Skip to content

Commit

Permalink
Safer registration form processing
Browse files Browse the repository at this point in the history
  • Loading branch information
@jace
jace committed Nov 20, 2023
1 parent 775f693 commit e905764
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 1 deletion.
2 changes: 2 additions & 0 deletions funnel/forms/helpers.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -282,6 +282,8 @@ def format_json(data: dict | str | None) -> str:

def validate_and_convert_json(form: forms.Form, field: forms.Field) -> None:
"""Confirm form data is valid JSON, and store it back as a parsed dict."""
if field.data is None:
return
try:
field.data = json.loads(field.data)
except ValueError:
Expand Down
5 changes: 4 additions & 1 deletion funnel/forms/project.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@
from __future__ import annotations

import re
from typing import cast

from baseframe import _, __, forms
from baseframe.forms.sqlalchemy import AvailableName
Expand Down Expand Up @@ -371,12 +372,14 @@ class ProjectRegisterForm(forms.Form):
)

def validate_form(self, field: forms.Field) -> None:
if not self.form.data:
return
if self.form.data and not self.schema:
raise forms.validators.StopValidation(
_("This registration is not expecting any form fields")
)
if self.schema:
form_keys = set(self.form.data.keys())
form_keys = set(cast(dict, self.form.data).keys())
schema_keys = {i['name'] for i in self.schema['fields']}
if not form_keys.issubset(schema_keys):
invalid_keys = form_keys.difference(schema_keys)
Expand Down

0 comments on commit e905764

Please sign in to comment.