Merge pull request #292178 from Flakebi/powerdns-admin

python3Packages.flask-seasurf: fix with werkzeug update and powerdns-admin: 0.4.1 -> 0.4.2
2024-02-29 14:00:42 +01:00 · 2024-02-29 14:00:42 +01:00 · 9485bf9f5a
commit 9485bf9f5a
parent 24293b4f10 9dd364cdd1
2 changed files with 41 additions and 10 deletions
--- a/pkgs/applications/networking/powerdns-admin/default.nix
+++ b/pkgs/applications/networking/powerdns-admin/default.nix
@ -1,12 +1,12 @@
 { lib, stdenv, fetchFromGitHub, fetchYarnDeps, mkYarnPackage, nixosTests, writeText, python3 }:

 let
-  version = "0.4.1";
+  version = "0.4.2";
  src = fetchFromGitHub {
    owner = "PowerDNS-Admin";
    repo = "PowerDNS-Admin";
    rev = "v${version}";
-    hash = "sha256-AwqEcAPD1SF1Ma3wtH03mXlTywM0Q19hciCmTtlr3gk=";
+    hash = "sha256-q9mt8wjSNFb452Xsg+qhNOWa03KJkYVGAeCWVSzZCyk=";
  };

  python = python3;
@ -29,7 +29,7 @@ let

    offlineCache = fetchYarnDeps {
      yarnLock = "${src}/yarn.lock";
-      hash = "sha256-3ebT19LrbYuypdJaoB3tClVVP0Fi8tHx3Xi6ge/DpA4=";
+      hash = "sha256-rXIts+dgOuZQGyiSke1NIG7b4lFlR/Gfu3J6T3wP3aY=";
    };

    # Copied from package.json, see also
--- a/pkgs/development/python-modules/flask-seasurf/0001-Fix-with-new-dependency-versions.patch
+++ b/pkgs/development/python-modules/flask-seasurf/0001-Fix-with-new-dependency-versions.patch
@ -1,17 +1,17 @@
-From 001549503eed364d4baaa5804242f67c6236f6c2 Mon Sep 17 00:00:00 2001
+From d3aed2c18cc3a1c88a8052af1f34d7f81f1be11a Mon Sep 17 00:00:00 2001
 From: Flakebi <flakebi@t-online.de>
-Date: Sat, 2 Dec 2023 16:55:05 +0100
+Date: Wed, 28 Feb 2024 23:24:14 +0100
 Subject: [PATCH] Fix with new dependency versions

 - cookie_jar is private in werkzeug 2.3, so recreate the client instead
 - set_cookie does not take a hostname argument anymore, use domain instead
 - Headers need to specify a content type
 ---
- test_seasurf.py | 63 ++++++++++++++++++++++++-------------------------
- 1 file changed, 31 insertions(+), 32 deletions(-)
+ test_seasurf.py | 71 ++++++++++++++++++++++++-------------------------
+ 1 file changed, 35 insertions(+), 36 deletions(-)

 diff --git a/test_seasurf.py b/test_seasurf.py
-index 517b2d7..501f82d 100644
+index 517b2d7..f940b91 100644
 --- a/test_seasurf.py
 +++ b/test_seasurf.py
@@ -71,18 +71,18 @@ class SeaSurfTestCase(BaseTestCase):
@ -37,6 +37,15 @@ index 517b2d7..501f82d 100644
         self.assertIn(b('403 Forbidden'), rv.data)
 
     def test_json_token_validation_bad(self):
+@@ -93,7 +93,7 @@ class SeaSurfTestCase(BaseTestCase):
+         with self.app.test_client() as client:
+             with client.session_transaction() as sess:
+                 sess[self.csrf._csrf_name] = tokenA
+-                client.set_cookie('www.example.com', self.csrf._csrf_name, tokenB)
+                client.set_cookie(self.csrf._csrf_name, tokenB, domain='www.example.com')
+ 
+             rv = client.post('/bar', data=data)
+             self.assertEqual(rv.status_code, 403, rv)
@@ -107,7 +107,7 @@ class SeaSurfTestCase(BaseTestCase):
         data = {'_csrf_token': token}
         with self.app.test_client() as client:
@ -55,7 +64,7 @@ index 517b2d7..501f82d 100644
                 sess[self.csrf._csrf_name] = token
 
             # once this is reached the session was stored
-@@ -144,7 +144,7 @@ class SeaSurfTestCase(BaseTestCase):
+@@ -144,18 +144,18 @@ class SeaSurfTestCase(BaseTestCase):
             with client.session_transaction() as sess:
                 token = self.csrf._generate_token()
 
@ -64,6 +73,19 @@ index 517b2d7..501f82d 100644
                 sess[self.csrf._csrf_name] = token
 
             # once this is reached the session was stored
+-            rv = client.post('/bar',
+            rv = client.post('/bar', content_type='application/json',
+                 data={self.csrf._csrf_name: token},
+                 base_url='https://www.example.com',
+                 headers={'Referer': 'https://www.example.com/foobar'})
+ 
+             self.assertEqual(rv.status_code, 200)
+ 
+-            rv = client.post(u'/bar/\xf8',
+            rv = client.post(u'/bar/\xf8', content_type='application/json',
+                 data={self.csrf._csrf_name: token},
+                 base_url='https://www.example.com',
+                 headers={'Referer': 'https://www.example.com/foobar\xf8'})
@@ -167,7 +167,7 @@ class SeaSurfTestCase(BaseTestCase):
             with client.session_transaction() as sess:
                 token = self.csrf._generate_token()
@ -252,6 +274,15 @@ index 517b2d7..501f82d 100644
             self.assertEqual(res2.status_code, 200)
 
     def test_header_set_cookie_samesite(self):
+@@ -789,7 +788,7 @@ class SeaSurfTestCaseGenerateNewToken(BaseTestCase):
+             client.get('/foo')
+             tokenA = self.csrf._get_token()
+ 
+-            client.set_cookie('www.example.com', self.csrf._csrf_name, tokenA)
+            client.set_cookie(self.csrf._csrf_name, tokenA, domain='www.example.com')
+             with client.session_transaction() as sess:
+                 sess[self.csrf._csrf_name] = tokenA
+ 
 -- 
-2.42.0
+2.43.0