Commit db8bf5ac authored by Łukasz Nowak's avatar Łukasz Nowak Committed by Łukasz Nowak

caddy-frontend: Urlencode default-path

parent 4f32fe08
......@@ -58,7 +58,7 @@ md5sum = f20d6c3d2d94fb685f8d26dfca1e822b
[template-default-slave-virtualhost]
filename = templates/default-virtualhost.conf.in
md5sum = 6635cfaf5eeb46ec6b97bd7a12ffc4e3
md5sum = 7bccd8b63121821131e7a5117e7bb73b
[template-cached-slave-virtualhost]
filename = templates/cached-virtualhost.conf.in
......
......@@ -20,6 +20,7 @@
{%- do http_host_list.append('http://%s:%s' % (host, slave_parameter['http_port'] )) %}
{%- do https_host_list.append('https://%s:%s' % (host, slave_parameter['https_port'] )) %}
{%- endfor %} {#- for host in host_list #}
{%- set default_path = slave_parameter.get('default-path', '') | urlencode %}
# SSL enabled hosts
{{ https_host_list|join(', ') }} {
......@@ -86,12 +87,12 @@
{%- endif %} {#- if ssl_proxy_verify #}
} {# proxy #}
{%- endfor %} {#- for (proxy_name, proxy_comment) in proxy_append_list #}
{%- if 'default-path' in slave_parameter %}
{%- if default_path %}
redir 301 {
if {path} is /
/ {scheme}://{host}/{{ slave_parameter.get('default-path') }}
/ {scheme}://{host}/{{ default_path }}
} {# redir #}
{%- endif %} {#- if 'default-path' in slave_parameter #}
{%- endif %} {#- if default_path #}
rewrite {
regexp (.*)
to /VirtualHostBase/{scheme}%2F%2F{hostonly}:{{ slave_parameter.get('virtualhostroot-https-port', '443') | int }}%2F{{ slave_parameter.get('path', '') }}%2FVirtualHostRoot/{1}
......@@ -103,12 +104,12 @@
} {# redir #}
{%- else %} {#- if slave_type == 'zope' and backend_url #}
# Default configuration
{%- if 'default-path' in slave_parameter %}
{%- if default_path %}
redir 301 {
if {path} is /
/ {scheme}://{host}/{{ slave_parameter.get('default-path') }}
/ {scheme}://{host}/{{ default_path }}
} {# redir #}
{%- endif %} {#- if 'default-path' in slave_parameter #}
{%- endif %} {#- if default_path #}
{%- if backend_url %}
{%- for (proxy_name, proxy_comment) in proxy_append_list %}
......@@ -208,24 +209,24 @@
{%- endif %} {#- if ssl_proxy_verify #}
} {# proxy #}
{%- endfor %} {#- for (proxy_name, proxy_comment) in proxy_append_list #}
{%- if 'default-path' in slave_parameter %}
{%- if default_path %}
redir 301 {
if {path} is /
/ {scheme}://{host}/{{ slave_parameter.get('default-path') }}
/ {scheme}://{host}/{{ default_path }}
} {# redir #}
{%- endif %} {#- if 'default-path' in slave_parameter #}
{%- endif %} {#- if default_path #}
rewrite {
regexp (.*)
to /VirtualHostBase/{scheme}%2F%2F{hostonly}:{{ slave_parameter.get('virtualhostroot-http-port', '80') | int }}%2F{{ slave_parameter.get('path', '') }}%2FVirtualHostRoot/{1}
} {# rewrite #}
{%- else %} {#- if https_only #}
# Default configuration
{%- if 'default-path' in slave_parameter %}
{%- if default_path %}
redir 301 {
if {path} is /
/ {scheme}://{host}/{{ slave_parameter.get('default-path') }}
/ {scheme}://{host}/{{ default_path }}
} {# redir #}
{%- endif %} {#- if 'default-path' in slave_parameter #}
{%- endif %} {#- if default_path #}
{%- if slave_parameter.get('url', '') %}
{%- for (proxy_name, proxy_comment) in proxy_append_list %}
# {{ proxy_comment }}
......
......@@ -3052,6 +3052,11 @@ class TestSlaveBadParameters(SlaveHttpFrontendTestCase, TestDataMixin):
'url': cls.backend_url,
'virtualhostroot-https-port': '${section:option}',
},
'default-path-unsafe': {
'type': 'zope',
'url': cls.backend_url,
'default-path': '${section:option}\nn"\newline\n}\n}proxy\n/slashed',
},
}
def test_master_partition_state(self):
......@@ -3061,9 +3066,9 @@ class TestSlaveBadParameters(SlaveHttpFrontendTestCase, TestDataMixin):
expected_parameter_dict = {
'monitor-base-url': None,
'domain': 'example.com',
'accepted-slave-amount': '4',
'accepted-slave-amount': '5',
'rejected-slave-amount': '2',
'slave-amount': '6',
'slave-amount': '7',
'rejected-slave-list':
'["_server-alias-unsafe", "_custom_domain-unsafe"]'}
......@@ -3227,3 +3232,32 @@ class TestSlaveBadParameters(SlaveHttpFrontendTestCase, TestDataMixin):
'/VirtualHostBase/https//virtualhostroothttpsportunsafe'
'.example.com:0//VirtualHostRoot/test-path'
)
def default_path_unsafe(self):
parameter_dict = self.slave_connection_parameter_dict_dict[
'default-path-unsafe']
self.assertLogAccessUrlWithPop(parameter_dict, 'default-path-unsafe')
self.assertEqual(
parameter_dict,
{
'domain': 'defaultpathunsafe.example.com',
'replication_number': '1',
'url': 'http://defaultpathunsafe.example.com',
'site_url': 'http://defaultpathunsafe.example.com',
'secure_access': 'https://defaultpathunsafe.example.com',
'public-ipv4': LOCAL_IPV4,
}
)
result = self.fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], '')
self.assertEqual(
der2pem(result.peercert),
open('wildcard.example.com.crt').read())
self.assertEqual(
result.headers['Location'],
'https://defaultpathunsafe.example.com:%s/%%24%%7Bsection%%3Aoption%%7D'
'%%0An%%22%%0Aewline%%0A%%7D%%0A%%7Dproxy%%0A/slashed' % (HTTPS_PORT,)
)
TestSlaveBadParameters-0/var/log/monitor-httpd-error.log
TestSlaveBadParameters-1/var/log/frontend-access.log
TestSlaveBadParameters-1/var/log/frontend-error.log
TestSlaveBadParameters-1/var/log/httpd/_default-path-unsafe_access_log
TestSlaveBadParameters-1/var/log/httpd/_default-path-unsafe_error_log
TestSlaveBadParameters-1/var/log/httpd/_re6st-optimal-test-nocomma_access_log
TestSlaveBadParameters-1/var/log/httpd/_re6st-optimal-test-nocomma_error_log
TestSlaveBadParameters-1/var/log/httpd/_re6st-optimal-test-unsafe_access_log
......
TestSlaveBadParameters-1/etc/monitor-promise/check-_default-path-unsafe-error-log-last-day
TestSlaveBadParameters-1/etc/monitor-promise/check-_default-path-unsafe-error-log-last-hour
TestSlaveBadParameters-1/etc/monitor-promise/check-_re6st-optimal-test-nocomma-error-log-last-day
TestSlaveBadParameters-1/etc/monitor-promise/check-_re6st-optimal-test-nocomma-error-log-last-hour
TestSlaveBadParameters-1/etc/monitor-promise/check-_re6st-optimal-test-unsafe-error-log-last-day
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment