Merge branch 'dk/1091-dnssec' of https://github.com/cisagov/getgov into dk/1091-dnssec

This commit is contained in:
Rachid Mrad 2023-10-10 19:55:29 -04:00
commit 45429eef71
No known key found for this signature in database
GPG key ID: EF38E4CEC4A8F3CF
9 changed files with 246 additions and 208 deletions

View file

@ -1,7 +1,8 @@
# common.py # common.py
# #
# ALGORITHM_CHOICES are options for alg attribute in DS Data and Key Data # ALGORITHM_CHOICES are options for alg attribute in DS Data and Key Data
# reference: https://www.iana.org/assignments/dns-sec-alg-numbers/dns-sec-alg-numbers.xhtml # reference:
# https://www.iana.org/assignments/dns-sec-alg-numbers/dns-sec-alg-numbers.xhtml
ALGORITHM_CHOICES = [ ALGORITHM_CHOICES = [
(1, "(1) ERSA/MD5 [RSAMD5]"), (1, "(1) ERSA/MD5 [RSAMD5]"),
(2, "(2) Diffie-Hellman [DH]"), (2, "(2) Diffie-Hellman [DH]"),

View file

@ -7,7 +7,13 @@ from django.forms import formset_factory
from phonenumber_field.widgets import RegionalPhoneNumberWidget from phonenumber_field.widgets import RegionalPhoneNumberWidget
from ..models import Contact, DomainInformation from ..models import Contact, DomainInformation
from .common import ALGORITHM_CHOICES, DIGEST_TYPE_CHOICES, FLAG_CHOICES, PROTOCOL_CHOICES from .common import (
ALGORITHM_CHOICES,
DIGEST_TYPE_CHOICES,
FLAG_CHOICES,
PROTOCOL_CHOICES,
)
class DomainAddUserForm(forms.Form): class DomainAddUserForm(forms.Form):
@ -157,35 +163,27 @@ class DomainDsdataForm(forms.Form):
MinValueValidator(0, message="Value must be between 0 and 65535"), MinValueValidator(0, message="Value must be between 0 and 65535"),
MaxValueValidator(65535, message="Value must be between 0 and 65535"), MaxValueValidator(65535, message="Value must be between 0 and 65535"),
], ],
error_messages={ error_messages={"required": ("Key tag is required.")},
"required": ("Key tag is required.")
},
) )
algorithm = forms.TypedChoiceField( algorithm = forms.TypedChoiceField(
required=True, required=True,
label="Algorithm", label="Algorithm",
choices=[(None, "--Select--")] + ALGORITHM_CHOICES, choices=[(None, "--Select--")] + ALGORITHM_CHOICES, # type: ignore
error_messages={ error_messages={"required": ("Algorithm is required.")},
"required": ("Algorithm is required.")
},
) )
digest_type = forms.TypedChoiceField( digest_type = forms.TypedChoiceField(
required=True, required=True,
label="Digest Type", label="Digest Type",
choices=[(None, "--Select--")] + DIGEST_TYPE_CHOICES, choices=[(None, "--Select--")] + DIGEST_TYPE_CHOICES, # type: ignore
error_messages={ error_messages={"required": ("Digest Type is required.")},
"required": ("Digest Type is required.")
},
) )
digest = forms.CharField( digest = forms.CharField(
required=True, required=True,
label="Digest", label="Digest",
error_messages={ error_messages={"required": ("Digest is required.")},
"required": ("Digest is required.")
},
) )
@ -204,35 +202,27 @@ class DomainKeydataForm(forms.Form):
required=True, required=True,
label="Flag", label="Flag",
choices=FLAG_CHOICES, choices=FLAG_CHOICES,
error_messages={ error_messages={"required": ("Flag is required.")},
"required": ("Flag is required.")
},
) )
protocol = forms.TypedChoiceField( protocol = forms.TypedChoiceField(
required=True, required=True,
label="Protocol", label="Protocol",
choices=PROTOCOL_CHOICES, choices=PROTOCOL_CHOICES,
error_messages={ error_messages={"required": ("Protocol is required.")},
"required": ("Protocol is required.")
},
) )
algorithm = forms.TypedChoiceField( algorithm = forms.TypedChoiceField(
required=True, required=True,
label="Algorithm", label="Algorithm",
choices=[(None, "--Select--")] + ALGORITHM_CHOICES, choices=[(None, "--Select--")] + ALGORITHM_CHOICES, # type: ignore
error_messages={ error_messages={"required": ("Algorithm is required.")},
"required": ("Algorithm is required.")
},
) )
pub_key = forms.CharField( pub_key = forms.CharField(
required=True, required=True,
label="Pub key", label="Pub key",
error_messages={ error_messages={"required": ("Pub key is required.")},
"required": ("Pub key is required.")
},
) )

View file

@ -9,7 +9,7 @@
<p>The Domain Name System (DNS) is the internet service that translates your domain name into an IP address. Before your .gov domain can be used, you'll need to connect it to your DNS hosting service and provide us with your name server information.</p> <p>The Domain Name System (DNS) is the internet service that translates your domain name into an IP address. Before your .gov domain can be used, you'll need to connect it to your DNS hosting service and provide us with your name server information.</p>
<p>You can enter your name services, as well as other DNS-related information, in the following sections:</p> <p>You can enter your name servers, as well as other DNS-related information, in the following sections:</p>
{% url 'domain-dns-nameservers' pk=domain.id as url %} {% url 'domain-dns-nameservers' pk=domain.id as url %}
<p><a href="{{ url }}">DNS name servers</a></p> <p><a href="{{ url }}">DNS name servers</a></p>

View file

@ -7,7 +7,7 @@
<h1>{% if dnssec_enabled %}Set up {% endif %}DNSSEC</h1> <h1>{% if dnssec_enabled %}Set up {% endif %}DNSSEC</h1>
<p>DNSSEC, or DNS Security Extensions, is additional security layer to protect your website. Enabling DNSSEC ensures that when someone visits your website, they can be certain that it's connecting to the correct server, preventing potential hijacking or tampering with your domain's records.</p> <p>DNSSEC, or DNS Security Extensions, is additional security layer to protect your domain. Enabling DNSSEC ensures that when someone visits your domain, they can be certain that it's connecting to the correct server, preventing potential hijacking or tampering with your domain's records.</p>
<form class="usa-form usa-form--large" method="post"> <form class="usa-form usa-form--large" method="post">
{% csrf_token %} {% csrf_token %}
@ -43,7 +43,7 @@
<div id="enable-dnssec"> <div id="enable-dnssec">
<div class="usa-alert usa-alert--info usa-alert--slim margin-bottom-3"> <div class="usa-alert usa-alert--info usa-alert--slim margin-bottom-3">
<div class="usa-alert__body"> <div class="usa-alert__body">
It is strongly recommended that you do not enable this unless you fully understand DNSSEC and know how to set it up properly. If you make a mistake, it could cause your domain name to stop working. It is strongly recommended that you only enable DNSSEC if you know how to set it up properly at your hosting service. If you make a mistake, it could cause your domain name to stop working.
</div> </div>
</div> </div>
<button <button

View file

@ -18,12 +18,14 @@ def startswith(text, starts):
return text.startswith(starts) return text.startswith(starts)
return False return False
@register.filter("endswith") @register.filter("endswith")
def endswith(text, ends): def endswith(text, ends):
if isinstance(text, str): if isinstance(text, str):
return text.endswith(ends) return text.endswith(ends)
return False return False
@register.simple_tag @register.simple_tag
def public_site_url(url_path): def public_site_url(url_path):
"""Make a full URL for this path at our public site. """Make a full URL for this path at our public site.

View file

@ -689,18 +689,18 @@ class MockEppLib(TestCase):
"alg": 1, "alg": 1,
"pubKey": "AQPJ////4Q==", "pubKey": "AQPJ////4Q==",
} }
dnssecExtensionWithDsData: Mapping[str, Any] = { dnssecExtensionWithDsData: Mapping[Any, Any] = {
"dsData": [common.DSData(**addDsData1)] "dsData": [common.DSData(**addDsData1)] # type: ignore
} }
dnssecExtensionWithMultDsData: Mapping[str, Any] = { dnssecExtensionWithMultDsData: Mapping[str, Any] = {
"dsData": [ "dsData": [
common.DSData(**addDsData1), common.DSData(**addDsData1), # type: ignore
common.DSData(**addDsData2), common.DSData(**addDsData2), # type: ignore
], ],
} }
dnssecExtensionWithKeyData: Mapping[str, Any] = { dnssecExtensionWithKeyData: Mapping[str, Any] = {
"maxSigLife": 3215, "maxSigLife": 3215,
"keyData": [common.DNSSECKeyData(**keyDataDict)], "keyData": [common.DNSSECKeyData(**keyDataDict)], # type: ignore
} }
def mockSend(self, _request, cleaned): def mockSend(self, _request, cleaned):
@ -709,6 +709,35 @@ class MockEppLib(TestCase):
returns objects that simulate what would be in a epp response returns objects that simulate what would be in a epp response
but only relevant pieces for tests""" but only relevant pieces for tests"""
if isinstance(_request, commands.InfoDomain): if isinstance(_request, commands.InfoDomain):
return self.mockInfoDomainCommands(_request, cleaned)
elif isinstance(_request, commands.InfoContact):
return self.mockInfoContactCommands(_request, cleaned)
elif (
isinstance(_request, commands.CreateContact)
and getattr(_request, "id", None) == "fail"
and self.mockedSendFunction.call_count == 3
):
# use this for when a contact is being updated
# sets the second send() to fail
raise RegistryError(code=ErrorCode.OBJECT_EXISTS)
elif (
isinstance(_request, commands.DeleteDomain)
and getattr(_request, "name", None) == "failDelete.gov"
):
name = getattr(_request, "name", None)
fake_nameserver = "ns1.failDelete.gov"
if name in fake_nameserver:
raise RegistryError(
code=ErrorCode.OBJECT_ASSOCIATION_PROHIBITS_OPERATION
)
elif (
isinstance(_request, commands.UpdateDomain)
and getattr(_request, "name", None) == "dnssec-invalid.gov"
):
raise RegistryError(code=ErrorCode.PARAMETER_VALUE_RANGE_ERROR)
return MagicMock(res_data=[self.mockDataInfoHosts])
def mockInfoDomainCommands(self, _request, cleaned):
if getattr(_request, "name", None) == "security.gov": if getattr(_request, "name", None) == "security.gov":
return MagicMock(res_data=[self.infoDomainNoContact]) return MagicMock(res_data=[self.infoDomainNoContact])
elif getattr(_request, "name", None) == "dnssec-dsdata.gov": elif getattr(_request, "name", None) == "dnssec-dsdata.gov":
@ -739,7 +768,8 @@ class MockEppLib(TestCase):
return MagicMock(res_data=[self.InfoDomainWithContacts]) return MagicMock(res_data=[self.InfoDomainWithContacts])
else: else:
return MagicMock(res_data=[self.mockDataInfoDomain]) return MagicMock(res_data=[self.mockDataInfoDomain])
elif isinstance(_request, commands.InfoContact):
def mockInfoContactCommands(self, _request, cleaned):
mocked_result: info.InfoContactResultData mocked_result: info.InfoContactResultData
# For testing contact types # For testing contact types
@ -757,30 +787,6 @@ class MockEppLib(TestCase):
mocked_result = self.mockDataInfoContact mocked_result = self.mockDataInfoContact
return MagicMock(res_data=[mocked_result]) return MagicMock(res_data=[mocked_result])
elif (
isinstance(_request, commands.CreateContact)
and getattr(_request, "id", None) == "fail"
and self.mockedSendFunction.call_count == 3
):
# use this for when a contact is being updated
# sets the second send() to fail
raise RegistryError(code=ErrorCode.OBJECT_EXISTS)
elif (
isinstance(_request, commands.DeleteDomain)
and getattr(_request, "name", None) == "failDelete.gov"
):
name = getattr(_request, "name", None)
fake_nameserver = "ns1.failDelete.gov"
if name in fake_nameserver:
raise RegistryError(
code=ErrorCode.OBJECT_ASSOCIATION_PROHIBITS_OPERATION
)
elif (
isinstance(_request, commands.UpdateDomain)
and getattr(_request, "name", None) == "dnssec-invalid.gov"
):
raise RegistryError(code=ErrorCode.PARAMETER_VALUE_RANGE_ERROR)
return MagicMock(res_data=[self.mockDataInfoHosts])
def setUp(self): def setUp(self):
"""mock epp send function as this will fail locally""" """mock epp send function as this will fail locally"""

View file

@ -1004,7 +1004,6 @@ class TestRegistrantDNSSEC(MockEppLib):
# for the tests, need a domain in the unknown state # for the tests, need a domain in the unknown state
self.domain, _ = Domain.objects.get_or_create(name="fake.gov") self.domain, _ = Domain.objects.get_or_create(name="fake.gov")
def tearDown(self): def tearDown(self):
Domain.objects.all().delete() Domain.objects.all().delete()
super().tearDown() super().tearDown()

View file

@ -18,6 +18,7 @@ from registrar.models import (
DraftDomain, DraftDomain,
DomainInvitation, DomainInvitation,
Contact, Contact,
PublicContact,
Website, Website,
UserDomainRole, UserDomainRole,
User, User,
@ -1071,11 +1072,15 @@ class TestWithDomainPermissions(TestWithUser):
super().setUp() super().setUp()
self.domain, _ = Domain.objects.get_or_create(name="igorville.gov") self.domain, _ = Domain.objects.get_or_create(name="igorville.gov")
self.domain_dsdata, _ = Domain.objects.get_or_create(name="dnssec-dsdata.gov") self.domain_dsdata, _ = Domain.objects.get_or_create(name="dnssec-dsdata.gov")
self.domain_multdsdata, _ = Domain.objects.get_or_create(name="dnssec-multdsdata.gov") self.domain_multdsdata, _ = Domain.objects.get_or_create(
name="dnssec-multdsdata.gov"
)
self.domain_keydata, _ = Domain.objects.get_or_create(name="dnssec-keydata.gov") self.domain_keydata, _ = Domain.objects.get_or_create(name="dnssec-keydata.gov")
# We could simply use domain (igoreville) but this will be more readable in tests # We could simply use domain (igorville) but this will be more readable in tests
# that inherit this setUp # that inherit this setUp
self.domain_dnssec_none, _ = Domain.objects.get_or_create(name="dnssec-none.gov") self.domain_dnssec_none, _ = Domain.objects.get_or_create(
name="dnssec-none.gov"
)
self.domain_information, _ = DomainInformation.objects.get_or_create( self.domain_information, _ = DomainInformation.objects.get_or_create(
creator=self.user, domain=self.domain creator=self.user, domain=self.domain
) )
@ -1098,13 +1103,17 @@ class TestWithDomainPermissions(TestWithUser):
user=self.user, domain=self.domain_dsdata, role=UserDomainRole.Roles.ADMIN user=self.user, domain=self.domain_dsdata, role=UserDomainRole.Roles.ADMIN
) )
UserDomainRole.objects.get_or_create( UserDomainRole.objects.get_or_create(
user=self.user, domain=self.domain_multdsdata, role=UserDomainRole.Roles.ADMIN user=self.user,
domain=self.domain_multdsdata,
role=UserDomainRole.Roles.ADMIN,
) )
UserDomainRole.objects.get_or_create( UserDomainRole.objects.get_or_create(
user=self.user, domain=self.domain_keydata, role=UserDomainRole.Roles.ADMIN user=self.user, domain=self.domain_keydata, role=UserDomainRole.Roles.ADMIN
) )
UserDomainRole.objects.get_or_create( UserDomainRole.objects.get_or_create(
user=self.user, domain=self.domain_dnssec_none, role=UserDomainRole.Roles.ADMIN user=self.user,
domain=self.domain_dnssec_none,
role=UserDomainRole.Roles.ADMIN,
) )
def tearDown(self): def tearDown(self):
@ -1113,6 +1122,7 @@ class TestWithDomainPermissions(TestWithUser):
if hasattr(self.domain, "contacts"): if hasattr(self.domain, "contacts"):
self.domain.contacts.all().delete() self.domain.contacts.all().delete()
DomainApplication.objects.all().delete() DomainApplication.objects.all().delete()
PublicContact.objects.all().delete()
Domain.objects.all().delete() Domain.objects.all().delete()
UserDomainRole.objects.all().delete() UserDomainRole.objects.all().delete()
except ValueError: # pass if already deleted except ValueError: # pass if already deleted
@ -1190,7 +1200,6 @@ class TestDomainOverview(TestWithDomainPermissions, WebTest):
class TestDomainUserManagement(TestDomainOverview): class TestDomainUserManagement(TestDomainOverview):
def test_domain_user_management(self): def test_domain_user_management(self):
response = self.client.get( response = self.client.get(
reverse("domain-users", kwargs={"pk": self.domain.id}) reverse("domain-users", kwargs={"pk": self.domain.id})
@ -1349,8 +1358,8 @@ class TestDomainUserManagement(TestDomainOverview):
home_page = self.app.get(reverse("home")) home_page = self.app.get(reverse("home"))
self.assertContains(home_page, self.domain.name) self.assertContains(home_page, self.domain.name)
class TestDomainNameservers(TestDomainOverview):
class TestDomainNameservers(TestDomainOverview):
def test_domain_nameservers(self): def test_domain_nameservers(self):
"""Can load domain's nameservers page.""" """Can load domain's nameservers page."""
page = self.client.get( page = self.client.get(
@ -1402,8 +1411,8 @@ class TestDomainNameservers(TestDomainOverview):
# the field. # the field.
self.assertContains(result, "This field is required", count=2, status_code=200) self.assertContains(result, "This field is required", count=2, status_code=200)
class TestDomainAuthorizingOfficial(TestDomainOverview):
class TestDomainAuthorizingOfficial(TestDomainOverview):
def test_domain_authorizing_official(self): def test_domain_authorizing_official(self):
"""Can load domain's authorizing official page.""" """Can load domain's authorizing official page."""
page = self.client.get( page = self.client.get(
@ -1422,8 +1431,8 @@ class TestDomainAuthorizingOfficial(TestDomainOverview):
) )
self.assertContains(page, "Testy") self.assertContains(page, "Testy")
class TestDomainOrganization(TestDomainOverview):
class TestDomainOrganization(TestDomainOverview):
def test_domain_org_name_address(self): def test_domain_org_name_address(self):
"""Can load domain's org name and mailing address page.""" """Can load domain's org name and mailing address page."""
page = self.client.get( page = self.client.get(
@ -1460,8 +1469,8 @@ class TestDomainOrganization(TestDomainOverview):
self.assertContains(success_result_page, "Not igorville") self.assertContains(success_result_page, "Not igorville")
self.assertContains(success_result_page, "Faketown") self.assertContains(success_result_page, "Faketown")
class TestDomainContactInformation(TestDomainOverview):
class TestDomainContactInformation(TestDomainOverview):
def test_domain_your_contact_information(self): def test_domain_your_contact_information(self):
"""Can load domain's your contact information page.""" """Can load domain's your contact information page."""
page = self.client.get( page = self.client.get(
@ -1478,8 +1487,8 @@ class TestDomainContactInformation(TestDomainOverview):
) )
self.assertContains(page, "Testy") self.assertContains(page, "Testy")
class TestDomainSecurityEmail(TestDomainOverview):
class TestDomainSecurityEmail(TestDomainOverview):
def test_domain_security_email_existing_security_contact(self): def test_domain_security_email_existing_security_contact(self):
"""Can load domain's security email page.""" """Can load domain's security email page."""
self.mockSendPatch = patch("registrar.models.domain.registry.send") self.mockSendPatch = patch("registrar.models.domain.registry.send")
@ -1564,10 +1573,13 @@ class TestDomainDNSSEC(TestDomainOverview):
# Prepare the data for the POST request # Prepare the data for the POST request
post_data = { post_data = {
'enable_dnssec': 'Enable DNSSEC', # Replace with the actual form field and value "enable_dnssec": "Enable DNSSEC",
# Add other form fields as needed
} }
updated_page = self.client.post(reverse("domain-dns-dnssec", kwargs={"pk": self.domain.id}), post_data, follow=True) updated_page = self.client.post(
reverse("domain-dns-dnssec", kwargs={"pk": self.domain.id}),
post_data,
follow=True,
)
self.assertEqual(updated_page.status_code, 200) self.assertEqual(updated_page.status_code, 200)
@ -1592,9 +1604,13 @@ class TestDomainDNSSEC(TestDomainOverview):
# Prepare the data for the POST request # Prepare the data for the POST request
post_data = { post_data = {
'disable_dnssec': 'Disable DNSSEC', # Replace with the actual form field and value "disable_dnssec": "Disable DNSSEC",
} }
updated_page = self.client.post(reverse("domain-dns-dnssec", kwargs={"pk": self.domain.id}), post_data, follow=True) updated_page = self.client.post(
reverse("domain-dns-dnssec", kwargs={"pk": self.domain.id}),
post_data,
follow=True,
)
self.assertEqual(updated_page.status_code, 200) self.assertEqual(updated_page.status_code, 200)
@ -1605,7 +1621,9 @@ class TestDomainDNSSEC(TestDomainOverview):
domain DNSSEC data and shows a button to Add DS Data record""" domain DNSSEC data and shows a button to Add DS Data record"""
page = self.client.get( page = self.client.get(
reverse("domain-dns-dnssec-dsdata", kwargs={"pk": self.domain_dnssec_none.id}) reverse(
"domain-dns-dnssec-dsdata", kwargs={"pk": self.domain_dnssec_none.id}
)
) )
self.assertContains(page, "Add DS Data record") self.assertContains(page, "Add DS Data record")
@ -1632,7 +1650,9 @@ class TestDomainDNSSEC(TestDomainOverview):
domain DNSSEC data and shows a button to Add DS Key record""" domain DNSSEC data and shows a button to Add DS Key record"""
page = self.client.get( page = self.client.get(
reverse("domain-dns-dnssec-keydata", kwargs={"pk": self.domain_dnssec_none.id}) reverse(
"domain-dns-dnssec-keydata", kwargs={"pk": self.domain_dnssec_none.id}
)
) )
self.assertContains(page, "Add DS Key record") self.assertContains(page, "Add DS Key record")
@ -1674,7 +1694,9 @@ class TestDomainDNSSEC(TestDomainOverview):
) )
self.app.set_cookie(settings.SESSION_COOKIE_NAME, session_id) self.app.set_cookie(settings.SESSION_COOKIE_NAME, session_id)
page = result.follow() page = result.follow()
self.assertContains(page, "The DS Data records for this domain have been updated.") self.assertContains(
page, "The DS Data records for this domain have been updated."
)
def test_ds_data_form_invalid(self): def test_ds_data_form_invalid(self):
"""DS Data form errors with invalid data """DS Data form errors with invalid data
@ -1716,7 +1738,9 @@ class TestDomainDNSSEC(TestDomainOverview):
) )
self.app.set_cookie(settings.SESSION_COOKIE_NAME, session_id) self.app.set_cookie(settings.SESSION_COOKIE_NAME, session_id)
page = result.follow() page = result.follow()
self.assertContains(page, "The Key Data records for this domain have been updated.") self.assertContains(
page, "The Key Data records for this domain have been updated."
)
def test_key_data_form_invalid(self): def test_key_data_form_invalid(self):
"""Key Data form errors with invalid data """Key Data form errors with invalid data

View file

@ -242,11 +242,15 @@ class DomainDNSSECView(DomainPermissionView, FormMixin):
has_dnssec_records = self.domain.dnssecdata is not None has_dnssec_records = self.domain.dnssecdata is not None
# Create HTML for the modal button # Create HTML for the modal button
modal_button = '<button type="submit" class="usa-button" name="disable_dnssec">Disable DNSSEC</button>' modal_button = (
'<button type="submit" '
'class="usa-button" '
'name="disable_dnssec">Disable DNSSEC</button>'
)
context['modal_button'] = modal_button context["modal_button"] = modal_button
context['has_dnssec_records'] = has_dnssec_records context["has_dnssec_records"] = has_dnssec_records
context['dnssec_enabled'] = self.request.session.pop('dnssec_enabled', False) context["dnssec_enabled"] = self.request.session.pop("dnssec_enabled", False)
return context return context
@ -255,26 +259,23 @@ class DomainDNSSECView(DomainPermissionView, FormMixin):
return reverse("domain-dns-dnssec", kwargs={"pk": self.domain.pk}) return reverse("domain-dns-dnssec", kwargs={"pk": self.domain.pk})
def post(self, request, *args, **kwargs): def post(self, request, *args, **kwargs):
"""Form submission posts to this view. """Form submission posts to this view."""
"""
self.domain = self.get_object() self.domain = self.get_object()
form = self.get_form() form = self.get_form()
if form.is_valid(): if form.is_valid():
if 'disable_dnssec' in request.POST: if "disable_dnssec" in request.POST:
try: try:
self.domain.dnssecdata = {} self.domain.dnssecdata = {}
except RegistryError as err: except RegistryError as err:
errmsg = "Error removing existing DNSSEC record(s)." errmsg = "Error removing existing DNSSEC record(s)."
logger.error(errmsg + ": " + err) logger.error(errmsg + ": " + err)
messages.error( messages.error(self.request, errmsg)
self.request, errmsg request.session["dnssec_ds_confirmed"] = False
) request.session["dnssec_key_confirmed"] = False
request.session['dnssec_ds_confirmed'] = False elif "enable_dnssec" in request.POST:
request.session['dnssec_key_confirmed'] = False request.session["dnssec_enabled"] = True
elif 'enable_dnssec' in request.POST: request.session["dnssec_ds_confirmed"] = False
request.session['dnssec_enabled'] = True request.session["dnssec_key_confirmed"] = False
request.session['dnssec_ds_confirmed'] = False
request.session['dnssec_key_confirmed'] = False
return self.form_valid(form) return self.form_valid(form)
@ -294,14 +295,21 @@ class DomainDsdataView(DomainPermissionView, FormMixin):
initial_data = [] initial_data = []
if dnssecdata is not None: if dnssecdata is not None:
if dnssecdata.keyData is not None: if dnssecdata.keyData is not None:
# TODO: Throw an error # TODO: Throw an error
pass pass
if dnssecdata.dsData is not None: if dnssecdata.dsData is not None:
# Add existing nameservers as initial data # Add existing nameservers as initial data
initial_data.extend({"key_tag": record.keyTag, "algorithm": record.alg, "digest_type": record.digestType, "digest": record.digest} for record in dnssecdata.dsData) initial_data.extend(
{
"key_tag": record.keyTag,
"algorithm": record.alg,
"digest_type": record.digestType,
"digest": record.digest,
}
for record in dnssecdata.dsData
)
# Ensure at least 3 fields, filled or empty # Ensure at least 3 fields, filled or empty
while len(initial_data) == 0: while len(initial_data) == 0:
@ -326,9 +334,11 @@ class DomainDsdataView(DomainPermissionView, FormMixin):
dnssecdata: extensions.DNSSECExtension = domain.dnssecdata dnssecdata: extensions.DNSSECExtension = domain.dnssecdata
if dnssecdata is not None and dnssecdata.dsData is not None: if dnssecdata is not None and dnssecdata.dsData is not None:
self.request.session['dnssec_ds_confirmed'] = True self.request.session["dnssec_ds_confirmed"] = True
context['dnssec_ds_confirmed'] = self.request.session.get('dnssec_ds_confirmed', False) context["dnssec_ds_confirmed"] = self.request.session.get(
"dnssec_ds_confirmed", False
)
return context return context
def post(self, request, *args, **kwargs): def post(self, request, *args, **kwargs):
@ -336,13 +346,13 @@ class DomainDsdataView(DomainPermissionView, FormMixin):
self.object = self.get_object() self.object = self.get_object()
formset = self.get_form() formset = self.get_form()
if 'confirm-ds' in request.POST: if "confirm-ds" in request.POST:
request.session['dnssec_ds_confirmed'] = True request.session["dnssec_ds_confirmed"] = True
request.session['dnssec_key_confirmed'] = False request.session["dnssec_key_confirmed"] = False
return super().form_valid(formset) return super().form_valid(formset)
if 'btn-cancel-click' in request.POST: if "btn-cancel-click" in request.POST:
return redirect('/', {'formset': formset},RequestContext(request)) return redirect("/", {"formset": formset}, RequestContext(request))
if formset.is_valid(): if formset.is_valid():
return self.form_valid(formset) return self.form_valid(formset)
@ -357,7 +367,8 @@ class DomainDsdataView(DomainPermissionView, FormMixin):
for form in formset: for form in formset:
try: try:
# if 'delete' not in form.cleaned_data or form.cleaned_data['delete'] == False: # if 'delete' not in form.cleaned_data
# or form.cleaned_data['delete'] == False:
dsrecord = { dsrecord = {
"keyTag": form.cleaned_data["key_tag"], "keyTag": form.cleaned_data["key_tag"],
"alg": form.cleaned_data["algorithm"], "alg": form.cleaned_data["algorithm"],
@ -378,9 +389,7 @@ class DomainDsdataView(DomainPermissionView, FormMixin):
errmsg = "Error updating DNSSEC data in the registry." errmsg = "Error updating DNSSEC data in the registry."
logger.error(errmsg) logger.error(errmsg)
logger.error(err) logger.error(err)
messages.error( messages.error(self.request, errmsg)
self.request, errmsg
)
return self.form_invalid(formset) return self.form_invalid(formset)
else: else:
messages.success( messages.success(
@ -390,7 +399,6 @@ class DomainDsdataView(DomainPermissionView, FormMixin):
return super().form_valid(formset) return super().form_valid(formset)
class DomainKeydataView(DomainPermissionView, FormMixin): class DomainKeydataView(DomainPermissionView, FormMixin):
"""Domain DNSSEC key data editing view.""" """Domain DNSSEC key data editing view."""
@ -406,14 +414,21 @@ class DomainKeydataView(DomainPermissionView, FormMixin):
initial_data = [] initial_data = []
if dnssecdata is not None: if dnssecdata is not None:
if dnssecdata.dsData is not None: if dnssecdata.dsData is not None:
# TODO: Throw an error # TODO: Throw an error
pass pass
if dnssecdata.keyData is not None: if dnssecdata.keyData is not None:
# Add existing keydata as initial data # Add existing keydata as initial data
initial_data.extend({"flag": record.flags, "protocol": record.protocol, "algorithm": record.alg, "pub_key": record.pubKey} for record in dnssecdata.keyData) initial_data.extend(
{
"flag": record.flags,
"protocol": record.protocol,
"algorithm": record.alg,
"pub_key": record.pubKey,
}
for record in dnssecdata.keyData
)
# Ensure at least 3 fields, filled or empty # Ensure at least 3 fields, filled or empty
while len(initial_data) == 0: while len(initial_data) == 0:
@ -438,9 +453,11 @@ class DomainKeydataView(DomainPermissionView, FormMixin):
dnssecdata: extensions.DNSSECExtension = domain.dnssecdata dnssecdata: extensions.DNSSECExtension = domain.dnssecdata
if dnssecdata is not None and dnssecdata.keyData is not None: if dnssecdata is not None and dnssecdata.keyData is not None:
self.request.session['dnssec_key_confirmed'] = True self.request.session["dnssec_key_confirmed"] = True
context['dnssec_key_confirmed'] = self.request.session.get('dnssec_key_confirmed', False) context["dnssec_key_confirmed"] = self.request.session.get(
"dnssec_key_confirmed", False
)
return context return context
def post(self, request, *args, **kwargs): def post(self, request, *args, **kwargs):
@ -448,14 +465,14 @@ class DomainKeydataView(DomainPermissionView, FormMixin):
self.object = self.get_object() self.object = self.get_object()
formset = self.get_form() formset = self.get_form()
if 'confirm-key' in request.POST: if "confirm-key" in request.POST:
request.session['dnssec_key_confirmed'] = True request.session["dnssec_key_confirmed"] = True
request.session['dnssec_ds_confirmed'] = False request.session["dnssec_ds_confirmed"] = False
self.object.save() self.object.save()
return super().form_valid(formset) return super().form_valid(formset)
if 'btn-cancel-click' in request.POST: if "btn-cancel-click" in request.POST:
return redirect('/', {'formset': formset},RequestContext(request)) return redirect("/", {"formset": formset}, RequestContext(request))
if formset.is_valid(): if formset.is_valid():
return self.form_valid(formset) return self.form_valid(formset)
@ -470,7 +487,8 @@ class DomainKeydataView(DomainPermissionView, FormMixin):
for form in formset: for form in formset:
try: try:
# if 'delete' not in form.cleaned_data or form.cleaned_data['delete'] == False: # if 'delete' not in form.cleaned_data
# or form.cleaned_data['delete'] == False:
keyrecord = { keyrecord = {
"flags": form.cleaned_data["flag"], "flags": form.cleaned_data["flag"],
"protocol": form.cleaned_data["protocol"], "protocol": form.cleaned_data["protocol"],
@ -490,9 +508,7 @@ class DomainKeydataView(DomainPermissionView, FormMixin):
errmsg = "Error updating DNSSEC data in the registry." errmsg = "Error updating DNSSEC data in the registry."
logger.error(errmsg) logger.error(errmsg)
logger.error(err) logger.error(err)
messages.error( messages.error(self.request, errmsg)
self.request, errmsg
)
return self.form_invalid(formset) return self.form_invalid(formset)
else: else:
messages.success( messages.success(