From eb9a453d77cc50b706c1e3012cdde25e3c19ad2c Mon Sep 17 00:00:00 2001 From: Artem Martynovich Date: Wed, 22 May 2019 22:09:10 +0600 Subject: [PATCH 1/5] Display alert if claimed device doesn't exist. #183 --- backend/device_registry/views.py | 24 +++++++++++++----------- 1 file changed, 13 insertions(+), 11 deletions(-) diff --git a/backend/device_registry/views.py b/backend/device_registry/views.py index 4b3f84e27..815effc80 100644 --- a/backend/device_registry/views.py +++ b/backend/device_registry/views.py @@ -44,18 +44,20 @@ def claim_device_view(request): form = ClaimDeviceForm(request.POST) if form.is_valid(): - get_device = get_object_or_404( - Device, - device_id=form.cleaned_data['device_id'] - ) - if get_device.claimed: - text, style = 'Device has already been claimed.', 'warning' - elif not get_device.claim_token == form.cleaned_data['claim_token']: + try: + get_device = Device.objects.get( + device_id=form.cleaned_data['device_id'] + ) + if get_device.claimed: + text, style = 'Device has already been claimed.', 'warning' + elif not get_device.claim_token == form.cleaned_data['claim_token']: + text, style = 'Invalid claim/device id pair.', 'warning' + else: + get_device.owner = request.user + get_device.save() + text, style = 'Successfully claimed {}.'.format(form.cleaned_data['device_id']), 'success' + except Device.DoesNotExist: text, style = 'Invalid claim/device id pair.', 'warning' - else: - get_device.owner = request.user - get_device.save() - text, style = 'Successfully claimed {}.'.format(form.cleaned_data['device_id']), 'success' # GET with claim_token and device_id set will fill the form. # Empty GET or any other request will generate empty form. From a7358adc99865fa3f42ad6ac71563495f2f27060 Mon Sep 17 00:00:00 2001 From: Artem Martynovich Date: Wed, 22 May 2019 22:41:11 +0600 Subject: [PATCH 2/5] Also handle invalid GET claims. #183 --- backend/backend/settings/dev.py | 4 ++++ backend/device_registry/views.py | 9 ++++++++- docker-compose.yml | 5 +++++ 3 files changed, 17 insertions(+), 1 deletion(-) diff --git a/backend/backend/settings/dev.py b/backend/backend/settings/dev.py index 2529a0ef6..56e3753f2 100644 --- a/backend/backend/settings/dev.py +++ b/backend/backend/settings/dev.py @@ -2,6 +2,10 @@ DEBUG = True +ALLOWED_HOSTS += [ + '10.147.17.225', 'localhost' +] + DATABASES = { 'default': { 'ENGINE': 'django.db.backends.postgresql', diff --git a/backend/device_registry/views.py b/backend/device_registry/views.py index 815effc80..4a07deaf4 100644 --- a/backend/device_registry/views.py +++ b/backend/device_registry/views.py @@ -64,7 +64,14 @@ def claim_device_view(request): if request.method == 'GET' and \ 'claim_token' in request.GET and \ 'device_id' in request.GET: - form = ClaimDeviceForm(request.GET) + try: + Device.objects.get( + device_id=request.GET['device_id'] + ) + form = ClaimDeviceForm(request.GET) + except Device.DoesNotExist: + text, style = 'Invalid claim/device id pair.', 'warning' + form = ClaimDeviceForm() else: form = ClaimDeviceForm() diff --git a/docker-compose.yml b/docker-compose.yml index dfa6a52af..eabbd141b 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -82,3 +82,8 @@ services: volumes: db-data: + +networks: + default: + external: + name: wott \ No newline at end of file From 4e68a695fbe7e024287b108264c28ae77b44cb2c Mon Sep 17 00:00:00 2001 From: Artem Martynovich Date: Wed, 22 May 2019 23:20:52 +0600 Subject: [PATCH 3/5] Tests for invalid post/get of claim-device. #183 --- backend/device_registry/tests.py | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/backend/device_registry/tests.py b/backend/device_registry/tests.py index 3b6dcf5fc..8b17fc1b8 100644 --- a/backend/device_registry/tests.py +++ b/backend/device_registry/tests.py @@ -419,12 +419,16 @@ def test_average_trust_score(self): class ClaimLinkTest(TestCase): def setUp(self): User = get_user_model() + self.url = reverse('claim-device') + self.api = RequestFactory() self.device0 = Device.objects.create( device_id='device0.d.wott-dev.local', claim_token='token' ) self.user0 = User.objects.create_user('test') + self.user0.set_password('123') + self.user0.save() def test_claim_get_view(self): request = self.api.get( @@ -443,6 +447,22 @@ def test_claim_get_404(self): response = claim_by_link(request) self.assertEqual(response.status_code, 404) + def test_claim_post_invalid(self): + self.client.login(username='test', password='123') + form_data = { + 'device_id': self.device0.device_id, + 'claim_token': 'invalid' + } + response = self.client.post(self.url, form_data) + self.assertEqual(response.status_code, 200) + self.assertContains(response, 'Invalid claim/device id pair.') + + def test_claim_get_invalid(self): + self.client.login(username='test', password='123') + response = self.client.get(f"{reverse('claim-device')}?device_id=invalid&claim_token=invalid") + self.assertEqual(response.status_code, 200) + self.assertContains(response, 'Invalid claim/device id pair.') + class CertTest(TestCase): def setUp(self): From 63d0cc8e16af4724037a0f4cf0b976e2e7c8a15a Mon Sep 17 00:00:00 2001 From: Artem Martynovich Date: Wed, 22 May 2019 23:23:21 +0600 Subject: [PATCH 4/5] Revert dev changes. --- backend/backend/settings/dev.py | 4 ---- docker-compose.yml | 5 ----- 2 files changed, 9 deletions(-) diff --git a/backend/backend/settings/dev.py b/backend/backend/settings/dev.py index 56e3753f2..2529a0ef6 100644 --- a/backend/backend/settings/dev.py +++ b/backend/backend/settings/dev.py @@ -2,10 +2,6 @@ DEBUG = True -ALLOWED_HOSTS += [ - '10.147.17.225', 'localhost' -] - DATABASES = { 'default': { 'ENGINE': 'django.db.backends.postgresql', diff --git a/docker-compose.yml b/docker-compose.yml index eabbd141b..dfa6a52af 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -82,8 +82,3 @@ services: volumes: db-data: - -networks: - default: - external: - name: wott \ No newline at end of file From 7abde50d237ea087d56f515f3b87d8e359233628 Mon Sep 17 00:00:00 2001 From: Artem Martynovich Date: Thu, 23 May 2019 00:23:54 +0600 Subject: [PATCH 5/5] Link to to Security section of device info after successfully claiming a device. #184 --- backend/device_registry/templates/claim_device.html | 7 ++++++- backend/device_registry/views.py | 4 +++- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/backend/device_registry/templates/claim_device.html b/backend/device_registry/templates/claim_device.html index 99f6ff37c..47d46ae06 100644 --- a/backend/device_registry/templates/claim_device.html +++ b/backend/device_registry/templates/claim_device.html @@ -10,7 +10,12 @@

Claim Device

{% if alert_style %} {% endif %} diff --git a/backend/device_registry/views.py b/backend/device_registry/views.py index 4a07deaf4..6bc82eead 100644 --- a/backend/device_registry/views.py +++ b/backend/device_registry/views.py @@ -55,7 +55,9 @@ def claim_device_view(request): else: get_device.owner = request.user get_device.save() - text, style = 'Successfully claimed {}.'.format(form.cleaned_data['device_id']), 'success' + text, style = f'Successfully claimed  ' \ + f'{format(form.cleaned_data["device_id"])}.', \ + 'success' except Device.DoesNotExist: text, style = 'Invalid claim/device id pair.', 'warning'