Skip to content

cleanup credentials #846

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Sep 27, 2023
Merged

cleanup credentials #846

merged 2 commits into from
Sep 27, 2023

Conversation

ryanmelt
Copy link
Member

No description provided.

@ryanmelt ryanmelt requested a review from jmthomas September 27, 2023 02:51
@codecov
Copy link

codecov bot commented Sep 27, 2023
edited
Loading

Codecov Report

Attention: 9 lines in your changes are missing coverage. Please review.

Comparison is base (768b1e3) 72.25% compared to head (5fdce18) 72.27%.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main     #846      +/-   ##
==========================================
+ Coverage   72.25%   72.27%   +0.01%     
==========================================
  Files         471      471              
  Lines       31074    31069       -5     
  Branches      877      877              
==========================================
+ Hits        22452    22454       +2     
+ Misses       8528     8522       -6     
+ Partials       94       93       -1
Flag Coverage Δ
frontend 60.61% <ø> (+0.01%) ⬆️
ruby-api 48.66% <0.00%> (+0.05%) ⬆️
ruby-backend 80.34% <37.50%> (+0.02%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Files Coverage Δ
openc3/lib/openc3/script/script.rb 71.51% <100.00%> (ø)
openc3/lib/openc3/io/json_api_object.rb 35.00% <0.00%> (ø)
openc3/lib/openc3/script/web_socket_api.rb 23.33% <0.00%> (ø)
openc3/lib/openc3/utilities/authentication.rb 25.92% <50.00%> (ø)
...mos-script-runner-api/app/models/running_script.rb 18.99% <0.00%> (ø)
...enc3-cosmos-script-runner-api/app/models/script.rb 13.73% <0.00%> (ø)
openc3/lib/openc3/models/auth_model.rb 62.06% <0.00%> (+6.80%) ⬆️

... and 9 files with indirect coverage changes

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@sonarqubecloud
Copy link

SonarCloud Quality Gate failed.    Quality Gate failed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
11.8% 11.8% Duplication

idea Catch issues before they fail your Quality Gate with our IDE extension sonarlint SonarLint

jmthomas
jmthomas approved these changes Sep 27, 2023
View reviewed changes
compose.yaml
OPENC3_REDIS_PASSWORD: "${OPENC3_REDIS_PASSWORD}"
OPENC3_BUCKET_USERNAME: "${OPENC3_BUCKET_USERNAME}"
OPENC3_BUCKET_PASSWORD: "${OPENC3_BUCKET_PASSWORD}"
OPENC3_SERVICE_PASSWORD: "${OPENC3_SERVICE_PASSWORD}"
env_file:
- ".env"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Who wins: environment or env_file

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

environment
https://docs.docker.com/compose/environment-variables/envvars-precedence/

openc3/lib/openc3/io/json_api.rb
@@ -53,7 +53,7 @@ def _generate_url(microservice_name:, prefix:, schema: 'http', hostname: nil, po
# generate the auth object
def _generate_auth
if ENV['OPENC3_API_TOKEN'].nil? and ENV['OPENC3_API_USER'].nil?
if ENV['OPENC3_API_PASSWORD'] || ENV['OPENC3_SERVICE_PASSWORD']
if ENV['OPENC3_API_PASSWORD']
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ENV['OPENC3_SERVICE_PASSWORD'] was never used right?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not really... at least it shouldn't have been.

openc3/lib/openc3/models/auth_model.rb
return true if @@service_token_cache == token_hash and permission != 'admin'
# Handle a service password - Generally only used by ScriptRunner
service_password = ENV['OPENC3_SERVICE_PASSWORD']
return true if service_password and service_password == token and permission != 'admin'
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What was the point of the previous cache and how it is now removed?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This previous code was dumb. It should have just been comparing cleartext versions and not bothering with a hash.

@ryanmelt ryanmelt merged commit 2289402 into main Sep 27, 2023
@ryanmelt ryanmelt deleted the cleanup_credentials branch September 27, 2023 17:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jmthomas jmthomas jmthomas approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ryanmelt @jmthomas