diff --git a/CHANGES/7245.bugfix b/CHANGES/7245.bugfix new file mode 100644 index 0000000000..dc97171d5d --- /dev/null +++ b/CHANGES/7245.bugfix @@ -0,0 +1 @@ +Added validation for unknown serializers' fields diff --git a/pulpcore/app/serializers/__init__.py b/pulpcore/app/serializers/__init__.py index 539542bf70..d85d4df9f2 100644 --- a/pulpcore/app/serializers/__init__.py +++ b/pulpcore/app/serializers/__init__.py @@ -11,6 +11,7 @@ NestedIdentityField, NestedRelatedField, RelatedField, + ValidateFieldsMixin, validate_unknown_fields, ) from .fields import ( # noqa diff --git a/pulpcore/app/serializers/base.py b/pulpcore/app/serializers/base.py index ecb51d5c0e..92e88f6011 100644 --- a/pulpcore/app/serializers/base.py +++ b/pulpcore/app/serializers/base.py @@ -31,7 +31,20 @@ def validate_unknown_fields(initial_data, defined_fields): raise serializers.ValidationError(unknown_fields) -class ModelSerializer(QueryFieldsMixin, serializers.HyperlinkedModelSerializer): +class ValidateFieldsMixin: + """A mixin for validating unknown serializers' fields.""" + + def validate(self, data): + if hasattr(self, "initial_data"): + validate_unknown_fields(self.initial_data, self.fields) + + data = super().validate(data) + return data + + +class ModelSerializer( + ValidateFieldsMixin, QueryFieldsMixin, serializers.HyperlinkedModelSerializer +): """Base serializer for use with :class:`pulpcore.app.models.Model` This ensures that all Serializers provide values for the 'pulp_href` field. @@ -81,11 +94,6 @@ def _validate_relative_path(self, path): return path - def validate(self, data): - if hasattr(self, "initial_data"): - validate_unknown_fields(self.initial_data, self.fields) - return data - def __init_subclass__(cls, **kwargs): """Set default attributes in subclasses. diff --git a/pulpcore/app/serializers/repository.py b/pulpcore/app/serializers/repository.py index 6dc492adf5..ac1716b9b8 100644 --- a/pulpcore/app/serializers/repository.py +++ b/pulpcore/app/serializers/repository.py @@ -14,6 +14,7 @@ RepositoryVersionIdentityField, RepositoryVersionRelatedField, RepositoryVersionsIdentityFromRepositoryField, + ValidateFieldsMixin, ) @@ -158,7 +159,7 @@ class Meta: ) -class RepositorySyncURLSerializer(serializers.Serializer): +class RepositorySyncURLSerializer(ValidateFieldsMixin, serializers.Serializer): remote = DetailRelatedField( required=False, view_name_pattern=r"remotes(-.*/.*)-detail", @@ -176,6 +177,8 @@ class RepositorySyncURLSerializer(serializers.Serializer): ) def validate(self, data): + data = super().validate(data) + try: remote = models.Repository.objects.get(pk=self.context["repository_pk"]).remote except KeyError: diff --git a/pulpcore/app/serializers/upload.py b/pulpcore/app/serializers/upload.py index 83b4bd9e20..b0b9093097 100644 --- a/pulpcore/app/serializers/upload.py +++ b/pulpcore/app/serializers/upload.py @@ -4,13 +4,13 @@ from rest_framework import serializers from pulpcore.app import models -from pulpcore.app.serializers import base +from pulpcore.app.serializers import base, ValidateFieldsMixin CONTENT_RANGE_PATTERN = r"^bytes (\d+)-(\d+)/(\d+|[*])$" -class UploadChunkSerializer(serializers.Serializer): +class UploadChunkSerializer(ValidateFieldsMixin, serializers.Serializer): file = serializers.FileField(help_text=_("A chunk of the uploaded file."), write_only=True,) sha256 = serializers.CharField( @@ -70,5 +70,5 @@ class Meta(UploadSerializer.Meta): fields = UploadSerializer.Meta.fields + ("chunks",) -class UploadCommitSerializer(serializers.Serializer): +class UploadCommitSerializer(ValidateFieldsMixin, serializers.Serializer): sha256 = serializers.CharField(help_text=_("The expected sha256 checksum for the file.")) diff --git a/pulpcore/app/serializers/user.py b/pulpcore/app/serializers/user.py index 21553d31a9..803d9ac333 100644 --- a/pulpcore/app/serializers/user.py +++ b/pulpcore/app/serializers/user.py @@ -6,7 +6,7 @@ from guardian.models.models import GroupObjectPermission from rest_framework import serializers -from pulpcore.app.serializers import IdentityField +from pulpcore.app.serializers import IdentityField, ValidateFieldsMixin from pulpcore.app.util import get_viewset_for_model @@ -108,7 +108,7 @@ class Meta: ) -class GroupUserSerializer(serializers.ModelSerializer): +class GroupUserSerializer(ValidateFieldsMixin, serializers.ModelSerializer): """Serializer for Users that belong to a Group.""" username = serializers.CharField( @@ -122,7 +122,7 @@ class Meta: fields = ("username", "pulp_href") -class GroupSerializer(serializers.ModelSerializer): +class GroupSerializer(ValidateFieldsMixin, serializers.ModelSerializer): """Serializer for Group.""" pulp_href = IdentityField(view_name="groups-detail") diff --git a/pulpcore/plugin/serializers/__init__.py b/pulpcore/plugin/serializers/__init__.py index 60f5cc4749..c005126b24 100644 --- a/pulpcore/plugin/serializers/__init__.py +++ b/pulpcore/plugin/serializers/__init__.py @@ -26,6 +26,7 @@ RepositoryVersionDistributionSerializer, SingleArtifactContentSerializer, SingleContentArtifactField, + ValidateFieldsMixin, validate_unknown_fields, )