@ Specifying the `SQLALCHEMY_MAX_OVERFLOW` to 0 will enforce limit to not create c
Specifies whether to allow certificates created by Lemur to expire on weekends. Default is True. Specifies whether to allow certificates created by Lemur to expire on weekends. Default is True.
.. data:: LEMUR_WHITELISTED_DOMAINS .. data:: LEMUR_ALLOWED_DOMAINS
:noindex: :noindex:
List of regular expressions for domain restrictions; if the list is not empty, normal users can only issue List of regular expressions for domain restrictions; if the list is not empty, normal users can only issue

View File

@ -22,7 +22,7 @@ def common_name(value):
def sensitive_domain(domain): def sensitive_domain(domain):
""" """
Checks if user has the admin role, the domain does not match sensitive domains and whitelisted domain patterns. Checks if user has the admin role, the domain does not match sensitive domains and allowed domain patterns.
:param domain: domain name (str) :param domain: domain name (str)
:return: :return:
""" """
@ -30,10 +30,10 @@ def sensitive_domain(domain):
# User has permission, no need to check anything # User has permission, no need to check anything
return return
whitelist = current_app.config.get("LEMUR_WHITELISTED_DOMAINS", []) allowlist = current_app.config.get("LEMUR_ALLOWED_DOMAINS", [])
if whitelist and not any(re.match(pattern, domain) for pattern in whitelist): if allowlist and not any(re.match(pattern, domain) for pattern in allowlist):
raise ValidationError( raise ValidationError(
"Domain {0} does not match whitelisted domain patterns. " "Domain {0} does not match allowed domain patterns. "
"Contact an administrator to issue the certificate.".format(domain) "Contact an administrator to issue the certificate.".format(domain)
) )

View File

@ -95,7 +95,7 @@ LEMUR_TOKEN_SECRET = '{secret_token}'
LEMUR_ENCRYPTION_KEYS = '{encryption_key}' LEMUR_ENCRYPTION_KEYS = '{encryption_key}'
# List of domain regular expressions that non-admin users can issue # List of domain regular expressions that non-admin users can issue
LEMUR_WHITELISTED_DOMAINS = [] LEMUR_ALLOWED_DOMAINS = []
# Mail Server # Mail Server

View File

@ -36,7 +36,7 @@ LEMUR_ENCRYPTION_KEYS = base64.urlsafe_b64encode(get_random_secret(length=32).en
# List of domain regular expressions that non-admin users can issue # List of domain regular expressions that non-admin users can issue
LEMUR_WHITELISTED_DOMAINS = [ LEMUR_ALLOWED_DOMAINS = [
r"^[a-zA-Z0-9-]+\.example\.com$", r"^[a-zA-Z0-9-]+\.example\.com$",
r"^[a-zA-Z0-9-]+\.example\.org$", r"^[a-zA-Z0-9-]+\.example\.org$",
r"^example\d+\.long\.com$", r"^example\d+\.long\.com$",

View File

@ -397,7 +397,7 @@ def test_certificate_cn_admin(client, authority, logged_in_admin):
from lemur.certificates.schemas import CertificateInputSchema from lemur.certificates.schemas import CertificateInputSchema
input_data = { input_data = {
"commonName": "*.admin-overrides-whitelist.com", "commonName": "*.admin-overrides-allowlist.com",
"owner": "jim@example.com", "owner": "jim@example.com",
"authority": {"id": authority.id}, "authority": {"id": authority.id},
"description": "testtestest", "description": "testtestest",
@ -458,7 +458,7 @@ def test_certificate_incative_authority(client, authority, session, logged_in_us
def test_certificate_disallowed_names(client, authority, session, logged_in_user): def test_certificate_disallowed_names(client, authority, session, logged_in_user):
"""The CN and SAN are disallowed by LEMUR_WHITELISTED_DOMAINS.""" """The CN and SAN are disallowed by LEMUR_ALLOWED_DOMAINS."""
from lemur.certificates.schemas import CertificateInputSchema from lemur.certificates.schemas import CertificateInputSchema
input_data = { input_data = {
@ -481,10 +481,10 @@ def test_certificate_disallowed_names(client, authority, session, logged_in_user
data, errors = CertificateInputSchema().load(input_data) data, errors = CertificateInputSchema().load(input_data)
assert errors["common_name"][0].startswith( assert errors["common_name"][0].startswith(
"Domain *.example.com does not match whitelisted domain patterns" "Domain *.example.com does not match allowed domain patterns"
) )
assert errors["extensions"]["sub_alt_names"]["names"][0].startswith( assert errors["extensions"]["sub_alt_names"]["names"][0].startswith(
"Domain evilhacker.org does not match whitelisted domain patterns" "Domain evilhacker.org does not match allowed domain patterns"
) )
@ -671,7 +671,7 @@ def test_csr_empty_san(client):
def test_csr_disallowed_cn(client, logged_in_user): def test_csr_disallowed_cn(client, logged_in_user):
"""Domain name CN is disallowed via LEMUR_WHITELISTED_DOMAINS.""" """Domain name CN is disallowed via LEMUR_ALLOWED_DOMAINS."""
from lemur.common import validators from lemur.common import validators
request, pkey = create_csr( request, pkey = create_csr(
@ -680,12 +680,12 @@ def test_csr_disallowed_cn(client, logged_in_user):
with pytest.raises(ValidationError) as err: with pytest.raises(ValidationError) as err:
validators.csr(request) validators.csr(request)
assert str(err.value).startswith( assert str(err.value).startswith(
"Domain evilhacker.org does not match whitelisted domain patterns" "Domain evilhacker.org does not match allowed domain patterns"
) )
def test_csr_disallowed_san(client, logged_in_user): def test_csr_disallowed_san(client, logged_in_user):
"""SAN name is disallowed by LEMUR_WHITELISTED_DOMAINS.""" """SAN name is disallowed by LEMUR_ALLOWED_DOMAINS."""
from lemur.common import validators from lemur.common import validators
request, pkey = create_csr( request, pkey = create_csr(
@ -701,7 +701,7 @@ def test_csr_disallowed_san(client, logged_in_user):
with pytest.raises(ValidationError) as err: with pytest.raises(ValidationError) as err:
validators.csr(request) validators.csr(request)
assert str(err.value).startswith( assert str(err.value).startswith(
"Domain evilhacker.org does not match whitelisted domain patterns" "Domain evilhacker.org does not match allowed domain patterns"
) )