Clarify that peers_prefilter works on peers_X values from form.

Author: jonasbardino

mig/install/MiGserver-template.conf

@@ -762,9 +762,9 @@ password_legacy_policy = __PASSWORD_LEGACY_POLICY__
 # Optional additional guard against simple passwords with the cracklib library
 password_cracklib = __ENABLE_CRACKLIB__
 # Optional prefilter on users who may potenially invite peers as site users.
-# Used as a coarse filter to reject clearly invalid user requests early.
-# Space separated list of user field and regexp-filter pattern pairs separated
-# by colons.
+# Used as a coarse filter to reject clearly invalid user requests early by only
+# filtering on form values (peers_full_name and peers_email). Space separated
+# list of user field and regexp-filter pattern pairs separated by colons.
 peers_prefilter = __PEERS_PREFILTER__
 # Optional limit on users who may invite peers as site users. Space separated
 # list of user field and regexp-filter pattern pairs separated by colons.

mig/shared/configuration.py

@@ -529,7 +529,7 @@ def get(self, *args, **kwargs):
     'site_signup_methods': ['extcert'],
     'site_login_methods': ['extcert'],
     'site_signup_hint': "",
-    'site_peers_prefilter': [('email', '.*')],
+    'site_peers_prefilter': [('peers_email', '.*')],
     'site_peers_permit': [('distinguished_name', '.*')],
     'site_peers_notice': "",
     # TODO: switch to CSRF_FULL when rpc and scripts are ready?

mig/shared/functionality/reqcertaction.py

@@ -192,7 +192,8 @@ def main(client_id, user_arguments_dict):
 
     peers_list = []
     for (peer_name, peer_email) in zip(peers_full_name_list, peers_email_list):
-        peers_list.append({'full_name': peer_name, 'email': peer_email})
+        peers_list.append({'peers_full_name': peer_name,
+                           'peers_email': peer_email})
     valid_peers = prefilter_potential_peers(peers_list, configuration)
     if not valid_peers:
         output_objects.append({'object_type': 'error_text', 'text':

mig/shared/functionality/reqoidaction.py

@@ -200,7 +200,8 @@ def main(client_id, user_arguments_dict):
 
     peers_list = []
     for (peer_name, peer_email) in zip(peers_full_name_list, peers_email_list):
-        peers_list.append({'full_name': peer_name, 'email': peer_email})
+        peers_list.append({'peers_full_name': peer_name,
+                           'peers_email': peer_email})
     valid_peers = prefilter_potential_peers(peers_list, configuration)
     if not valid_peers:
         output_objects.append({'object_type': 'error_text', 'text':

mig/shared/install.py

@@ -84,6 +84,7 @@ def abspath(path, start):
         return path
     return os.path.normpath(os.path.join(start, path))
 
+
 def transform_str_to_dict(input_str):
     """
     Transforms a string input into a Python literal or container.
@@ -447,7 +448,7 @@ def generate_confs(
     daemon_pubkey_from_dns=False,
     daemon_show_address='',
     alias_field='',
-    peers_prefilter='email:.*',
+    peers_prefilter='peers_email:.*',
     peers_permit='distinguished_name:.*',
     vgrid_creators='distinguished_name:.*',
     vgrid_managers='distinguished_name:.*',
@@ -1519,7 +1520,8 @@ def _generate_confs_prepare(
         jupyter_openids, jupyter_oidcs, jupyter_rewrites = [], [], []
         services = user_dict['__JUPYTER_SERVICES__'].split()
 
-        jupyter_services_proxy_configs = transform_str_to_dict(jupyter_services_proxy_config)
+        jupyter_services_proxy_configs = transform_str_to_dict(
+            jupyter_services_proxy_config)
         if not isinstance(jupyter_services_proxy_configs, dict):
             print('Error: jupyter_services_proxy_config '
                   'could not be interpreted correctly. Double check that your '
@@ -1623,7 +1625,8 @@ def _generate_confs_prepare(
                 ws_host = host.replace(
                     "https://", "wss://").replace("http://", "ws://")
                 member_def = "Define JUPYTER_%s %s" % (name_index, host)
-                ws_member_def = "Define WS_JUPYTER_%s %s" % (name_index, ws_host)
+                ws_member_def = "Define WS_JUPYTER_%s %s" % (name_index,
+                                                             ws_host)
 
                 # No user supplied port, assign based on url prefix
                 if len(host.split(":")) < 3:
@@ -1641,7 +1644,8 @@ def _generate_confs_prepare(
 
                 jupyter_defs.extend([member_def, ws_member_def])
 
-            service_proxy_config_kwargs = jupyter_services_proxy_configs.get(name, {})
+            service_proxy_config_kwargs = jupyter_services_proxy_configs.get(
+                name, {})
             # Get proxy template and append to template conf
             proxy_template = gen_balancer_proxy_template(
                 url, def_name, name, hosts, ws_hosts,

tests/fixture/confs-stdlocal/MiGserver.conf

@@ -762,10 +762,10 @@ password_legacy_policy =
 # Optional additional guard against simple passwords with the cracklib library
 password_cracklib = False
 # Optional prefilter on users who may potenially invite peers as site users.
-# Used as a coarse filter to reject clearly invalid user requests early.
-# Space separated list of user field and regexp-filter pattern pairs separated
-# by colons.
-peers_prefilter = email:.*
+# Used as a coarse filter to reject clearly invalid user requests early by only
+# filtering on form values (peers_full_name and peers_email). Space separated
+# list of user field and regexp-filter pattern pairs separated by colons.
+peers_prefilter = peers_email:.*
 # Optional limit on users who may invite peers as site users. Space separated
 # list of user field and regexp-filter pattern pairs separated by colons.
 peers_permit = distinguished_name:.*

tests/fixture/mig_shared_configuration--new.json

@@ -183,7 +183,7 @@
   ],
   "site_peers_prefilter": [
     [
-      "email",
+      "peers_email",
       ".*"
     ]
   ],