Merge pull request #2611 from karlcow/2381/1

Fixes #2381 - Adds security.txt to /.well-known/
webcompat · Oct 1, 2018 · dad3786 · dad3786
2 parents 6feae3f + a254c16
commit dad3786
Show file tree

Hide file tree

Showing 3 changed files with 32 additions and 16 deletions.
diff --git a/config/environment.py b/config/environment.py
@@ -36,9 +36,20 @@
     u'invalid': {'id': 0, 'order': 4, 'state': 'closed'},
     u'non-compat': {'id': 0, 'order': 5, 'state': 'closed'},
     u'wontfix': {'id': 0, 'order': 6, 'state': 'closed'},
-    u'worksforme': {'id': 0, 'order': 7, 'state': 'closed'}
-    }
+    u'worksforme': {'id': 0, 'order': 7, 'state': 'closed'}}
 
 # We don't need to compute for every requests.
 OPEN_STATUSES = [status for status in STATUSES
                  if STATUSES[status]['state'] == 'open']
+
+# Messages Configuration
+
+WELL_KNOWN_ALL = """
+    Sorry dear bot,
+    the route /.well-known/{subpath} doesn't exist.
+
+    Nothing behind me, everything ahead of me, as is ever so on the road.
+    - Jack Kerouac, On the Road."""
+WELL_KNOWN_SECURITY = """Contact: mailto:[email protected]
+Contact: mailto:[email protected]
+"""
diff --git a/tests/unit/test_rendering.py b/tests/unit/test_rendering.py
@@ -44,18 +44,18 @@ def login(self, username, password):
 
     def test_titles(self):
         """Page title format for different URIs."""
-        issueNum = '1000'
-        defaultTitle = 'Web Compatibility'
+        issue_number = '1000'
+        default_title = 'Web Compatibility'
         website_uris = [
-            ('/', defaultTitle),
+            ('/', default_title),
             ('/about', 'About'),
             ('/contributors', 'Contributors'),
-            ('/issues/' + issueNum, 'Issue #' + issueNum),
+            ('/issues/' + issue_number, 'Issue #' + issue_number),
             ('/issues', 'Issues'),
             ('issues/new', 'New Issue'),
             ('/privacy', 'Privacy Policy'),
             ('/dashboard/triage', 'Triage Dashboard'),
-            ('/404', defaultTitle)
+            ('/404', default_title)
         ]
         with webcompat.app.app_context():
             for uri, title in website_uris:
@@ -77,7 +77,6 @@ def test_addon_link(self):
 
         This depends on the user agent string.
         """
-
         # testing Firefox addon
         headers = {'HTTP_USER_AGENT': FIREFOX_UA}
         rv = self.app.get('/', environ_base=headers)
@@ -120,5 +119,12 @@ def test_wellknown_subpath(self):
         self.assertEqual(rv.status_code, 404)
         self.assertTrue(expected in rv.data)
 
+    def test_wellknown_security(self):
+        """Test that the /.wellknown/security.txt exists."""
+        rv = self.app.get('/.well-known/security.txt')
+        expected = 'Contact: mailto:kdubost+securitywebc'
+        self.assertEqual(rv.status_code, 200)
+        self.assertTrue(expected in rv.data)
+
 if __name__ == '__main__':
     unittest.main()
diff --git a/webcompat/views.py b/webcompat/views.py
@@ -488,11 +488,10 @@ def log_csp_report():
 @cache_policy(private=False, uri_max_age=31104000, must_revalidate=False)
 def wellknown(subpath):
     """Route for returning 404 for the currently unused well-known routes."""
-    msg = """
-    Sorry dear bot,
-    the route /.well-known/{subpath} doesn't exist.
-
-    Nothing behind me, everything ahead of me, as is ever so on the road.
-    - Jack Kerouac, On the Road.
-    """.format(subpath=subpath)
-    return (msg, 404, {'content-type': 'text/plain; charset=utf-8'})
+    if subpath == 'security.txt':
+        msg = app.config['WELL_KNOWN_SECURITY']
+        status_code = 200
+    else:
+        msg = app.config['WELL_KNOWN_ALL'].format(subpath=subpath)
+        status_code = 404
+    return (msg, status_code, {'content-type': 'text/plain; charset=utf-8'})