Project

General

Profile

Bug #6924

UI should throw proper validation error while updating some params with any random value(like utf-8 or -ve values)

Added by Dominic Cleal about 5 years ago. Updated about 1 year ago.

Status:
Closed
Priority:
Normal
Category:
Settings
Target version:
Difficulty:
Triaged:
Bugzilla link:
Fixed in Releases:
Found in Releases:

Description

Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1126731
Description of problem:
I'm bit confused with the validation around the parameter those should contain a valid URL as a value or an IP address as a value.

For example:

if I update "unattended_url" parameter under provisioning tab with utf8 characters then UI throws error "Value must be a valid URI"

Similarly, If I update following params, with any value, UI doesn't raise any error:

- login_delegation_logout_url : accepts all values (-ve value, null values, utf-8, latin-1, html etc)

- signo_url: accepts all values (-ve value, null values, utf-8, latin-1, html etc)

- trusted_puppetmaster_hosts : Since its accepts value in an array, so I can add any value (-ve, null, html) between [].

Also, the parameters whose value can be a IP address should also be validated before accepting the value.

libvirt_default_console_address: accepts all values (-ve value, null values, utf-8, latin-1, html etc)

remote_addr: accepts all values (-ve value, null values, utf-8, latin-1, html etc)

Version-Release number of selected component (if applicable):
sat6 GA snap3

How reproducible:
always

Steps to Reproduce:
1. update all above mentioned parameters under settings menu with some unknown random value.
2.
3.

Actual results:
No validation around above parameters. User can edit all these parameters with any value. A parameter whose value should be only a URL can accept anything. or a param whose value should be an IP address can accept utf8 characters.

Expected results:
Proper validation needs to be placed for parameters. As soon as user input any value, it should be validated by UI and user should get an error message if its a invalid value.

Additional info:


Related issues

Related to Foreman - Bug #14198: remote_addr validation is too strict for a regular expressionClosed2016-03-15
Related to Foreman - Bug #14225: super: no superclass method `load_defaults' for #<Class:..> on startupClosed2016-03-16
Related to Foreman - Feature #15370: Additional validations for email and trusted hosts settingsClosed2016-06-10

Associated revisions

Revision 7339369d (diff)
Added by Ondřej Pražák over 3 years ago

Fixes #6924 - Additional validations for Setting

History

#1 Updated by Dominic Cleal about 5 years ago

  • Category set to Settings

1. the two URL settings should be part of the URI_ATTRS list so they get URL validation
2. trusted_puppetmaster_hosts I'm not much worried about, we only check if rDNS is in the list. Maybe it could be validated as an array of strings.
3. libvirt_default_console_address probably should permit hostnames as well as IPs, so I think it's OK.
4. remote_addr is a regexp, so is probably OK too.

#2 Updated by The Foreman Bot over 3 years ago

  • Status changed from New to Ready For Testing
  • Assignee set to Ondřej Pražák
  • Pull request https://github.com/theforeman/foreman/pull/3297 added

#3 Updated by Ondřej Pražák over 3 years ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100

#4 Updated by Dominic Cleal over 3 years ago

  • Related to Bug #14198: remote_addr validation is too strict for a regular expression added

#5 Updated by Dominic Cleal over 3 years ago

  • Legacy Backlogs Release (now unused) set to 136

#6 Updated by Dominic Cleal over 3 years ago

  • Related to Bug #14225: super: no superclass method `load_defaults' for #<Class:..> on startup added

#7 Updated by Ondřej Pražák over 3 years ago

  • Related to Feature #15370: Additional validations for email and trusted hosts settings added

Also available in: Atom PDF