Merge pull request #107 from cloudscale-ch/denis/token-validation

Validate API token before passing it on to Ansible
cloudscale-ch · Jan 16, 2025 · 6da9606 · 6da9606
2 parents f6ffeda + a663e71
commit 6da9606
Showing 1 changed file with 10 additions and 1 deletion.
diff --git a/plugins/module_utils/api.py b/plugins/module_utils/api.py
@@ -6,6 +6,8 @@
 from __future__ import absolute_import, division, print_function
 __metaclass__ = type
 
+import re
+
 from datetime import datetime, timedelta
 from time import sleep
 from copy import deepcopy
@@ -14,6 +16,9 @@
 from ansible.module_utils._text import to_text
 
 
+VALID_TOKEN = re.compile(r'^[a-zA-Z0-9-._]+\Z')
+
+
 def cloudscale_argument_spec():
     return dict(
         api_url=dict(
@@ -44,7 +49,11 @@ def __init__(self, module):
         if not self._api_url.endswith('/'):
             self._api_url = self._api_url + '/'
 
-        self._auth_header = {'Authorization': 'Bearer %s' % module.params['api_token']}
+        api_token = module.params['api_token'].strip()
+        if not VALID_TOKEN.match(api_token):
+            self._module.fail_json(msg='Invalid API Token')
+        else:
+            self._auth_header = {'Authorization': 'Bearer %s' % api_token}
 
     def _get(self, api_call):
         resp, info = fetch_url(self._module, self._api_url + api_call,