Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

fixed #33

secure the coldbox default reinit and debug passwords
  • Loading branch information...
commit 171645332ffc90ecae2662eaad8bef55b0cefb6a 1 parent 49547ec
@lmajano lmajano authored
View
3  .gitignore
@@ -7,4 +7,5 @@ _modules/**
logs/**
web.config
"Icon\r"
-WEB-INF/**
+WEB-INF/**
+test/logs/**
View
2  test/Application.cfc
@@ -27,7 +27,9 @@ Description :
this.datasource = "contentbox";
// FILL OUT: THE LOCATION OF THE CONTENTBOX MODULE
this.mappings["/contentbox-shell"] = replacenocase(getDirectoryFromPath(getCurrentTemplatePath()),"test/","");
+ this.mappings["/contentbox-test"] = getDirectoryFromPath(getCurrentTemplatePath());
this.mappings["/contentbox"] = this.mappings["/contentbox-shell"] & "/modules/contentbox" ;
+ this.mappings["/coldbox"] = this.mappings["/contentbox-shell"] & "/coldbox" ;
this.ormSettings = {
cfclocation=["/contentbox"],
View
15 test/modules/contentbox-installer/unit/InstallerServiceTest.cfc
@@ -3,10 +3,23 @@
function setup(){
super.setup();
installer = getModel("InstallerService@cbi");
+ resourcesPath = expandPath("/contentbox-test/resources") & "/";
}
- function test(){
+ function testprocessColdBoxPasswords(){
+ setup = getModel("SetupBean@cbi");
+ var original = fileRead(resourcesPath & "config/Coldbox.cfc");
+ try{
+ installer.setAppPath( resourcesPath );
+ installer.processColdBoxPasswords( setup );
+ var updated = fileRead(resourcesPath & "config/Coldbox.cfc");
+ assertFalse( findnocase(updated,"@fwPassword@") );
+ }
+ catch(any e){}
+ finally{
+ fileWrite(resourcesPath & "config/Coldbox.cfc", original);
+ }
}
}
View
126 test/resources/config/Coldbox.cfc
@@ -0,0 +1,126 @@
+<cfcomponent output="false" hint="My App Configuration">
+<cfscript>
+ // Configure ColdBox Application
+ function configure(){
+
+ // coldbox directives
+ coldbox = {
+ //Application Setup
+ appName = "ContentBox",
+
+ //Development Settings
+ debugMode = false,
+ debugPassword = "@fwPassword@",
+ reinitPassword = "@fwPassword@",
+ handlersIndexAutoReload = false,
+
+ //Implicit Events
+ defaultEvent = "General.index",
+ requestStartHandler = "",
+ requestEndHandler = "",
+ applicationStartHandler = "",
+ applicationEndHandler = "",
+ sessionStartHandler = "",
+ sessionEndHandler = "",
+ missingTemplateHandler = "",
+
+ //Extension Points
+ UDFLibraryFile = "includes/helpers/ApplicationHelper.cfm",
+ coldboxExtensionsLocation = "",
+ modulesExternalLocation = [],
+ pluginsExternalLocation = "",
+ viewsExternalLocation = "",
+ layoutsExternalLocation = "",
+ handlersExternalLocation = "",
+ requestContextDecorator = "",
+
+ //Error/Exception Handling
+ exceptionHandler = "",
+ onInvalidEvent = "",
+ customErrorTemplate = "",
+
+ //Application Aspects
+ handlerCaching = true,
+ eventCaching = true
+ };
+
+ // custom settings
+ settings = {
+
+ };
+
+ // environment settings, create a detectEnvironment() method to detect it yourself.
+ // create a function with the name of the environment so it can be executed if that environment is detected
+ // the value of the environment is a list of regex patterns to match the cgi.http_host.
+ environments = {
+ development = "^cf9.,^railo."
+ };
+
+ // Module Directives
+ modules = {
+ //Turn to false in production
+ autoReload = false,
+ // An array of modules names to load, empty means all of them
+ include = [],
+ // An array of modules names to NOT load, empty means none
+ exclude = []
+ };
+
+ //LogBox DSL
+ logBox = {
+ // Define Appenders
+ appenders = {
+ coldboxTracer = { class="coldbox.system.logging.appenders.ColdboxTracerAppender" }
+ },
+ // Root Logger
+ root = { levelmax="INFO", appenders="*" }
+ // Implicit Level Categories
+ //info = [ "coldbox.system" ]
+ };
+
+ //Layout Settings
+ layoutSettings = {
+ defaultLayout = "Layout.Main.cfm"
+ };
+
+ // ORM
+ orm = {
+ // Enable Injection
+ injection = {
+ enabled = true
+ }
+ };
+
+ //Register interceptors as an array, we need order
+ interceptors = [
+ //SES
+ {class="coldbox.system.interceptors.SES"}
+ ];
+
+ }
+
+ // ORTUS DEVELOPMENT ENVIRONMENT, REMOVE FOR YOUR APP IF NEEDED
+ function development(){
+ //coldbox.debugmode=true;
+ coldbox.handlersIndexAutoReload = true;
+ coldbox.handlerCaching = false;
+ coldbox.reinitpassword = "";
+ coldbox.debugpassword = "";
+ wirebox.singletonreload = true;
+
+ //Debugger Settings
+ debugger.showRCPanel = false;
+
+ // ses debugging
+ logbox.appenders.files={class="coldbox.system.logging.appenders.RollingFileAppender",
+ properties = {
+ filename = "ContentBox", filePath="../logs"
+ }
+ };
+ //logbox.debug = ["coldbox.system.interceptors.SES"];
+ //logbox.debug = [ "coldbox.system.aop" ];
+
+ }
+
+</cfscript>
+</cfcomponent>
Please sign in to comment.
Something went wrong with that request. Please try again.