backoffice: add validity check for datasource URLs (#55871)

This commit is contained in:
Frédéric Péters 2021-07-27 17:39:22 +02:00
parent 790caa0ddd
commit 598ce40e3d
2 changed files with 42 additions and 0 deletions

View File

@ -2321,6 +2321,40 @@ def test_form_edit_items_field(pub):
assert FormDef.get(1).fields[0].items == ['XXX']
def test_form_edit_items_datasource(pub):
create_superuser(pub)
create_role(pub)
FormDef.wipe()
formdef = FormDef()
formdef.name = 'form title'
formdef.fields = [fields.ItemsField(id='1', label='1st field', type='items')]
formdef.store()
app = login(get_app(pub))
resp = app.get('/backoffice/forms/1/')
resp = resp.click(href='fields/')
assert '1st field' in resp.text
resp = app.get('/backoffice/forms/1/fields/1/')
resp.form['data_mode'].value = 'data-source'
resp.form['data_source$type'].value = 'json'
resp.form['data_source$value'].value = 'random string'
resp = resp.form.submit('submit')
assert 'Value must be a full URL.' in resp.text
resp.form['data_source$value'].value = 'http://whatever'
resp = resp.form.submit('submit').follow()
assert FormDef.get(1).fields[0].data_source == {'type': 'json', 'value': 'http://whatever'}
# check template strings are ok
resp = app.get('/backoffice/forms/1/fields/1/')
resp.form['data_mode'].value = 'data-source'
resp.form['data_source$type'].value = 'json'
resp.form['data_source$value'].value = '{{url}}'
resp = resp.form.submit('submit').follow()
assert FormDef.get(1).fields[0].data_source == {'type': 'json', 'value': '{{url}}'}
def test_form_edit_page_field(pub):
create_superuser(pub)
create_role(pub)

View File

@ -179,6 +179,14 @@ class DataSourceSelectionWidget(CompositeWidget):
value = self.get(name)
if value:
values[name] = value
if values.get('type') in ('json', 'jsonp', 'geojson'):
url = values.get('value') or ''
if url and not Template.is_template_string(url):
parsed = urllib.parse.urlparse(url)
if not (parsed.scheme and parsed.netloc):
self.error = _('Value must be a full URL.')
if values.get('type', '') in ('none', ''):
values = None
self.value = values or None