From: Michael Tremer Date: Wed, 5 Oct 2022 16:07:12 +0000 (+0000) Subject: builders: Drop passphrase X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=17cfc785c31676a593b6499f0f4e2faba645ee0c;p=pbs.git builders: Drop passphrase Builders are now being authenticated using Kerberos. Signed-off-by: Michael Tremer --- diff --git a/Makefile.am b/Makefile.am index 73d4ef0c..26ab3771 100644 --- a/Makefile.am +++ b/Makefile.am @@ -198,8 +198,7 @@ dist_templates_builders_DATA = \ src/templates/builders/detail.html \ src/templates/builders/edit.html \ src/templates/builders/list.html \ - src/templates/builders/new.html \ - src/templates/builders/pass.html + src/templates/builders/new.html templates_buildersdir = $(templatesdir)/builders diff --git a/src/buildservice/builders.py b/src/buildservice/builders.py index 203ce1cb..7027533a 100644 --- a/src/buildservice/builders.py +++ b/src/buildservice/builders.py @@ -43,15 +43,12 @@ class Builders(base.Object): builder = self._get_builder("INSERT INTO builders(name) \ VALUES(%s) RETURNING *", name) - # Generate a new passphrase. - passphrase = builder.regenerate_passphrase() - # Log what we have done. if log: builder.log("created", user=user) # The Builder object and the passphrase are returned. - return builder, passphrase + return builder def get_by_id(self, builder_id): return self._get_builder("SELECT * FROM builders WHERE id = %s", builder_id) @@ -247,31 +244,6 @@ class Builder(base.DataObject): self.db.execute("INSERT INTO builders_history(builder_id, action, user_id, time) \ VALUES(%s, %s, %s, NOW())", self.id, action, user_id) - def regenerate_passphrase(self): - """ - Generates a new random passphrase and stores it as a salted hash - to the database. - - The new passphrase is returned to be sent to the user (once). - """ - # Generate a random string with 40 chars. - passphrase = misc.generate_random_string(length=40) - - # Create salted hash. - passphrase_hash = generate_password_hash(passphrase) - - # Store the hash in the database. - self._set_attribute("passphrase", passphrase_hash) - - # Return the clear-text passphrase. - return passphrase - - def validate_passphrase(self, passphrase): - """ - Compare the given passphrase with the one stored in the database. - """ - return check_password_hash(passphrase, self.data.passphrase) - # Description def set_description(self, description): @@ -482,10 +454,6 @@ class Builder(base.DataObject): def hostname(self): return self.name - @property - def passphrase(self): - return self.data.passphrase - @property def pakfire_version(self): return self.data.pakfire_version or "" diff --git a/src/database.sql b/src/database.sql index e2a5ff4d..3ffce8cb 100644 --- a/src/database.sql +++ b/src/database.sql @@ -94,7 +94,6 @@ ALTER TABLE public.builder_stats OWNER TO pakfire; CREATE TABLE public.builders ( id integer NOT NULL, name text NOT NULL, - passphrase text, description text, enabled boolean DEFAULT false NOT NULL, deleted boolean DEFAULT false NOT NULL, diff --git a/src/templates/builders/pass.html b/src/templates/builders/pass.html deleted file mode 100644 index 45c5623d..00000000 --- a/src/templates/builders/pass.html +++ /dev/null @@ -1,50 +0,0 @@ -{% extends "../base.html" %} - -{% block body %} -
-
- -
-
- -
-
-

- {{ _("Builder") }}: {{ builder.name }} -

-
-
- -
-
-

- {% if action == "new" %} - {{ _("The new host") }} {{ builder.name }} {{ _("has been successfully created.") }} - {% elif action == "update" %} - {{ _("The passphrase for") }} {{ builder.name }} {{ _("has been regenerated.") }} - {% end %} -
- {{ _("For authorization to the Pakfire Master Server there is a passphrase required which must be configured to the host.") }} -

- -

- {{ _("This passphrase is:") }} {{ passphrase }} -

-
-
- -
-
- {{ _("Next") }} -
-
-{% end block %} diff --git a/src/web/__init__.py b/src/web/__init__.py index 5c9afbbf..95b96ffc 100644 --- a/src/web/__init__.py +++ b/src/web/__init__.py @@ -165,7 +165,6 @@ class Application(tornado.web.Application): (r"/builders/new", builders.BuilderNewHandler), (r"/builders/([A-Za-z0-9\-\.]+)/delete", builders.BuilderDeleteHandler), (r"/builders/([A-Za-z0-9\-\.]+)/edit", builders.BuilderEditHandler), - (r"/builders/([A-Za-z0-9\-\.]+)/renew", builders.BuilderRenewPassphraseHandler), (r"/builders/([A-Za-z0-9\-\.]+)", builders.BuilderDetailHandler), # Distributions diff --git a/src/web/builders.py b/src/web/builders.py index 241d29c4..dd74c6e7 100644 --- a/src/web/builders.py +++ b/src/web/builders.py @@ -32,12 +32,11 @@ class BuilderNewHandler(base.BaseHandler): name = self.get_argument("name") - # Create a new builder. - builder, passphrase = \ - self.backend.builders.create(name, user=self.current_user) + # Create a new builder + with self.db.transaction(): + builder = self.backend.builders.create(name, user=self.current_user) - self.render("builders/pass.html", action="new", builder=builder, - passphrase=passphrase) + self.redirect("/builders/%s" % builder.hostname) class BuilderEditHandler(base.BaseHandler): @@ -67,17 +66,6 @@ class BuilderEditHandler(base.BaseHandler): self.redirect("/builders/%s" % builder.hostname) -class BuilderRenewPassphraseHandler(base.BaseHandler): - @tornado.web.authenticated - def get(self, name): - builder = self.backend.builders.get_by_name(name) - - passphrase = builder.regenerate_passphrase() - - self.render("builders/pass.html", action="update", builder=builder, - passphrase=passphrase) - - class BuilderDeleteHandler(base.BaseHandler): @tornado.web.authenticated def get(self, name): @@ -89,7 +77,7 @@ class BuilderDeleteHandler(base.BaseHandler): if not self.current_user.has_perm("builders"): raise tornado.web.HTTPError(403) - confirmed = self.get_argument("confirmed", None) + confirmed = self.get_argument("confirmed", None) if confirmed: with self.db.transaction(): builder.deleted = True