stages/prompt: ensure hidden and static fields keep the value they had set
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer
parent
6f5ec7838f
commit
fea1f3be6f
|
|
@ -90,6 +90,14 @@ class PromptChallengeResponse(ChallengeResponse):
|
||||||
raise ValidationError(_("Passwords don't match."))
|
raise ValidationError(_("Passwords don't match."))
|
||||||
|
|
||||||
def validate(self, attrs: dict[str, Any]) -> dict[str, Any]:
|
def validate(self, attrs: dict[str, Any]) -> dict[str, Any]:
|
||||||
|
# Check if we have any static or hidden fields, and ensure they
|
||||||
|
# still have the same value
|
||||||
|
static_hidden_fields: QuerySet[Prompt] = self.stage.fields.filter(
|
||||||
|
type__in=[FieldTypes.HIDDEN, FieldTypes.STATIC]
|
||||||
|
)
|
||||||
|
for static_hidden in static_hidden_fields:
|
||||||
|
attrs[static_hidden.field_key] = static_hidden.placeholder
|
||||||
|
|
||||||
# Check if we have two password fields, and make sure they are the same
|
# Check if we have two password fields, and make sure they are the same
|
||||||
password_fields: QuerySet[Prompt] = self.stage.fields.filter(
|
password_fields: QuerySet[Prompt] = self.stage.fields.filter(
|
||||||
type=FieldTypes.PASSWORD
|
type=FieldTypes.PASSWORD
|
||||||
|
|
|
||||||
|
|
@ -78,6 +78,12 @@ class TestPromptStage(TestCase):
|
||||||
required=True,
|
required=True,
|
||||||
placeholder="HIDDEN_PLACEHOLDER",
|
placeholder="HIDDEN_PLACEHOLDER",
|
||||||
)
|
)
|
||||||
|
static_prompt = Prompt.objects.create(
|
||||||
|
field_key="static_prompt",
|
||||||
|
type=FieldTypes.STATIC,
|
||||||
|
required=True,
|
||||||
|
placeholder="static",
|
||||||
|
)
|
||||||
self.stage = PromptStage.objects.create(name="prompt-stage")
|
self.stage = PromptStage.objects.create(name="prompt-stage")
|
||||||
self.stage.fields.set(
|
self.stage.fields.set(
|
||||||
[
|
[
|
||||||
|
|
@ -88,6 +94,7 @@ class TestPromptStage(TestCase):
|
||||||
password2_prompt,
|
password2_prompt,
|
||||||
number_prompt,
|
number_prompt,
|
||||||
hidden_prompt,
|
hidden_prompt,
|
||||||
|
static_prompt,
|
||||||
]
|
]
|
||||||
)
|
)
|
||||||
self.stage.save()
|
self.stage.save()
|
||||||
|
|
@ -100,6 +107,7 @@ class TestPromptStage(TestCase):
|
||||||
password2_prompt.field_key: "test",
|
password2_prompt.field_key: "test",
|
||||||
number_prompt.field_key: 3,
|
number_prompt.field_key: 3,
|
||||||
hidden_prompt.field_key: hidden_prompt.placeholder,
|
hidden_prompt.field_key: hidden_prompt.placeholder,
|
||||||
|
static_prompt.field_key: static_prompt.placeholder,
|
||||||
}
|
}
|
||||||
|
|
||||||
self.binding = FlowStageBinding.objects.create(
|
self.binding = FlowStageBinding.objects.create(
|
||||||
|
|
@ -232,3 +240,17 @@ class TestPromptStage(TestCase):
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
)
|
)
|
||||||
|
|
||||||
|
def test_static_hidden_overwrite(self):
|
||||||
|
"""Test that static and hidden fields ignore any value sent to them"""
|
||||||
|
plan = FlowPlan(
|
||||||
|
flow_pk=self.flow.pk.hex, bindings=[self.binding], markers=[StageMarker()]
|
||||||
|
)
|
||||||
|
self.prompt_data["hidden_prompt"] = "foo"
|
||||||
|
self.prompt_data["static_prompt"] = "foo"
|
||||||
|
challenge_response = PromptChallengeResponse(
|
||||||
|
None, stage=self.stage, plan=plan, data=self.prompt_data
|
||||||
|
)
|
||||||
|
self.assertEqual(challenge_response.is_valid(), True)
|
||||||
|
self.assertNotEqual(challenge_response.validated_data["hidden_prompt"], "foo")
|
||||||
|
self.assertNotEqual(challenge_response.validated_data["static_prompt"], "foo")
|
||||||
|
|
|
||||||
Reference in New Issue