diff options
-rw-r--r-- | api/admin.go | 12 | ||||
-rw-r--r-- | api/admin_test.go | 39 | ||||
-rw-r--r-- | model/client.go | 2 | ||||
-rw-r--r-- | model/config.go | 36 | ||||
-rw-r--r-- | utils/config.go | 38 |
5 files changed, 112 insertions, 15 deletions
diff --git a/api/admin.go b/api/admin.go index 930170619..7ab2c9cfc 100644 --- a/api/admin.go +++ b/api/admin.go @@ -127,10 +127,11 @@ func getConfig(c *Context, w http.ResponseWriter, r *http.Request) { json := utils.Cfg.ToJson() cfg := model.ConfigFromJson(strings.NewReader(json)) - json = cfg.ToJson() + + cfg.Sanitize() w.Header().Set("Cache-Control", "no-cache, no-store, must-revalidate") - w.Write([]byte(json)) + w.Write([]byte(cfg.ToJson())) } func saveConfig(c *Context, w http.ResponseWriter, r *http.Request) { @@ -145,6 +146,7 @@ func saveConfig(c *Context, w http.ResponseWriter, r *http.Request) { } cfg.SetDefaults() + utils.Desanitize(cfg) if err := cfg.IsValid(); err != nil { c.Err = err @@ -160,8 +162,10 @@ func saveConfig(c *Context, w http.ResponseWriter, r *http.Request) { utils.SaveConfig(utils.CfgFileName, cfg) utils.LoadConfig(utils.CfgFileName) - json := utils.Cfg.ToJson() - w.Write([]byte(json)) + + rdata := map[string]string{} + rdata["status"] = "OK" + w.Write([]byte(model.MapToJson(rdata))) } func testEmail(c *Context, w http.ResponseWriter, r *http.Request) { diff --git a/api/admin_test.go b/api/admin_test.go index 2edc151bd..1d8f6bb6b 100644 --- a/api/admin_test.go +++ b/api/admin_test.go @@ -68,6 +68,37 @@ func TestGetConfig(t *testing.T) { if len(cfg.TeamSettings.SiteName) == 0 { t.Fatal() } + + if *cfg.LdapSettings.BindPassword != model.FAKE_SETTING && len(*cfg.LdapSettings.BindPassword) != 0 { + t.Fatal("did not sanitize properly") + } + if cfg.FileSettings.PublicLinkSalt != model.FAKE_SETTING { + t.Fatal("did not sanitize properly") + } + if cfg.FileSettings.AmazonS3SecretAccessKey != model.FAKE_SETTING && len(cfg.FileSettings.AmazonS3SecretAccessKey) != 0 { + t.Fatal("did not sanitize properly") + } + if cfg.EmailSettings.InviteSalt != model.FAKE_SETTING { + t.Fatal("did not sanitize properly") + } + if cfg.EmailSettings.PasswordResetSalt != model.FAKE_SETTING { + t.Fatal("did not sanitize properly") + } + if cfg.EmailSettings.SMTPPassword != model.FAKE_SETTING && len(cfg.EmailSettings.SMTPPassword) != 0 { + t.Fatal("did not sanitize properly") + } + if cfg.GitLabSettings.Secret != model.FAKE_SETTING && len(cfg.GitLabSettings.Secret) != 0 { + t.Fatal("did not sanitize properly") + } + if cfg.SqlSettings.DataSource != model.FAKE_SETTING { + t.Fatal("did not sanitize properly") + } + if cfg.SqlSettings.AtRestEncryptKey != model.FAKE_SETTING { + t.Fatal("did not sanitize properly") + } + if !strings.Contains(strings.Join(cfg.SqlSettings.DataSourceReplicas, " "), model.FAKE_SETTING) && len(cfg.SqlSettings.DataSourceReplicas) != 0 { + t.Fatal("did not sanitize properly") + } } } @@ -80,14 +111,8 @@ func TestSaveConfig(t *testing.T) { *utils.Cfg.TeamSettings.EnableOpenServer = false - if result, err := th.SystemAdminClient.SaveConfig(utils.Cfg); err != nil { + if _, err := th.SystemAdminClient.SaveConfig(utils.Cfg); err != nil { t.Fatal(err) - } else { - cfg := result.Data.(*model.Config) - - if len(cfg.TeamSettings.SiteName) == 0 { - t.Fatal() - } } *utils.Cfg.TeamSettings.EnableOpenServer = true diff --git a/model/client.go b/model/client.go index 7eab008f1..9285368c4 100644 --- a/model/client.go +++ b/model/client.go @@ -611,7 +611,7 @@ func (c *Client) SaveConfig(config *Config) (*Result, *AppError) { return nil, err } else { return &Result{r.Header.Get(HEADER_REQUEST_ID), - r.Header.Get(HEADER_ETAG_SERVER), ConfigFromJson(r.Body)}, nil + r.Header.Get(HEADER_ETAG_SERVER), MapFromJson(r.Body)}, nil } } diff --git a/model/config.go b/model/config.go index 4bb2a7a49..b7c939202 100644 --- a/model/config.go +++ b/model/config.go @@ -28,6 +28,8 @@ const ( GENERIC_NOTIFICATION = "generic" FULL_NOTIFICATION = "full" + + FAKE_SETTING = "********************************" ) type ServiceSettings struct { @@ -597,10 +599,38 @@ func (o *Config) IsValid() *AppError { return nil } -func (me *Config) GetSanitizeOptions() map[string]bool { +func (o *Config) GetSanitizeOptions() map[string]bool { options := map[string]bool{} - options["fullname"] = me.PrivacySettings.ShowFullName - options["email"] = me.PrivacySettings.ShowEmailAddress + options["fullname"] = o.PrivacySettings.ShowFullName + options["email"] = o.PrivacySettings.ShowEmailAddress return options } + +func (o *Config) Sanitize() { + if len(*o.LdapSettings.BindPassword) > 0 { + *o.LdapSettings.BindPassword = FAKE_SETTING + } + + o.FileSettings.PublicLinkSalt = FAKE_SETTING + if len(o.FileSettings.AmazonS3SecretAccessKey) > 0 { + o.FileSettings.AmazonS3SecretAccessKey = FAKE_SETTING + } + + o.EmailSettings.InviteSalt = FAKE_SETTING + o.EmailSettings.PasswordResetSalt = FAKE_SETTING + if len(o.EmailSettings.SMTPPassword) > 0 { + o.EmailSettings.SMTPPassword = FAKE_SETTING + } + + if len(o.GitLabSettings.Secret) > 0 { + o.GitLabSettings.Secret = FAKE_SETTING + } + + o.SqlSettings.DataSource = FAKE_SETTING + o.SqlSettings.AtRestEncryptKey = FAKE_SETTING + + for i := range o.SqlSettings.DataSourceReplicas { + o.SqlSettings.DataSourceReplicas[i] = FAKE_SETTING + } +} diff --git a/utils/config.go b/utils/config.go index 9e2776f75..14d6589a2 100644 --- a/utils/config.go +++ b/utils/config.go @@ -283,3 +283,41 @@ func ValidateLdapFilter(cfg *model.Config) *model.AppError { } return nil } + +func Desanitize(cfg *model.Config) { + if *cfg.LdapSettings.BindPassword == model.FAKE_SETTING { + *cfg.LdapSettings.BindPassword = *Cfg.LdapSettings.BindPassword + } + + if cfg.FileSettings.PublicLinkSalt == model.FAKE_SETTING { + cfg.FileSettings.PublicLinkSalt = Cfg.FileSettings.PublicLinkSalt + } + if cfg.FileSettings.AmazonS3SecretAccessKey == model.FAKE_SETTING { + cfg.FileSettings.AmazonS3SecretAccessKey = Cfg.FileSettings.AmazonS3SecretAccessKey + } + + if cfg.EmailSettings.InviteSalt == model.FAKE_SETTING { + cfg.EmailSettings.InviteSalt = Cfg.EmailSettings.InviteSalt + } + if cfg.EmailSettings.PasswordResetSalt == model.FAKE_SETTING { + cfg.EmailSettings.PasswordResetSalt = Cfg.EmailSettings.PasswordResetSalt + } + if cfg.EmailSettings.SMTPPassword == model.FAKE_SETTING { + cfg.EmailSettings.SMTPPassword = Cfg.EmailSettings.SMTPPassword + } + + if cfg.GitLabSettings.Secret == model.FAKE_SETTING { + cfg.GitLabSettings.Secret = Cfg.GitLabSettings.Secret + } + + if cfg.SqlSettings.DataSource == model.FAKE_SETTING { + cfg.SqlSettings.DataSource = Cfg.SqlSettings.DataSource + } + if cfg.SqlSettings.AtRestEncryptKey == model.FAKE_SETTING { + cfg.SqlSettings.AtRestEncryptKey = Cfg.SqlSettings.AtRestEncryptKey + } + + for i := range cfg.SqlSettings.DataSourceReplicas { + cfg.SqlSettings.DataSourceReplicas[i] = Cfg.SqlSettings.DataSourceReplicas[i] + } +} |