[Rt-commit] rt branch, 5.0/obfuscate-passphrase-in-crypt-configs, created. rt-5.0.0-95-g70d4abc49d
? sunnavy
sunnavy at bestpractical.com
Thu Nov 5 15:48:27 EST 2020
The branch, 5.0/obfuscate-passphrase-in-crypt-configs has been created
at 70d4abc49d380d5c49a7d7739f5b93a5cd6bb3e6 (commit)
- Log -----------------------------------------------------------------
commit b61c77bd820176f175b329698f6b1c9d2b753719
Author: sunnavy <sunnavy at bestpractical.com>
Date: Thu Nov 5 06:09:28 2020 +0800
Obfuscate passphrase in %SMIME, %GnuPG and %GnuPGOptions on system config page
Note that the "passphrase" is lower cased in %GnuPGOptions.
Compared to "Password not printed", "Obfuscated" is more general and
could be used in more cases in the future.
diff --git a/lib/RT/Config.pm b/lib/RT/Config.pm
index 59ce078f1c..c992e81f98 100644
--- a/lib/RT/Config.pm
+++ b/lib/RT/Config.pm
@@ -930,6 +930,7 @@ our %META;
Type => 'HASH',
Immutable => 1,
Invisible => 1,
+ Obfuscate => _Obfuscate('Passphrase'),
PostLoadCheck => sub {
my $self = shift;
my $opt = $self->Get('SMIME');
@@ -966,6 +967,7 @@ our %META;
Type => 'HASH',
Immutable => 1,
Invisible => 1,
+ Obfuscate => _Obfuscate('Passphrase'),
PostLoadCheck => sub {
my $self = shift;
my $gpg = $self->Get('GnuPG');
@@ -998,6 +1000,7 @@ our %META;
Type => 'HASH',
Immutable => 1,
Invisible => 1,
+ Obfuscate => _Obfuscate('passphrase'),
},
ReferrerWhitelist => { Type => 'ARRAY' },
EmailDashboardLanguageOrder => { Type => 'ARRAY' },
@@ -2720,6 +2723,21 @@ sub LoadConfigFromDatabase {
}
}
+sub _Obfuscate {
+ my @keys = @_;
+
+ return sub {
+ my ( $config, $value, $user ) = @_;
+ return $value unless ref $value eq 'HASH';
+
+ my $msg = 'Obfuscated'; # loc
+ $msg = $user->loc($msg) if $user and $user->Id;
+
+ $value->{$_} = $msg for @keys;
+ return $value;
+ };
+}
+
RT::Base->_ImportOverlays();
1;
commit 70d4abc49d380d5c49a7d7739f5b93a5cd6bb3e6
Author: sunnavy <sunnavy at bestpractical.com>
Date: Fri Nov 6 04:36:19 2020 +0800
Use _Obfuscate factory in Obfuscate callback of ExternalSettings
This is to reduce a bit of code duplication and have the consistent
obfuscated message.
diff --git a/lib/RT/Config.pm b/lib/RT/Config.pm
index c992e81f98..7aee949fec 100644
--- a/lib/RT/Config.pm
+++ b/lib/RT/Config.pm
@@ -1299,11 +1299,8 @@ our %META;
# Ensure passwords are obfuscated on the System Configuration page
my ($config, $sources, $user) = @_;
- my $msg = 'Password not printed';
- $msg = $user->loc($msg) if $user and $user->Id;
-
for my $source (values %$sources) {
- $source->{pass} = $msg;
+ _Obfuscate('pass')->($config, $source, $user);
}
return $sources;
},
diff --git a/t/api/config.t b/t/api/config.t
index f96d03b26c..c9e272761e 100644
--- a/t/api/config.t
+++ b/t/api/config.t
@@ -61,7 +61,7 @@ RT->Config->Set(
my $external_settings = RT::Config->GetObfuscated( 'ExternalSettings', RT->SystemUser );
is( $external_settings->{My_LDAP}{user}, 'rt_ldap_username', 'plain value' );
-is( $external_settings->{My_LDAP}{pass}, 'Password not printed', 'obfuscated password' );
+is( $external_settings->{My_LDAP}{pass}, 'Obfuscated', 'obfuscated password' );
is( $external_settings->{My_LDAP}{net_ldap_args}[ 1 ], qr/^givenName/, 'regex correct' );
is( ref $external_settings->{My_LDAP}{subroutine}, 'CODE', 'subroutine type correct' );
-----------------------------------------------------------------------
More information about the rt-commit
mailing list