From 2461d69242108fe6f4bc067cc8255e41f66c58aa Mon Sep 17 00:00:00 2001

From: Armando Neto <neto.armando@gmail.com>

Date: Mon, 18 Jun 2018 18:26:01 -0300

Subject: [PATCH] ipaserver config plugin: Increase search records minimum

 limit

Check if the given search records value is greater than an arbitrary number that is not so close to zero.

https://pagure.io/freeipa/issue/6617

Reviewed-By: Rob Crittenden <rcritten@redhat.com>

---

 ipaserver/plugins/config.py                | 14 +++++-

 ipatests/test_xmlrpc/test_config_plugin.py | 76 ++++++++++++++++++++++++++++++

 2 files changed, 89 insertions(+), 1 deletion(-)

diff --git a/ipaserver/plugins/config.py b/ipaserver/plugins/config.py

index 33ed38ba016567b9df57503f2f8418cf7c7fc794..d367c3c5aa421bb22d1630c88bbac846e7d84386 100644

--- a/ipaserver/plugins/config.py

+++ b/ipaserver/plugins/config.py

@@ -85,6 +85,18 @@ EXAMPLES:

 register = Registry()

+

+def validate_search_records_limit(ugettext, value):

+    """Check if value is greater than a realistic minimum.

+

+    Values 0 and -1 are valid, as they represent unlimited.

+    """

+    if value in {-1, 0}:

+        return

+    if value < 10:

+        return _('must be at least 10')

+

+

 @register()

 class config(LDAPObject):

     """

@@ -161,10 +173,10 @@ class config(LDAPObject):

             minvalue=-1,

         ),

         Int('ipasearchrecordslimit',

+            validate_search_records_limit,

             cli_name='searchrecordslimit',

             label=_('Search size limit'),

             doc=_('Maximum number of records to search (-1 or 0 is unlimited)'),

-            minvalue=-1,

         ),

         IA5Str('ipausersearchfields',

             cli_name='usersearch',

diff --git a/ipatests/test_xmlrpc/test_config_plugin.py b/ipatests/test_xmlrpc/test_config_plugin.py

index c037224162e2c29f6dd76eabefe7fededc6f882d..666b7c2c87b4f0a1f7bde18c78780a1ea6072b71 100644

--- a/ipatests/test_xmlrpc/test_config_plugin.py

+++ b/ipatests/test_xmlrpc/test_config_plugin.py

@@ -211,4 +211,80 @@ class test_config(Declarative):

                 summary=None,

                 ),

         ),

+        dict(

+            desc='Set the number of search records to -1 (unlimited)',

+            command=(

+                'config_mod', [], {

+                    'ipasearchrecordslimit': u'-1',

+                },

+            ),

+            expected={

+                'result': lambda d: d['ipasearchrecordslimit'] == (u'-1',),

+                'summary': None,

+                'value': None,

+            },

+        ),

+        dict(

+            desc='Set the number of search records to greater than 10',

+            command=(

+                'config_mod', [], {

+                    'ipasearchrecordslimit': u'100',

+                },

+            ),

+            expected={

+                'result': lambda d: d['ipasearchrecordslimit'] == (u'100',),

+                'summary': None,

+                'value': None,

+            },

+        ),

+        dict(

+            desc='Set the number of search records to lower than -1',

+            command=(

+                'config_mod', [], {

+                    'ipasearchrecordslimit': u'-10',

+                },

+            ),

+            expected=errors.ValidationError(

+                name=u'searchrecordslimit',

+                error=u'must be at least 10',

+            ),

+        ),

+        dict(

+            desc='Set the number of search records to lower than 10',

+            command=(

+                'config_mod', [], {

+                    'ipasearchrecordslimit': u'1',

+                },

+            ),

+            expected=errors.ValidationError(

+                name=u'searchrecordslimit',

+                error=u'must be at least 10',

+            ),

+        ),

+        dict(

+            desc='Set the number of search records to zero (unlimited)',

+            command=(

+                'config_mod', [], {

+                    'ipasearchrecordslimit': u'0',

+                },

+            ),

+            expected={

+                'result': lambda d: d['ipasearchrecordslimit'] == (u'-1',),

+                'summary': None,

+                'value': None,

+            },

+        ),

+        dict(

+            desc='Set the number of search records back to 100',

+            command=(

+                'config_mod', [], {

+                    'ipasearchrecordslimit': u'100',

+                },

+            ),

+            expected={

+                'result': lambda d: d['ipasearchrecordslimit'] == (u'100',),

+                'summary': None,

+                'value': None,

+            },

+        ),

     ]

-- 

2.14.4