misc: allow calling {% make_public_url %} on empty or non-publik URLs (#58903)

2021-11-23 15:40:10 +01:00 · 2021-11-23 15:40:10 +01:00 · 537f45400e
parent 217fa7541c
commit 537f45400e
2 changed files with 70 additions and 0 deletions
--- a/combo/apps/wcs/templatetags/wcs.py
+++ b/combo/apps/wcs/templatetags/wcs.py
@ -22,6 +22,7 @@ from django.utils.html import escape
 from django.utils.safestring import mark_safe

 from combo.utils import aes_hex_encrypt
+from combo.utils.misc import is_url_from_known_service

 register = template.Library()

@ -80,6 +81,8 @@ def format_text(field, value):

@register.simple_tag(takes_context=True)
 def make_public_url(context, url):
+    if not url or not is_url_from_known_service(url):
+        return url
    if not context.request.session.session_key:
        context.request.session.cycle_key()
    session_key = context.request.session.session_key
--- a/tests/test_cells.py
+++ b/tests/test_cells.py
@ -665,6 +665,73 @@ def test_json_cell_with_varnames(app):
        assert '/var2=bar/' in resp.text


+def test_json_cell_make_public_url(app):
+    page = Page(title='example page', slug='index')
+    page.save()
+
+    cell = JsonCell()
+    cell.page = page
+    cell.title = 'Example Site'
+    cell.order = 0
+    cell.url = 'https://example.net'
+
+    # url from known_services
+    cell.template_string = '{% make_public_url url="http://127.0.0.1:8999/" %}'
+    cell.save()
+
+    with mock.patch('combo.utils.requests.get') as requests_get:
+        data = {'data': []}
+        requests_get.return_value = mock_json_response(content=json.dumps(data), status_code=200)
+        url = reverse(
+            'combo-public-ajax-page-cell', kwargs={'page_pk': page.id, 'cell_reference': cell.get_reference()}
+        )
+        resp = app.get(url)
+        assert '/api/wcs/file/' in resp.text
+        assert 'http://127.0.0.1:8999' not in resp.text
+
+    # url from unknown service
+    cell.template_string = '{% make_public_url url="https://example.net" %}'
+    cell.save()
+
+    with mock.patch('combo.utils.requests.get') as requests_get:
+        data = {'data': []}
+        requests_get.return_value = mock_json_response(content=json.dumps(data), status_code=200)
+        url = reverse(
+            'combo-public-ajax-page-cell', kwargs={'page_pk': page.id, 'cell_reference': cell.get_reference()}
+        )
+        resp = app.get(url)
+        assert 'https://example.net' in resp.text
+        assert '/api/wcs/file/' not in resp.text
+
+    # url with empty string
+    cell.template_string = 'X{% make_public_url url="" %}Y'
+    cell.save()
+
+    with mock.patch('combo.utils.requests.get') as requests_get:
+        data = {'data': []}
+        requests_get.return_value = mock_json_response(content=json.dumps(data), status_code=200)
+        url = reverse(
+            'combo-public-ajax-page-cell', kwargs={'page_pk': page.id, 'cell_reference': cell.get_reference()}
+        )
+        resp = app.get(url)
+        assert 'XY' in resp.text
+        assert '/api/wcs/file/' not in resp.text
+
+    # url as None
+    cell.template_string = 'X{% make_public_url url=None %}Y'
+    cell.save()
+
+    with mock.patch('combo.utils.requests.get') as requests_get:
+        data = {'data': []}
+        requests_get.return_value = mock_json_response(content=json.dumps(data), status_code=200)
+        url = reverse(
+            'combo-public-ajax-page-cell', kwargs={'page_pk': page.id, 'cell_reference': cell.get_reference()}
+        )
+        resp = app.get(url)
+        assert 'XNoneY' in resp.text
+        assert '/api/wcs/file/' not in resp.text
+
+
 def test_json_cell_validity(context):
    page = Page.objects.create(title='example page', slug='example-page')
    cell = JsonCell.objects.create(