diff options
| author | Joram Wilander <jwawilander@gmail.com> | 2016-05-03 14:45:36 -0400 |
|---|---|---|
| committer | Christopher Speller <crspeller@gmail.com> | 2016-05-03 14:45:36 -0400 |
| commit | b18cf58c8f607bed64d821fcc856e251a391df6a (patch) | |
| tree | 7315a3f82a9de07fd3dd5ca0b83ddb912f87d5aa /api | |
| parent | 87989b8afd4666a72940389db716b6500d0a9ec3 (diff) | |
| download | chat-b18cf58c8f607bed64d821fcc856e251a391df6a.tar.gz chat-b18cf58c8f607bed64d821fcc856e251a391df6a.tar.bz2 chat-b18cf58c8f607bed64d821fcc856e251a391df6a.zip | |
Sanitize sensitive data of out config file for the system console (#2849)
Diffstat (limited to 'api')
| -rw-r--r-- | api/admin.go | 12 | ||||
| -rw-r--r-- | api/admin_test.go | 39 |
2 files changed, 40 insertions, 11 deletions
diff --git a/api/admin.go b/api/admin.go index 930170619..7ab2c9cfc 100644 --- a/api/admin.go +++ b/api/admin.go @@ -127,10 +127,11 @@ func getConfig(c *Context, w http.ResponseWriter, r *http.Request) { json := utils.Cfg.ToJson() cfg := model.ConfigFromJson(strings.NewReader(json)) - json = cfg.ToJson() + + cfg.Sanitize() w.Header().Set("Cache-Control", "no-cache, no-store, must-revalidate") - w.Write([]byte(json)) + w.Write([]byte(cfg.ToJson())) } func saveConfig(c *Context, w http.ResponseWriter, r *http.Request) { @@ -145,6 +146,7 @@ func saveConfig(c *Context, w http.ResponseWriter, r *http.Request) { } cfg.SetDefaults() + utils.Desanitize(cfg) if err := cfg.IsValid(); err != nil { c.Err = err @@ -160,8 +162,10 @@ func saveConfig(c *Context, w http.ResponseWriter, r *http.Request) { utils.SaveConfig(utils.CfgFileName, cfg) utils.LoadConfig(utils.CfgFileName) - json := utils.Cfg.ToJson() - w.Write([]byte(json)) + + rdata := map[string]string{} + rdata["status"] = "OK" + w.Write([]byte(model.MapToJson(rdata))) } func testEmail(c *Context, w http.ResponseWriter, r *http.Request) { diff --git a/api/admin_test.go b/api/admin_test.go index 2edc151bd..1d8f6bb6b 100644 --- a/api/admin_test.go +++ b/api/admin_test.go @@ -68,6 +68,37 @@ func TestGetConfig(t *testing.T) { if len(cfg.TeamSettings.SiteName) == 0 { t.Fatal() } + + if *cfg.LdapSettings.BindPassword != model.FAKE_SETTING && len(*cfg.LdapSettings.BindPassword) != 0 { + t.Fatal("did not sanitize properly") + } + if cfg.FileSettings.PublicLinkSalt != model.FAKE_SETTING { + t.Fatal("did not sanitize properly") + } + if cfg.FileSettings.AmazonS3SecretAccessKey != model.FAKE_SETTING && len(cfg.FileSettings.AmazonS3SecretAccessKey) != 0 { + t.Fatal("did not sanitize properly") + } + if cfg.EmailSettings.InviteSalt != model.FAKE_SETTING { + t.Fatal("did not sanitize properly") + } + if cfg.EmailSettings.PasswordResetSalt != model.FAKE_SETTING { + t.Fatal("did not sanitize properly") + } + if cfg.EmailSettings.SMTPPassword != model.FAKE_SETTING && len(cfg.EmailSettings.SMTPPassword) != 0 { + t.Fatal("did not sanitize properly") + } + if cfg.GitLabSettings.Secret != model.FAKE_SETTING && len(cfg.GitLabSettings.Secret) != 0 { + t.Fatal("did not sanitize properly") + } + if cfg.SqlSettings.DataSource != model.FAKE_SETTING { + t.Fatal("did not sanitize properly") + } + if cfg.SqlSettings.AtRestEncryptKey != model.FAKE_SETTING { + t.Fatal("did not sanitize properly") + } + if !strings.Contains(strings.Join(cfg.SqlSettings.DataSourceReplicas, " "), model.FAKE_SETTING) && len(cfg.SqlSettings.DataSourceReplicas) != 0 { + t.Fatal("did not sanitize properly") + } } } @@ -80,14 +111,8 @@ func TestSaveConfig(t *testing.T) { *utils.Cfg.TeamSettings.EnableOpenServer = false - if result, err := th.SystemAdminClient.SaveConfig(utils.Cfg); err != nil { + if _, err := th.SystemAdminClient.SaveConfig(utils.Cfg); err != nil { t.Fatal(err) - } else { - cfg := result.Data.(*model.Config) - - if len(cfg.TeamSettings.SiteName) == 0 { - t.Fatal() - } } *utils.Cfg.TeamSettings.EnableOpenServer = true |