New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Trust MVC from Smart-Soft #2053
Conversation
if (isset($post["digest_alg"]) && !in_array($post["digest_alg"], array_keys($this->digest_algs))) { | ||
$result["validations"]["{$method}.digest_alg"] = gettext("Please select a valid Digest Algorithm."); | ||
} | ||
return $result; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
you should override performValidatoion like in #2018.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Usually the input form matches a data model. So it is convenient to validate the data entered at the model level. In the case of a Trust/Certificates, we introduce some data, and on the basis of their calculated values to be written to the model. Therefore, you need to validate the entered data, because the data for the model can simply not now contain.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
some quick stuff I have found:
long story short:
- I don't like the model as it is now
- needs XSS security
- Forms: different case style
*/ | ||
public function indexAction() | ||
{ | ||
$this->view->title = gettext('System') . ": " . gettext("Trust") . ": " . gettext("Authorities"); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It may not need the title and splitted gettext calls of strings which belong together are a no go.
<form> | ||
<field> | ||
<id>Existing.descr</id> | ||
<label>Descriptive name</label> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
name should start with "N" to match the other entries
<form> | ||
<field> | ||
<id>Existing.descr</id> | ||
<label>Descriptive name</label> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
N
</field> | ||
<field> | ||
<id>Existing.serial</id> | ||
<label>Serial for next certificate</label> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
All upcase all first characters like the other labels
</field> | ||
<field> | ||
<id>Existing.text</id> | ||
<label>CRL data</label> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
D
"<button type=\"button\" class=\"btn btn-xs btn-default command-delete\" data-row-id=\"" + row.uuid + "\" title=\"{{ lang._('Delete CRL') }}\" alt=\"{{ lang._('Delete CRL') }}\"><span class=\"fa fa-trash-o\"></span></button>"; | ||
}, | ||
"Name": function (column, row) { | ||
return "<span class=\"glyphicon glyphicon-certificate __iconspacer\"></span>" + row[column.id] + "<br>" + row["Purpose"]; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
escape
src/www/vpn_openvpn_client.php
Outdated
@@ -882,7 +887,7 @@ function addRow() { | |||
<?php | |||
if (!isset($config['cert']) || count($config['cert']) == 0) :?> | |||
<b><?=gettext("No Certificates defined.");?></b> <br /><?=gettext("Create one under");?> | |||
<a href="system_certmanager.php"><?=gettext("System: Certificates");?></a> <?=gettext("if one is required for this connection.");?> | |||
<a href="/ui/trust/certificates/"><?=gettext("System: Certificates");?></a> <?=gettext("if one is required for this connection.");?> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Isn't that "System:Trust"? Needs probably more work to do because the string needs to be a template.
src/www/vpn_openvpn_server.php
Outdated
</option> | ||
<?php | ||
endforeach; ?> | ||
</select> | ||
<?php | ||
else :?> | ||
<b><?=gettext("No Certificate Authorities defined.");?></b> | ||
<br /><?=gettext("Create one under")?> <a href="system_camanager.php"> <?=gettext("System: Certificates");?></a>. | ||
<br /><?=gettext("Create one under")?> <a href="/ui/trust/authorities/"> <?=gettext("System: Certificates");?></a>. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
System: Trust
src/www/vpn_openvpn_server.php
Outdated
</option> | ||
<?php | ||
endforeach; ?> | ||
</select> | ||
<?php | ||
else :?> | ||
<b><?=gettext("No Certificates defined.");?></b> | ||
<br /><?=gettext("Create one under");?> <a href="system_certmanager.php"><?=gettext("System: Certificates");?></a>. | ||
<br /><?=gettext("Create one under");?> <a href="/ui/trust/certificates/"><?=gettext("System: Certificates");?></a>. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
System: Trust
src/www/wizard.php
Outdated
continue; | ||
} | ||
$name = htmlspecialchars($ca['descr']); | ||
$name = htmlspecialchars($ca->descr->__toString()); | ||
$SELECTED = ""; | ||
if ($value == $name) $SELECTED = " selected=\"selected\""; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
selected is probably bad because uppercase is usually understand as a constant
@fabianfrz , how do you see the model? How can it be improved? |
@evbevz do as many validations in the XML or in Field types - New Field Types can be created so it is possibe to add a PEM field which includes the certificate or Base64 if it is encoded. If you look at Trust.xml it does not really contain validation. But something like that exists: https://github.com/opnsense/core/pull/2053/files#diff-29bb443b0cb80ae7ef701e4f4625dcb8R76 for example $keylens and $digest_algs can be options of an OptionField and displayed in a dropdown |
@kekek2 The chances that this PR will make it into core won't be very large, please coordinate in the future about planned work and the effort you require from our team for bringing features is. We really try to review a lot of code that is send in, we try to be reasonable with extensions that are manageable, but Smart-Soft can't expect our team to fund the amount of work which is needed for these kind of changes. Hence my earlier note in #1899 about suggestions for work items that might be worth our time to review. The quality and stability of the core components i very important for us, more issues cost more maintenance which we try to prevent. We have walked a long way and really need to keep the code quality to our standards. cc @evbevz |
@fabianfrz, the model does not contain "keylens" and "digest_algs". These data are used only to generate the CA or certificate. After that they are stored in encrypted and signed form in the certificate. The open form model to store them is not necessary. So for them there is no separate field. And therefore cannot be validated by means of model. |
Plan for a phased transfer Trust/Certificates to MVC.
|
@kekek2 You probably better pick something smaller to convert to the mvc framework if you want to help out, for example some of the diagnostic pages are still old styled php. |
No description provided.