Fixes #13333: Update all rudder dependencies in rudder

Normation · Aug 29, 2018 · d295c3f · d295c3f
1 parent c1c734a
commit d295c3f
Show file tree

Hide file tree

Showing 8 changed files with 73 additions and 56 deletions.
diff --git a/rudder-core/src/main/scala/com/normation/rudder/repository/xml/GitArchiverUtils.scala b/rudder-core/src/main/scala/com/normation/rudder/repository/xml/GitArchiverUtils.scala
@@ -295,16 +295,15 @@ trait GitArchiverFullCommitUtils extends Loggable {
     import org.eclipse.jgit.errors.IncorrectObjectTypeException
     import org.eclipse.jgit.lib._
     import org.eclipse.jgit.revwalk._
-    import scala.collection.mutable.{ ArrayBuffer, Map => MutMap }
+    import scala.collection.mutable.ArrayBuffer
 
-    var refList = MutMap[String,Ref]()
     val revWalk = new RevWalk(gitRepo.db)
     val tags = ArrayBuffer[RevTag]()
 
     try {
-      refList = gitRepo.db.getRefDatabase().getRefs(Constants.R_TAGS).asScala
+      val refList = gitRepo.db.getRefDatabase().getRefsByPrefix(Constants.R_TAGS).asScala
 
-      refList.values.foreach { ref =>
+      refList.foreach { ref =>
         try {
           val tag = revWalk.parseTag(ref.getObjectId())
           tags.append(tag)

diff --git a/rudder-templates-cli/src/main/scala/com/normation/templates/cli/TemplateCli.scala b/rudder-templates-cli/src/main/scala/com/normation/templates/cli/TemplateCli.scala
@@ -41,11 +41,9 @@ import java.io.File
 import com.normation.templates.FillTemplatesService
 import com.normation.templates.STVariable
 import com.normation.utils.Control._
-import org.apache.commons.io.FileUtils
 import net.liftweb.common._
 import net.liftweb.json._
 import scopt.OptionParser
-import org.apache.commons.io.IOUtils
 import java.nio.charset.StandardCharsets
 
 /**

diff --git a/rudder-web/src/main/resources/applicationContext-security-auth-file.xml b/rudder-web/src/main/resources/applicationContext-security-auth-file.xml
@@ -34,9 +34,11 @@ along with Rudder.  If not, see <http://www.gnu.org/licenses/>.
 -->
 
 <beans:beans xmlns="http://www.springframework.org/schema/security"
-    xmlns:beans="http://www.springframework.org/schema/beans"
-    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
-                        http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd">
+  xmlns:beans="http://www.springframework.org/schema/beans"
+  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  xsi:schemaLocation="http://www.springframework.org/schema/beans
+		http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
+		http://www.springframework.org/schema/security
+		http://www.springframework.org/schema/security/spring-security.xsd">
 
 </beans:beans>
diff --git a/rudder-web/src/main/resources/applicationContext-security.xml b/rudder-web/src/main/resources/applicationContext-security.xml
@@ -34,10 +34,12 @@ along with Rudder.  If not, see <http://www.gnu.org/licenses/>.
 -->
 
 <beans:beans xmlns="http://www.springframework.org/schema/security"
-    xmlns:beans="http://www.springframework.org/schema/beans"
-    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
-                        http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd">
+  xmlns:beans="http://www.springframework.org/schema/beans"
+  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  xsi:schemaLocation="http://www.springframework.org/schema/beans
+		http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
+		http://www.springframework.org/schema/security
+		http://www.springframework.org/schema/security/spring-security.xsd">
 
 <!--    <global-method-security pre-post-annotations="enabled">-->
 <!--         AspectJ pointcut expression that locates our "post" method and applies security that way-->
@@ -48,13 +50,15 @@ along with Rudder.  If not, see <http://www.gnu.org/licenses/>.
     <http pattern="/style/**" security="none"/>
     <http pattern="/images/**" security="none"/>
     <http pattern="/javascript/**" security="none"/>
+    <http pattern="/cache-**" security="none"/>
 
     <http pattern="/api/**" create-session="stateless" entry-point-ref="restAuthenticationEntryPoint">
       <intercept-url pattern='/**' access='ROLE_REMOTE' />
       <custom-filter position="BASIC_AUTH_FILTER" ref="restAuthenticationFilter" />
     </http>
 
     <http use-expressions="true" disable-url-rewriting="true">
+        <csrf disabled="true"/>
         <session-management session-fixation-protection="migrateSession">
           <!--
             One can control the maximum concurrent session to have in parallel.

diff --git a/rudder-web/src/main/resources/content-types.properties b/rudder-web/src/main/resources/content-types.properties
@@ -1,10 +1,10 @@
 #
-# A extension/content-type header mapping, used to add the correct header 
+# A extension/content-type header mapping, used to add the correct header
 # (in particular for our cached resources)
 # Reference can be found in http://svn.apache.org/repos/asf/httpd/httpd/trunk/docs/conf/mime.types
 #
 # File format is a java specific one...
-# 
+#
 # Property fields:
 #
 #   <description> ::= 'description' '=' <descriptive string>
@@ -28,7 +28,7 @@ unknown/unknown: description=Unknown Data Type
 temp.file.template: /tmp/%s
 
 #
-# Common types that are missing... sight. 
+# Common types that are missing... sight.
 #
 text/thml: \
   description=HTML;\
@@ -38,7 +38,7 @@ image/x-iconl: \
   description=Format icon;\
   file_extensions=.ico
 
-application/js: \
+application/javascript: \
   description=JavaScript;\
   file_extensions=.js
 
@@ -65,18 +65,18 @@ application/xhtml+xml: \
 text/css: \
   description=CSS;\
   file_extensions=.css,.less
-  
+
 application/vnd.ms-fontobject: \
   description=EOT Fonts;\
   file_extensions=.eot
-  
+
 application/x-font-otf: \
   description=OTF Fonts;\
   file_extensions=.otf
 
 
 #
-# Type from the original file. 
+# Type from the original file.
 #
 application/octet-stream: \
   description=Generic Binary Stream;\

diff --git a/rudder-web/src/main/scala/bootstrap/liftweb/AppConfigAuth.scala b/rudder-web/src/main/scala/bootstrap/liftweb/AppConfigAuth.scala
@@ -40,7 +40,6 @@ package bootstrap.liftweb
 import java.util.Collection
 
 import bootstrap.liftweb.RudderProperties.config
-import com.github.ghik.silencer.silent
 import com.normation.rudder.Role
 import com.normation.rudder.RoleToRights
 import com.normation.rudder.RudderAccount
@@ -68,11 +67,9 @@ import org.springframework.context.support.ClassPathXmlApplicationContext
 import org.springframework.ldap.core.DirContextAdapter
 import org.springframework.ldap.core.DirContextOperations
 import org.springframework.security.authentication.AuthenticationProvider
-import org.springframework.security.authentication.BadCredentialsException
 import org.springframework.security.authentication.ProviderManager
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken
 import org.springframework.security.authentication.dao.DaoAuthenticationProvider
-import org.springframework.security.authentication.encoding.PlaintextPasswordEncoder
 import org.springframework.security.core.AuthenticationException
 import org.springframework.security.core.GrantedAuthority
 import org.springframework.security.core.context.SecurityContextHolder
@@ -149,7 +146,7 @@ class AppConfigAuth extends ApplicationContextAware {
 
     val ctx = new ClassPathXmlApplicationContext(applicationContext)
     ctx.addBeanFactoryPostProcessor(propertyConfigurer)
-    ctx.setConfigLocations(configuredAuthProviders.map( _.configFile ).toArray)
+    ctx.setConfigLocations(configuredAuthProviders.map( _.configFile ).toSeq:_*)
     ctx.refresh
     appCtx = ctx
   }
@@ -212,7 +209,7 @@ class AppConfigAuth extends ApplicationContextAware {
     }
 
     val authConfigProvider = new UserDetailListProvider {
-      override def authConfig: UserDetailList = UserDetailList(new PlaintextPasswordEncoder, admins)
+      override def authConfig: UserDetailList = UserDetailList(PasswordEncoder.PlainText, admins)
     }
     val provider = new DaoAuthenticationProvider()
     provider.setUserDetailsService(new RudderInMemoryUserDetailsService(authConfigProvider))
@@ -253,20 +250,14 @@ class RudderUrlAuthenticationFailureHandler(failureUrl: String) extends SimpleUr
 object LogFailedLogin {
 
   def warn(ex: AuthenticationException, request: HttpServletRequest): Unit = {
-    ApplicationLogger.warn(s"Login authentication failed for user '${getUser(ex)}' from IP '${getRemoteAddr(request)}': ${ex.getMessage}")
+    ApplicationLogger.warn(s"Login authentication failed for user '${getUser(request)}' from IP '${getRemoteAddr(request)}': ${ex.getMessage}")
   }
 
-  def getUser(ex: AuthenticationException): String = {
-    //remove deprecation warning
-    @silent def getAuthentication(bce: AuthenticationException) = bce.getAuthentication
-
-    ex match {
-      case bce:BadCredentialsException =>
-        getAuthentication(bce) match {
-          case user: UsernamePasswordAuthenticationToken => user.getName
-          case _                                         => "unknown"
-        }
-      case _ => "unknown"
+  // user login is passed in parameters named "j_username"
+  def getUser(req: HttpServletRequest): String = {
+    req.getParameter("username") match {
+      case null  => "unknown"
+      case login => login
     }
   }
 

diff --git a/rudder-web/src/main/scala/bootstrap/liftweb/RudderUserDetails.scala b/rudder-web/src/main/scala/bootstrap/liftweb/RudderUserDetails.scala
@@ -40,9 +40,11 @@ package bootstrap.liftweb
 import java.io.File
 import java.io.FileInputStream
 import java.io.InputStream
+import java.math.BigInteger
+import java.nio.charset.StandardCharsets
+import java.security.MessageDigest
 import java.util.Collection
 
-import com.github.ghik.silencer.silent
 import com.normation.rudder.AuthorizationType
 import com.normation.rudder.Rights
 import com.normation.rudder.Role
@@ -53,9 +55,6 @@ import com.normation.rudder.domain.logger.ApplicationLogger
 import com.normation.rudder.domain.logger.PluginLogger
 import com.normation.rudder.rest.RoleApiMapping
 import com.normation.utils.HashcodeCaching
-import org.springframework.security.authentication.encoding.Md5PasswordEncoder
-import org.springframework.security.authentication.encoding.PlaintextPasswordEncoder
-import org.springframework.security.authentication.encoding.ShaPasswordEncoder
 import org.springframework.security.core.GrantedAuthority
 import org.springframework.security.core.userdetails.UserDetails
 import org.xml.sax.SAXParseException
@@ -79,14 +78,39 @@ final case class UserFile(
 
 //Password encoder type definition. Done like that to avoid
 //a deprecation warning on `PasswordEncoder` thanks to @silent annotation
-@silent object PasswordEncoder {
-  type Rudder = org.springframework.security.authentication.encoding.PasswordEncoder
+object PasswordEncoder {
+  type Rudder = org.springframework.security.crypto.password.PasswordEncoder
+
+  import org.springframework.security.crypto.password.PasswordEncoder
+
+  class DigestEncoder(digestName: String) extends PasswordEncoder {
+    override def encode(rawPassword: CharSequence): String = {
+      val digest = MessageDigest.getInstance(digestName)
+      String.format( "%064x", new BigInteger( 1, digest.digest(rawPassword.toString.getBytes(StandardCharsets.UTF_8))))
+    }
+    override def matches(rawPassword: CharSequence, encodedPassword: String): Boolean = {
+      if(null == rawPassword) {
+        false
+      } else {
+        encode(rawPassword) == encodedPassword
+      }
+    }
+  }
+
+  val PlainText = new PasswordEncoder() {
+    override def encode(rawPassword: CharSequence): String = rawPassword.toString
+    override def matches(rawPassword: CharSequence, encodedPassword: String): Boolean = rawPassword.toString == encodedPassword
+  }
+  val MD5    = new DigestEncoder("MD5"    )
+  val SHA1   = new DigestEncoder("SHA-1"  )
+  val SHA256 = new DigestEncoder("SHA-256")
+  val SHA512 = new DigestEncoder("SHA-512")
 }
 
 /**
  * An user list is a parsed list of users with their authorisation
  */
-@silent case class UserDetailList(
+case class UserDetailList(
     encoder    : PasswordEncoder.Rudder
   , users      : Map[String, RudderUserDetail]
 )
@@ -134,7 +158,7 @@ final class FileUserDetailListProvider(authorisationLevel: UserAuthorisationLeve
    * Initialize user details list when class is instantiated with an empty list.
    * You will have to "reload" after application full init (to allows plugin override)
    */
-  private[this] var cache = UserDetailList(new PlaintextPasswordEncoder, Map())
+  private[this] var cache = UserDetailList(PasswordEncoder.PlainText, Map())
 
   /**
    * Callbacks for who need to be informed of a successufully users list reload
@@ -279,11 +303,11 @@ object UserFileProcessing {
       Left(UserConfigFileError("Authentication file is malformed, the root tag '<authentication>' was not found", None))
     } else {
       val hash = (root(0) \ "@hash").text.toLowerCase match {
-        case "sha" | "sha1" => new ShaPasswordEncoder(1)
-        case "sha256" | "sha-256" => new ShaPasswordEncoder(256)
-        case "sha512" | "sha-512" => new ShaPasswordEncoder(512)
-        case "md5" => new Md5PasswordEncoder
-        case _ => new PlaintextPasswordEncoder
+        case "sha" | "sha1"       => PasswordEncoder.SHA1
+        case "sha256" | "sha-256" => PasswordEncoder.SHA256
+        case "sha512" | "sha-512" => PasswordEncoder.SHA512
+        case "md5"                => PasswordEncoder.MD5
+        case _                    => PasswordEncoder.PlainText
       }
 
       //now, get users

diff --git a/rudder-web/src/main/webapp/index.html b/rudder-web/src/main/webapp/index.html
@@ -9,7 +9,6 @@
     <link data-lift="with-cached-resource" href="/style/font-awesome/font-awesome-4.6.3.min.css" rel="stylesheet" type="text/css"></link>
     <link data-lift="with-cached-resource" href="/style/ionicons-2.0.1/css/ionicons.min.css" rel="stylesheet" type="text/css"></link>
     <link data-lift="with-cached-resource" href="/style/login.css" rel="stylesheet" type="text/css"></link>
-    <link data-lift="with-cached-resource" href="/style/login-custom.css" rel="stylesheet" type="text/css"></link>
     <link href="/images/rudder-favicon.ico" data-lift="with-cached-resource" rel="icon" type="image/x-icon" ></link>
     <script type="text/javascript" data-lift="with-cached-resource" src="/javascript/jquery/jquery-3.1.0.min.js"></script>
 </head>
@@ -26,7 +25,7 @@ <h4 class="welcome col-xs-12">Welcome, please sign in:</h4>
               <label class="sr-only" for="username">Username</label>
               <div class="input-group">
                 <label class="input-group-addon" for="username"><span class="ion ion-android-person"></span></label>
-                <input type="text" class="form-control" id="username" name="j_username" placeholder="Username" size="30"></input>
+                <input type="text" class="form-control" id="username" name="username" placeholder="Username" size="30"></input>
                 <span class="glyphicon glyphicon-remove form-control-feedback" aria-hidden="true" aria-describedby="inputError2Status"></span>
               </div>
                 <span id="inputErrorStatus" class="sr-only">The field is required</span>
@@ -36,11 +35,11 @@ <h4 class="welcome col-xs-12">Welcome, please sign in:</h4>
               <label class="sr-only" for="password">Password</label>
               <div class="input-group">
                 <label class="input-group-addon" for="password"><span class="ion ion-android-lock"></span></label>
-                <input type="password" class="form-control" id="password" name="j_password" placeholder="Password"></input>
+                <input type="password" class="form-control" id="password" name="password" placeholder="Password"></input>
                 <span class="glyphicon glyphicon-remove form-control-feedback" aria-hidden="true" aria-describedby="inputError2Status"></span>
               </div>
               <span id="inputError2Status" class="sr-only">The field is required</span>
-              <span id="helpBlock2" class="help-block">This field is required.</span>  
+              <span id="helpBlock2" class="help-block">This field is required.</span>
             </div>
             <div class="form-group col-xs-12">
               <label class="sr-only" for="valid">Sign in</label>
@@ -50,7 +49,7 @@ <h4 class="welcome col-xs-12">Welcome, please sign in:</h4>
                  </span>
                 <button class="btn btn-warning-rudder col-xs-12" id="valid" name="valid" type="submit">
                   Sign in
-                  <span class="ion ion-android-unlock"></span> 
+                  <span class="ion ion-android-unlock"></span>
                 </button>
               </div>
             </div>