Skip to content
Permalink
Browse files

Encryption API: Use a representer to render the response along with l…

…inks. (#3031)
  • Loading branch information...
varshavaradarajan committed Dec 23, 2016
1 parent 875252a commit 467cf5f1c602144ab3e19fb95f5ab512c309d2de
@@ -265,6 +265,7 @@
/api/admin/internal/repository_check_connection=ROLE_SUPERVISOR, ROLE_GROUP_SUPERVISOR
/api/admin/pipelines=ROLE_SUPERVISOR,ROLE_GROUP_SUPERVISOR
/api/admin/pipelines/*=ROLE_SUPERVISOR,ROLE_GROUP_SUPERVISOR
/api/admin/encrypt=ROLE_SUPERVISOR, ROLE_GROUP_SUPERVISOR, ROLE_TEMPLATE_SUPERVISOR
/api/admin/scms/**=ROLE_SUPERVISOR, ROLE_GROUP_SUPERVISOR
/api/admin/repositories/**=ROLE_SUPERVISOR, ROLE_GROUP_SUPERVISOR
/api/admin/packages/**=ROLE_SUPERVISOR, ROLE_GROUP_SUPERVISOR
@@ -17,12 +17,13 @@
module ApiV1
module Admin
class EncryptionController < ApiV1::BaseController
before_action :check_admin_user_or_group_admin_user_and_401
before_action :check_any_admin_user_and_401

@@go_cipher = GoCipher.new

def encrypt_value
render DEFAULT_FORMAT => {encrypted_value: @@go_cipher.encrypt(params[:value])}
encrypted_value = @@go_cipher.encrypt(params[:value])
render DEFAULT_FORMAT => ApiV1::EncryptedValueRepresenter.new(encrypted_value).to_hash(url_builder: self)
rescue
render_message("An error occurred while encrypting the value. Please check the logs for more details.", :internal_server_error)
end
@@ -70,6 +70,14 @@ def check_admin_user_or_group_admin_user_and_401
end
end

def check_any_admin_user_and_401
return unless security_service.isSecurityEnabled()
if !(security_service.isUserAdmin(current_user) || security_service.isUserGroupAdmin(current_user) || security_service.isAuthorizedToViewAndEditTemplates(current_user))
Rails.logger.info("User '#{current_user.getUsername}' attempted to perform an unauthorized action!")
render_unauthorized_error
end
end

def check_pipeline_group_admin_user_and_401
groupName = params[:group] || go_config_service.findGroupNameByPipeline(com.thoughtworks.go.config.CaseInsensitiveString.new(params[:pipeline_name]))
return unless security_service.isSecurityEnabled()
@@ -0,0 +1,35 @@
##########################################################################
# Copyright 2016 ThoughtWorks, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
##########################################################################

module ApiV1
class EncryptedValueRepresenter < ApiV1::BaseRepresenter

link :self do |opts|
opts[:url_builder].apiv1_admin_encrypt_url
end

link :doc do |opts|
'https://api.go.cd/#encryption'
end

property :encrypted_value, exec_context: :decorator

def encrypted_value
represented
end

end
end
@@ -45,6 +45,11 @@
login_as_group_admin
expect(controller).to allow_action(:post, :encrypt_value)
end

it 'should allow template admin users, with security enabled' do
login_as_template_admin
expect(controller).to allow_action(:post, :encrypt_value)
end
end

describe :route do
@@ -70,8 +75,8 @@
login_as_admin
post_with_api_header :encrypt_value, {value: 'foo'}

expect(response.status).to eq(200)
expect(actual_response).to eq({encrypted_value: GoCipher.new.encrypt('foo')})
expect(response).to be_ok
expected_response(GoCipher.new.encrypt('foo'), ApiV1::EncryptedValueRepresenter)
end
end
end
@@ -0,0 +1,28 @@
##########################################################################
# Copyright 2016 ThoughtWorks, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
##########################################################################

require 'spec_helper'

describe ApiV1::EncryptedValueRepresenter do
it 'should render encrypted value with hal representation' do
actual_json = ApiV1::EncryptedValueRepresenter.new("encrypted_string").to_hash(url_builder: UrlBuilder.new)
expect(actual_json).to have_link(:self).with_url(UrlBuilder.new.apiv1_admin_encrypt_url)
expect(actual_json).to have_link(:doc).with_url('https://api.go.cd/#encryption')
actual_json.delete(:_links)

expect(actual_json).to eq({encrypted_value: "encrypted_string"})
end
end
@@ -97,6 +97,7 @@ def login_as_template_admin
enable_security
controller.stub(:current_user).and_return(@user = Username.new(CaseInsensitiveString.new(SecureRandom.hex)))
@security_service.stub(:isUserAdmin).with(@user).and_return(false)
@security_service.stub(:isUserGroupAdmin).with(@user).and_return(false)
@security_service.stub(:isAuthorizedToViewAndEditTemplates).with(@user).and_return(true)
@security_service.stub(:isAuthorizedToEditTemplate).with(anything, anything).and_return(true)
end

0 comments on commit 467cf5f

Please sign in to comment.
You can’t perform that action at this time.