add validation of update mirror urls

[christopherpross]

Link to issue number:

#17205

Summary of the issue:

Users could configure an invalid update mirror URL, which would only be discovered when attempting to check for updates. This PR implements a validation mechanism that ensures the specified update mirror is valid before allowing it to be set in the settings.

Description of user facing changes

A new validation process has been added when setting an update mirror URL in NVDA's settings. Users will now receive feedback if the URL they provide is not a valid update mirror. The "Test" button in the settings will now ensure that the mirror responds with the expected format, preventing invalid configurations.

Description of development approach

• Refactored parsing logic for update responses into a new function: parseUpdateCheckResponse.
• Defined the minimum schema for an update mirror response based on the following required keys:
  • version
  • launcherUrl
  • apiVersion
• Implemented a new function _isResponseUpdateMirrorValid in settingsDialogs.py, which calls parseUpdateCheckResponse to validate the mirror's response.
• Added _isResponseUpdateMirrorValid as the responseValidator in the _SetURLDialog for update mirrors.

Testing strategy:

• Ran NVDA from source.
• Ensured the update mirror URL was set to "no Mirror".
• Test 1: Set the URL to "https://www.nvaccess.org/nvdaUpdateCheck".
  • Pressed the "Test" button and verified that the URL was marked as valid.
• Test 2: Set the URL to "https://google.de".
  • Pressed the "Test" button and verified that the URL was marked as invalid.
• Test 3: Set the URL to "https://github.com".
  • Pressed the "Test" button and verified that the URL was marked as invalid.
• Test 4: Set the URL to the Chinese NVDA Community Update Mirror (https://nvaccess.mirror.nvdadr.com/nvdaUpdateCheck).
  • Verified that this URL was marked as valid.
• Additional tests with random strings to ensure that invalid URLs are correctly marked as invalid.

Known issues with pull request:

No known issues.

Code Review Checklist:

• Documentation:
  • Change log entry
  • User Documentation
  • Developer / Technical Documentation
  • Context sensitive help for GUI changes
• Testing:
  • Unit tests
  • System (end to end) tests
  • Manual testing
• UX of all users considered:
  • Speech
  • Braille
  • Low Vision
  • Different web browsers
  • Localization in other languages / culture than English
• API is compatible with existing add-ons.
• Security precautions taken.

@coderabbitai summary

[SaschaCowley]

Thanks @christopherpross. A couple of minor adjustments, plus I think you may have forgotten to push the schema validation.

[SaschaCowley]

response is necessarily OK, as testing fails before running the validator for any status other than 200.

Suggested change

	if not response.ok:
	return False
	responseContent = response.text
	responseContent = response.text

[SaschaCowley]

Suggested change

	data = res.text
	info = parseUpdateCheckResponse(data)
	info = parseUpdateCheckResponse(res.text)

[seanbudd]

Hi @christopherpross - just confirming you've seen Sascha's review and intend to still work on this?

[christopherpross]

@seanbudd and @SaschaCowley sorry for the delay, my real life comes in the way. I am so sorry. If you have a deathline for this fix, someone can, if they want take this and fix the remaining missing code. I has forgotten something to push and deleted my local repo. So in the next few days I will try to get into this. But I understand fully if you have a deathline and you have to fix this issue fast. Sorry for the inconventience.

[christopherpross]

@SaschaCowley and @seanbudd
sorry for the delay, I have now pushed the missing code.

[AppVeyorBot]

• Build (for testing PR): https://ci.appveyor.com/api/buildjobs/8pkw5tnkium7yl32/artifacts/output/
• CI timing (mins):
  INIT 0.0,
  INSTALL_START 1.3,
  INSTALL_END 1.0,
  BUILD_START 0.0,
  FINISH_END 15.9

See test results for failed build of commit b58d91a109

[SaschaCowley]

Thanks @christopherpross. A few suggestions to improve the quality of the update check code while you're here. Please also update the copyright headers of the files you have touched to reflect that they have been modified in 2025, and add yourself to the list of copyright holders, if you like

[SaschaCowley]

To make the code more self-documenting and easier to debug, could you create a new class to hold update information (perhaps as a dataclasses.dataclass or typing.NamedTuple)?

[SaschaCowley]

Could you rename this to be a little clearer? Perhaps something like isResponseUpdateMetadata

[AppVeyorBot]

• Build (for testing PR): https://ci.appveyor.com/api/buildjobs/4x4i3g02v663xgis/artifacts/output/
• CI timing (mins):
  INIT 0.0,
  INSTALL_START 1.3,
  INSTALL_END 0.9,
  BUILD_START 0.0,
  FINISH_END 16.3

See test results for failed build of commit 8a7529d07e