REMOVE the user password provision

CHANGES_NEXT_RELEASE

@@ -1,3 +1,4 @@
 - [cosmos-gui] [FEATURE] Use the ID registered at the Identity Manager as Cosmos user (#118)
 - [cosmos-auth] [HARDENING] Rename server.js as cosmos_auth.js (#139)
 - [cosmos-gui] [HARDENING] Rename app.js as cosmos_gui.js (#135)
+- [cosmos-gui] [FEATURE] Remove ssh provision for users (#152)

cosmos-gui/resources/mysql_db_and_tables.sql

@@ -4,7 +4,6 @@ USE cosmos;
 CREATE TABLE cosmos_user (
 	id VARCHAR(128) NOT NULL PRIMARY KEY UNIQUE,
 	email TEXT NOT NULL,
-	password TEXT NOT NULL,
 	hdfs_quota BIGINT NOT NULL,
 	hdfs_used BIGINT NOT NULL,
 	fs_used BIGINT NOT NULL,

cosmos-gui/src/app_utils.js

@@ -27,10 +27,9 @@
 var boom = require('boom');
 var cmdRunner = require('./cmd_runner.js');
 var logger = require('./logger.js');
-var mysqlDriver = require('./mysql_driver.js');
 var usersBlacklist = require('../conf/cosmos-gui.json').users_blacklist;
 
-function provisionCluster(res, clusterPrivKey, clusterUser, clusterEndpoint, hdfsSuperuser, hdfsQuota, username, password) {
+function provisionCluster(res, clusterPrivKey, clusterUser, clusterEndpoint, hdfsSuperuser, hdfsQuota, username) {
     cmdRunner.run('ssh', ['-tt', '-i', clusterPrivKey, clusterUser + '@' + clusterEndpoint,
         'echo \'sudo useradd ' + username + '\' | sudo bash'], function(error, result) {
         if (error) {
@@ -43,90 +42,62 @@ function provisionCluster(res, clusterPrivKey, clusterUser, clusterEndpoint, hdf
         logger.info('Successful command executed: \'ssh -tt -i ' + clusterPrivKey + ' ' + clusterUser + '@' + clusterEndpoint
             + ' \"echo \'sudo useradd ' + username + '\' | sudo bash\"\'');
         cmdRunner.run('ssh', ['-tt', '-i', clusterPrivKey, clusterUser + '@' + clusterEndpoint,
-            'echo ' + password + ' | sudo passwd ' + username + ' --stdin'], function(error, result) {
+            'echo \'sudo -u ' + hdfsSuperuser + ' hadoop fs -mkdir /user/' + username + '\' | sudo bash'], function(error, result) {
             if (error) {
-                var boomError = boom.badData('There was an error while setting the password for user ' + username, error);
-                logger.error('There was an error while setting the password for user ' + username);
+                var boomError = boom.badData('There was an error while creating the HDFS folder for user ' + username, error);
+                logger.error('There was an error while creating the HDFS folder for user ' + username);
                 res.status(boomError.output.statusCode).send(boomError.output.payload.message);
                 return;
             } // if
 
             logger.info('Successful command executed: \'ssh -tt -i ' + clusterPrivKey + ' ' + clusterUser + '@' + clusterEndpoint
-                + ' \"echo ' + password + ' | sudo passwd ' + username + ' --stdin | sudo bash\"\'');
+                + ' \"echo \'sudo -u ' + hdfsSuperuser + ' hadoop fs -mkdir /user/' + username + '\' | sudo bash\"\'');
             cmdRunner.run('ssh', ['-tt', '-i', clusterPrivKey, clusterUser + '@' + clusterEndpoint,
-                'echo \'sudo -u ' + hdfsSuperuser + ' hadoop fs -mkdir /user/' + username + '\' | sudo bash'], function(error, result) {
+                'echo \'sudo -u ' + hdfsSuperuser + ' hadoop fs -chown -R ' + username + ':' + username + ' /user/' + username
+                + '\' | sudo bash'], function(error, result) {
                 if (error) {
-                    var boomError = boom.badData('There was an error while creating the HDFS folder for user ' + username, error);
-                    logger.error('There was an error while creating the HDFS folder for user ' + username);
+                    var boomError = boom.badData('There was an error while changing the ownership of /user/' + username, error);
+                    logger.error('There was an error while changing the ownership of /user/' + username);
                     res.status(boomError.output.statusCode).send(boomError.output.payload.message);
                     return;
                 } // if
 
-                logger.info('Successful command executed: \'ssh -tt -i ' + clusterPrivKey + ' ' + clusterUser + '@' + clusterEndpoint
-                    + ' \"echo \'sudo -u ' + hdfsSuperuser + ' hadoop fs -mkdir /user/' + username + '\' | sudo bash\"\'');
+                logger.info('Successful command executed: \'ssh -tt -i ' + clusterPrivKey + ' ' + clusterUser + '@'
+                    + clusterEndpoint + ' \"echo \'sudo -u ' + hdfsSuperuser + ' hadoop fs -chown -R ' + username + ':'
+                    + username + ' /user/' + username + '\' | sudo bash\"\'');
                 cmdRunner.run('ssh', ['-tt', '-i', clusterPrivKey, clusterUser + '@' + clusterEndpoint,
-                    'echo \'sudo -u ' + hdfsSuperuser + ' hadoop fs -chown -R ' + username + ':' + username + ' /user/' + username
-                    + '\' | sudo bash'], function(error, result) {
+                    'echo \'sudo -u ' + hdfsSuperuser + ' hadoop fs -chmod -R 740 /user/' + username + '\' | sudo bash'],
+                    function(error, result) {
                     if (error) {
-                        var boomError = boom.badData('There was an error while changing the ownership of /user/' + username, error);
-                        logger.error('There was an error while changing the ownership of /user/' + username);
+                        var boomError = boom.badData('There was an error while changing the permissions to /user/' + username, error);
+                        logger.error('There was an error while changing the permissions to /user/' + username);
                         res.status(boomError.output.statusCode).send(boomError.output.payload.message);
                         return;
                     } // if
 
                     logger.info('Successful command executed: \'ssh -tt -i ' + clusterPrivKey + ' ' + clusterUser + '@'
-                        + clusterEndpoint + ' \"echo \'sudo -u ' + hdfsSuperuser + ' hadoop fs -chown -R ' + username + ':'
-                        + username + ' /user/' + username + '\' | sudo bash\"\'');
+                        + clusterEndpoint + ' \"echo \'sudo -u ' + hdfsSuperuser + ' hadoop fs -chmod -R 740 /user/'
+                        + username + '\' | sudo bash\"\'');
                     cmdRunner.run('ssh', ['-tt', '-i', clusterPrivKey, clusterUser + '@' + clusterEndpoint,
-                        'echo \'sudo -u ' + hdfsSuperuser + ' hadoop fs -chmod -R 740 /user/' + username + '\' | sudo bash'],
-                        function(error, result) {
+                        'echo \'sudo -u ' + hdfsSuperuser + ' hadoop dfsadmin -setSpaceQuota ' + hdfsQuota + 'g /user/'
+                        + username + '\' | sudo bash'], function(error, result) {
                         if (error) {
-                            var boomError = boom.badData('There was an error while changing the permissions to /user/' + username, error);
-                            logger.error('There was an error while changing the permissions to /user/' + username);
+                            var boomError = boom.badData('There was an error while setting the quota to /user/' + username, error);
+                            logger.error('There was an error while setting the quota to /user/' + username);
                             res.status(boomError.output.statusCode).send(boomError.output.payload.message);
                             return;
                         } // if
 
                         logger.info('Successful command executed: \'ssh -tt -i ' + clusterPrivKey + ' ' + clusterUser + '@'
-                            + clusterEndpoint + ' \"echo \'sudo -u ' + hdfsSuperuser + ' hadoop fs -chmod -R 740 /user/'
-                            + username + '\' | sudo bash\"\'');
-                        cmdRunner.run('ssh', ['-tt', '-i', clusterPrivKey, clusterUser + '@' + clusterEndpoint,
-                            'echo \'sudo -u ' + hdfsSuperuser + ' hadoop dfsadmin -setSpaceQuota ' + hdfsQuota + 'g /user/'
-                            + username + '\' | sudo bash'], function(error, result) {
-                            if (error) {
-                                var boomError = boom.badData('There was an error while setting the quota to /user/' + username, error);
-                                logger.error('There was an error while setting the quota to /user/' + username);
-                                res.status(boomError.output.statusCode).send(boomError.output.payload.message);
-                                return;
-                            } // if
-
-                            logger.info('Successful command executed: \'ssh -tt -i ' + clusterPrivKey + ' ' + clusterUser + '@'
-                                + clusterEndpoint + ' \"echo \'sudo -u ' + hdfsSuperuser + ' hadoop dfsadmin -setSpaceQuota '
-                                + hdfsQuota + 'g /user/' + username + '\' | sudo bash\"\'');
-                        })
+                            + clusterEndpoint + ' \"echo \'sudo -u ' + hdfsSuperuser + ' hadoop dfsadmin -setSpaceQuota '
+                            + hdfsQuota + 'g /user/' + username + '\' | sudo bash\"\'');
                     })
                 })
             })
         })
     })
 } // provisionCluster
 
-function provisionPassword(res, clusterPrivKey, clusterUser, clusterEndpoint, username, password) {
-    cmdRunner.run('ssh', ['-tt', '-i', clusterPrivKey, clusterUser + '@' + clusterEndpoint,
-        'echo ' + password + ' | sudo passwd ' + username + ' --stdin'], function(error, result) {
-        if (error) {
-            var boomError = boom.badData('There was an error while setting the password for user ' + username, error);
-            logger.error('There was an error while setting the password for user ' + username);
-            res.status(boomError.output.statusCode).send(boomError.output.payload.message);
-            return;
-        } // if
-
-        logger.info('Successful command executed: \'ssh -tt -i ' + clusterPrivKey + ' ' + clusterUser + '@' + clusterEndpoint
-            + ' \"echo ' + password + ' | sudo passwd ' + username + ' --stdin | sudo bash\"\'');
-    })
-} // provisionPassword
-
 module.exports = {
-    provisionCluster: provisionCluster,
-    provisionPassword: provisionPassword
+    provisionCluster: provisionCluster
 } // module.exports

cosmos-gui/src/cosmos_gui.js

@@ -120,14 +120,9 @@ app.get('/', function (req, res) {
                         res.status(boomError.output.statusCode).send(boomError.output.payload.message);
                     } else if (result[0]) {
                         req.session.username = result[0].username;
-
-                        if (result[0].password) {
-                            res.render('dashboard'); // both old and new Cosmos users with password
-                        } else {
-                            res.render('new_password'); // old Cosmos users not having a password
-                        } // if else
+                        res.render('dashboard');
                     } else {
-                        res.render('new_account'); // new Cosmos users not having a username
+                        res.redirect('new_account');
                     } // if else
                 });
             } // if else
@@ -161,99 +156,27 @@ app.get('/auth', function(req, res) {
 app.post('/new_account', function(req, res) {
     var user_id = req.session.user_id;
     var user_email = req.session.user_email;
-    var password1 = req.body.password1;
-    var password2 = req.body.password2;
-
-    if (password1 === password2) {
-        mysqlDriver.addUser(user_id, user_email, password1, hdfsQuota, function(error, result) {
-            if (error) {
-                var boomError = boom.badData('There was some error when adding information in the database for user '+ user_id, error);
-                logger.error('There was some error when adding information in the database for user '+ user_id);
-                res.status(boomError.output.statusCode).send(boomError.output.payload.message);
-            } else {
-                logger.info('Successful information added to the database for user ' + user_id);
-
-                if (scEndpoint === ccEndpoint) {
-                    // Just one provision step instead of two
-                    appUtils.provisionCluster(res, scPrivKey, scUser, scEndpoint, hdfsSuperuser, hdfsQuota, user_id, password1);
-                } else {
-                    // Two different provision steps
-                    appUtils.provisionCluster(res, scPrivKey, scUser, scEndpoint, hdfsSuperuser, hdfsQuota, user_id, password1);
-                    appUtils.provisionCluster(res, ccPrivKey, ccUser, ccEndpoint, hdfsSuperuser, hdfsQuota, user_id, password1);
-                } // if else
-
-                res.redirect('/');
-            } // if else
-        });
-    } else {
-        res.redirect('/');
-    } // if else
-});
 
-app.post('/new_password', function(req, res) {
-    var user_id = req.session.user_id;
-    var password1 = req.body.password1;
-    var password2 = req.body.password2;
+    mysqlDriver.addUser(user_id, user_email, password1, hdfsQuota, function(error, result) {
+        if (error) {
+            var boomError = boom.badData('There was some error when adding information in the database for user '+ user_id, error);
+            logger.error('There was some error when adding information in the database for user '+ user_id);
+            res.status(boomError.output.statusCode).send(boomError.output.payload.message);
+        } else {
+            logger.info('Successful information added to the database for user ' + user_id);
 
-    if (password1 === password2) {
-        mysqlDriver.addPassword(user_id, password1, function(error, result) {
-            if (error) {
-                var boomError = boom.badData('There was an error while setting up the password for user ' + user_id, error);
-                logger.error('There was an error while setting up the password for user ' + user_id, error);
-                res.status(boomError.output.statusCode).send(boomError.output.payload.message);
+            if (scEndpoint === ccEndpoint) {
+                // Just one provision step instead of two
+                appUtils.provisionCluster(res, scPrivKey, scUser, scEndpoint, hdfsSuperuser, hdfsQuota, user_id);
             } else {
-                logger.info('Successful information added to the database for user ' + user_id);
-
-                if (scEndpoint === ccEndpoint) {
-                    // Just one provision step instead of two
-                    appUtils.provisionPassword(res, scPrivKey, scUser, scEndpoint, user_id, password1);
-                } else {
-                    // Two different provision steps
-                    appUtils.provisionPassword(res, scPrivKey, scUser, scEndpoint, user_id, password1);
-                    appUtils.provisionPassword(res, ccPrivKey, ccUser, ccEndpoint, user_id, password1);
-                } // if else
-
-                res.redirect('/');
+                // Two different provision steps
+                appUtils.provisionCluster(res, scPrivKey, scUser, scEndpoint, hdfsSuperuser, hdfsQuota, user_id);
+                appUtils.provisionCluster(res, ccPrivKey, ccUser, ccEndpoint, hdfsSuperuser, hdfsQuota, user_id);
             } // if else
-        })
-    } else {
-        res.redirect('/');
-    } // if else
-});
 
-app.get('/change_password', function(req, res) {
-    res.render('change_password');
-});
-
-app.post('/change_password', function(req, res) {
-    var user_id = req.session.user_id;
-    var password1 = req.body.password1;
-    var password2 = req.body.password2;
-
-    if (password1 === password2) {
-        mysqlDriver.addPassword(user_id, password1, function(error, result) {
-            if (error) {
-                var boomError = boom.badData('There was an error while setting up the password for user ' + user_id, error);
-                logger.error('There was an error while setting up the password for user ' + user_id, error);
-                res.status(boomError.output.statusCode).send(boomError.output.payload.message);
-            } else {
-                logger.info('Successful information added to the database for user ' + user_id);
-
-                if (scEndpoint === ccEndpoint) {
-                    // Just one provision step instead of two
-                    appUtils.provisionPassword(res, scPrivKey, scUser, scEndpoint, user_id, password1);
-                } else {
-                    // Two different provision steps
-                    appUtils.provisionPassword(res, scPrivKey, scUser, scEndpoint, user_id, password1);
-                    appUtils.provisionPassword(res, ccPrivKey, ccUser, ccEndpoint, user_id, password1);
-                } // if else
-
-                res.redirect('/profile');
-            } // if else
-        })
-    } else {
-        res.render('change_password');
-    } // if else
+            res.redirect('/');
+        } // if else
+    });
 });
 
 app.get('/dashboard', function(req, res) {

cosmos-gui/src/mysql_driver.js

@@ -37,26 +37,26 @@ var pool = mysql.createPool({
     database: mysqlConfig.database
 });
 
-function addUser(id, email, password, hdfsQuota, callback) {
+function addUser(id, email, hdfsQuota, callback) {
     pool.getConnection(function(error, connection) {
         if (error) {
             if (callback) {
                 callback(error);
             } // if
         } else {
             var query = connection.query(
-                'INSERT INTO cosmos_user (id, email, password, hdfs_quota) ' +
-                'VALUES (?, ?, ?, ?)',
-                [id, email, password, hdfsQuota],
+                'INSERT INTO cosmos_user (id, email, hdfs_quota) ' +
+                'VALUES (?, ?, ?)',
+                [id, email, hdfsQuota],
                 function (error, result) {
                     if (error) {
                         if (callback) {
                             callback(error);
                         } // if
                     } else {
                         logger.info('Successful insert: \'INSERT INTO cosmos_user ' +
-                            '(id, email, password, hdfs_quota) VALUES ' +
-                            '(' + id + ', ' + email + ', ' + password + ', ' + hdfsQuota + ')\'');
+                            '(id, email, hdfs_quota) VALUES ' +
+                            '(' + id + ', ' + email + ', ' + hdfsQuota + ')\'');
                         connection.release();
 
                         if (callback) {
@@ -69,35 +69,6 @@ function addUser(id, email, password, hdfsQuota, callback) {
     });
 } // addUser
 
-function addPassword(id, password, callback) {
-    pool.getConnection(function(error, connection) {
-        if (error) {
-            if (callback) {
-                callback(error);
-            } // if
-        } else {
-            var query = connection.query(
-                'UPDATE cosmos_user SET password=\'' + password + '\' WHERE id=\'' + id + '\'',
-                function (error, result) {
-                    if (error) {
-                        if (callback) {
-                            callback(error);
-                        } // if
-                    } else {
-                        logger.info('Successful update: \'UPDATE cosmos_user SET password=\'' + password +
-                            '\' WHERE id=\'' + id + '\'');
-                        connection.release();
-
-                        if (callback) {
-                            callback(null, result);
-                        } // if
-                    } // if else
-                }
-            );
-        } // if else
-    });
-} // addPassword
-
 function getUser(id, callback) {
     pool.getConnection(function(error, connection) {
         if (error) {
@@ -128,6 +99,5 @@ function getUser(id, callback) {
 
 module.exports = {
     addUser: addUser,
-    addPassword: addPassword,
     getUser: getUser
 } // module.exports