views: validate MAC address after POST

Check if the provided MAC address is valid in every form where the use has to provide one. Show an error message when the format is incorrect.
author: Alejandro Sirgo Rica <asirgo@soleta.eu> 2024-07-03 15:16:32 +0200
committer: Alejandro Sirgo Rica <asirgo@soleta.eu> 2024-07-03 15:51:31 +0200
commit: 320df7ec0caea969fdcce717b84c31afc6194015 (patch)
tree: 6bbb1b13d2b5cab8c0be35b7dc2296b550f64ff5
parent: b510d625b2015e62fdd0fe21b7a26519cce193a6 (diff)
1 files changed, 21 insertions, 2 deletions
diff --git a/ogcp/views.py b/ogcp/views.py
index e41e242..ae07f31 100644
--- a/ogcp/views.py
+++ b/ogcp/views.py
@@ -102,6 +102,13 @@ def normalize_mac(mac):
 def prettify_mac(mac):
     return (':'.join(mac[i:i+2] for i in range(0, 12, 2))).lower()
 
+def is_valid_normalized_mac(mac):
+    if len(mac) != 12:
+        return False
+    if not all(c in '0123456789abcdef' for c in mac):
+        return False
+    return True
+
 def ogserver_down(view):
     flash(_('Cannot talk to ogserver. Is ogserver down?'), category='error')
     return redirect(url_for(view))
@@ -1302,6 +1309,12 @@ def action_client_update():
             flash(_('Invalid IP address'), category='error')
             return redirect(url_for("scopes"))
 
+        mac_address = normalize_mac(form.mac.data)
+
+        if not is_valid_normalized_mac(mac_address):
+            flash(_('Invalid MAC address'), category='error')
+            return redirect(url_for("scopes"))
+
         payload = {"ip": form.ip.data,
                    "serial_number": form.serial_number.data,
                    "netdriver": "generic",
@@ -1313,7 +1326,7 @@ def action_client_update():
                    "room": int(form.room.data),
                    "name": form.name.data,
                    "boot": form.boot.data,
-                   "mac": normalize_mac(form.mac.data) }
+                   "mac": mac_address }
         server = get_server_from_ip_port(form.server.data)
         r = server.post('/client/update', payload)
         if r.status_code != requests.codes.ok:
@@ -1553,10 +1566,16 @@ def action_client_add():
             flash(_('Invalid IP address'), category='error')
             return redirect(url_for("scopes"))
 
+        mac_address = normalize_mac(form.mac.data)
+
+        if not is_valid_normalized_mac(mac_address):
+            flash(_('Invalid MAC address'), category='error')
+            return redirect(url_for("scopes"))
+
         payload = {"boot": form.boot.data,
                    "ip": form.ip.data,
                    "livedir": form.livedir.data,
-                   "mac": normalize_mac(form.mac.data),
+                   "mac": mac_address,
                    "maintenance": form.maintenance.data,
                    "name": form.name.data,
                    "netdriver": "generic",
author	Alejandro Sirgo Rica <asirgo@soleta.eu>	2024-07-03 15:16:32 +0200
committer	Alejandro Sirgo Rica <asirgo@soleta.eu>	2024-07-03 15:51:31 +0200
commit	320df7ec0caea969fdcce717b84c31afc6194015 (patch)
tree	6bbb1b13d2b5cab8c0be35b7dc2296b550f64ff5
parent	b510d625b2015e62fdd0fe21b7a26519cce193a6 (diff)