flows: fix potential open redirect vuln
This commit is contained in:
parent
fbf9554a9e
commit
e15f7d7f28
|
@ -22,7 +22,7 @@ from passbook.flows.exceptions import EmptyFlowException, FlowNonApplicableExcep
|
||||||
from passbook.flows.models import Flow, FlowDesignation, Stage
|
from passbook.flows.models import Flow, FlowDesignation, Stage
|
||||||
from passbook.flows.planner import FlowPlan, FlowPlanner
|
from passbook.flows.planner import FlowPlan, FlowPlanner
|
||||||
from passbook.lib.utils.reflection import class_to_path, path_to_class
|
from passbook.lib.utils.reflection import class_to_path, path_to_class
|
||||||
from passbook.lib.utils.urls import redirect_with_qs
|
from passbook.lib.utils.urls import is_url_absolute, redirect_with_qs
|
||||||
from passbook.lib.views import bad_request_message
|
from passbook.lib.views import bad_request_message
|
||||||
|
|
||||||
LOGGER = get_logger()
|
LOGGER = get_logger()
|
||||||
|
@ -50,8 +50,9 @@ class FlowExecutorView(View):
|
||||||
def handle_invalid_flow(self, exc: BaseException) -> HttpResponse:
|
def handle_invalid_flow(self, exc: BaseException) -> HttpResponse:
|
||||||
"""When a flow is non-applicable check if user is on the correct domain"""
|
"""When a flow is non-applicable check if user is on the correct domain"""
|
||||||
if NEXT_ARG_NAME in self.request.GET:
|
if NEXT_ARG_NAME in self.request.GET:
|
||||||
LOGGER.debug("f(exec): Redirecting to next on fail")
|
if not is_url_absolute(self.request.GET.get(NEXT_ARG_NAME)):
|
||||||
return redirect(self.request.GET.get(NEXT_ARG_NAME))
|
LOGGER.debug("f(exec): Redirecting to next on fail")
|
||||||
|
return redirect(self.request.GET.get(NEXT_ARG_NAME))
|
||||||
message = exc.__doc__ if exc.__doc__ else str(exc)
|
message = exc.__doc__ if exc.__doc__ else str(exc)
|
||||||
return bad_request_message(self.request, message)
|
return bad_request_message(self.request, message)
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,25 @@
|
||||||
|
version: '3.7'
|
||||||
|
|
||||||
|
services:
|
||||||
|
postgresql:
|
||||||
|
container_name: postgres
|
||||||
|
image: postgres:11
|
||||||
|
volumes:
|
||||||
|
- db-data:/var/lib/postgresql/data
|
||||||
|
environment:
|
||||||
|
POSTGRES_USER: passbook
|
||||||
|
POSTGRES_PASSWORD: "EK-5jnKfjrGRm<77"
|
||||||
|
POSTGRES_DB: passbook
|
||||||
|
ports:
|
||||||
|
- 5432:5432
|
||||||
|
restart: always
|
||||||
|
redis:
|
||||||
|
container_name: redis
|
||||||
|
image: redis
|
||||||
|
ports:
|
||||||
|
- 6379:6379
|
||||||
|
restart: always
|
||||||
|
|
||||||
|
volumes:
|
||||||
|
db-data:
|
||||||
|
driver: local
|
|
@ -1,10 +0,0 @@
|
||||||
ingress:
|
|
||||||
enabled: true
|
|
||||||
hosts:
|
|
||||||
- some.address.tld
|
|
||||||
|
|
||||||
grafana.ini:
|
|
||||||
auth.anonymous:
|
|
||||||
enabled: true
|
|
||||||
org_name: Main Org.
|
|
||||||
org_role: Viewer
|
|
|
@ -1,63 +0,0 @@
|
||||||
---
|
|
||||||
apiVersion: v1
|
|
||||||
kind: ServiceAccount
|
|
||||||
metadata:
|
|
||||||
name: prometheus
|
|
||||||
---
|
|
||||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
|
||||||
kind: ClusterRole
|
|
||||||
metadata:
|
|
||||||
name: prometheus
|
|
||||||
rules:
|
|
||||||
- apiGroups: [""]
|
|
||||||
resources:
|
|
||||||
- nodes
|
|
||||||
- services
|
|
||||||
- endpoints
|
|
||||||
- pods
|
|
||||||
verbs: ["get", "list", "watch"]
|
|
||||||
- apiGroups: [""]
|
|
||||||
resources:
|
|
||||||
- configmaps
|
|
||||||
verbs: ["get"]
|
|
||||||
- nonResourceURLs: ["/metrics"]
|
|
||||||
verbs: ["get"]
|
|
||||||
---
|
|
||||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
|
||||||
kind: ClusterRoleBinding
|
|
||||||
metadata:
|
|
||||||
name: prometheus
|
|
||||||
roleRef:
|
|
||||||
apiGroup: rbac.authorization.k8s.io
|
|
||||||
kind: ClusterRole
|
|
||||||
name: prometheus
|
|
||||||
subjects:
|
|
||||||
- kind: ServiceAccount
|
|
||||||
name: prometheus
|
|
||||||
namespace: prod-passbook-ng
|
|
||||||
---
|
|
||||||
apiVersion: monitoring.coreos.com/v1
|
|
||||||
kind: Prometheus
|
|
||||||
metadata:
|
|
||||||
name: prometheus
|
|
||||||
spec:
|
|
||||||
serviceAccountName: prometheus
|
|
||||||
serviceMonitorSelector:
|
|
||||||
matchLabels:
|
|
||||||
app.kubernetes.io/name: passbook
|
|
||||||
enableAdminAPI: false
|
|
||||||
ruleSelector:
|
|
||||||
matchLabels:
|
|
||||||
app.kubernetes.io/name: passbook
|
|
||||||
storage:
|
|
||||||
volumeClaimTemplate:
|
|
||||||
metadata:
|
|
||||||
labels:
|
|
||||||
prometheus: k8s
|
|
||||||
name: prometheus-storage
|
|
||||||
spec:
|
|
||||||
accessModes:
|
|
||||||
- ReadWriteOnce
|
|
||||||
resources:
|
|
||||||
requests:
|
|
||||||
storage: 15Gi
|
|
Reference in New Issue