Merge pull request #203 from coreos-inc/encpass

Add encrypted password output in the superuser API
2015-07-01 12:40:05 -04:00 · 2015-07-01 12:40:05 -04:00 · ba067048d8
commit ba067048d8
parent 24d53e9744 b91b60e83d
2 changed files with 25 additions and 7 deletions
--- a/endpoints/api/superuser.py
+++ b/endpoints/api/superuser.py
@ -6,7 +6,7 @@ import json
 import os

 from random import SystemRandom
-from app import app, avatar, superusers
+from app import app, avatar, superusers, authentication
 from flask import request

 from endpoints.api import (ApiResource, nickname, resource, validate_json_request, request_error,
@ -115,16 +115,21 @@ def org_view(org):
    'avatar': avatar.get_data_for_org(org),
  }

-def user_view(user):
-  return  {
+def user_view(user, password=None):
+  user_data = {
    'username': user.username,
    'email': user.email,
    'verified': user.verified,
    'avatar': avatar.get_data_for_user(user),
    'super_user': superusers.is_superuser(user.username),
-    'enabled': user.enabled
+    'enabled': user.enabled,
  }

+  if password is not None:
+    user_data['encrypted_password'] = authentication.encrypt_user_password(password)
+
+  return user_data
+
@resource('/v1/superuser/changelog/')
@internal_only
@show_if(features.SUPER_USERS)
@ -232,7 +237,8 @@ class SuperUserList(ApiResource):
      return {
        'username': username,
        'email': email,
-        'password': password
+        'password': password,
+        'encrypted_password': authentication.encrypt_user_password(password),
      }

    abort(403)
@ -355,7 +361,7 @@ class SuperUserManagement(ApiResource):
          user.enabled = bool(user_data['enabled'])
          user.save()

-        return user_view(user)
+        return user_view(user, password=user_data.get('password'))

    abort(403)

--- a/test/test_api_usage.py
+++ b/test/test_api_usage.py
@ -2903,6 +2903,17 @@ class TestSuperUserManagement(ApiTestCase):
    # Verify the user no longer exists.
    self.getResponse(SuperUserManagement, params=dict(username = 'freshuser'), expected_code=404)

+  def test_change_user_password(self):
+    self.login(ADMIN_ACCESS_USER)
+
+    # Verify the user exists.
+    json = self.getJsonResponse(SuperUserManagement, params=dict(username = 'freshuser'))
+    self.assertEquals('freshuser', json['username'])
+    self.assertEquals('jschorr+test@devtable.com', json['email'])
+
+    # Update the user.
+    json = self.putJsonResponse(SuperUserManagement, params=dict(username='freshuser'), data=dict(password='somepassword'))
+    self.assertTrue('encrypted_password' in json)

  def test_update_user(self):
    self.login(ADMIN_ACCESS_USER)
@ -2913,7 +2924,8 @@ class TestSuperUserManagement(ApiTestCase):
    self.assertEquals('jschorr+test@devtable.com', json['email'])

    # Update the user.
-    self.putJsonResponse(SuperUserManagement, params=dict(username='freshuser'), data=dict(email='foo@bar.com'))
+    json = self.putJsonResponse(SuperUserManagement, params=dict(username='freshuser'), data=dict(email='foo@bar.com'))
+    self.assertFalse('encrypted_password' in json)

    # Verify the user was updated.
    json = self.getJsonResponse(SuperUserManagement, params=dict(username = 'freshuser'))