Shadow password correctly for session config (#8984)
Fix #8718 This PR shadows passwords in session config correctly by detecting the VirtualProvider, unmarshalling the original config and then shadowing config within that.
This commit is contained in:
parent
665ce1dcb3
commit
ae36ed7ecb
1 changed files with 17 additions and 9 deletions
|
@ -6,6 +6,7 @@
|
||||||
package admin
|
package admin
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"encoding/json"
|
||||||
"fmt"
|
"fmt"
|
||||||
"net/url"
|
"net/url"
|
||||||
"os"
|
"os"
|
||||||
|
@ -25,6 +26,7 @@ import (
|
||||||
"code.gitea.io/gitea/services/mailer"
|
"code.gitea.io/gitea/services/mailer"
|
||||||
|
|
||||||
"gitea.com/macaron/macaron"
|
"gitea.com/macaron/macaron"
|
||||||
|
"gitea.com/macaron/session"
|
||||||
"github.com/unknwon/com"
|
"github.com/unknwon/com"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -207,7 +209,7 @@ func SendTestMail(ctx *context.Context) {
|
||||||
ctx.Redirect(setting.AppSubURL + "/admin/config")
|
ctx.Redirect(setting.AppSubURL + "/admin/config")
|
||||||
}
|
}
|
||||||
|
|
||||||
func shadownPasswordKV(cfgItem, splitter string) string {
|
func shadowPasswordKV(cfgItem, splitter string) string {
|
||||||
fields := strings.Split(cfgItem, splitter)
|
fields := strings.Split(cfgItem, splitter)
|
||||||
for i := 0; i < len(fields); i++ {
|
for i := 0; i < len(fields); i++ {
|
||||||
if strings.HasPrefix(fields[i], "password=") {
|
if strings.HasPrefix(fields[i], "password=") {
|
||||||
|
@ -218,10 +220,10 @@ func shadownPasswordKV(cfgItem, splitter string) string {
|
||||||
return strings.Join(fields, splitter)
|
return strings.Join(fields, splitter)
|
||||||
}
|
}
|
||||||
|
|
||||||
func shadownURL(provider, cfgItem string) string {
|
func shadowURL(provider, cfgItem string) string {
|
||||||
u, err := url.Parse(cfgItem)
|
u, err := url.Parse(cfgItem)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Error("shodowPassword %v failed: %v", provider, err)
|
log.Error("Shadowing Password for %v failed: %v", provider, err)
|
||||||
return cfgItem
|
return cfgItem
|
||||||
}
|
}
|
||||||
if u.User != nil {
|
if u.User != nil {
|
||||||
|
@ -239,7 +241,7 @@ func shadownURL(provider, cfgItem string) string {
|
||||||
func shadowPassword(provider, cfgItem string) string {
|
func shadowPassword(provider, cfgItem string) string {
|
||||||
switch provider {
|
switch provider {
|
||||||
case "redis":
|
case "redis":
|
||||||
return shadownPasswordKV(cfgItem, ",")
|
return shadowPasswordKV(cfgItem, ",")
|
||||||
case "mysql":
|
case "mysql":
|
||||||
//root:@tcp(localhost:3306)/macaron?charset=utf8
|
//root:@tcp(localhost:3306)/macaron?charset=utf8
|
||||||
atIdx := strings.Index(cfgItem, "@")
|
atIdx := strings.Index(cfgItem, "@")
|
||||||
|
@ -253,15 +255,21 @@ func shadowPassword(provider, cfgItem string) string {
|
||||||
case "postgres":
|
case "postgres":
|
||||||
// user=jiahuachen dbname=macaron port=5432 sslmode=disable
|
// user=jiahuachen dbname=macaron port=5432 sslmode=disable
|
||||||
if !strings.HasPrefix(cfgItem, "postgres://") {
|
if !strings.HasPrefix(cfgItem, "postgres://") {
|
||||||
return shadownPasswordKV(cfgItem, " ")
|
return shadowPasswordKV(cfgItem, " ")
|
||||||
}
|
}
|
||||||
|
fallthrough
|
||||||
|
case "couchbase":
|
||||||
|
return shadowURL(provider, cfgItem)
|
||||||
// postgres://pqgotest:password@localhost/pqgotest?sslmode=verify-full
|
// postgres://pqgotest:password@localhost/pqgotest?sslmode=verify-full
|
||||||
// Notice: use shadwonURL
|
// Notice: use shadowURL
|
||||||
|
case "VirtualSession":
|
||||||
|
var realSession session.Options
|
||||||
|
if err := json.Unmarshal([]byte(cfgItem), &realSession); err == nil {
|
||||||
|
return shadowPassword(realSession.Provider, realSession.ProviderConfig)
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// "couchbase"
|
return cfgItem
|
||||||
return shadownURL(provider, cfgItem)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// Config show admin config page
|
// Config show admin config page
|
||||||
|
|
Reference in a new issue