/
models.rb
148 lines (120 loc) · 3.86 KB
/
models.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
require 'active_support/all'
require 'active_record'
require 'securerandom'
module FixAuth
class FixAuthentication < ActiveRecord::Base
include FixAuth::AuthModel
self.table_name = "authentications"
self.password_columns = %w[password auth_key]
self.inheritance_column = :_type_disabled
end
class FixConfigurationScript < ActiveRecord::Base
include FixAuth::AuthConfigModel
self.table_name = "configuration_scripts"
self.password_columns = %w[credentials]
# no particular fields for passwords, instead encrypt everything
self.password_fields = []
# blank prefix matches all fields
self.password_prefix = ""
end
class FixMiqDatabase < ActiveRecord::Base
include FixAuth::AuthModel
self.table_name = "miq_databases"
self.password_columns = %w[registration_http_proxy_server registration_http_proxy_password
session_secret_token csrf_secret_token]
def self.hardcode(old_value, _new_value)
super(old_value, SecureRandom.hex(64))
end
end
class FixMiqAeValue < ActiveRecord::Base
include FixAuth::AuthModel
self.table_name = "miq_ae_values"
self.password_columns = %w[value]
belongs_to :field, :class_name => "FixMiqAeField", :foreign_key => :field_id
# add foreign keys so includes will work
def self.select_columns
super + [:field_id]
end
# only bring back columns that store passwords
# we want to use joins, but using joins makes this readonly, so we're using includes instead
def self.contenders
super.includes(:field).where(:miq_ae_fields => {:datatype => 'password'})
end
end
class FixMiqAeField < ActiveRecord::Base
include FixAuth::AuthModel
self.table_name = "miq_ae_fields"
self.password_columns = %w[default_value]
# only fix columns with password values
def self.contenders
super.where(:datatype => 'password')
end
end
class FixMiqRequest < ActiveRecord::Base
include FixAuth::AuthConfigModel
# don't want to leverage STI
self.inheritance_column = :_type_disabled
self.password_columns = %w[options]
self.password_fields = %w[root_password sysprep_password sysprep_domain_password]
self.password_prefix = "password::"
self.symbol_keys = true
self.table_name = "miq_requests"
end
class FixMiqRequestTask < ActiveRecord::Base
include FixAuth::AuthConfigModel
# don't want to leverage STI
self.inheritance_column = :_type_disabled
self.password_columns = %w[options]
self.password_fields = %w[root_password sysprep_password sysprep_domain_password]
self.password_prefix = "password::"
self.symbol_keys = true
self.table_name = "miq_request_tasks"
end
class FixSettingsChange < ActiveRecord::Base
include FixAuth::AuthModel
self.table_name = "settings_changes"
self.password_columns = %w[value]
serialize :value
def self.contenders
query = password_fields.collect do |field|
"(key LIKE '%/#{field}')"
end.join(" OR ")
super.where(query)
end
# keys that contain protected fields in the settings
def self.password_fields
Vmdb::SettingsWalker::PASSWORD_FIELDS +
%w[openssl_verify_mode]
end
end
class FixDatabaseYml
attr_accessor :id
attr_accessor :yml
include FixAuth::AuthConfigModel
class << self
attr_accessor :available_columns
attr_accessor :file_name
def table_name
file_name.gsub(".yml", "")
end
end
def initialize(options = {})
options.each { |n, v| public_send(:"#{n}=", v) }
end
def load
@yml = File.read(id)
self
end
def changed?
true
end
def save!
File.write(id, @yml)
end
self.password_fields = %w[password]
self.available_columns = %w[yml]
def self.contenders
[new(:id => file_name).load]
end
end
end