Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

mgr/dashboard: Process password complexity checks immediately #32032

Merged
merged 3 commits into from
Jan 14, 2020
Merged

mgr/dashboard: Process password complexity checks immediately #32032

merged 3 commits into from
Jan 14, 2020

Conversation

votdev
Copy link
Member

@votdev votdev commented Dec 5, 2019
edited
Loading

  • Add api/user/validate_password endpoint to check if a password meets the password policy.
  • Add Angular async validator to check if the entered password meets the policy.

Fixes: https://tracker.ceph.com/issues/43088

Signed-off-by: Volker Theile vtheile@suse.com

Checklist

  • References tracker ticket
  • Updates documentation if necessary
  • Includes tests for new functionality or reproducer for bug
Show available Jenkins commands
  • jenkins retest this please
  • jenkins test crimson perf
  • jenkins test signed
  • jenkins test make check
  • jenkins test make check arm64
  • jenkins test submodules
  • jenkins test dashboard
  • jenkins test dashboard backend
  • jenkins test docs
  • jenkins render docs
  • jenkins test ceph-volume all
  • jenkins test ceph-volume tox

@votdev votdev force-pushed the issue_43088_passwd_async_validator branch 4 times, most recently from 8c05874 to bb817a4 Compare December 6, 2019 09:45
@votdev
Copy link
Member Author

votdev commented Dec 6, 2019

jenkins test make check

@votdev votdev force-pushed the issue_43088_passwd_async_validator branch from bb817a4 to 096d19f Compare December 6, 2019 11:15
@votdev
Copy link
Member Author

votdev commented Dec 6, 2019

jenkins test dashboard

@votdev
Copy link
Member Author

votdev commented Dec 6, 2019

jenkins test make check

@votdev votdev force-pushed the issue_43088_passwd_async_validator branch 3 times, most recently from de65b6c to ba2b46d Compare December 9, 2019 13:02
@votdev votdev marked this pull request as ready for review December 9, 2019 14:22
@votdev votdev requested a review from a team as a code owner December 9, 2019 14:22
@votdev
Copy link
Member Author

votdev commented Dec 10, 2019

jenkins test make check arm64

Devp00l
Devp00l reviewed Dec 10, 2019
View reviewed changes
Copy link

@Devp00l Devp00l left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice improvements :) I left some suggestions, maybe you could address the one or the other before your vacation starts ;)

src/pybind/mgr/dashboard/controllers/user.py Show resolved Hide resolved
src/pybind/mgr/dashboard/frontend/src/app/core/auth/user-form/user-form.component.ts Show resolved Hide resolved
src/pybind/mgr/dashboard/frontend/src/app/shared/api/user.service.ts Outdated Show resolved Hide resolved
src/pybind/mgr/dashboard/frontend/src/app/shared/services/password-policy.service.ts Outdated Show resolved Hide resolved
@votdev votdev force-pushed the issue_43088_passwd_async_validator branch from ba2b46d to ba3f46b Compare December 11, 2019 10:41
@LenzGr LenzGr requested a review from tspmelo December 11, 2019 10:53
@votdev
Copy link
Member Author

votdev commented Dec 11, 2019

jenkins test dashboard backend

@votdev
Copy link
Member Author

votdev commented Dec 11, 2019

jenkins test dashboard

Devp00l
Devp00l approved these changes Dec 11, 2019
View reviewed changes
Copy link

@Devp00l Devp00l left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM :)

tspmelo
tspmelo suggested changes Dec 11, 2019
View reviewed changes
src/pybind/mgr/dashboard/controllers/user.py Outdated Show resolved Hide resolved
src/pybind/mgr/dashboard/controllers/user.py Outdated Show resolved Hide resolved
@votdev votdev force-pushed the issue_43088_passwd_async_validator branch from ba3f46b to 979a63a Compare December 12, 2019 06:49
@votdev votdev requested a review from tspmelo December 12, 2019 07:48
@votdev votdev force-pushed the issue_43088_passwd_async_validator branch 2 times, most recently from 57ff167 to 1b6c539 Compare December 12, 2019 11:40
tspmelo
tspmelo approved these changes Dec 12, 2019
View reviewed changes
Copy link
Contributor

@tspmelo tspmelo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@votdev
Copy link
Member Author

votdev commented Dec 12, 2019

jenkins test dashboard

@s0nea s0nea force-pushed the issue_43088_passwd_async_validator branch 2 times, most recently from 8969faf to f3ca3bf Compare December 18, 2019 13:27
@s0nea
Copy link
Member

s0nea commented Dec 19, 2019

jenkins test make check

@s0nea s0nea force-pushed the issue_43088_passwd_async_validator branch from f3ca3bf to d29eb5a Compare December 20, 2019 14:33
@bk201
Copy link
Contributor

bk201 commented Dec 23, 2019

jenkins test dashboard

votdev and others added 2 commits January 2, 2020 10:49
@votdev
mgr/dashboard: Process password complexity checks immediately
01c4bca 
- Add 'api/user/validate_password' endpoint to check if a
  password meets the password policy. A new controller has
  to be added for 'api/user' which has NO security scope,
  otherwise it wouldn't be possible for users without USER
  privileges to call the endpoint.
- Add Angular async validator to check if the entered password
  meets the policy.

Fixes: https://tracker.ceph.com/issues/43088

Signed-off-by: Volker Theile <vtheile@suse.com>
@votdev
mgr/dashboard: fix REST API test cases
7015c2a 
1. Fix the test cases by using the 'assertJsonBody'
   method. The '_post' method doesn't return anything.
   That's why we need to use the 'assertJsonBody'
   method here instead of checking the fields directly.

2. Add the missing scope and permission definition of the
   'validate_password' resource. Otherwise the resource
   is not restricted and 'test_validate_password_invalid_permissions'
   will fail.

3. Re-word error messages. Change 'cannot' to 'must not'.

Signed-off-by: Tatjana Dehler <tdehler@suse.com>
@votdev votdev force-pushed the issue_43088_passwd_async_validator branch from d29eb5a to 48de3dc Compare January 2, 2020 09:58
@votdev
mgr/dashboard: Various fixes
bf567f4 
* Remove scope and permission check from UserPasswordPolicy controller again, otherwise the Angular UI validator can't be executed for users without that privilege.
* Remobe obsolete QA test.

Signed-off-by: Volker Theile <vtheile@suse.com>
@votdev votdev force-pushed the issue_43088_passwd_async_validator branch from 48de3dc to bf567f4 Compare January 2, 2020 10:13
s0nea
s0nea approved these changes Jan 7, 2020
View reviewed changes
Copy link
Member

@s0nea s0nea left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The QA test run was successful: http://pulpito.ceph.com/tdehler-2020-01-07_15:16:41-rados:dashboard-wip-tdehler-testing-32032-32234-32461-distro-basic-smithi/

@votdev votdev mentioned this pull request Jan 8, 2020
Merged
3 tasks
@votdev
Copy link
Member Author

votdev commented Jan 9, 2020

jenkins test dashboard backend

@votdev
Copy link
Member Author

votdev commented Jan 9, 2020

jenkins test dashboard

@ceph ceph deleted a comment from callithea Jan 9, 2020
@ceph ceph deleted a comment from callithea Jan 9, 2020
@ceph ceph deleted a comment from callithea Jan 9, 2020
@votdev
Copy link
Member Author

votdev commented Jan 10, 2020

jenkins test dashboard

@votdev
Copy link
Member Author

votdev commented Jan 10, 2020

jenkins test dashboard backend

@callithea
Copy link
Member

jenkins test dashboard backend

Test failure:

2020-01-10 12:12:12,856.856 INFO:__main__:Running ['./bin/ceph', 'log', 'Ended test tasks.mgr.dashboard.test_user.UserTest.test_pwd_expiration_date_update']
2020-01-10 12:12:13,441.441 INFO:__main__:Stopped test: test_pwd_expiration_date_update (tasks.mgr.dashboard.test_user.UserTest) in 11.87283s
2020-01-10 12:12:13,442.442 INFO:__main__:
2020-01-10 12:12:13,443.443 INFO:__main__:======================================================================
2020-01-10 12:12:13,443.443 INFO:__main__:ERROR: test_pwd_expiration_date_update (tasks.mgr.dashboard.test_user.UserTest)
2020-01-10 12:12:13,443.443 INFO:__main__:----------------------------------------------------------------------
2020-01-10 12:12:13,443.443 INFO:__main__:Traceback (most recent call last):
2020-01-10 12:12:13,444.444 INFO:__main__:  File "/home/jenkins-build/build/workspace/ceph-dashboard-pr-backend/qa/tasks/mgr/dashboard/test_user.py", line 379, in test_pwd_expiration_date_update
2020-01-10 12:12:13,444.444 INFO:__main__:    self.login('user1', 'mypassword10#')
2020-01-10 12:12:13,444.444 INFO:__main__:  File "/home/jenkins-build/build/workspace/ceph-dashboard-pr-backend/qa/tasks/mgr/dashboard/helper.py", line 87, in login
2020-01-10 12:12:13,444.444 INFO:__main__:    cls.logout()
2020-01-10 12:12:13,444.444 INFO:__main__:  File "/home/jenkins-build/build/workspace/ceph-dashboard-pr-backend/qa/tasks/mgr/dashboard/helper.py", line 95, in logout
2020-01-10 12:12:13,445.445 INFO:__main__:    cls._post('/api/auth/logout')
2020-01-10 12:12:13,445.445 INFO:__main__:  File "/home/jenkins-build/build/workspace/ceph-dashboard-pr-backend/qa/tasks/mgr/dashboard/helper.py", line 234, in _post
2020-01-10 12:12:13,445.445 INFO:__main__:    cls._request(url, 'POST', data, params)
2020-01-10 12:12:13,445.445 INFO:__main__:  File "/home/jenkins-build/build/workspace/ceph-dashboard-pr-backend/qa/tasks/mgr/dashboard/helper.py", line 189, in _request
2020-01-10 12:12:13,445.445 INFO:__main__:    verify=False, headers=headers)
2020-01-10 12:12:13,446.446 INFO:__main__:  File "/tmp/tmp.YPHoMV6fOL/venv/local/lib/python2.7/site-packages/requests/sessions.py", line 572, in post
2020-01-10 12:12:13,446.446 INFO:__main__:    return self.request('POST', url, data=data, json=json, **kwargs)
2020-01-10 12:12:13,446.446 INFO:__main__:  File "/tmp/tmp.YPHoMV6fOL/venv/local/lib/python2.7/site-packages/requests/sessions.py", line 524, in request
2020-01-10 12:12:13,446.446 INFO:__main__:    resp = self.send(prep, **send_kwargs)
2020-01-10 12:12:13,446.446 INFO:__main__:  File "/tmp/tmp.YPHoMV6fOL/venv/local/lib/python2.7/site-packages/requests/sessions.py", line 637, in send
2020-01-10 12:12:13,446.446 INFO:__main__:    r = adapter.send(request, **kwargs)
2020-01-10 12:12:13,447.447 INFO:__main__:  File "/tmp/tmp.YPHoMV6fOL/venv/local/lib/python2.7/site-packages/requests/adapters.py", line 498, in send
2020-01-10 12:12:13,447.447 INFO:__main__:    raise ConnectionError(err, request=request)
2020-01-10 12:12:13,447.447 INFO:__main__:ConnectionError: ('Connection aborted.', error("(104, 'ECONNRESET')",))
2020-01-10 12:12:13,447.447 INFO:__main__:
2020-01-10 12:12:13,447.447 INFO:__main__:----------------------------------------------------------------------
2020-01-10 12:12:13,448.448 INFO:__main__:Ran 234 tests in 2329.236s
2020-01-10 12:12:13,448.448 INFO:__main__:
2020-01-10 12:12:13,448.448 INFO:__main__:FAILED (errors=1)
2020-01-10 12:12:13,448.448 INFO:__main__:
2020-01-10 12:12:13,449.449 INFO:__main__:======================================================================
2020-01-10 12:12:13,449.449 INFO:__main__:ERROR: test_pwd_expiration_date_update (tasks.mgr.dashboard.test_user.UserTest)
2020-01-10 12:12:13,449.449 INFO:__main__:----------------------------------------------------------------------
2020-01-10 12:12:13,449.449 INFO:__main__:Traceback (most recent call last):
2020-01-10 12:12:13,449.449 INFO:__main__:  File "/home/jenkins-build/build/workspace/ceph-dashboard-pr-backend/qa/tasks/mgr/dashboard/test_user.py", line 379, in test_pwd_expiration_date_update
2020-01-10 12:12:13,450.450 INFO:__main__:    self.login('user1', 'mypassword10#')
2020-01-10 12:12:13,450.450 INFO:__main__:  File "/home/jenkins-build/build/workspace/ceph-dashboard-pr-backend/qa/tasks/mgr/dashboard/helper.py", line 87, in login
2020-01-10 12:12:13,450.450 INFO:__main__:    cls.logout()
2020-01-10 12:12:13,450.450 INFO:__main__:  File "/home/jenkins-build/build/workspace/ceph-dashboard-pr-backend/qa/tasks/mgr/dashboard/helper.py", line 95, in logout
2020-01-10 12:12:13,450.450 INFO:__main__:    cls._post('/api/auth/logout')
2020-01-10 12:12:13,451.451 INFO:__main__:  File "/home/jenkins-build/build/workspace/ceph-dashboard-pr-backend/qa/tasks/mgr/dashboard/helper.py", line 234, in _post
2020-01-10 12:12:13,451.451 INFO:__main__:    cls._request(url, 'POST', data, params)
2020-01-10 12:12:13,451.451 INFO:__main__:  File "/home/jenkins-build/build/workspace/ceph-dashboard-pr-backend/qa/tasks/mgr/dashboard/helper.py", line 189, in _request
2020-01-10 12:12:13,451.451 INFO:__main__:    verify=False, headers=headers)
2020-01-10 12:12:13,451.451 INFO:__main__:  File "/tmp/tmp.YPHoMV6fOL/venv/local/lib/python2.7/site-packages/requests/sessions.py", line 572, in post
2020-01-10 12:12:13,451.451 INFO:__main__:    return self.request('POST', url, data=data, json=json, **kwargs)
2020-01-10 12:12:13,452.452 INFO:__main__:  File "/tmp/tmp.YPHoMV6fOL/venv/local/lib/python2.7/site-packages/requests/sessions.py", line 524, in request
2020-01-10 12:12:13,452.452 INFO:__main__:    resp = self.send(prep, **send_kwargs)
2020-01-10 12:12:13,452.452 INFO:__main__:  File "/tmp/tmp.YPHoMV6fOL/venv/local/lib/python2.7/site-packages/requests/sessions.py", line 637, in send
2020-01-10 12:12:13,452.452 INFO:__main__:    r = adapter.send(request, **kwargs)
2020-01-10 12:12:13,452.452 INFO:__main__:  File "/tmp/tmp.YPHoMV6fOL/venv/local/lib/python2.7/site-packages/requests/adapters.py", line 498, in send
2020-01-10 12:12:13,452.452 INFO:__main__:    raise ConnectionError(err, request=request)
2020-01-10 12:12:13,453.453 INFO:__main__:ConnectionError: ('Connection aborted.', error("(104, 'ECONNRESET')",))

@votdev
Copy link
Member Author

votdev commented Jan 10, 2020

jenkins test dashboard backend

Test failure:

2020-01-10 12:12:12,856.856 INFO:__main__:Running ['./bin/ceph', 'log', 'Ended test tasks.mgr.dashboard.test_user.UserTest.test_pwd_expiration_date_update']
2020-01-10 12:12:13,441.441 INFO:__main__:Stopped test: test_pwd_expiration_date_update (tasks.mgr.dashboard.test_user.UserTest) in 11.87283s
2020-01-10 12:12:13,442.442 INFO:__main__:
2020-01-10 12:12:13,443.443 INFO:__main__:======================================================================
2020-01-10 12:12:13,443.443 INFO:__main__:ERROR: test_pwd_expiration_date_update (tasks.mgr.dashboard.test_user.UserTest)
2020-01-10 12:12:13,443.443 INFO:__main__:----------------------------------------------------------------------
2020-01-10 12:12:13,443.443 INFO:__main__:Traceback (most recent call last):
2020-01-10 12:12:13,444.444 INFO:__main__:  File "/home/jenkins-build/build/workspace/ceph-dashboard-pr-backend/qa/tasks/mgr/dashboard/test_user.py", line 379, in test_pwd_expiration_date_update
2020-01-10 12:12:13,444.444 INFO:__main__:    self.login('user1', 'mypassword10#')
2020-01-10 12:12:13,444.444 INFO:__main__:  File "/home/jenkins-build/build/workspace/ceph-dashboard-pr-backend/qa/tasks/mgr/dashboard/helper.py", line 87, in login
2020-01-10 12:12:13,444.444 INFO:__main__:    cls.logout()
2020-01-10 12:12:13,444.444 INFO:__main__:  File "/home/jenkins-build/build/workspace/ceph-dashboard-pr-backend/qa/tasks/mgr/dashboard/helper.py", line 95, in logout
2020-01-10 12:12:13,445.445 INFO:__main__:    cls._post('/api/auth/logout')
2020-01-10 12:12:13,445.445 INFO:__main__:  File "/home/jenkins-build/build/workspace/ceph-dashboard-pr-backend/qa/tasks/mgr/dashboard/helper.py", line 234, in _post
2020-01-10 12:12:13,445.445 INFO:__main__:    cls._request(url, 'POST', data, params)
2020-01-10 12:12:13,445.445 INFO:__main__:  File "/home/jenkins-build/build/workspace/ceph-dashboard-pr-backend/qa/tasks/mgr/dashboard/helper.py", line 189, in _request
2020-01-10 12:12:13,445.445 INFO:__main__:    verify=False, headers=headers)
2020-01-10 12:12:13,446.446 INFO:__main__:  File "/tmp/tmp.YPHoMV6fOL/venv/local/lib/python2.7/site-packages/requests/sessions.py", line 572, in post
2020-01-10 12:12:13,446.446 INFO:__main__:    return self.request('POST', url, data=data, json=json, **kwargs)
2020-01-10 12:12:13,446.446 INFO:__main__:  File "/tmp/tmp.YPHoMV6fOL/venv/local/lib/python2.7/site-packages/requests/sessions.py", line 524, in request
2020-01-10 12:12:13,446.446 INFO:__main__:    resp = self.send(prep, **send_kwargs)
2020-01-10 12:12:13,446.446 INFO:__main__:  File "/tmp/tmp.YPHoMV6fOL/venv/local/lib/python2.7/site-packages/requests/sessions.py", line 637, in send
2020-01-10 12:12:13,446.446 INFO:__main__:    r = adapter.send(request, **kwargs)
2020-01-10 12:12:13,447.447 INFO:__main__:  File "/tmp/tmp.YPHoMV6fOL/venv/local/lib/python2.7/site-packages/requests/adapters.py", line 498, in send
2020-01-10 12:12:13,447.447 INFO:__main__:    raise ConnectionError(err, request=request)
2020-01-10 12:12:13,447.447 INFO:__main__:ConnectionError: ('Connection aborted.', error("(104, 'ECONNRESET')",))
2020-01-10 12:12:13,447.447 INFO:__main__:
2020-01-10 12:12:13,447.447 INFO:__main__:----------------------------------------------------------------------
2020-01-10 12:12:13,448.448 INFO:__main__:Ran 234 tests in 2329.236s
2020-01-10 12:12:13,448.448 INFO:__main__:
2020-01-10 12:12:13,448.448 INFO:__main__:FAILED (errors=1)
2020-01-10 12:12:13,448.448 INFO:__main__:
2020-01-10 12:12:13,449.449 INFO:__main__:======================================================================
2020-01-10 12:12:13,449.449 INFO:__main__:ERROR: test_pwd_expiration_date_update (tasks.mgr.dashboard.test_user.UserTest)
2020-01-10 12:12:13,449.449 INFO:__main__:----------------------------------------------------------------------
2020-01-10 12:12:13,449.449 INFO:__main__:Traceback (most recent call last):
2020-01-10 12:12:13,449.449 INFO:__main__:  File "/home/jenkins-build/build/workspace/ceph-dashboard-pr-backend/qa/tasks/mgr/dashboard/test_user.py", line 379, in test_pwd_expiration_date_update
2020-01-10 12:12:13,450.450 INFO:__main__:    self.login('user1', 'mypassword10#')
2020-01-10 12:12:13,450.450 INFO:__main__:  File "/home/jenkins-build/build/workspace/ceph-dashboard-pr-backend/qa/tasks/mgr/dashboard/helper.py", line 87, in login
2020-01-10 12:12:13,450.450 INFO:__main__:    cls.logout()
2020-01-10 12:12:13,450.450 INFO:__main__:  File "/home/jenkins-build/build/workspace/ceph-dashboard-pr-backend/qa/tasks/mgr/dashboard/helper.py", line 95, in logout
2020-01-10 12:12:13,450.450 INFO:__main__:    cls._post('/api/auth/logout')
2020-01-10 12:12:13,451.451 INFO:__main__:  File "/home/jenkins-build/build/workspace/ceph-dashboard-pr-backend/qa/tasks/mgr/dashboard/helper.py", line 234, in _post
2020-01-10 12:12:13,451.451 INFO:__main__:    cls._request(url, 'POST', data, params)
2020-01-10 12:12:13,451.451 INFO:__main__:  File "/home/jenkins-build/build/workspace/ceph-dashboard-pr-backend/qa/tasks/mgr/dashboard/helper.py", line 189, in _request
2020-01-10 12:12:13,451.451 INFO:__main__:    verify=False, headers=headers)
2020-01-10 12:12:13,451.451 INFO:__main__:  File "/tmp/tmp.YPHoMV6fOL/venv/local/lib/python2.7/site-packages/requests/sessions.py", line 572, in post
2020-01-10 12:12:13,451.451 INFO:__main__:    return self.request('POST', url, data=data, json=json, **kwargs)
2020-01-10 12:12:13,452.452 INFO:__main__:  File "/tmp/tmp.YPHoMV6fOL/venv/local/lib/python2.7/site-packages/requests/sessions.py", line 524, in request
2020-01-10 12:12:13,452.452 INFO:__main__:    resp = self.send(prep, **send_kwargs)
2020-01-10 12:12:13,452.452 INFO:__main__:  File "/tmp/tmp.YPHoMV6fOL/venv/local/lib/python2.7/site-packages/requests/sessions.py", line 637, in send
2020-01-10 12:12:13,452.452 INFO:__main__:    r = adapter.send(request, **kwargs)
2020-01-10 12:12:13,452.452 INFO:__main__:  File "/tmp/tmp.YPHoMV6fOL/venv/local/lib/python2.7/site-packages/requests/adapters.py", line 498, in send
2020-01-10 12:12:13,452.452 INFO:__main__:    raise ConnectionError(err, request=request)
2020-01-10 12:12:13,453.453 INFO:__main__:ConnectionError: ('Connection aborted.', error("(104, 'ECONNRESET')",))

Can not reproduce it on my local machine and the error does not look related to this PR, so i'll trigger another run.

@votdev
Copy link
Member Author

votdev commented Jan 10, 2020

jenkins test dashboard backend

@callithea
Copy link
Member

Can not reproduce it on my local machine and the error does not look related to this PR, so i'll trigger another run.

Thanks for the update!

@votdev
Copy link
Member Author

votdev commented Jan 13, 2020

jenkins test dashboard backend

@callithea callithea merged commit f22247f into ceph:master Jan 14, 2020
@votdev votdev deleted the issue_43088_passwd_async_validator branch January 14, 2020 10:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@LenzGr LenzGr LenzGr left review comments

@tspmelo tspmelo tspmelo approved these changes

@s0nea s0nea s0nea approved these changes

@Devp00l Devp00l Devp00l approved these changes

Assignees
No one assigned
Labels
cleanup dashboard
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
7 participants
@votdev @s0nea @bk201 @callithea @LenzGr @tspmelo @Devp00l