fix(controller): improve domain name validation per RFC 1123

mboersma · mboersma · commit a002dd440248 · 2015-01-29T11:15:01.000-07:00
diff --git a/controller/api/serializers.py b/controller/api/serializers.py
@@ -239,23 +239,22 @@ def validate_domain(self, value):
         """
         Check that the hostname is valid
         """
-        match = re.match(
-            r'^(\*\.)?(' + settings.APP_URL_REGEX + r'\.)*([a-z0-9-]+)\.([a-z0-9]{2,})$',
-            value)
-        if not match:
+        if len(value) > 255:
+            raise serializers.ValidationError('Hostname must be 255 characters or less.')
+        if value[-1:] == ".":
+            value = value[:-1]  # strip exactly one dot from the right, if present
+        labels = value.split('.')
+        if labels[0] == '*':
             raise serializers.ValidationError(
-                "Hostname does not look like a valid hostname. "
-                "Only lowercase characters are allowed.")
-
+                'Adding a wildcard subdomain is currently not supported.')
+        allowed = re.compile("^(?!-)[a-z0-9-]{1,63}(?<!-)$", re.IGNORECASE)
+        for label in labels:
+            match = allowed.match(label)
+            if not match or '--' in label or label[-1].isdigit() or label.isdigit():
+                raise serializers.ValidationError('Hostname does not look valid.')
         if models.Domain.objects.filter(domain=value).exists():
             raise serializers.ValidationError(
                 "The domain {} is already in use by another app".format(value))
-
-        domain_parts = value.split('.')
-        if domain_parts[0] == '*':
-            raise serializers.ValidationError(
-                "Adding a wildcard subdomain is currently not supported".format(value))
-
         return value
 
 
diff --git a/controller/api/tests/test_domain.py b/controller/api/tests/test_domain.py
@@ -48,24 +48,34 @@ def test_response_data(self):
 
     def test_manage_domain(self):
         url = '/v1/apps/{app_id}/domains'.format(app_id=self.app_id)
-        body = {'domain': 'test-domain.example.com'}
-        response = self.client.post(url, json.dumps(body), content_type='application/json',
-                                    HTTP_AUTHORIZATION='token {}'.format(self.token))
-        self.assertEqual(response.status_code, 201)
-        url = '/v1/apps/{app_id}/domains'.format(app_id=self.app_id)
-        response = self.client.get(url, content_type='application/json',
-                                   HTTP_AUTHORIZATION='token {}'.format(self.token))
-        result = response.data['results'][0]
-        self.assertEqual('test-domain.example.com', result['domain'])
-        url = '/v1/apps/{app_id}/domains/{hostname}'.format(hostname='test-domain.example.com',
-                                                            app_id=self.app_id)
-        response = self.client.delete(url, content_type='application/json',
-                                      HTTP_AUTHORIZATION='token {}'.format(self.token))
-        self.assertEqual(response.status_code, 204)
-        url = '/v1/apps/{app_id}/domains'.format(app_id=self.app_id)
-        response = self.client.get(url, content_type='application/json',
-                                   HTTP_AUTHORIZATION='token {}'.format(self.token))
-        self.assertEqual(0, response.data['count'])
+        test_domains = [
+            'test-domain.example.com',
+            'django.paas-sandbox',
+            'domain',
+            'not.too.loooooooooooooooooooooooooooooooooooooooooooooooooooooooooooong',
+            '3com.com',
+            'MYDOMAIN.NET',
+        ]
+        for domain in test_domains:
+            body = {'domain': domain}
+            msg = "failed on \"{}\"".format(domain)
+            response = self.client.post(url, json.dumps(body), content_type='application/json',
+                                        HTTP_AUTHORIZATION='token {}'.format(self.token))
+            self.assertEqual(response.status_code, 201, msg)
+            url = '/v1/apps/{app_id}/domains'.format(app_id=self.app_id)
+            response = self.client.get(url, content_type='application/json',
+                                       HTTP_AUTHORIZATION='token {}'.format(self.token))
+            result = response.data['results'][0]
+            self.assertEqual(domain, result['domain'], msg)
+            url = '/v1/apps/{app_id}/domains/{hostname}'.format(hostname=domain,
+                                                                app_id=self.app_id)
+            response = self.client.delete(url, content_type='application/json',
+                                          HTTP_AUTHORIZATION='token {}'.format(self.token))
+            self.assertEqual(response.status_code, 204, msg)
+            url = '/v1/apps/{app_id}/domains'.format(app_id=self.app_id)
+            response = self.client.get(url, content_type='application/json',
+                                       HTTP_AUTHORIZATION='token {}'.format(self.token))
+            self.assertEqual(0, response.data['count'], msg)
 
     def test_manage_domain_invalid_app(self):
         url = '/v1/apps/{app_id}/domains'.format(app_id="this-app-does-not-exist")
@@ -80,20 +90,20 @@ def test_manage_domain_invalid_app(self):
 
     def test_manage_domain_invalid_domain(self):
         url = '/v1/apps/{app_id}/domains'.format(app_id=self.app_id)
-        body = {'domain': 'this_is_an.invalid.domain'}
-        response = self.client.post(url, json.dumps(body), content_type='application/json',
-                                    HTTP_AUTHORIZATION='token {}'.format(self.token))
-        self.assertEqual(response.status_code, 400)
-        url = '/v1/apps/{app_id}/domains'.format(app_id=self.app_id)
-        body = {'domain': 'this-is-an.invalid.a'}
-        response = self.client.post(url, json.dumps(body), content_type='application/json',
-                                    HTTP_AUTHORIZATION='token {}'.format(self.token))
-        self.assertEqual(response.status_code, 400)
-        url = '/v1/apps/{app_id}/domains'.format(app_id=self.app_id)
-        body = {'domain': 'domain'}
-        response = self.client.post(url, json.dumps(body), content_type='application/json',
-                                    HTTP_AUTHORIZATION='token {}'.format(self.token))
-        self.assertEqual(response.status_code, 400)
+        test_domains = [
+            'this_is_an.invalid.domain',
+            'this-is-an.invalid.1',
+            'django.pass--sandbox',
+            'domain1',
+            '3333.com',
+            'too.looooooooooooooooooooooooooooooooooooooooooooooooooooooooooooong',
+        ]
+        for domain in test_domains:
+            msg = "failed on \"{}\"".format(domain)
+            body = {'domain': domain}
+            response = self.client.post(url, json.dumps(body), content_type='application/json',
+                                        HTTP_AUTHORIZATION='token {}'.format(self.token))
+            self.assertEqual(response.status_code, 400, msg)
 
     def test_manage_domain_wildcard(self):
         """Wildcards are not allowed for now."""
