From: Miod Vallat <miod.vallat@powerdns.com>
Date: Mon, 27 Oct 2025 11:32:07 +0000 (+0100)
Subject: Merge pull request #16360 from miodvallat/backport-16352-to-auth-5.0.x
X-Git-Tag: auth-5.0.1~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f95fbc98bc7470e041c077a99bdaccd11cde9d21;p=thirdparty%2Fpdns.git

Merge pull request #16360 from miodvallat/backport-16352-to-auth-5.0.x

auth 5.0: backport "api: relax zone name check in view removal "
---

f95fbc98bc7470e041c077a99bdaccd11cde9d21
diff --cc pdns/ws-auth.cc
index c2e82b6b75,e3de1d2abe..de089567b6
--- a/pdns/ws-auth.cc
+++ b/pdns/ws-auth.cc
@@@ -2743,21 -2742,15 +2743,19 @@@ static void apiServerViewsGET(HttpReque
  // POST /views/<view> + name in json adds ZoneName "name" to view "view"
  static void apiServerViewsPOST(HttpRequest* req, HttpResponse* resp)
  {
-   UeberBackend backend;
-   DomainInfo domainInfo;
    const auto& document = req->json();
+   // We can't use a ZoneData object here, as the zone being added to the
+   // view may not exist yet.
    ZoneName zonename = apiNameToZoneName(stringFromJson(document, "name"));
  
-   if (!backend.getDomainInfo(zonename, domainInfo)) {
-     throw ApiException("Zone " + zonename.toString() + " does not exist");
-   }
    std::string view{req->parameters["view"]};
 +  std::string error;
 +  if (!Check::validateViewName(view, error)) {
 +    throw ApiException(error);
 +  }
  
-   if (!domainInfo.backend->viewAddZone(view, zonename)) {
+   UeberBackend backend;
+   if (!backend.viewAddZone(view, zonename)) {
      throw ApiException("Failed to add " + zonename.toString() + " to view " + view);
    }
    // Notify zone cache of the new association
@@@ -2778,15 -2771,15 +2776,19 @@@
  // DELETE /views/<view>/<id>     removes ZoneName "id" from view "view"
  static void apiServerViewsDELETE(HttpRequest* req, HttpResponse* resp)
  {
-   ZoneData zoneData{req};
+   // We can't use a ZoneData object here, as the zone being removed from the
+   // view may no longer exist.
+   ZoneName zoneName(apiZoneIdToName(req->parameters["id"]));
+ 
    std::string view{req->parameters["view"]};
 +  std::string error;
 +  if (!Check::validateViewName(view, error)) {
 +    throw ApiException(error);
 +  }
  
-   if (!zoneData.domainInfo.backend->viewDelZone(view, zoneData.zoneName)) {
-     throw ApiException("Failed to remove " + zoneData.zoneName.toString() + " from view " + view);
+   UeberBackend backend;
+   if (!backend.viewDelZone(view, zoneName)) {
+     throw ApiException("Failed to remove " + zoneName.toString() + " from view " + view);
    }
    // Notify zone cache of the removed association
    bool emptyView{false};