From ead4779512c102701b21a61fecfa2530f6bf990f Mon Sep 17 00:00:00 2001
From: Pedro Moura <pmoura@redhat.com>
Date: Fri, 7 Jun 2024 19:44:24 -0300
Subject: [PATCH] Check if input blogs are HTTPS

Signed-off-by: Pedro Moura <pmoura@redhat.com>
---
 noggin/form/edit_user.py          | 23 ++++++++++++++++++-----
 tests/unit/form/test_edit_user.py | 29 ++++++++++++++++++++++++++++-
 2 files changed, 46 insertions(+), 6 deletions(-)

diff --git a/noggin/form/edit_user.py b/noggin/form/edit_user.py
index e51e4d1ca..cc8401c17 100644
--- a/noggin/form/edit_user.py
+++ b/noggin/form/edit_user.py
@@ -80,6 +80,16 @@ def _validate(form, field):
             raise ValidationError(_("This does not look like a valid server name."))
 
 
+class HTTPSValidator:
+    def __init__(self, message=_('HTTPS is required')):
+        self.message = message
+
+    def __call__(self, form, field):
+        url = field.data
+        if url and not url.startswith('https://'):
+            raise ValidationError(self.message)
+
+
 class UserSettingsProfileForm(BaseForm):
     firstname = StringField(
         _('First Name'),
@@ -122,15 +132,18 @@ class UserSettingsProfileForm(BaseForm):
         _('GitLab Username'), validators=[Optional()], filters=[strip_at]
     )
 
-    website_url = URLField(
-        _('Website or Blog URL'),
-        validators=[Optional(), URL(message=_('Valid URL required'))],
+    website_url = FieldList(
+        URLField(
+            validators=[Optional(), URL(message=_('Valid URL required')), HTTPSValidator()],
+            render_kw={"rows": 6},
+        ),
+        label=_('Website or Blog URL'),
     )
 
     rss_url = FieldList(
         URLField(
-            validators=[Optional(), URL(message=_('Valid URL required'))],
-            widget=FieldWithClearButtonWidget(URLField.widget),
+            validators=[Optional(), URL(message=_('Valid URL required')), HTTPSValidator()],
+            render_kw={"rows": 6},
         ),
         label=_('RSS URL'),
     )
diff --git a/tests/unit/form/test_edit_user.py b/tests/unit/form/test_edit_user.py
index 5619215eb..7aadeaa15 100644
--- a/tests/unit/form/test_edit_user.py
+++ b/tests/unit/form/test_edit_user.py
@@ -3,7 +3,7 @@
 import pytest
 from bs4 import BeautifulSoup
 
-from noggin.form.edit_user import UserSettingsProfileForm
+from noggin.form.edit_user import UserSettingsProfileForm, HTTPSValidator
 
 
 Obj = namedtuple("Obj", ["ircnick"])
@@ -92,3 +92,30 @@ def test_form_edit_user_ircnick_valid_empty(app):
     html = BeautifulSoup(form.ircnick.entries[0](), 'html.parser')
     msg = html.select_one("div.invalid-feedback")
     assert msg is None
+
+
+def test_valid_https_url():
+    validator = HTTPSValidator()
+    url = 'https://example.com'
+    assertIsNone(validator(None, url))  
+ 
+
+def test_invalid_http_url():
+    validator = HTTPSValidator()
+    url = 'http://example.com'
+    with assertRaises(ValidationError):
+        validator(None, url) 
+
+
+def test_invalid_non_url():
+    validator = HTTPSValidator()
+    url = 'not a url'
+    with assertRaises(ValidationError):
+        validator(None, url) 
+
+
+def test_invalid_empty_url():
+    validator = HTTPSValidator()
+    url = ''
+    with assertRaises(ValidationError):
+        validator(None, url)