Secure preferences improvements #261
Conversation
| @@ -604,7 +604,7 @@ def get_ajax_endpoints(self, view): | |||
| {'id': 'WORKSPACE_RESOURCE_COLLECTION', 'url': build_url_template('wirecloud.workspace_resource_collection', ['workspace_id'])}, | |||
| {'id': 'WORKSPACE_VIEW', 'url': build_url_template('wirecloud.workspace_view', ['owner', 'name'])}, | |||
|
|
|||
| {'id': 'OPERATOR_PREFERENCES', 'url': build_url_template('wirecloud.workspace_operatorpref', ['workspace_id', 'operator_id'])}, | |||
| {'id': 'OPERATOR_PREFERENCES', 'url': build_url_template('wirecloud.workspace_operator_preferences', ['workspace_id', 'operator_id'])}, | |||
There was a problem hiding this comment.
operator_preferences without the workspace_ prefix
| @@ -18,6 +18,7 @@ | |||
| # along with Wirecloud. If not, see <http://www.gnu.org/licenses/>. | |||
|
|
|||
| import json | |||
| import jsonpatch | |||
There was a problem hiding this comment.
Please, add the jsonpatch dependency into the src/setup.py and docs/installation_guide.md files.
| workspace.wiringStatus = new_wiring_status | ||
| workspace.save() | ||
|
|
||
| return HttpResponse(status=200) |
There was a problem hiding this comment.
200 error code needs a response body, please use a 204 error code instead.
| operator_prefs = workspace.wiringStatus["operators"][operator_id]["preferences"] | ||
| for preference in new_values: | ||
| if not preference in operator_prefs: | ||
| return build_error_response(request, 400, _("Preference does not exist")) |
There was a problem hiding this comment.
This error has nothing to do with the request's content syntax, use a 422 error code instead.
| @@ -33,17 +33,26 @@ | |||
|
|
|||
|
|
|||
| WIRECLOUD_SECURE_DATA_HEADER = 'x-wirecloud-secure-data' | |||
| WIRECLOUD_COMPONENT_TYPE_HEADER = 'wirecloud-component-type' | |||
There was a problem hiding this comment.
Missing equivalent WIRECLOUD_COMPONENT_ID_HEADER and remove the use of the iwidget_id matching group for getting the component id (you should maintain it for detecting constants, maybe using another name for the matching group).
Examples:
- Values from variables:
action=basic_auth, user_ref=username, pass_ref=pref_secure - Username value from constant:
action=basic_auth, user_ref=c/username, pass_ref=pref_secure
| new_wiring_status = parse_json_request(request) | ||
| old_wiring_status = workspace.wiringStatus | ||
|
|
||
| def checkWiring(self, request, new_wiring_status, old_wiring_status, can_update_secure = False): |
There was a problem hiding this comment.
flake8 src/wirecloud/platform/wiring/views.py ;-)
Tip: pip install flake8
|
Missing Apiary documentation and the improvements in the error responses reviewed in slack. |
Adds secure request support for operators
Adds secure preferences censorship (shows empty if no value provided and eight asterisks if it has any value.
Updates operator preferences on change instead of waiting to leave the wiring view.
MashupPlatform.prefs.get("secure-preference-name")can be used to get the display value of the preference (empty or 8 asterisks). This can be useful in order to check if the preference has any value.