Merge pull request #254 from opdemand/fix-id-override

mboersma · mboersma · commit 1381fe025953 · 2013-10-29T06:56:30.000-07:00
Only allow App ID's that are valid DNS hostnames
diff --git a/api/serializers.py b/api/serializers.py
@@ -5,6 +5,8 @@
 
 from __future__ import unicode_literals
 
+import re
+
 from django.contrib.auth.models import User
 from rest_framework import serializers
 
@@ -165,6 +167,16 @@ class Meta:
         model = models.App
         read_only_fields = ('created', 'updated')
 
+    def validate_id(self, attrs, source):
+        """
+        Check that the ID is all lowercase
+        """
+        value = attrs[source]
+        match = re.match(r'^[a-z0-9-]+$', value)
+        if not match:
+            raise serializers.ValidationError("App IDs can only contain [a-z0-9-]")
+        return attrs
+
 
 class ContainerSerializer(serializers.ModelSerializer):
     """Serialize a :class:`~api.models.Container` model."""
diff --git a/api/tests/app.py b/api/tests/app.py
@@ -185,6 +185,9 @@ def test_app_actions(self):
     def test_app_errors(self):
         formation_id, app_id = 'autotest', 'autotest-errors'
         url = '/api/apps'
+        body = {'formation': formation_id, 'id': 'camelCase'}
+        response = self.client.post(url, json.dumps(body), content_type='application/json')
+        self.assertContains(response, 'App IDs can only contain [a-z0-9-]', status_code=400)
         body = {'formation': formation_id, 'id': app_id}
         response = self.client.post(url, json.dumps(body), content_type='application/json')
         self.assertEqual(response.status_code, 201)
diff --git a/client/deis.py b/client/deis.py
@@ -399,11 +399,11 @@ def apps_create(self, args):
             progress.join()
         if response.status_code == requests.codes.created:  # @UndefinedVariable
             data = response.json()
-            formation = data['id']
-            print("done, created {}".format(formation))
+            app_id = data['id']
+            print("done, created {}".format(app_id))
             # add a git remote
             hostname = urlparse.urlparse(self._settings['controller']).netloc
-            git_remote = "git@{hostname}:{formation}.git".format(**locals())
+            git_remote = "git@{hostname}:{app_id}.git".format(**locals())
             try:
                 subprocess.check_call(
                     ['git', 'remote', 'add', '-f', 'deis', git_remote],
