Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Secure preferences improvements #261

Merged
merged 30 commits into from
Jan 30, 2017
Merged

Secure preferences improvements #261

Show file tree
Hide file tree
Changes from 17 commits
Commits
Show all changes
30 commits
Select commit Hold shift + click to select a range
b669df9
Add secure preferences censorship and secure preferences support for …
Jan 12, 2017
32f697e
Remove current tag
Jan 12, 2017
efcd39e
Add wait for response to update preferences
Jan 12, 2017
5b07079
Add wait for response to update preferences on operators
Jan 12, 2017
ff352fd
Fix censorship
Jan 12, 2017
dda8d35
Add censorship clientside for operators
Jan 12, 2017
1da0258
Add error on bad preference reference
Jan 12, 2017
d14b96c
Add restapi tests for operators preference update
Jan 12, 2017
60ecf92
Improve operator preferences tests
Jan 16, 2017
e607bc3
Rename operator preferences endpoint
Jan 16, 2017
ab287a1
Add component type header
Jan 16, 2017
f9f38a5
Support no component type header requests
Jan 16, 2017
dae527e
Update tests to use component type header
Jan 16, 2017
69dd7da
Add support for requests with no headers
Jan 17, 2017
a8147ce
Add patch for workspace.wiring endpoint
Jan 17, 2017
29bcf16
Fix request not being sent to checkWiring
Jan 17, 2017
5528966
Fix responses not being piped
Jan 17, 2017
14a8684
Handle secure preferences
Jan 18, 2017
c0726ba
Add jsonpatch dependency
Jan 18, 2017
cc1f890
Improve response codes & fix tests
Jan 18, 2017
197284f
Fix style
Jan 18, 2017
62078f3
Add WIRECLOUD_COMPONENT_ID header
Jan 18, 2017
e624e40
Fix secure preference property not being retrieved properly
Jan 18, 2017
1cecd2a
Add patch call to create operators instantly
Jan 23, 2017
1d8b09b
Fix calling to update preferences when component is volatile
Jan 23, 2017
8ee7baf
Remove OperatorPreferences endpoint and use the WiringEntry patch ins…
Jan 23, 2017
7e6114b
Add missing censorship on operator preferences callback
Jan 24, 2017
41086a5
Improve wiring callback
Jan 25, 2017
86fa9cd
Add patch error handling
Jan 25, 2017
80d93b7
Docs: Add wiring patch Apiary documentation
Jan 25, 2017
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions src/wirecloud/commons/baseviews/resource.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,7 @@
'PUT': 'update',
'DELETE': 'delete',
'HEAD': 'head',
'PATCH': 'patch',
}


Expand Down
10 changes: 10 additions & 0 deletions src/wirecloud/commons/fixtures/user_with_workspaces.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -280,6 +280,16 @@
"creator": 4
}
},
{
"model": "platform.Workspace",
"pk": 202,
"fields": {
"name": "workspaceSecure",
"public": false,
"creator": "4",
"wiringStatus": "{\"operators\": {\"1\": {\"name\": \"Wirecloud/TestOperatorSecure/1.0\", \"preferences\": {\"pref_secure\": {\"secure\": true, \"readonly\": false, \"hidden\": false, \"value\": \"\"}, \"username\": {\"secure\": false, \"readonly\": true, \"hidden\": false, \"value\": \"username\"}}}, \"2\": {\"name\": \"Wirecloud/TestOperatorSecure/1.0\", \"preferences\": {\"pref_secure\": {\"secure\": true, \"readonly\": false, \"hidden\": false, \"value\": \"test_password\"}, \"username\": {\"secure\": false, \"readonly\": true, \"hidden\": false, \"value\": \"test_username\"}}}}, \"connections\": []}"
}
},
{
"pk": 2,
"model": "platform.userworkspace",
Expand Down
2 changes: 2 additions & 0 deletions src/wirecloud/platform/core/plugins.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -603,6 +603,8 @@ def get_ajax_endpoints(self, view):
{'id': 'WORKSPACE_PUBLISH', 'url': build_url_template('wirecloud.workspace_publish', ['workspace_id'])},
{'id': 'WORKSPACE_RESOURCE_COLLECTION', 'url': build_url_template('wirecloud.workspace_resource_collection', ['workspace_id'])},
{'id': 'WORKSPACE_VIEW', 'url': build_url_template('wirecloud.workspace_view', ['owner', 'name'])},

{'id': 'OPERATOR_PREFERENCES', 'url': build_url_template('wirecloud.workspace_operator_preferences', ['workspace_id', 'operator_id'])},
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

operator_preferences without the workspace_ prefix

)

from django.conf import settings
Expand Down
69 changes: 69 additions & 0 deletions src/wirecloud/platform/fixtures/test_data.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -73,6 +73,16 @@
"wiringStatus": "{\"operators\": {}, \"connections\": []}"
}
},
{
"model": "platform.Workspace",
"pk": "202",
"fields": {
"name": "workspaceSecure",
"public": false,
"creator": "2",
"wiringStatus": "{\"operators\": {\"1\": {\"name\": \"Wirecloud/TestOperatorSecure/1.0\", \"preferences\": {\"pref_secure\": {\"secure\": true, \"readonly\": false, \"hidden\": false, \"value\": \"\"}, \"username\": {\"secure\": false, \"readonly\": false, \"hidden\": false, \"value\": \"username\"}}}, \"2\": {\"name\": \"Wirecloud/TestOperatorSecure/1.0\", \"preferences\": {\"pref_secure\": {\"secure\": true, \"readonly\": false, \"hidden\": false, \"value\": \"test_password\"}, \"username\": {\"secure\": false, \"readonly\": false, \"hidden\": false, \"value\": \"test_username\"}}}}, \"connections\": []}"
}
},
{
"model": "platform.UserWorkspace",
"pk": "1",
Expand All @@ -81,6 +91,14 @@
"workspace": "1"
}
},
{
"model": "platform.UserWorkspace",
"pk": "2",
"fields": {
"user": "2",
"workspace": "202"
}
},
{
"model": "platform.Tab",
"pk": "1",
Expand All @@ -90,6 +108,15 @@
"visible": true
}
},
{
"model": "platform.Tab",
"pk": "2",
"fields": {
"workspace": "202",
"name": "tabSecure",
"visible": true
}
},
{
"model": "platform.IWidget",
"pk": "1",
Expand All @@ -114,6 +141,30 @@
"variables": "{\"password\": \"test_password\", \"username\": \"test_username\", \"prop\": \"test_data\"}"
}
},
{
"model": "platform.IWidget",
"pk": "3",
"fields": {
"widget": "1",
"widget_uri": "Test/Test Widget/1.0.0",
"name": "Secure Widget 1",
"positions": "{\"widget\":{\"minimized\":false,\"height\":24,\"width\":6,\"zIndex\":0,\"left\":0,\"top\":0,\"fulldragboard\":false},\"icon\":{\"top\":0,\"left\":0}}",
"tab": "2",
"variables": "{\"password\": \"\", \"username\": \"test_username\", \"prop\": \"test_data\"}"
}
},
{
"model": "platform.IWidget",
"pk": "4",
"fields": {
"widget": "1",
"widget_uri": "Test/Test Widget/1.0.0",
"name": "Secure Widget 2",
"positions": "{\"widget\":{\"minimized\":false,\"height\":24,\"width\":6,\"zIndex\":0,\"left\":0,\"top\":0,\"fulldragboard\":false},\"icon\":{\"top\":0,\"left\":0}}",
"tab": "2",
"variables": "{\"password\": \"test_password\", \"username\": \"test_username\", \"prop\": \"test_data\"}"
}
},
{
"model": "catalogue.CatalogueResource",
"pk": "1",
Expand Down Expand Up @@ -150,6 +201,24 @@
"users": [2]
}
},
{
"pk": 3,
"model": "catalogue.CatalogueResource",
"fields": {
"groups": [],
"template_uri": "Wirecloud_TestOperatorSecure_1.0.wgt",
"popularity": "0",
"vendor": "Wirecloud",
"short_name": "TestOperatorSecure",
"json_description": "{\"default_lang\": \"en\", \"vendor\": \"Wirecloud\", \"description\": \"Test operator description\", \"translations\": {}, \"smartphoneimage\": \"\", \"translation_index_usage\": {}, \"title\": \"TestOperator\", \"properties\": [], \"js_files\": [\"js/main.js\"], \"requirements\": [], \"preferences\": [{\"default\": \"\", \"name\": \"pref_secure\", \"secure\": true, \"label\": \"Prefix\", \"type\": \"text\", \"description\": \"\"}, {\"default\": \"\", \"name\": \"username\", \"secure\": false, \"label\": \"Prefix\", \"type\": \"text\", \"description\": \"\"}], \"authors\": \"admin\", \"wiring\": {\"inputs\": [{\"friendcode\": \"test_friend_code\", \"actionlabel\": \"\", \"name\": \"input\", \"label\": \"input\", \"type\": \"text\", \"description\": \"\"}], \"outputs\": [{\"friendcode\": \"test_friend_code\", \"description\": \"\", \"type\": \"text\", \"name\": \"output\", \"label\": \"output\"}]}, \"name\": \"TestOperator\", \"image\": \"images/catalogue.png\", \"version\": \"1.0\", \"context\": [], \"widget_height\": \"\", \"email\": \"[email protected]\", \"type\": \"operator\", \"widget_width\": \"\", \"doc\": \"doc/index.html\"}",
"creator": 2,
"creation_date": "2011-05-13T11:24:03Z",
"version": "1.0",
"type": 2,
"public": false,
"users": [2]
}
},
{
"model": "platform.Widget",
"pk": "1",
Expand Down
5 changes: 5 additions & 0 deletions src/wirecloud/platform/static/js/WirecloudAPI/WirecloudAPICommon.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@
var platform = window.parent;
var Wirecloud = platform.Wirecloud;
var resource = MashupPlatform.priv.resource;
var componentType = resource instanceof Wirecloud.Widget ? "widget" : "operator";
var guibuilder = new platform.StyledElements.GUIBuilder();

// HTTP module
Expand All @@ -37,6 +38,10 @@
Object.defineProperty(window.MashupPlatform.http, 'makeRequest', {
value: function makeRequest(url, options) {
url = new platform.URL(url, window.location);
if (!options.requestHeaders) {
options.requestHeaders = {};
}
options.requestHeaders["wirecloud-component-type"] = componentType;
return Wirecloud.io.makeRequest(url, options);
}
});
Expand Down
22 changes: 18 additions & 4 deletions src/wirecloud/platform/static/js/wirecloud/Widget/PreferencesWindowMenu.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,14 +32,18 @@
utils.inherit(PreferencesWindowMenu, Wirecloud.ui.WindowMenu);

PreferencesWindowMenu.prototype._savePrefs = function _savePrefs(form, new_values) {
var oldValue, newValue, varName, details;
var oldValue, newValue, varName;

for (varName in new_values) {
oldValue = this.widgetModel.preferences[varName].value;
newValue = new_values[varName];

if (newValue !== oldValue) {
this.widgetModel.preferences[varName].value = newValue;
if (this.widgetModel.preferences[varName].meta.options.secure && newValue !== "") {
this.widgetModel.preferences[varName].value = "********";
} else {
this.widgetModel.preferences[varName].value = newValue;
}
} else {
delete new_values[varName];
}
Expand All @@ -55,15 +59,25 @@
method: 'POST',
contentType: 'application/json',
requestHeaders: {'Accept': 'application/json'},
postBody: JSON.stringify(new_values)
postBody: JSON.stringify(new_values),
onSuccess: widgetCallback.call(this, new_values)
}
);
};

// Notify preference changes to widget
var widgetCallback = function widgetCallback(new_values) {
if (typeof this.widgetModel.prefCallback === 'function') {
try {
// Censor secure preferences
for (var varName in new_values) {
if (this.widgetModel.preferences[varName].meta.options.secure && this.widgetModel.preferences[varName].value !== "") {
new_values[varName] = "********";
}
}
this.widgetModel.prefCallback(new_values);
} catch (error) {
details = this.widgetModel.logManager.formatException(error);
var details = this.widgetModel.logManager.formatException(error);
this.widgetModel.logManager.log(utils.gettext('Exception catched while processing preference changes'), {details: details});
}
}
Expand Down
30 changes: 24 additions & 6 deletions src/wirecloud/platform/static/js/wirecloud/ui/OperatorPreferencesWindowMenu.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,28 +32,46 @@
utils.inherit(OperatorPreferencesWindowMenu, Wirecloud.ui.WindowMenu);

OperatorPreferencesWindowMenu.prototype._savePrefs = function _savePrefs(form, new_values) {
var key, details;
var key;

for (key in new_values) {
if (this._current_ioperator.preferences[key].value !== new_values[key]) {
this._current_ioperator.preferences[key].value = new_values[key];

if (this._current_ioperator.preferences[key].meta.options.secure && new_values[key] !== "") {
this._current_ioperator.preferences[key].value = "********";
} else {
this._current_ioperator.preferences[key].value = new_values[key];
}
} else {
delete new_values[key];
}
}

this.hide();

Wirecloud.io.makeRequest(Wirecloud.URLs.OPERATOR_PREFERENCES.evaluate({
workspace_id: this._current_ioperator.wiring.workspace.id,
operator_id: this._current_ioperator.id
}), {
method: 'POST',
contentType: 'application/json',
requestHeaders: {'Accept': 'application/json'},
postBody: JSON.stringify(new_values),
onSuccess: operatorCallback.call(this, new_values)
}
);
};

var operatorCallback = function operatorCallback(new_values) {
if (typeof this._current_ioperator.prefCallback === 'function') {
try {
this._current_ioperator.prefCallback(new_values);
} catch (error) {
details = this._current_ioperator.logManager.formatException(error);
var details = this._current_ioperator.logManager.formatException(error);
this._current_ioperator.logManager.log(utils.gettext('Exception catched while processing preference changes'), {details: details});
}
}

this.hide();
};

OperatorPreferencesWindowMenu.prototype.show = function show(ioperator, parentWindow) {
var i, prefs, pref, fields;

Expand Down
Loading