Skip to content

Commit

Permalink
Merge pull request #151 from telefonicaid/feature/118_use_idm_id_inst…
Browse files Browse the repository at this point in the history 
…ead_of_email

hardening/118_use_idm_id_instead_of_email
  • Loading branch information
@pcoello25
pcoello25 committed Feb 3, 2016
2 parents f3e836b + 883a034 commit 6518188
Show file tree
Hide file tree
Showing 9 changed files with 75 additions and 216 deletions.
1 change: 1 addition & 0 deletions CHANGES_NEXT_RELEASE
View file
Original file line number Diff line number Diff line change
@@ -1,2 +1,3 @@
- [cosmos-gui] [FEATURE] Use the ID registered at the Identity Manager as Cosmos user (#118)
- [cosmos-auth] [HARDENING] Rename server.js as cosmos_auth.js (#139)
- [cosmos-gui] [HARDENING] Rename app.js as cosmos_gui.js (#135)
1 change: 0 additions & 1 deletion cosmos-gui/Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,6 @@ MOCHA_OPTIONS = --ui tdd
test:
@clear
@echo "***** STARTING TESTS *****"
@./node_modules/mocha/bin/mocha --reporter $(REPORTER) $(MOCHA_OPTIONS) test/node/app_utils_test.js
@./node_modules/mocha/bin/mocha --reporter $(REPORTER) $(MOCHA_OPTIONS) test/node/mysql_driver_test.js
@echo "****** TESTS ENDED *******"

Expand Down
Binary file modified cosmos-gui/doc/images/cosmos_gui__profile.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
5 changes: 3 additions & 2 deletions cosmos-gui/resources/mysql_db_and_tables.sql
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,9 @@ CREATE DATABASE IF NOT EXISTS cosmos;
USE cosmos;

CREATE TABLE cosmos_user (
idm_username VARCHAR(128) NOT NULL PRIMARY KEY UNIQUE,
username TEXT NOT NULL, password TEXT NOT NULL,
id VARCHAR(128) NOT NULL PRIMARY KEY UNIQUE,
email TEXT NOT NULL,
password TEXT NOT NULL,
hdfs_quota BIGINT NOT NULL,
hdfs_used BIGINT NOT NULL,
fs_used BIGINT NOT NULL,
Expand Down
22 changes: 1 addition & 21 deletions cosmos-gui/src/app_utils.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -126,27 +126,7 @@ function provisionPassword(res, clusterPrivKey, clusterUser, clusterEndpoint, us
})
} // provisionPassword

function buildUsername(username, index, callback) {
if (usersBlacklist.indexOf(username) > -1) {
logger.error('The base username "' + username + '" is not allowed');
return callback(null);
} // if

mysqlDriver.getUserByCosmosUser(username + (index == 0 ? '' : index), function (error, result) {
if (error) {
logger.error('There was some error when getting user information from the ' + 'database', error);
callback(null);
} else if (result[0]) {
index += 1;
return buildUsername(username, index, callback);
} else {
callback(username + (index == 0 ? '' : index));
} // if else
});
} // buildUsername

module.exports = {
provisionCluster: provisionCluster,
provisionPassword: provisionPassword,
buildUsername: buildUsername
provisionPassword: provisionPassword
} // module.exports
109 changes: 54 additions & 55 deletions cosmos-gui/src/cosmos_gui.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -106,11 +106,14 @@ app.get('/', function (req, res) {
res.status(boomError.output.statusCode).send(boomError.output.payload.message);
} else {
// Get the user's IdM email (username)
var idm_username = JSON.parse(response).email;
req.session.idm_username = idm_username;

// Check if the user, given its IdM username, has a Cosmos account
mysqlDriver.getUser(idm_username, function(error, result) {
var jsonResponse = JSON.parse(response);
var user_id = jsonResponse.id;
var user_email = jsonResponse.email;
req.session.user_email = user_email;
req.session.user_id = user_id;

// Check if the user, given its IdM id, has a Cosmos account
mysqlDriver.getUser(user_id, function(error, result) {
if (error) {
var boomError = boom.badData('There was some error when getting user information from the ' + 'database', error);
logger.error('There was some error when getting user information from the ' + 'database', error);
Expand Down Expand Up @@ -156,61 +159,58 @@ app.get('/auth', function(req, res) {
});

app.post('/new_account', function(req, res) {
var idm_username = req.session.idm_username;

appUtils.buildUsername(idm_username.split('@')[0], 0, function(username) {
var password1 = req.body.password1;
var password2 = req.body.password2;

if ((password1 === password2) && (username != null)) {
mysqlDriver.addUser(idm_username, username, password1, hdfsQuota, function(error, result) {
if (error) {
var boomError = boom.badData('There was some error when adding information in the database for user '+ username, error);
logger.error('There was some error when adding information in the database for user '+ username);
res.status(boomError.output.statusCode).send(boomError.output.payload.message);
} else {
logger.info('Successful information added to the database for user ' + username);
var user_id = req.session.user_id;
var user_email = req.session.user_email;
var password1 = req.body.password1;
var password2 = req.body.password2;

if (scEndpoint === ccEndpoint) {
// Just one provision step instead of two
appUtils.provisionCluster(res, scPrivKey, scUser, scEndpoint, hdfsSuperuser, hdfsQuota, username, password1);
} else {
// Two different provision steps
appUtils.provisionCluster(res, scPrivKey, scUser, scEndpoint, hdfsSuperuser, hdfsQuota, username, password1);
appUtils.provisionCluster(res, ccPrivKey, ccUser, ccEndpoint, hdfsSuperuser, hdfsQuota, username, password1);
} // if else
if (password1 === password2) {
mysqlDriver.addUser(user_id, user_email, password1, hdfsQuota, function(error, result) {
if (error) {
var boomError = boom.badData('There was some error when adding information in the database for user '+ user_id, error);
logger.error('There was some error when adding information in the database for user '+ user_id);
res.status(boomError.output.statusCode).send(boomError.output.payload.message);
} else {
logger.info('Successful information added to the database for user ' + user_id);

res.redirect('/');
if (scEndpoint === ccEndpoint) {
// Just one provision step instead of two
appUtils.provisionCluster(res, scPrivKey, scUser, scEndpoint, hdfsSuperuser, hdfsQuota, user_id, password1);
} else {
// Two different provision steps
appUtils.provisionCluster(res, scPrivKey, scUser, scEndpoint, hdfsSuperuser, hdfsQuota, user_id, password1);
appUtils.provisionCluster(res, ccPrivKey, ccUser, ccEndpoint, hdfsSuperuser, hdfsQuota, user_id, password1);
} // if else
});
} else {
res.redirect('/');
} // if else
});

res.redirect('/');
} // if else
});
} else {
res.redirect('/');
} // if else
});

app.post('/new_password', function(req, res) {
var idm_username = req.session.idm_username;
var username = req.session.username;
var user_id = req.session.user_id;
var password1 = req.body.password1;
var password2 = req.body.password2;

if (password1 === password2) {
mysqlDriver.addPassword(idm_username, password1, function(error, result) {
mysqlDriver.addPassword(user_id, password1, function(error, result) {
if (error) {
var boomError = boom.badData('There was an error while setting up the password for user ' + username, error);
logger.error('There was an error while setting up the password for user ' + username, error);
var boomError = boom.badData('There was an error while setting up the password for user ' + user_id, error);
logger.error('There was an error while setting up the password for user ' + user_id, error);
res.status(boomError.output.statusCode).send(boomError.output.payload.message);
} else {
logger.info('Successful information added to the database for user ' + username);
logger.info('Successful information added to the database for user ' + user_id);

if (scEndpoint === ccEndpoint) {
// Just one provision step instead of two
appUtils.provisionPassword(res, scPrivKey, scUser, scEndpoint, username, password1);
appUtils.provisionPassword(res, scPrivKey, scUser, scEndpoint, user_id, password1);
} else {
// Two different provision steps
appUtils.provisionPassword(res, scPrivKey, scUser, scEndpoint, username, password1);
appUtils.provisionPassword(res, ccPrivKey, ccUser, ccEndpoint, username, password1);
appUtils.provisionPassword(res, scPrivKey, scUser, scEndpoint, user_id, password1);
appUtils.provisionPassword(res, ccPrivKey, ccUser, ccEndpoint, user_id, password1);
} // if else

res.redirect('/');
Expand All @@ -226,27 +226,26 @@ app.get('/change_password', function(req, res) {
});

app.post('/change_password', function(req, res) {
var idm_username = req.session.idm_username;
var username = req.session.username;
var user_id = req.session.user_id;
var password1 = req.body.password1;
var password2 = req.body.password2;

if (password1 === password2) {
mysqlDriver.addPassword(idm_username, password1, function(error, result) {
mysqlDriver.addPassword(user_id, password1, function(error, result) {
if (error) {
var boomError = boom.badData('There was an error while setting up the password for user ' + username, error);
logger.error('There was an error while setting up the password for user ' + username, error);
var boomError = boom.badData('There was an error while setting up the password for user ' + user_id, error);
logger.error('There was an error while setting up the password for user ' + user_id, error);
res.status(boomError.output.statusCode).send(boomError.output.payload.message);
} else {
logger.info('Successful information added to the database for user ' + username);
logger.info('Successful information added to the database for user ' + user_id);

if (scEndpoint === ccEndpoint) {
// Just one provision step instead of two
appUtils.provisionPassword(res, scPrivKey, scUser, scEndpoint, username, password1);
appUtils.provisionPassword(res, scPrivKey, scUser, scEndpoint, user_id, password1);
} else {
// Two different provision steps
appUtils.provisionPassword(res, scPrivKey, scUser, scEndpoint, username, password1);
appUtils.provisionPassword(res, ccPrivKey, ccUser, ccEndpoint, username, password1);
appUtils.provisionPassword(res, scPrivKey, scUser, scEndpoint, user_id, password1);
appUtils.provisionPassword(res, ccPrivKey, ccUser, ccEndpoint, user_id, password1);
} // if else

res.redirect('/profile');
Expand All @@ -262,12 +261,12 @@ app.get('/dashboard', function(req, res) {
});

app.get('/profile', function(req, res) {
var idm_username = req.session.idm_username;
var user_id = req.session.user_id;

mysqlDriver.getUser(idm_username, function(error, result) {
mysqlDriver.getUser(user_id, function(error, result) {
if (error) {
var boomError = boom.badData('There was an error while retrieving profile for user ' + idm_username, error);
logger.error('There was an error while retrieving profile for user ' + idm_username, error);
var boomError = boom.badData('There was an error while retrieving profile for user ' + user_id, error);
logger.error('There was an error while retrieving profile for user ' + user_id, error);
res.status(boomError.output.statusCode).send(boomError.output.payload.message);
} else {
res.render('profile', { "results": result });
Expand Down
54 changes: 12 additions & 42 deletions cosmos-gui/src/mysql_driver.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,26 +37,26 @@ var pool = mysql.createPool({
database: mysqlConfig.database
});

function addUser(idm_username, username, password, hdfsQuota, callback) {
function addUser(id, email, password, hdfsQuota, callback) {
pool.getConnection(function(error, connection) {
if (error) {
if (callback) {
callback(error);
} // if
} else {
var query = connection.query(
'INSERT INTO cosmos_user (idm_username, username, password, hdfs_quota) ' +
'INSERT INTO cosmos_user (id, email, password, hdfs_quota) ' +
'VALUES (?, ?, ?, ?)',
[idm_username, username, password, hdfsQuota],
[id, email, password, hdfsQuota],
function (error, result) {
if (error) {
if (callback) {
callback(error);
} // if
} else {
logger.info('Successful insert: \'INSERT INTO cosmos_user ' +
'(idm_username, username, password, hdfs_quota) VALUES ' +
'(' + idm_username + ', ' + username + ', ' + password + ', ' + hdfsQuota + ')\'');
'(id, email, password, hdfs_quota) VALUES ' +
'(' + id + ', ' + email + ', ' + password + ', ' + hdfsQuota + ')\'');
connection.release();

if (callback) {
Expand All @@ -69,23 +69,23 @@ function addUser(idm_username, username, password, hdfsQuota, callback) {
});
} // addUser

function addPassword(idm_username, password, callback) {
function addPassword(id, password, callback) {
pool.getConnection(function(error, connection) {
if (error) {
if (callback) {
callback(error);
} // if
} else {
var query = connection.query(
'UPDATE cosmos_user SET password=\'' + password + '\' WHERE idm_username=\'' + idm_username + '\'',
'UPDATE cosmos_user SET password=\'' + password + '\' WHERE id=\'' + id + '\'',
function (error, result) {
if (error) {
if (callback) {
callback(error);
} // if
} else {
logger.info('Successful update: \'UPDATE cosmos_user SET password=\'' + password +
'\' WHERE idm_username=\'' + idm_username + '\'');
'\' WHERE id=\'' + id + '\'');
connection.release();

if (callback) {
Expand All @@ -98,23 +98,22 @@ function addPassword(idm_username, password, callback) {
});
} // addPassword

function getUser(idm_username, callback) {
function getUser(id, callback) {
pool.getConnection(function(error, connection) {
if (error) {
if (callback) {
callback(error);
} // if
} else {
var query = connection.query(
'SELECT * from cosmos_user WHERE idm_username=\'' + idm_username + '\'',
'SELECT * from cosmos_user WHERE id=\'' + id + '\'',
function (error, result) {
if (error) {
if (callback) {
callback(error);
} // if
} else {
logger.info('Successful select: \'SELECT * from cosmos_user WHERE idm_username=\'' +
idm_username + '\'');
logger.info('Successful select: \'SELECT * from cosmos_user WHERE id=\'' + id + '\'');
connection.release();

if (callback) {
Expand All @@ -127,37 +126,8 @@ function getUser(idm_username, callback) {
});
} // getUser

function getUserByCosmosUser(username, callback) {
pool.getConnection(function(error, connection) {
if (error) {
if (callback) {
callback(error);
} // if
} else {
var query = connection.query(
'SELECT * from cosmos_user WHERE username=\'' + username + '\'',
function (error, result) {
if (error) {
if (callback) {
callback(error);
} // if
} else {
logger.info('Successful select: \'SELECT * from cosmos_user WHERE username=\'' + username + '\'');
connection.release();

if (callback) {
callback(null, result);
} // if
} // if else
}
);
} // if else
});
} // getUserByCosmosUser

module.exports = {
addUser: addUser,
addPassword: addPassword,
getUser: getUser,
getUserByCosmosUser: getUserByCosmosUser
getUser: getUser
} // module.exports
Loading

0 comments on commit 6518188

Please sign in to comment.