be stricter about rejecting invalid configurations for remotes

This is a first step toward that goal, using the ProposedAccepted type
in RemoteConfig lets initremote/enableremote reject bad parameters that
were passed in a remote's configuration, while avoiding enableremote
rejecting bad parameters that have already been stored in remote.log

This does not eliminate every place where a remote config is parsed and a
default value is used if the parse false. But, I did fix several
things that expected foo=yes/no and so confusingly accepted foo=true but
treated it like foo=no. There are still some fields that are parsed with
yesNo but not not checked when initializing a remote, and there are other
fields that are parsed in other ways and not checked when initializing a
remote.

This also lays groundwork for rejecting unknown/typoed config keys.

Assistant/Gpg.hs

@@ -11,6 +11,7 @@ import Utility.Gpg
 import Utility.UserInfo
 import Types.Remote (RemoteConfigField)
 import Annex.SpecialRemote.Config
+import Types.ProposedAccepted
 
 import qualified Data.Map as M
 import Control.Applicative
@@ -31,7 +32,7 @@ data EnableEncryption = HybridEncryption | SharedEncryption | NoEncryption
 	deriving (Eq)
 
 {- Generates Remote configuration for encryption. -}
-configureEncryption :: EnableEncryption -> (RemoteConfigField, String)
-configureEncryption SharedEncryption = (encryptionField, "shared")
-configureEncryption NoEncryption = (encryptionField, "none")
-configureEncryption HybridEncryption = (encryptionField, "hybrid")
+configureEncryption :: EnableEncryption -> (RemoteConfigField, ProposedAccepted String)
+configureEncryption SharedEncryption = (encryptionField, Proposed "shared")
+configureEncryption NoEncryption = (encryptionField, Proposed "none")
+configureEncryption HybridEncryption = (encryptionField, Proposed "hybrid")

Assistant/MakeRemote.hs

@@ -30,6 +30,7 @@ import Assistant.Gpg
 import Utility.Gpg (KeyId)
 import Types.GitConfig
 import Config
+import Types.ProposedAccepted
 
 import qualified Data.Map as M
 
@@ -59,19 +60,19 @@ makeRsyncRemote name location = makeRemote name location $ const $ void $
 	go (Just (u, c, mcu)) = setupSpecialRemote name Rsync.remote config Nothing
 		(Just u, R.Enable c, c) mcu
 	config = M.fromList
-		[ (encryptionField, "shared")
-		, ("rsyncurl", location)
-		, ("type", "rsync")
+		[ (encryptionField, Proposed "shared")
+		, (Proposed "rsyncurl", Proposed location)
+		, (typeField, Proposed "rsync")
 		]
 
 {- Inits a gcrypt special remote, and returns its name. -}
 makeGCryptRemote :: RemoteName -> String -> KeyId -> Annex RemoteName
 makeGCryptRemote remotename location keyid = 
 	initSpecialRemote remotename GCrypt.remote Nothing $ M.fromList
-		[ ("type", "gcrypt")
-		, ("gitrepo", location)
+		[ (typeField, Proposed "gcrypt")
+		, (Proposed "gitrepo", Proposed location)
 		, configureEncryption HybridEncryption
-		, ("keyid", keyid)
+		, (Proposed "keyid", Proposed keyid)
 		]
 
 type SpecialRemoteMaker = RemoteName -> RemoteType -> Maybe CredPair -> R.RemoteConfig -> Annex RemoteName
@@ -105,7 +106,7 @@ setupSpecialRemote' setdesc name remotetype config mcreds (mu, ss, c) mcu = do
 	 - assistant, because otherwise GnuPG may block once the entropy
 	 - pool is drained, and as of now there's no way to tell the user
 	 - to perform IO actions to refill the pool. -}
-	let weakc = M.insert "highRandomQuality" "false" $ M.union config c
+	let weakc = M.insert (Proposed "highRandomQuality") (Proposed "false") (M.union config c)
 	dummycfg <- liftIO dummyRemoteGitConfig
 	(c', u) <- R.setup remotetype ss mu mcreds weakc dummycfg
 	case mcu of

Assistant/WebApp/Configurators/AWS.hs

@@ -25,6 +25,7 @@ import Creds
 import Assistant.Gpg
 import Git.Types (RemoteName)
 import Annex.SpecialRemote.Config
+import Types.ProposedAccepted
 
 import qualified Data.Text as T
 import qualified Data.Map as M
@@ -131,10 +132,10 @@ postAddS3R = awsConfigurator $ do
 			let name = T.unpack $ repoName input
 			makeAWSRemote initSpecialRemote S3.remote TransferGroup (extractCreds input) name $ M.fromList
 				[ configureEncryption $ enableEncryption input
-				, ("type", "S3")
-				, ("datacenter", T.unpack $ datacenter input)
-				, ("storageclass", show $ storageClass input)
-				, ("chunk", "1MiB")
+				, (typeField, Proposed "S3")
+				, (Proposed "datacenter", Proposed $ T.unpack $ datacenter input)
+				, (Proposed "storageclass", Proposed $ show $ storageClass input)
+				, (Proposed "chunk", Proposed "1MiB")
 				]
 		_ -> $(widgetFile "configurators/adds3")
 #else
@@ -155,8 +156,8 @@ postAddGlacierR = glacierConfigurator $ do
 			let name = T.unpack $ repoName input
 			makeAWSRemote initSpecialRemote Glacier.remote SmallArchiveGroup (extractCreds input) name $ M.fromList
 				[ configureEncryption $ enableEncryption input
-				, ("type", "glacier")
-				, ("datacenter", T.unpack $ datacenter input)
+				, (typeField, Proposed "glacier")
+				, (Proposed "datacenter", Proposed $ T.unpack $ datacenter input)
 				]
 		_ -> $(widgetFile "configurators/addglacier")
 #else
@@ -222,7 +223,7 @@ makeAWSRemote maker remotetype defaultgroup (AWSCreds ak sk) name config =
 getRepoInfo :: RemoteConfig -> Widget
 getRepoInfo c = [whamlet|S3 remote using bucket: #{bucket}|]
   where
-	bucket = fromMaybe "" $ M.lookup "bucket" c
+	bucket = maybe "" fromProposedAccepted $ M.lookup (Accepted "bucket") c
 
 #ifdef WITH_S3
 previouslyUsedAWSCreds :: Annex (Maybe CredPair)

Assistant/WebApp/Configurators/Edit.hs

@@ -46,6 +46,8 @@ import Config
 import Config.GitConfig
 import Config.DynamicConfig
 import Types.Group
+import Types.ProposedAccepted
+import Annex.SpecialRemote.Config
 
 import qualified Data.Text as T
 import qualified Data.Map as M
@@ -125,7 +127,7 @@ setRepoConfig uuid mremote oldc newc = do
 				case M.lookup uuid m of
 					Nothing -> noop
 					Just remoteconfig -> configSet uuid $
-						M.insert "preferreddir" dir remoteconfig
+						M.insert (Proposed "preferreddir") (Proposed dir) remoteconfig
 	when groupChanged $ do
 		liftAnnex $ case repoGroup newc of
 			RepoGroupStandard g -> setStandardGroup uuid g
@@ -243,7 +245,7 @@ checkAssociatedDirectory cfg (Just r) = do
 		_ -> noop
 
 getRepoInfo :: Maybe Remote.Remote -> Maybe Remote.RemoteConfig -> Widget
-getRepoInfo (Just r) (Just c) = case M.lookup "type" c of
+getRepoInfo (Just r) (Just c) = case fromProposedAccepted <$> M.lookup typeField c of
 	Just "S3"
 #ifdef WITH_S3
 		| S3.configIA c -> IA.getRepoInfo c

Assistant/WebApp/Configurators/IA.hs

@@ -25,6 +25,7 @@ import Types.Remote (RemoteConfig)
 import qualified Annex.Url as Url
 import Creds
 import Annex.SpecialRemote.Config
+import Types.ProposedAccepted
 
 import qualified Data.Text as T
 import qualified Data.Map as M
@@ -131,21 +132,22 @@ postAddIAR = iaConfigurator $ do
 	case result of
 		FormSuccess input -> liftH $ do
 			let name = escapeBucket $ T.unpack $ itemName input
+			let wrap (k, v) = (Proposed k, Proposed v)
+			let c = map wrap $ catMaybes
+				[ Just ("type", "S3")
+				, Just ("host", S3.iaHost)
+				, Just ("bucket", escapeHeader name)
+				, Just ("x-archive-meta-title", escapeHeader $ T.unpack $ itemName input)
+				, if mediaType input == MediaOmitted
+					then Nothing
+					else Just ("x-archive-mediatype", formatMediaType $ mediaType input)
+				, (,) <$> pure "x-archive-meta-collection" <*> collectionMediaType (mediaType input)
+				-- Make item show up ASAP.
+				, Just ("x-archive-interactive-priority", "1")
+				, Just ("preferreddir", name)
+				]
 			AWS.makeAWSRemote initSpecialRemote S3.remote PublicGroup (extractCreds input) name $
-				M.fromList $ catMaybes
-					[ Just $ configureEncryption NoEncryption
-					, Just ("type", "S3")
-					, Just ("host", S3.iaHost)
-					, Just ("bucket", escapeHeader name)
-					, Just ("x-archive-meta-title", escapeHeader $ T.unpack $ itemName input)
-					, if mediaType input == MediaOmitted
-						then Nothing
-						else Just ("x-archive-mediatype", formatMediaType $ mediaType input)
-					, (,) <$> pure "x-archive-meta-collection" <*> collectionMediaType (mediaType input)
-					-- Make item show up ASAP.
-					, Just ("x-archive-interactive-priority", "1")
-					, Just ("preferreddir", name)
-					]
+				M.fromList $ configureEncryption NoEncryption : c
 		_ -> $(widgetFile "configurators/addia")
 #else
 postAddIAR = giveup "S3 not supported by this build"
@@ -202,7 +204,7 @@ $if (not exists)
     have been uploaded, and the Internet Archive has processed them.
 |]
   where
-	bucket = fromMaybe "" $ M.lookup "bucket" c
+	bucket = maybe "" fromProposedAccepted $ M.lookup (Accepted "bucket") c
 #ifdef WITH_S3
 	url = S3.iaItemUrl bucket
 #else

Assistant/WebApp/Configurators/Local.hs

@@ -39,6 +39,7 @@ import Utility.Gpg
 import qualified Remote.GCrypt as GCrypt
 import qualified Types.Remote
 import Utility.Android
+import Types.ProposedAccepted
 
 import qualified Data.Text as T
 import qualified Data.Map as M
@@ -325,7 +326,7 @@ getFinishAddDriveR drive = go
 		makewith $ const $ do
 			r <- liftAnnex $ addRemote $
 				enableSpecialRemote remotename' GCrypt.remote Nothing $ M.fromList
-					[("gitrepo", dir)]
+					[(Proposed "gitrepo", Proposed dir)]
 			return (u, r)
 	{- Making a new unencrypted repo, or combining with an existing one. -}
 	makeunencrypted = makewith $ \isnew -> (,)

Assistant/WebApp/Configurators/Ssh.hs

@@ -20,6 +20,7 @@ import Types.StandardGroups
 import Utility.UserInfo
 import Utility.Gpg
 import Types.Remote (RemoteConfig)
+import Types.ProposedAccepted
 import Git.Types (RemoteName, fromRef, fromConfigKey)
 import qualified Remote.GCrypt as GCrypt
 import qualified Annex
@@ -177,7 +178,7 @@ postEnableRsyncR = enableSshRemote getsshinput enableRsyncNet enablersync
   where
 	enablersync sshdata u = redirect $ ConfirmSshR
 		(sshdata { sshCapabilities = [RsyncCapable] }) u
-	getsshinput = parseSshUrl <=< M.lookup "rsyncurl"
+	getsshinput = parseSshUrl . fromProposedAccepted <=< M.lookup (Accepted "rsyncurl")
 
 {- This only handles gcrypt repositories that are located on ssh servers;
  - ones on local drives are handled via another part of the UI. -}
@@ -191,7 +192,7 @@ postEnableSshGCryptR u = whenGcryptInstalled $
 		sshConfigurator $
 			checkExistingGCrypt sshdata' $
 				giveup "Expected to find an encrypted git repository, but did not."
-	getsshinput = parseSshUrl <=< M.lookup "gitrepo"
+	getsshinput = parseSshUrl . fromProposedAccepted <=< M.lookup (Accepted "gitrepo")
 
 getEnableSshGitRemoteR :: UUID -> Handler Html
 getEnableSshGitRemoteR = postEnableSshGitRemoteR
@@ -200,7 +201,7 @@ postEnableSshGitRemoteR = enableSshRemote getsshinput enableRsyncNet enablesshgi
   where
 	enablesshgitremote sshdata u = redirect $ ConfirmSshR sshdata u
 
-	getsshinput = parseSshUrl <=< M.lookup "location"
+	getsshinput = parseSshUrl . fromProposedAccepted <=< M.lookup (Accepted "location")
 
 {- To enable a remote that uses ssh as its transport, 
  - parse a config key to get its url, and display a form
@@ -424,7 +425,7 @@ getConfirmSshR sshdata u
 		$(widgetFile "configurators/ssh/combine")
 	handleexisting (Just _) = prepSsh False sshdata $ \sshdata' -> do
 		m <- liftAnnex readRemoteLog
-		case M.lookup "type" =<< M.lookup u m of
+		case fromProposedAccepted <$> (M.lookup typeField =<< M.lookup u m) of
 			Just "gcrypt" -> combineExistingGCrypt sshdata' u
 			_ -> makeSshRepo ExistingRepo sshdata'
 
@@ -474,7 +475,7 @@ enableGCrypt :: SshData -> RemoteName -> Handler Html
 enableGCrypt sshdata reponame = setupRemote postsetup Nothing Nothing mk
   where
 	mk = enableSpecialRemote reponame GCrypt.remote Nothing $
-		M.fromList [("gitrepo", genSshUrl sshdata)]
+		M.fromList [(Proposed "gitrepo", Proposed (genSshUrl sshdata))]
 	postsetup _ = redirect DashboardR
 
 {- Combining with a gcrypt repository that may not be
@@ -546,11 +547,11 @@ makeSshRepo rs sshdata
 	setup r = do
 		m <- readRemoteLog
 		let c = fromMaybe M.empty (M.lookup (Remote.uuid r) m)
-		let c' = M.insert "location" (genSshUrl sshdata) $
-			M.insert "type" "git" $
-			case M.lookup nameField c of
+		let c' = M.insert (Proposed "location") (Proposed (genSshUrl sshdata)) $
+			M.insert typeField (Proposed "git") $
+			case fromProposedAccepted <$> M.lookup nameField c of
 				Just _ -> c
-				Nothing -> M.insert nameField (Remote.name r) c
+				Nothing -> M.insert nameField (Proposed (Remote.name r)) c
 		configSet (Remote.uuid r) c'
 
 makeSshRepoConnection :: RepoStatus -> Annex RemoteName -> (Remote -> Annex ()) -> Handler Html

Assistant/WebApp/Configurators/WebDAV.hs

@@ -22,6 +22,7 @@ import Git.Types (RemoteName)
 import Assistant.Gpg
 import Types.GitConfig
 import Annex.SpecialRemote.Config
+import Types.ProposedAccepted
 
 import qualified Data.Map as M
 #endif
@@ -58,7 +59,7 @@ postEnableWebDAVR uuid = do
 	m <- liftAnnex readRemoteLog
 	let c = fromJust $ M.lookup uuid m
 	let name = fromJust $ lookupName c
-	let url = fromJust $ M.lookup "url" c
+	let url = fromProposedAccepted $ fromJust $ M.lookup (Accepted "url") c
 	mcreds <- liftAnnex $ do
 		dummycfg <- liftIO dummyRemoteGitConfig
 		getRemoteCredPairFor "webdav" c dummycfg (WebDAV.davCreds uuid)

Assistant/WebApp/RepoList.hs

@@ -26,6 +26,7 @@ import Assistant.Sync
 import Config.Cost
 import Utility.NotificationBroadcaster
 import qualified Git
+import Types.ProposedAccepted
 
 import qualified Data.Map as M
 import qualified Data.Set as S
@@ -175,7 +176,7 @@ repoList reposelector
 	selectedremote (Just (iscloud, _))
 		| onlyCloud reposelector = iscloud
 		| otherwise = True
-	findinfo m g u = case getconfig "type" of
+	findinfo m g u = case fromProposedAccepted <$> getconfig (Accepted "type") of
 		Just "rsync" -> val True EnableRsyncR
 		Just "directory" -> val False EnableDirectoryR
 #ifdef WITH_S3
@@ -188,12 +189,12 @@ repoList reposelector
 		Just "gcrypt" ->
 			-- Skip gcrypt repos on removable drives;
 			-- handled separately.
-			case getconfig "gitrepo" of
+			case fromProposedAccepted <$> getconfig (Accepted "gitrepo") of
 				Just rr	| remoteLocationIsUrl (parseRemoteLocation rr g) ->
 					val True EnableSshGCryptR
 				_ -> Nothing
 		Just "git" -> 
-			case getconfig "location" of
+			case fromProposedAccepted <$> getconfig (Accepted "location") of
 				Just loc | remoteLocationIsSshUrl (parseRemoteLocation loc g) ->
 					val True EnableSshGitRemoteR
 				_ -> Nothing