From: rinpatch <rinpatch@sdf.org>
Date: Thu, 14 May 2020 16:07:37 +0000 (+0000)
Subject: Merge branch 'feature/database-configuration-whitelist' into 'develop'
X-Git-Url: https://git.squeep.com/?a=commitdiff_plain;h=e455ca3f3eee74db0b1e60550acf53bea915be3b;p=akkoma

Merge branch 'feature/database-configuration-whitelist' into 'develop'

Database configuration whitelist

See merge request pleroma/pleroma!2522
---

e455ca3f3eee74db0b1e60550acf53bea915be3b
diff --cc test/web/admin_api/admin_api_controller_test.exs
index e4b0dd627,e573220ba..9b7120712
--- a/test/web/admin_api/admin_api_controller_test.exs
+++ b/test/web/admin_api/admin_api_controller_test.exs
@@@ -2931,15 -2934,42 +2931,42 @@@ defmodule Pleroma.Web.AdminAPI.AdminAPI
                   %{
                     "group" => ":pleroma",
                     "key" => ":http",
 -                   "value" => [
 -                     %{"tuple" => [":proxy_url", %{"tuple" => [":socks5", "127.0.0.1", 1234]}]},
 -                     %{"tuple" => [":send_user_agent", false]}
 -                   ],
 -                   "db" => [":proxy_url", ":send_user_agent"]
 +                   "value" => value,
 +                   "db" => db
                   }
                 ]
 -             }
 +             } = json_response(conn, 200)
 +
 +      assert %{"tuple" => [":proxy_url", %{"tuple" => [":socks5", "127.0.0.1", 1234]}]} in value
 +      assert ":proxy_url" in db
      end
+ 
+     test "doesn't set keys not in the whitelist", %{conn: conn} do
+       clear_config(:database_config_whitelist, [
+         {:pleroma, :key1},
+         {:pleroma, :key2},
+         {:pleroma, Pleroma.Captcha.NotReal},
+         {:not_real}
+       ])
+ 
+       post(conn, "/api/pleroma/admin/config", %{
+         configs: [
+           %{group: ":pleroma", key: ":key1", value: "value1"},
+           %{group: ":pleroma", key: ":key2", value: "value2"},
+           %{group: ":pleroma", key: ":key3", value: "value3"},
+           %{group: ":pleroma", key: "Pleroma.Web.Endpoint.NotReal", value: "value4"},
+           %{group: ":pleroma", key: "Pleroma.Captcha.NotReal", value: "value5"},
+           %{group: ":not_real", key: ":anything", value: "value6"}
+         ]
+       })
+ 
+       assert Application.get_env(:pleroma, :key1) == "value1"
+       assert Application.get_env(:pleroma, :key2) == "value2"
+       assert Application.get_env(:pleroma, :key3) == nil
+       assert Application.get_env(:pleroma, Pleroma.Web.Endpoint.NotReal) == nil
+       assert Application.get_env(:pleroma, Pleroma.Captcha.NotReal) == "value5"
+       assert Application.get_env(:not_real, :anything) == "value6"
+     end
    end
  
    describe "GET /api/pleroma/admin/restart" do