Fix: Enforce HTTPS for GitLab resource types

9a5eb012 · Petar Hristov · 393dff5c · 9a5eb012 · 9a5eb012 · 9a5eb012
Commit 9a5eb012 authored 2 years ago by Petar Hristov
--- a/src/modules/resource/components/create-resource/resource-type/GitLab.vue
+++ b/src/modules/resource/components/create-resource/resource-type/GitLab.vue
@@ -174,9 +174,13 @@ import type {
 import type { GitlabInformation } from "@/modules/resource/types";

 import { useVuelidate, type ValidationArgs } from "@vuelidate/core";
-import { required, url } from "@vuelidate/validators";
+import { and, helpers, required, url } from "@vuelidate/validators";
 import { isNumber } from "lodash";

+const isHttpsUrl = (value: string) =>
+  !helpers.req(value) || value.startsWith("https://");
+const isValidGitLabUrl = and(url, isHttpsUrl);
+
 export default defineComponent({
  props: {
    value: {
@@ -218,7 +222,7 @@ export default defineComponent({
  validations() {
    return {
      gitlabInformation: {
-        domain: { required, url },
+        domain: { required, isValidGitLabUrl },
        accessToken: { required },
        project: { required },
        reference: { required },

--- a/src/modules/resource/i18n/de.ts
+++ b/src/modules/resource/i18n/de.ts
@@ -288,14 +288,14 @@ export default {
      domain: "GitLab Domain",
      domainLabel: "Domain:",
      domainInvalidTooltip:
-        "Die angegebene Domain ist keine gültige vollständige URL",
+        "Die angegebene Domain ist keine gültige vollständige URL. Bitte beachten, dass nur das HTTPS-Protokoll zugelassen ist.",

      accessToken: "Projekt- oder Gruppenzugangstoken",
      accessTokenLabel: "@:(resourceType.gitlab.accessToken):",
      accessTokenInvalidTooltip: "Dieses Feld ist erforderlich",
      accessTokenInfoPopover:
        "Wie erstellt man ein @:(resourceType.gitlab.accessToken)?",
-      accessTokenInfoPopoverUrl: "https://",
+      accessTokenInfoPopoverUrl: "https://", // TODO: add the URL for the Access Token creation guide

      projectId: "GitLab Projekt Id",
      projectIdLabel: "GitLab Projekt Id:",

--- a/src/modules/resource/i18n/en.ts
+++ b/src/modules/resource/i18n/en.ts
@@ -283,14 +283,15 @@ export default {
    gitlab: {
      domain: "GitLab Domain",
      domainLabel: "Domain:",
-      domainInvalidTooltip: "The provided domain is not a valid full URL",
+      domainInvalidTooltip:
+        "The provided domain is not a valid full URL. Note that only the HTTPS protocol is allowed.",

      accessToken: "Project or Group Access Token",
      accessTokenLabel: "@:(resourceType.gitlab.accessToken):",
      accessTokenInvalidTooltip: "This is a required field",
      accessTokenInfoPopover:
        "How to create a @:(resourceType.gitlab.accessToken)?",
-      accessTokenInfoPopoverUrl: "https://",
+      accessTokenInfoPopoverUrl: "https://", // TODO: add the URL for the Access Token creation guide

      projectId: "GitLab Project Id",
      projectIdLabel: "GitLab Project Id:",