[fix] Backend of VPN with VpnClients cannot be changed openwisp#550

Closes openwisp#550
masap · Jan 19, 2022 · 3261e4d · 3261e4d
1 parent 2873932
commit 3261e4d
Show file tree

Hide file tree

Showing 2 changed files with 37 additions and 0 deletions.
diff --git a/openwisp_controller/config/base/vpn.py b/openwisp_controller/config/base/vpn.py
@@ -129,13 +129,26 @@ class Meta:
 
     def clean(self, *args, **kwargs):
         super().clean(*args, **kwargs)
+        self._validate_backend()
         self._validate_certs()
         self._validate_keys()
         self._validate_org_relation('ca')
         self._validate_org_relation('cert')
         self._validate_org_relation('subnet')
         self._validate_subnet_ip()
 
+    def _validate_backend(self):
+        if self._state.adding:
+            return
+        if self.vpnclient_set.exists():
+            raise ValidationError(
+                {
+                    'backend': _(
+                        'Backend cannot be changed because the VPN is currently in use.'
+                    )
+                }
+            )
+
     def _validate_certs(self):
         if not self._is_backend_type('openvpn'):
             self.ca = None

diff --git a/openwisp_controller/config/tests/test_vpn.py b/openwisp_controller/config/tests/test_vpn.py
@@ -577,6 +577,30 @@ def test_change_vpn_backend(self):
         self.assertEqual(vpn.subnet, None)
         self.assertEqual(vpn.ip, None)
 
+    def test_change_vpn_backend_with_vpnclient(self):
+        vpn = self._create_vpn(name='new', backend=self._BACKENDS['openvpn'])
+        subnet = self._create_subnet(
+            name='wireguard', subnet='10.0.0.0/16', organization=vpn.organization
+        )
+        template = self._create_template(name='VPN', type='vpn', vpn=vpn)
+        config = self._create_config(organization=self._get_org())
+        config.templates.add(template)
+        self.assertEqual(VpnClient.objects.count(), 1)
+
+        with self.assertRaises(ValidationError) as context_manager:
+            vpn.backend = self._BACKENDS['wireguard']
+            vpn.subnet = subnet
+            vpn.full_clean()
+            vpn.save()
+        expected_error_dict = {
+            'backend': [
+                'Backend cannot be changed because the VPN is currently in use.'
+            ]
+        }
+        self.assertDictEqual(
+            context_manager.exception.message_dict, expected_error_dict
+        )
+
 
 class TestWireguardTransaction(BaseTestVpn, TestWireguardVpnMixin, TransactionTestCase):
     def test_auto_peer_configuration(self):