attribute_kinds: check types at date (de)serialization time (#76883)
gitea/authentic/pipeline/head This commit looks good
Details
gitea/authentic/pipeline/head This commit looks good
Details
Poorly-configured authn backends can lead to erroneous date data types sent to profile attributes. Date attribute (de)serialization should perform type checks.
This commit is contained in:
parent
8c79a9ce88
commit
7c158f96bf
|
@ -246,6 +246,18 @@ class ProfileImageFile:
|
|||
return default_storage.url(self.name)
|
||||
|
||||
|
||||
def date_serialize(date):
|
||||
if date and isinstance(date, datetime.date):
|
||||
return date.isoformat()
|
||||
return ''
|
||||
|
||||
|
||||
def date_deserialize(iso_string):
|
||||
if iso_string and isinstance(iso_string, str):
|
||||
return datetime.datetime.strptime(iso_string, '%Y-%m-%d').date()
|
||||
return None
|
||||
|
||||
|
||||
def profile_image_serialize(uploadedfile):
|
||||
if not uploadedfile:
|
||||
return ''
|
||||
|
@ -352,16 +364,16 @@ DEFAULT_ATTRIBUTE_KINDS = [
|
|||
'label': _('date'),
|
||||
'name': 'date',
|
||||
'field_class': DateField,
|
||||
'serialize': lambda x: x and x.isoformat(),
|
||||
'deserialize': lambda x: x and datetime.datetime.strptime(x, '%Y-%m-%d').date(),
|
||||
'serialize': date_serialize,
|
||||
'deserialize': date_deserialize,
|
||||
'rest_framework_field_class': DateRestField,
|
||||
},
|
||||
{
|
||||
'label': _('birthdate'),
|
||||
'name': 'birthdate',
|
||||
'field_class': BirthdateField,
|
||||
'serialize': lambda x: x and x.isoformat(),
|
||||
'deserialize': lambda x: x and datetime.datetime.strptime(x, '%Y-%m-%d').date(),
|
||||
'serialize': date_serialize,
|
||||
'deserialize': date_deserialize,
|
||||
'rest_framework_field_class': BirthdateRestField,
|
||||
},
|
||||
{
|
||||
|
|
|
@ -509,6 +509,22 @@ def test_birthdate_api(db, app, admin, mailoutbox, freezer):
|
|||
qs.delete()
|
||||
|
||||
|
||||
def test_birthdate_buggy_type(db, admin):
|
||||
attr = Attribute.objects.create(
|
||||
name='birthdate', label='birthdate', kind='birthdate', asked_on_registration=True
|
||||
)
|
||||
attr.set_value(owner=admin, value='2000-01-01')
|
||||
admin.refresh_from_db()
|
||||
assert admin.attributes.birthdate is None
|
||||
|
||||
|
||||
def test_date_buggy_type(db, admin):
|
||||
attr = Attribute.objects.create(name='date', label='date', kind='date', asked_on_registration=True)
|
||||
attr.set_value(owner=admin, value='2000-01-01')
|
||||
admin.refresh_from_db()
|
||||
assert admin.attributes.date is None
|
||||
|
||||
|
||||
def test_profile_image(db, app, admin, mailoutbox):
|
||||
Attribute.objects.create(
|
||||
name='cityscape_image',
|
||||
|
|
Loading…
Reference in New Issue