caddy-frontend: Urlencode default-path

db8bf5ac · Łukasz Nowak · Łukasz Nowak · 4f32fe08 · db8bf5ac · db8bf5ac
Commit db8bf5ac authored Aug 09, 2018 by Łukasz Nowak Committed by Łukasz Nowak Sep 06, 2018
5 changed files
--- a/software/caddy-frontend/buildout.hash.cfg
+++ b/software/caddy-frontend/buildout.hash.cfg
@@ -58,7 +58,7 @@ md5sum = f20d6c3d2d94fb685f8d26dfca1e822b

 [template-default-slave-virtualhost]
 filename = templates/default-virtualhost.conf.in
-md5sum = 6635cfaf5eeb46ec6b97bd7a12ffc4e3
+md5sum = 7bccd8b63121821131e7a5117e7bb73b

 [template-cached-slave-virtualhost]
 filename = templates/cached-virtualhost.conf.in

--- a/software/caddy-frontend/templates/default-virtualhost.conf.in
+++ b/software/caddy-frontend/templates/default-virtualhost.conf.in
@@ -20,6 +20,7 @@
 {%-   do http_host_list.append('http://%s:%s' % (host, slave_parameter['http_port'] )) %}
 {%-   do https_host_list.append('https://%s:%s' % (host, slave_parameter['https_port'] )) %}
 {%- endfor %} {#- for host in host_list #}
+{%- set default_path = slave_parameter.get('default-path', '') | urlencode %}

 # SSL enabled hosts
 {{ https_host_list|join(', ') }} {
@@ -86,12 +87,12 @@
 {%-   endif %} {#-   if ssl_proxy_verify #}
  } {# proxy #}
 {%-   endfor %} {#-   for (proxy_name, proxy_comment) in proxy_append_list #}
-  {%- if 'default-path' in slave_parameter %}
+  {%- if default_path %}
  redir 301 {
    if {path} is /
-    / {scheme}://{host}/{{ slave_parameter.get('default-path') }}
+    / {scheme}://{host}/{{ default_path }}
  } {# redir #}
-  {%- endif %} {#- if 'default-path' in slave_parameter #}
+  {%- endif %} {#- if default_path #}
  rewrite {
    regexp (.*)
    to /VirtualHostBase/{scheme}%2F%2F{hostonly}:{{ slave_parameter.get('virtualhostroot-https-port', '443') | int }}%2F{{ slave_parameter.get('path', '') }}%2FVirtualHostRoot/{1}
@@ -103,12 +104,12 @@
  } {# redir #}
 {%- else %} {#- if slave_type ==  'zope' and backend_url #}
  # Default configuration
-{%-   if 'default-path' in slave_parameter %}
+{%-   if default_path %}
  redir 301 {
    if {path} is /
-    / {scheme}://{host}/{{ slave_parameter.get('default-path') }}
+    / {scheme}://{host}/{{ default_path }}
  }  {# redir #}
-{%-   endif %} {#-   if 'default-path' in slave_parameter #}
+{%-   endif %} {#-   if default_path #}
 {%-   if backend_url %}

 {%-   for (proxy_name, proxy_comment) in proxy_append_list %}
@@ -208,24 +209,24 @@
 {%-   endif %} {#-   if ssl_proxy_verify #}
  } {# proxy #}
 {%- endfor %} {#-   for (proxy_name, proxy_comment) in proxy_append_list #}
-{%-   if 'default-path' in slave_parameter %}
+{%-   if default_path %}
  redir 301 {
    if {path} is /
-    / {scheme}://{host}/{{ slave_parameter.get('default-path') }}
+    / {scheme}://{host}/{{ default_path }}
  } {# redir #}
-{%-   endif %} {#-   if 'default-path' in slave_parameter #}
+{%-   endif %} {#-   if default_path #}
  rewrite {
    regexp (.*)
    to /VirtualHostBase/{scheme}%2F%2F{hostonly}:{{ slave_parameter.get('virtualhostroot-http-port', '80') | int }}%2F{{ slave_parameter.get('path', '') }}%2FVirtualHostRoot/{1}
  } {# rewrite #}
 {%- else %} {#- if https_only #}
  # Default configuration
-{%-   if 'default-path' in slave_parameter %}
+{%-   if default_path %}
  redir 301 {
    if {path} is /
-    / {scheme}://{host}/{{ slave_parameter.get('default-path') }}
+    / {scheme}://{host}/{{ default_path }}
  } {# redir #}
-{%-   endif %} {#-   if 'default-path' in slave_parameter #}
+{%-   endif %} {#-   if default_path #}
 {%-   if slave_parameter.get('url', '') %}
 {%-   for (proxy_name, proxy_comment) in proxy_append_list %}
  # {{ proxy_comment }}

--- a/software/caddy-frontend/test/test.py
+++ b/software/caddy-frontend/test/test.py
@@ -3052,6 +3052,11 @@ class TestSlaveBadParameters(SlaveHttpFrontendTestCase, TestDataMixin):
        'url': cls.backend_url,
        'virtualhostroot-https-port': '${section:option}',
      },
+      'default-path-unsafe': {
+        'type': 'zope',
+        'url': cls.backend_url,
+        'default-path': '${section:option}\nn"\newline\n}\n}proxy\n/slashed',
+      },
    }

  def test_master_partition_state(self):
@@ -3061,9 +3066,9 @@ class TestSlaveBadParameters(SlaveHttpFrontendTestCase, TestDataMixin):
    expected_parameter_dict = {
      'monitor-base-url': None,
      'domain': 'example.com',
-      'accepted-slave-amount': '4',
+      'accepted-slave-amount': '5',
      'rejected-slave-amount': '2',
-      'slave-amount': '6',
+      'slave-amount': '7',
      'rejected-slave-list':
      '["_server-alias-unsafe", "_custom_domain-unsafe"]'}

@@ -3227,3 +3232,32 @@ class TestSlaveBadParameters(SlaveHttpFrontendTestCase, TestDataMixin):
      '/VirtualHostBase/https//virtualhostroothttpsportunsafe'
      '.example.com:0//VirtualHostRoot/test-path'
    )
+
+  def default_path_unsafe(self):
+    parameter_dict = self.slave_connection_parameter_dict_dict[
+      'default-path-unsafe']
+    self.assertLogAccessUrlWithPop(parameter_dict, 'default-path-unsafe')
+    self.assertEqual(
+      parameter_dict,
+      {
+        'domain': 'defaultpathunsafe.example.com',
+        'replication_number': '1',
+        'url': 'http://defaultpathunsafe.example.com',
+        'site_url': 'http://defaultpathunsafe.example.com',
+        'secure_access': 'https://defaultpathunsafe.example.com',
+        'public-ipv4': LOCAL_IPV4,
+      }
+    )
+
+    result = self.fakeHTTPSResult(
+      parameter_dict['domain'], parameter_dict['public-ipv4'], '')
+
+    self.assertEqual(
+      der2pem(result.peercert),
+      open('wildcard.example.com.crt').read())
+
+    self.assertEqual(
+      result.headers['Location'],
+      'https://defaultpathunsafe.example.com:%s/%%24%%7Bsection%%3Aoption%%7D'
+      '%%0An%%22%%0Aewline%%0A%%7D%%0A%%7Dproxy%%0A/slashed' % (HTTPS_PORT,)
+    )
--- a/software/caddy-frontend/test/test_data/test.TestSlaveBadParameters.test_file_list_log-CADDY.txt
+++ b/software/caddy-frontend/test/test_data/test.TestSlaveBadParameters.test_file_list_log-CADDY.txt
 TestSlaveBadParameters-0/var/log/monitor-httpd-error.log
 TestSlaveBadParameters-1/var/log/frontend-access.log
 TestSlaveBadParameters-1/var/log/frontend-error.log
+TestSlaveBadParameters-1/var/log/httpd/_default-path-unsafe_access_log
+TestSlaveBadParameters-1/var/log/httpd/_default-path-unsafe_error_log
 TestSlaveBadParameters-1/var/log/httpd/_re6st-optimal-test-nocomma_access_log
 TestSlaveBadParameters-1/var/log/httpd/_re6st-optimal-test-nocomma_error_log
 TestSlaveBadParameters-1/var/log/httpd/_re6st-optimal-test-unsafe_access_log

--- a/software/caddy-frontend/test/test_data/test.TestSlaveBadParameters.test_monitor_promise_list-CADDY.txt
+++ b/software/caddy-frontend/test/test_data/test.TestSlaveBadParameters.test_monitor_promise_list-CADDY.txt
+TestSlaveBadParameters-1/etc/monitor-promise/check-_default-path-unsafe-error-log-last-day
+TestSlaveBadParameters-1/etc/monitor-promise/check-_default-path-unsafe-error-log-last-hour
 TestSlaveBadParameters-1/etc/monitor-promise/check-_re6st-optimal-test-nocomma-error-log-last-day
 TestSlaveBadParameters-1/etc/monitor-promise/check-_re6st-optimal-test-nocomma-error-log-last-hour
 TestSlaveBadParameters-1/etc/monitor-promise/check-_re6st-optimal-test-unsafe-error-log-last-day