hobo: generate a key & a _url variable with a trailing / for self (#16717)

2017-06-06 21:09:30 +02:00 · 2017-06-06 21:09:30 +02:00 · 11032760a2
parent c3f6b06007
commit 11032760a2
2 changed files with 21 additions and 8 deletions
--- a/tests/test_hobo.py
+++ b/tests/test_hobo.py
@ -8,6 +8,7 @@ import pytest
 import shutil
 import sys
 import tempfile
+import urllib2

 import mock

@ -238,6 +239,8 @@ def test_configure_site_options():
    assert (pub.get_site_option('authentic.example.net', 'wscall-secrets')
            == CmdCheckHobos.shared_secret(HOBO_JSON['services'][1]['secret_key'],
                                           HOBO_JSON['services'][2]['secret_key']))
+    self_domain = urllib2.urlparse.urlsplit(service.get('base_url')).netloc
+    assert pub.get_site_option(self_domain, 'wscall-secrets') != '0'

 def test_update_configuration():
    service = [x for x in HOBO_JSON.get('services', []) if x.get('service-id') == 'wcs'][0]
--- a/wcs/ctl/check_hobos.py
+++ b/wcs/ctl/check_hobos.py
@ -17,6 +17,7 @@
 import ConfigParser
 import json
 import os
+import random
 import subprocess
 import sys
 import tempfile
@ -309,25 +310,34 @@ class CmdCheckHobos(Command):
        variables = {}
        api_secrets = {}
        for service in self.all_services.get('services', []):
+            service_url = service.get('base_url')
+            if not service_url.endswith('/'):
+                service_url += '/'
            if service.get('slug'):
-                variables['%s_url' % service.get('slug').replace('-', '_')] = service.get('base_url')
-            # ignore current service to prevent self-domain = secret_key ^ secret_key = 0
-            if service is current_service:
-                continue
+                variables['%s_url' % service.get('slug').replace('-', '_')] = service_url
+
            if not service.get('secret_key'):
                continue
-            domain = urlparse.urlparse(service.get('base_url')).netloc.split(':')[0]
+
+            domain = urlparse.urlparse(service_url).netloc.split(':')[0]
+            if service is current_service:
+                # custom key calcultation for "self", as the shared_secret code
+                # would do secret_key ^ secret_key = 0.
+                api_secrets[domain] = self.shared_secret(current_service.get('secret_key'),
+                        str(random.SystemRandom().random()))
+                continue
+
            api_secrets[domain] = self.shared_secret(current_service.get('secret_key'), service.get('secret_key'))
            if service.get('service-id') == 'combo':
                if service.get('template_name') == 'portal-agent':
-                    variables['portal_agent_url'] = service.get('base_url')
+                    variables['portal_agent_url'] = service_url
                    variables['portal_agent_title'] = service.get('title')
                elif service.get('template_name') == 'portal-user':
-                    variables['portal_url'] = service.get('base_url')
+                    variables['portal_url'] = service_url
                    config.set('options', 'theme_skeleton_url',
                            service.get('base_url') + '__skeleton__/')
            if service.get('service-id') == 'authentic':
-                variables['idp_account_url'] = service.get('base_url') + 'accounts/'
+                variables['idp_account_url'] = service_url + 'accounts/'
        if self.all_services.get('variables'):
            for key, value in self.all_services.get('variables').items():
                variables[key] = value