Require explicit activation of automated update

The environment variable `SAG_WXPASSWORD_UPDATE_DEFAULT_ACCOUNTS=true` must be set, to enable the automated update. This is a protection against accidental execution, e.g. on a CI system.
SoftwareAG · Jun 16, 2021 · 79bc69b · 79bc69b
1 parent fabc56f
commit 79bc69b
Show file tree

Hide file tree

Showing 5 changed files with 75 additions and 40 deletions.
diff --git a/README.md b/README.md
@@ -6,9 +6,11 @@ in a container.
 
 ## Usage
 
-Installing the package is all that needs to be done. The service 
-`wx.password.pub:nonDefaultPasswordsForStandardAccounts` is defined 
-as a start-up service and therefore gets executed automatically.
+To enable the automated update of passwords the environment variable
+`SAG_WXPASSWORD_UPDATE_DEFAULT_ACCOUNTS` must be set to `true`.
+This mechanism protects against accidental execution and by that
+a potential lock-out.
+
 
 ### Specific passwords
 
@@ -19,7 +21,7 @@ the variable `SAG_WXPASSWORD_SET_Administrator` must be defined.
 
 ### Random passwords
 
-If no password is defined a random one will be generated and saved in 
+If no password is defined, a random one will be generated and saved in 
 clear text in the working directory. For each user a separate file will 
 be created and its name matches the user name.
 
@@ -34,12 +36,6 @@ is `$IS_HOME/config/WxPassword`. In both cases, the directory will
 be created, if it does not exist. If the creation fails, a
 `ServiceException` is thrown and now further activities performed.
 
-### Disable execution
-
-To disable the execution from the outside you need to create a semaphore 
-file (name: `disable_WxPassword`) in the working directory. If this is
-found, WxPassword will effectively be completely disabled.
-
 ## Getting Started
 
 You can use this package in multiple ways.

diff --git a/WxPassword/code/source/com/softwareag/wx/is/password/DefaultAccountUpdater.java b/WxPassword/code/source/com/softwareag/wx/is/password/DefaultAccountUpdater.java
@@ -0,0 +1,60 @@
+package com.softwareag.wx.is.password;
+
+import java.io.File;
+import java.io.IOException;
+
+import com.wm.app.b2b.server.ServiceException;
+
+/**
+ * Controls automated password update for default accounts
+ */
+public class DefaultAccountUpdater {
+
+	/**
+	 * List of default accounts to be updated
+	 */
+	private enum DefaultUser {
+		Administrator, Replicator, Developer
+	}
+
+	/**
+	 * Name of environment variable that enables (if set to "true") the automated
+	 * password update for default accounts
+	 */
+	public static final String ENVVAR_UPDATE_DEFAULT_ACCOUNTS = "SAG_WXPASSWORD_UPDATE_DEFAULT_ACCOUNTS";
+
+	/**
+	 * Perform the update, if enabled
+	 * 
+	 * @throws ServiceException
+	 */
+	public static void execute() throws ServiceException {
+
+		if (isEnabled()) {
+			WorkDir workDir = new WorkDir();
+			File workDirFile = workDir.get();
+
+			for (DefaultUser defaultUser : DefaultUser.values()) {
+				String userName = defaultUser.toString();
+				PasswordSetter pws = new PasswordSetter(workDirFile, userName);
+				try {
+					pws.execute();
+				} catch (IOException e) {
+					throw new ServiceException(e);
+				}
+			}
+		} else {
+			System.out.println("WxPassword : Automated update of passwords for default accounts is disabled");
+		}
+	}
+
+	/**
+	 * Check if automated update is enabled
+	 * 
+	 * @return true if enabled, false otherwise
+	 */
+	private static boolean isEnabled() {
+		String envVarIsEnabled = System.getenv(ENVVAR_UPDATE_DEFAULT_ACCOUNTS);
+		return Boolean.valueOf(envVarIsEnabled);
+	}
+}
diff --git a/WxPassword/code/source/com/softwareag/wx/is/password/PasswordSetter.java b/WxPassword/code/source/com/softwareag/wx/is/password/PasswordSetter.java
@@ -24,15 +24,10 @@ public class PasswordSetter {
 	public static final String ENVVAR_PASSWORD_PREFIX = "SAG_WXPASSWORD_SET_";
 
 	/**
-	 * Name of semaphore file to indicate that password should not be updated. The
-	 * existence of this file disables any changes, regardless of whether the
-	 * passwords are specified as environment variables or should be created
-	 * randomly.
+	 * Set of characters from which the random password is generated 
 	 */
-	public static final String SEMAPHOR_DISABLE = "disable_WxPassword";
-
-	static final String AB = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
-	static SecureRandom rnd = new SecureRandom();
+	private static final String AB = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
+	private static SecureRandom rnd = new SecureRandom();
 
 	File workDir = null;
 	String userName = null;
@@ -66,7 +61,7 @@ public void execute() throws IOException, ServiceException {
 			// an IO issue
 			if (!isPasswordDefinedByEnvVar) {
 				Files.write(fileWithPlainTextPassword(), password.getBytes());
-				System.out.println("New password for user '" + userName + "' can be found at '"
+				System.out.println("WxPassword : New password for user '" + userName + "' can be found at '"
 						+ fileWithPlainTextPassword().getCanonicalPath() + "'");
 			}
 

diff --git a/WxPassword/code/source/wx/password/pub.java b/WxPassword/code/source/wx/password/pub.java
@@ -14,8 +14,7 @@
 import java.io.IOException;
 import java.security.SecureRandom;
 import java.util.Iterator;
-import com.softwareag.wx.is.password.PasswordSetter;
-import com.softwareag.wx.is.password.WorkDir;
+import com.softwareag.wx.is.password.DefaultAccountUpdater;
 // --- <<IS-END-IMPORTS>> ---
 
 public final class pub
@@ -39,29 +38,16 @@ public static final void nonDefaultPasswordsForStandardAccounts (IData pipeline)
 	{
 		// --- <<IS-START(nonDefaultPasswordsForStandardAccounts)>> ---
 		// @sigtype java 3.5
-		WorkDir workDir = new WorkDir();
-		File workDirFile = workDir.get();
-
-		for (DefaultUser defaultUser : DefaultUser.values()) {
-			String userName = defaultUser.toString();
-			PasswordSetter pws = new PasswordSetter(workDirFile, userName);
-			try {
-				pws.execute();
-			} catch (IOException e) {
-				throw new ServiceException(e);
-			}
-		}
+		DefaultAccountUpdater.execute();
 
 		// --- <<IS-END>> ---
 
 
 	}
 
 	// --- <<IS-START-SHARED>> ---
+
 
-	private enum DefaultUser { Administrator, Replicator, Developer }
-
-
 	// --- <<IS-END-SHARED>> ---
 }
 
diff --git a/WxPassword/ns/wx/password/pub/node.idf b/WxPassword/ns/wx/password/pub/node.idf
@@ -6,8 +6,7 @@
   <value name="node_nsName">wx.password.pub</value>
   <value name="is_public">false</value>
   <value name="encodeutf8">true</value>
-  <value name="shared">CnByaXZhdGUgZW51bSBEZWZhdWx0VXNlciB7IEFkbWluaXN0cmF0b3IsIFJlcGxpY2F0b3IsIERl
-dmVsb3BlciB9CgoJ</value>
+  <value name="shared">Cgk=</value>
   <value name="extends"></value>
   <array name="implements" type="value" depth="1">
   </array>
@@ -19,7 +18,6 @@ dmVsb3BlciB9CgoJ</value>
     <value>java.io.IOException</value>
     <value>java.security.SecureRandom</value>
     <value>java.util.Iterator</value>
-    <value>com.softwareag.wx.is.password.PasswordSetter</value>
-    <value>com.softwareag.wx.is.password.WorkDir</value>
+    <value>com.softwareag.wx.is.password.DefaultAccountUpdater</value>
   </array>
 </Values>