mirror of https://github.com/apache/superset.git
Add check for SSL certificate and add form validators (#9436)
* Add check for server_cert falsy and add form validators * Address comments
This commit is contained in:
parent
621b4816b3
commit
e33f6c244d
|
@ -16,6 +16,8 @@
|
||||||
# under the License.
|
# under the License.
|
||||||
from typing import Optional
|
from typing import Optional
|
||||||
|
|
||||||
|
from flask_babel import gettext as _
|
||||||
|
|
||||||
|
|
||||||
class SupersetException(Exception):
|
class SupersetException(Exception):
|
||||||
status = 500
|
status = 500
|
||||||
|
@ -61,7 +63,7 @@ class SpatialException(SupersetException):
|
||||||
|
|
||||||
|
|
||||||
class CertificateException(SupersetException):
|
class CertificateException(SupersetException):
|
||||||
pass
|
message = _("Invalid certificate")
|
||||||
|
|
||||||
|
|
||||||
class DatabaseNotFound(SupersetException):
|
class DatabaseNotFound(SupersetException):
|
||||||
|
|
|
@ -1369,16 +1369,8 @@ class Superset(BaseSupersetView):
|
||||||
conn.scalar(select([1]))
|
conn.scalar(select([1]))
|
||||||
return json_success('"OK"')
|
return json_success('"OK"')
|
||||||
except CertificateException as e:
|
except CertificateException as e:
|
||||||
logger.info("Invalid certificate %s", e)
|
logger.info(e.message)
|
||||||
return json_error_response(
|
return json_error_response(e.message)
|
||||||
_(
|
|
||||||
"Invalid certificate. "
|
|
||||||
"Please make sure the certificate begins with\n"
|
|
||||||
"-----BEGIN CERTIFICATE-----\n"
|
|
||||||
"and ends with \n"
|
|
||||||
"-----END CERTIFICATE-----"
|
|
||||||
)
|
|
||||||
)
|
|
||||||
except NoSuchModuleError as e:
|
except NoSuchModuleError as e:
|
||||||
logger.info("Invalid driver %s", e)
|
logger.info("Invalid driver %s", e)
|
||||||
driver_name = make_url(uri).drivername
|
driver_name = make_url(uri).drivername
|
||||||
|
|
|
@ -21,7 +21,7 @@ from flask_babel import lazy_gettext as _
|
||||||
from sqlalchemy import MetaData
|
from sqlalchemy import MetaData
|
||||||
|
|
||||||
from superset import app, security_manager
|
from superset import app, security_manager
|
||||||
from superset.exceptions import CertificateException, SupersetException
|
from superset.exceptions import SupersetException
|
||||||
from superset.security.analytics_db_safety import check_sqlalchemy_uri
|
from superset.security.analytics_db_safety import check_sqlalchemy_uri
|
||||||
from superset.utils import core as utils
|
from superset.utils import core as utils
|
||||||
from superset.views.database.filters import DatabaseFilter
|
from superset.views.database.filters import DatabaseFilter
|
||||||
|
@ -204,10 +204,8 @@ class DatabaseMixin:
|
||||||
check_sqlalchemy_uri(database.sqlalchemy_uri)
|
check_sqlalchemy_uri(database.sqlalchemy_uri)
|
||||||
self.check_extra(database)
|
self.check_extra(database)
|
||||||
self.check_encrypted_extra(database)
|
self.check_encrypted_extra(database)
|
||||||
utils.parse_ssl_cert(database.server_cert)
|
if database.server_cert:
|
||||||
database.server_cert = (
|
utils.parse_ssl_cert(database.server_cert)
|
||||||
database.server_cert.strip() if database.server_cert else ""
|
|
||||||
)
|
|
||||||
database.set_sqlalchemy_uri(database.sqlalchemy_uri)
|
database.set_sqlalchemy_uri(database.sqlalchemy_uri)
|
||||||
security_manager.add_permission_view_menu("database_access", database.perm)
|
security_manager.add_permission_view_menu("database_access", database.perm)
|
||||||
# adding a new database we always want to force refresh schema list
|
# adding a new database we always want to force refresh schema list
|
||||||
|
@ -236,8 +234,6 @@ class DatabaseMixin:
|
||||||
# this will check whether json.loads(extra) can succeed
|
# this will check whether json.loads(extra) can succeed
|
||||||
try:
|
try:
|
||||||
extra = database.get_extra()
|
extra = database.get_extra()
|
||||||
except CertificateException:
|
|
||||||
raise Exception(_("Invalid certificate"))
|
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
raise Exception(
|
raise Exception(
|
||||||
_("Extra field cannot be decoded by JSON. %{msg}s", msg=str(e))
|
_("Extra field cannot be decoded by JSON. %{msg}s", msg=str(e))
|
||||||
|
|
|
@ -29,6 +29,7 @@ import superset.models.core as models
|
||||||
from superset import app, db
|
from superset import app, db
|
||||||
from superset.connectors.sqla.models import SqlaTable
|
from superset.connectors.sqla.models import SqlaTable
|
||||||
from superset.constants import RouteMethod
|
from superset.constants import RouteMethod
|
||||||
|
from superset.exceptions import CertificateException
|
||||||
from superset.utils import core as utils
|
from superset.utils import core as utils
|
||||||
from superset.views.base import DeleteMixin, SupersetModelView, YamlExportMixin
|
from superset.views.base import DeleteMixin, SupersetModelView, YamlExportMixin
|
||||||
|
|
||||||
|
@ -50,6 +51,17 @@ def sqlalchemy_uri_form_validator(_, field: StringField) -> None:
|
||||||
sqlalchemy_uri_validator(field.data, exception=ValidationError)
|
sqlalchemy_uri_validator(field.data, exception=ValidationError)
|
||||||
|
|
||||||
|
|
||||||
|
def certificate_form_validator(_, field: StringField) -> None:
|
||||||
|
"""
|
||||||
|
Check if user has submitted a valid SSL certificate
|
||||||
|
"""
|
||||||
|
if field.data:
|
||||||
|
try:
|
||||||
|
utils.parse_ssl_cert(field.data)
|
||||||
|
except CertificateException as ex:
|
||||||
|
raise ValidationError(ex.message)
|
||||||
|
|
||||||
|
|
||||||
def upload_stream_write(form_file_field: "FileStorage", path: str):
|
def upload_stream_write(form_file_field: "FileStorage", path: str):
|
||||||
chunk_size = app.config["UPLOAD_CHUNK_SIZE"]
|
chunk_size = app.config["UPLOAD_CHUNK_SIZE"]
|
||||||
with open(path, "bw") as file_description:
|
with open(path, "bw") as file_description:
|
||||||
|
@ -68,7 +80,10 @@ class DatabaseView(
|
||||||
|
|
||||||
add_template = "superset/models/database/add.html"
|
add_template = "superset/models/database/add.html"
|
||||||
edit_template = "superset/models/database/edit.html"
|
edit_template = "superset/models/database/edit.html"
|
||||||
validators_columns = {"sqlalchemy_uri": [sqlalchemy_uri_form_validator]}
|
validators_columns = {
|
||||||
|
"sqlalchemy_uri": [sqlalchemy_uri_form_validator],
|
||||||
|
"server_cert": [certificate_form_validator],
|
||||||
|
}
|
||||||
|
|
||||||
yaml_dict_key = "databases"
|
yaml_dict_key = "databases"
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue