From 178957406a3d891d25ff6f623f65b3ff9def8636 Mon Sep 17 00:00:00 2001 From: Shamal Faily Date: Tue, 30 Apr 2019 18:23:50 -0700 Subject: [PATCH] Store user database token in cairis_user --- .travis.yml | 5 ---- cairis/bin/add_cairis_user.py | 7 +++--- cairis/core/BorgFactory.py | 5 ++-- cairis/core/MySQLDatabaseProxy.py | 22 +++++++++++++++++ cairis/core/PasswordManager.py | 34 -------------------------- cairis/daemon/main/views.py | 3 +-- cairis/daemon/models.py | 3 ++- cairis/test/test_PasswordManager.py | 37 ----------------------------- cairis/tools/quickSetup.py | 9 +++---- docker/Dockerfile | 5 ---- docker/requirements.txt | 2 -- requirements.txt | 2 -- 12 files changed, 36 insertions(+), 98 deletions(-) delete mode 100644 cairis/core/PasswordManager.py delete mode 100644 cairis/test/test_PasswordManager.py diff --git a/.travis.yml b/.travis.yml index 84dfde7ea..4a19b0c87 100644 --- a/.travis.yml +++ b/.travis.yml @@ -22,11 +22,6 @@ addons: - docbook-utils - libxml2-dev - libxslt1-dev - - python-dbus - - gnome-keyring - - libffi-dev - - libssl-dev - - python3-keyring env: - PYTHONPATH=. CAIRIS_SRC=$PYTHONPATH/cairis CAIRIS_CFG=cairis_travis.cnf XML_CATALOG_FILES=$CAIRIS_SRC/config/catalog diff --git a/cairis/bin/add_cairis_user.py b/cairis/bin/add_cairis_user.py index 3a8e932d9..43abce039 100755 --- a/cairis/bin/add_cairis_user.py +++ b/cairis/bin/add_cairis_user.py @@ -23,7 +23,6 @@ from flask_cors import CORS from cairis.core.Borg import Borg from cairis.core.MySQLDatabaseProxy import createDatabaseAccount,createDatabaseAndPrivileges,createDatabaseSchema -from cairis.core.PasswordManager import setDatabasePassword import cairis.core.BorgFactory __author__ = 'Shamal Faily' @@ -51,6 +50,7 @@ class User(db.Model, UserMixin): id = db.Column(db.Integer, primary_key=True) email = db.Column(db.String(255), unique=True) password = db.Column(db.String(255)) + dbtoken = db.Column(db.String(255)) name = db.Column(db.String(255)) active = db.Column(db.Boolean()) confirmed_at = db.Column(db.DateTime()) @@ -66,13 +66,14 @@ def main(): parser.add_argument('name',help='Full name') args = parser.parse_args() - rp = setDatabasePassword(args.user) + rp = ''.join(choice(ascii_letters + digits) for i in range(255)) + createDatabaseAccount(b.rPasswd,b.dbHost,b.dbPort,args.user,rp) createDatabaseAndPrivileges(b.rPasswd,b.dbHost,b.dbPort,args.user,rp,args.user + '_default') createDatabaseSchema(b.cairisRoot,b.dbHost,b.dbPort,args.user,rp,args.user + '_default') db.create_all() - user_datastore.create_user(email=args.user, password=args.password, name=args.name) + user_datastore.create_user(email=userName, password=passWd,dbtoken=rp,name = 'Default user') db.session.commit() if __name__ == '__main__': diff --git a/cairis/core/BorgFactory.py b/cairis/core/BorgFactory.py index a53175028..bae0d2fd7 100644 --- a/cairis/core/BorgFactory.py +++ b/cairis/core/BorgFactory.py @@ -22,9 +22,8 @@ import logging import json from cairis.tools.GraphicsGenerator import GraphicsGenerator -from .MySQLDatabaseProxy import MySQLDatabaseProxy +from .MySQLDatabaseProxy import MySQLDatabaseProxy,dbtoken from .ARM import ARMException -from .PasswordManager import getDatabasePassword def testUploadDirectory(uploadDir,logger): @@ -124,7 +123,7 @@ def initialise(user='cairis_test',db='cairis_test_default'): db='cairis_test_default' else: b.dbUser = user - dbPasswd = getDatabasePassword(user) + dbPasswd = dbtoken(b.rPasswd,b.dbHost,b.dbPort,user) b.dbPasswd = dbPasswd b.dbName = db b.dbProxy = GUIDatabaseProxy(user=user,passwd=b.dbPasswd,db=db) diff --git a/cairis/core/MySQLDatabaseProxy.py b/cairis/core/MySQLDatabaseProxy.py index 331d41e01..73f427730 100644 --- a/cairis/core/MySQLDatabaseProxy.py +++ b/cairis/core/MySQLDatabaseProxy.py @@ -116,6 +116,28 @@ __author__ = 'Shamal Faily, Robin Quetin, Nathan Jenkins' +def dbtoken(rPasswd,dbHost,dbPort,dbUser): + try: + rootConn = MySQLdb.connect(host=dbHost,port=int(dbPort),user='root',passwd=rPasswd) + rootCursor = rootConn.cursor() + sqlTxt = 'select dbtoken from cairis_user.auth_user where email="' + dbUser + '"' + rs = rootCursor.execute(sqlTxt) + if (rs != 1): + exceptionText = 'MySQL error getting token for ' + dbUser + raise DatabaseProxyException(exceptionText) + else: + t = rootCursor.fetchone() + rootCursor.close() + rootConn.close() + return t[0] + except OperationalError as e: + exceptionText = 'MySQL error getting token for ' + dbUser + ' (message:' + format(e) + ')' + raise DatabaseProxyException(exceptionText) + except _mysql_exceptions.DatabaseError as e: + id,msg = e + exceptionText = 'MySQL error getting token for ' + dbUser + ' (id:' + str(id) + ',message:' + msg + raise DatabaseProxyException(exceptionText) + def createDatabaseSchema(rootDir,dbHost,dbPort,dbUser,dbPasswd,dbName): srcDir = rootDir + '/sql' initSql = srcDir + '/init.sql' diff --git a/cairis/core/PasswordManager.py b/cairis/core/PasswordManager.py deleted file mode 100644 index a5ee86dc0..000000000 --- a/cairis/core/PasswordManager.py +++ /dev/null @@ -1,34 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. - -from random import choice -from string import ascii_letters, digits -import secretstorage -from keyring import set_password, get_password - - -__author__ = 'Shamal Faily' - -def setDatabasePassword(dbUser): -# rp = ''.join(choice(ascii_letters + digits) for i in range(32)) -# set_password('cairisdb',dbUser,rp) -# return rp - return '' - -def getDatabasePassword(dbUser): -# return get_password('cairisdb',dbUser) - return '' diff --git a/cairis/daemon/main/views.py b/cairis/daemon/main/views.py index cbb68f709..97a42fa6b 100644 --- a/cairis/daemon/main/views.py +++ b/cairis/daemon/main/views.py @@ -40,7 +40,6 @@ PersonaCharacteristicController, TaskCharacteristicController, ObjectDependencyController, ArchitecturalPatternController, SecurityPatternController, ValueTypeController, TemplateGoalController, TemplateAssetController,TemplateRequirementController, LocationsController, RiskLevelController, TraceController, SummaryController, ConceptReferenceController, DataFlowController, DirectoryController,TrustBoundaryController, VersionController, ValidationController from cairis.daemon.main import main, api from cairis.tools.SessionValidator import get_session_id -from cairis.core.PasswordManager import getDatabasePassword __author__ = 'Robin Quetin, Shamal Faily' @@ -48,7 +47,7 @@ def set_dbproxy(dbUser,userName): b = Borg() dbName = dbUser + '_default' - dbPasswd = getDatabasePassword(dbUser) + dbPasswd = current_user.dbtoken db_proxy = MySQLDatabaseProxy(user=dbUser,passwd=dbPasswd,db=dbName) pSettings = db_proxy.getProjectSettings() diff --git a/cairis/daemon/models.py b/cairis/daemon/models.py index 18086af72..f2ada5976 100644 --- a/cairis/daemon/models.py +++ b/cairis/daemon/models.py @@ -32,8 +32,9 @@ class User(db.Model, UserMixin): __tablename__ = 'auth_user' id = db.Column(db.Integer, primary_key=True) email = db.Column(db.String(255), unique=True) - name = db.Column(db.String(255)) password = db.Column(db.String(255)) + dbtoken = db.Column(db.String(255)) + name = db.Column(db.String(255)) active = db.Column(db.Boolean()) confirmed_at = db.Column(db.DateTime()) roles = db.relationship('Role', secondary=roles_users, backref=db.backref('users', lazy='dynamic')) diff --git a/cairis/test/test_PasswordManager.py b/cairis/test/test_PasswordManager.py deleted file mode 100644 index caf7bdc44..000000000 --- a/cairis/test/test_PasswordManager.py +++ /dev/null @@ -1,37 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. - -import unittest -from cairis.core.PasswordManager import setDatabasePassword, getDatabasePassword - -__author__ = 'Shamal Faily' - -class PasswordManagerTest(unittest.TestCase): - - def setUp(self): - pass - - def testSetGet(self): - - ip = setDatabasePassword('test'); - op = getDatabasePassword('test') - self.assertEqual(ip,op) - - def tearDown(self): - pass -if __name__ == '__main__': - unittest.main() diff --git a/cairis/tools/quickSetup.py b/cairis/tools/quickSetup.py index 1a4c4e27c..361290ea9 100755 --- a/cairis/tools/quickSetup.py +++ b/cairis/tools/quickSetup.py @@ -24,8 +24,10 @@ import MySQLdb import _mysql_exceptions from cairis.core.MySQLDatabaseProxy import createDatabaseAccount, createDatabaseAndPrivileges, createDatabaseSchema -from cairis.core.PasswordManager import setDatabasePassword import binascii +from random import choice +from string import ascii_letters, digits + __author__ = 'Shamal Faily' @@ -49,11 +51,10 @@ def quick_setup(dbHost,dbPort,dbRootPassword,tmpDir,rootDir,imageDir,configFile, from cairis.bin.add_cairis_user import user_datastore, db db.create_all() - - user_datastore.create_user(email=userName, password=passWd,name = 'Default user') + rp = ''.join(choice(ascii_letters + digits) for i in range(255)) + user_datastore.create_user(email=userName, password=passWd,dbtoken=rp,name = 'Default user') db.session.commit() - rp = setDatabasePassword(userName) createDatabaseAccount(dbRootPassword,dbHost,dbPort,userName,rp) createDatabaseAndPrivileges(dbRootPassword,dbHost,dbPort,userName,rp,userName + '_default') createDatabaseSchema(rootDir,dbHost,dbPort,userName,rp,userName + '_default') diff --git a/docker/Dockerfile b/docker/Dockerfile index 5aa875fc3..bc3c4ae64 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -17,11 +17,6 @@ RUN apt-get install -y apache2-dev RUN apt-get install -y poppler-utils RUN apt-get install -y apt-transport-https RUN apt-get install -y ca-certificates -RUN apt-get install -y python-dbus -RUN apt-get install -y gnome-keyring -RUN apt-get install -y libffi-dev -RUN apt-get install -y libssl-dev -RUN apt-get install -y python3-keyring COPY requirements.txt / COPY wsgi_requirements.txt / diff --git a/docker/requirements.txt b/docker/requirements.txt index 2ec7e576f..d1b61a58e 100644 --- a/docker/requirements.txt +++ b/docker/requirements.txt @@ -23,5 +23,3 @@ mako>=1.0.4 lxml>=3.6.4 openpyxl>=2.4.0 bcrypt>=3.1.6 -secretstorage>=2.3.1 -keyring>=3.7.4 diff --git a/requirements.txt b/requirements.txt index 84438faea..1fd9a6ef5 100644 --- a/requirements.txt +++ b/requirements.txt @@ -23,5 +23,3 @@ lxml>=3.6.4 openpyxl>=2.4.0 SQLAlchemy>=1.2.0b3 bcrypt>=3.1.6 -secretstorage>=2.3.1 -keyring>=3.7.4