vbatts/quay
Archived
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Merge pull request #203 from coreos-inc/encpass

Browse source 
Add encrypted password output in the superuser API
This commit is contained in:
Jake Moshenko 2015-07-01 12:40:05 -04:00
commit ba067048d8
2 changed files with 25 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
endpoints/api/superuser.py
View file

@ -6,7 +6,7 @@ import json
import os import os
from random import SystemRandom from random import SystemRandom
from app import app, avatar, superusers from app import app, avatar, superusers, authentication
from flask import request from flask import request
from endpoints.api import (ApiResource, nickname, resource, validate_json_request, request_error, from endpoints.api import (ApiResource, nickname, resource, validate_json_request, request_error,
@ -115,16 +115,21 @@ def org_view(org):
'avatar': avatar.get_data_for_org(org), 'avatar': avatar.get_data_for_org(org),
} }
def user_view(user): def user_view(user, password=None):
return { user_data = {
'username': user.username, 'username': user.username,
'email': user.email, 'email': user.email,
'verified': user.verified, 'verified': user.verified,
'avatar': avatar.get_data_for_user(user), 'avatar': avatar.get_data_for_user(user),
'super_user': superusers.is_superuser(user.username), 'super_user': superusers.is_superuser(user.username),
'enabled': user.enabled 'enabled': user.enabled,
} }
if password is not None:
user_data['encrypted_password'] = authentication.encrypt_user_password(password)
return user_data
@resource('/v1/superuser/changelog/') @resource('/v1/superuser/changelog/')
@internal_only @internal_only
@show_if(features.SUPER_USERS) @show_if(features.SUPER_USERS)
@ -232,7 +237,8 @@ class SuperUserList(ApiResource):
return { return {
'username': username, 'username': username,
'email': email, 'email': email,
'password': password 'password': password,
'encrypted_password': authentication.encrypt_user_password(password),
} }
abort(403) abort(403)
@ -355,7 +361,7 @@ class SuperUserManagement(ApiResource):
user.enabled = bool(user_data['enabled']) user.enabled = bool(user_data['enabled'])
user.save() user.save()
return user_view(user) return user_view(user, password=user_data.get('password'))
abort(403) abort(403)

14
test/test_api_usage.py
View file

@ -2903,6 +2903,17 @@ class TestSuperUserManagement(ApiTestCase):
# Verify the user no longer exists. # Verify the user no longer exists.
self.getResponse(SuperUserManagement, params=dict(username = 'freshuser'), expected_code=404) self.getResponse(SuperUserManagement, params=dict(username = 'freshuser'), expected_code=404)
def test_change_user_password(self):
self.login(ADMIN_ACCESS_USER)
# Verify the user exists.
json = self.getJsonResponse(SuperUserManagement, params=dict(username = 'freshuser'))
self.assertEquals('freshuser', json['username'])
self.assertEquals('jschorr+test@devtable.com', json['email'])
# Update the user.
json = self.putJsonResponse(SuperUserManagement, params=dict(username='freshuser'), data=dict(password='somepassword'))
self.assertTrue('encrypted_password' in json)
def test_update_user(self): def test_update_user(self):
self.login(ADMIN_ACCESS_USER) self.login(ADMIN_ACCESS_USER)
@ -2913,7 +2924,8 @@ class TestSuperUserManagement(ApiTestCase):
self.assertEquals('jschorr+test@devtable.com', json['email']) self.assertEquals('jschorr+test@devtable.com', json['email'])
# Update the user. # Update the user.
self.putJsonResponse(SuperUserManagement, params=dict(username='freshuser'), data=dict(email='foo@bar.com')) json = self.putJsonResponse(SuperUserManagement, params=dict(username='freshuser'), data=dict(email='foo@bar.com'))
self.assertFalse('encrypted_password' in json)
# Verify the user was updated. # Verify the user was updated.
json = self.getJsonResponse(SuperUserManagement, params=dict(username = 'freshuser')) json = self.getJsonResponse(SuperUserManagement, params=dict(username = 'freshuser'))