1
0
mirror of https://github.com/ansible/awx.git synced 2024-10-31 15:21:13 +03:00

Enforce http_method restrictions via API

This commit is contained in:
beeankha 2019-07-22 16:57:10 -04:00
parent 6ef235dcd5
commit 04404c93db
2 changed files with 3 additions and 1 deletions

View File

@ -4237,6 +4237,8 @@ class NotificationTemplateSerializer(BaseSerializer):
continue
if field_type == "password" and field_val == "$encrypted$" and object_actual is not None:
attrs['notification_configuration'][field] = object_actual.notification_configuration[field]
if field == "http_method" and field_val.lower() not in ['put', 'post']:
error_list.append(_("HTTP method must be either 'POST' or 'PUT'."))
if missing_fields:
error_list.append(_("Missing required fields for Notification Configuration: {}.").format(missing_fields))
if incorrect_type_fields:

View File

@ -38,7 +38,7 @@ class WebhookBackend(AWXBaseEmailBackend):
sent_messages = 0
if 'User-Agent' not in self.headers:
self.headers['User-Agent'] = "Tower {}".format(get_awx_version())
if self.http_method.lower() not in ('put', 'post'):
if self.http_method.lower() not in ['put','post']:
raise ValueError("HTTP method must be either 'POST' or 'PUT'.")
chosen_method = getattr(requests, self.http_method.lower(), None)
for m in messages: