Update domain serializer to improve validation accuracy

Remove extras serializers submodule Add validation regexes to constants
2024-11-05 06:07:06 +00:00 · 2020-02-27 00:07:19 -05:00 · 2020-02-27 00:07:19 -05:00 · 32cd33728d
commit 32cd33728d
parent 31845ef7c5
4 changed files with 70 additions and 34 deletions
--- a/keyosk/constants.py
+++ b/keyosk/constants.py
@ -3,3 +3,15 @@
 DEFAULT_CONFIG_PATH = "/etc/keyosk/conf.toml"

 ENV_CONFIG_PATH = "KYSK_CONF_PATH"
+
+REGEX_FRIENDLY_NAME = r"^([a-z][a-z0-9]+)(-[a-z0-9]+)*$"
+
+REGEX_DOMAIN_NAME = REGEX_FRIENDLY_NAME
+
+REGEX_DOMAIN_ACCESS_LIST_NAME = REGEX_FRIENDLY_NAME
+
+REGEX_DOMAIN_PERMISSION_NAME = REGEX_FRIENDLY_NAME
+
+REGEX_DOMAIN_AUDIENCE = r"^[a-z][a-z0-9]{2,9}$"
+
+REGEX_DOMAIN_TITLE = r"^.{1,30}$"
--- a/keyosk/serializers/init.py
+++ b/keyosk/serializers/init.py
@ -2,5 +2,3 @@
 from keyosk.serializers.account import AccountSerializer
 from keyosk.serializers.account_acl import AccountACLSerializer
 from keyosk.serializers.domain import DomainSerializer
-from keyosk.serializers.domain_extras import DomainAccessListSerializer
-from keyosk.serializers.domain_extras import DomainPermissionSerializer
--- a/keyosk/serializers/domain.py
+++ b/keyosk/serializers/domain.py
@ -1,20 +1,48 @@
+from typing import Dict
 from typing import List
+from typing import Union

 import marshmallow as msh

+from keyosk import constants
 from keyosk import fields as custom_fields
-from keyosk.serializers.domain_extras import DomainAccessListSerializer
-from keyosk.serializers.domain_extras import DomainPermissionSerializer
+
+
+class DomainPermissionSerializer(msh.Schema):
+    """"""
+
+    name = msh.fields.String(
+        required=True,
+        validate=msh.validate.Regexp(constants.REGEX_DOMAIN_PERMISSION_NAME),
+    )
+    bitindex = msh.fields.Integer(required=True, validate=msh.validate.Range(min=0))


 class DomainSerializer(msh.Schema):
+    """Serializer for domain records
+
+    This serializer is meant to translate between the client-facing data format and a
+    data format that is ready to be used with the :class:`database.Domain` model for
+    access to and from the database.
+
+    .. note:: Schema fields here map 1:1 with the model fields/properties of the same
+              names on :class:`database.Domain`.
+    """

    uuid = msh.fields.UUID(required=True)
    created = custom_fields.Epoch(required=True)
    updated = custom_fields.Epoch(required=True)
-    name = msh.fields.String(required=True)
-    audience = msh.fields.String(required=True)
-    title = msh.fields.String(required=True, allow_none=True)
+    name = msh.fields.String(
+        required=True, validate=msh.validate.Regexp(constants.REGEX_DOMAIN_NAME)
+    )
+    audience = msh.fields.String(
+        required=True, validate=msh.validate.Regexp(constants.REGEX_DOMAIN_AUDIENCE)
+    )
+    title = msh.fields.String(
+        required=True,
+        allow_none=True,
+        validate=msh.validate.Regexp(constants.REGEX_DOMAIN_TITLE),
+    )
    description = msh.fields.String(required=True, allow_none=True)
    contact = msh.fields.String(required=True, allow_none=True)
    enabled = msh.fields.Boolean(required=True)
@ -25,17 +53,37 @@ class DomainSerializer(msh.Schema):
        required=True, data_key="enable-server-set-auth"
    )
    enable_refresh = msh.fields.Boolean(required=True, data_key="enable-refresh")
-    lifespan_access = msh.fields.Boolean(required=True, data_key="lifespan-access")
-    lifespan_refresh = msh.fields.Boolean(required=True, data_key="lifespan-refresh")
-    access_lists = msh.fields.List(
-        msh.fields.Nested(DomainAccessListSerializer),
+    lifespan_access = msh.fields.TimeDelta(required=True, data_key="lifespan-access")
+    lifespan_refresh = msh.fields.TimeDelta(required=True, data_key="lifespan-refresh")
+    access_list_names = msh.fields.List(
+        msh.fields.String(
+            validate=msh.validate.Regexp(constants.REGEX_DOMAIN_ACCESS_LIST_NAME)
+        ),
        required=True,
        data_key="access-lists",
    )
    permissions = msh.fields.List(
-        msh.fields.Nested(DomainPermissionSerializer), required=True
+        msh.fields.Nested(DomainPermissionSerializer), required=True,
    )

+    @msh.validates("access_list_names")
+    def validate_acl_names(self, data: List[str], **kwargs):
+        if len(data) != len(set(data)):
+            raise msh.ValidationError("Duplicate access list names")
+
+    @msh.validates("permissions")
+    def validate_permissions(self, data: List[Dict[str, Union[str, int]]], **kwargs):
+        names = [item["name"] for item in data]
+        if len(names) != len(set(names)):
+            raise msh.ValidationError("Duplicat permission names")
+
+        indexes = sorted([item["bitindex"] for item in data])
+        for index in len(indexes):
+            if indexes[index - 1] != (index - 1):
+                raise msh.ValidationError(
+                    f"Invalid bitindexes provided: expected zero-index sequential sequence, recieved {indexes}"
+                )
+
    @staticmethod
    def creation_fields() -> List[str]:
        return ["uuid", "created", "updated"]
--- a/keyosk/serializers/domain_extras.py
+++ b/keyosk/serializers/domain_extras.py
@ -1,22 +0,0 @@
-from typing import Dict
-
-import marshmallow as msh
-
-
-class DomainAccessListSerializer(msh.Schema):
-
-    name = msh.fields.String(required=True)
-
-    @msh.pre_load
-    def _from_string(self, data: str, *args, **kwargs) -> Dict[str, str]:
-        return {"name": data}
-
-    @msh.post_dump
-    def _to_string(self, data, *args, **kwargs) -> str:
-        return data["name"]
-
-
-class DomainPermissionSerializer(msh.Schema):
-
-    name = msh.fields.String(required=True)
-    bitindex = msh.fields.Integer(required=True, validate=msh.validate.Range(min=0))