webui: crypt user password by default before passing it to backend

NOTE: using the same method as the current Gtk GUI
rhinstaller · Nov 14, 2023 · 49e91c8 · 49e91c8
1 parent bed2e8b
commit 49e91c8
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 6 deletions.
diff --git a/ui/webui/src/components/AnacondaWizard.jsx b/ui/webui/src/components/AnacondaWizard.jsx
@@ -39,7 +39,7 @@ import { getDefaultScenario } from "./storage/InstallationScenario.jsx";
 import { MountPointMapping, getPageProps as getMountPointMappingProps } from "./storage/MountPointMapping.jsx";
 import { DiskEncryption, getStorageEncryptionState, getPageProps as getDiskEncryptionProps } from "./storage/DiskEncryption.jsx";
 import { InstallationLanguage, getPageProps as getInstallationLanguageProps } from "./localization/InstallationLanguage.jsx";
-import { Accounts, getPageProps as getAccountsProps, getAccountsState, accountsToDbusUsers } from "./users/Accounts.jsx";
+import { Accounts, getPageProps as getAccountsProps, getAccountsState, accountsToDbusUsers, cryptUserPassword } from "./users/Accounts.jsx";
 import { InstallationProgress } from "./installation/InstallationProgress.jsx";
 import { ReviewConfiguration, ReviewConfigurationConfirmModal, getPageProps as getReviewConfigurationProps } from "./review/ReviewConfiguration.jsx";
 import { exitGui } from "../helpers/exit.js";
@@ -362,8 +362,12 @@ const Footer = ({
                 },
             });
         } else if (activeStep.id === "accounts") {
-            setUsers(accountsToDbusUsers(accounts));
-            onNext();
+            cryptUserPassword(accounts.password)
+                    .then(cryptedPassword => {
+                        const users = accountsToDbusUsers({ ...accounts, password: cryptedPassword });
+                        setUsers(users);
+                        onNext();
+                    }, onCritFail({ context: N_("Password ecryption failed.") }));
         } else {
             onNext();
         }

diff --git a/ui/webui/src/components/users/Accounts.jsx b/ui/webui/src/components/users/Accounts.jsx
@@ -45,12 +45,18 @@ export function getAccountsState (
     };
 }
 
+export const cryptUserPassword = async (password) => {
+    const pythonScript = `from random import SystemRandom as sr; import crypt; print(crypt.crypt("${password}", "$y$j9T$" + "".join(sr().choice("./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz") for _sc in range(24))))`;
+    const crypted = await cockpit.spawn(["python3", "-c", pythonScript]);
+    return crypted;
+};
+
 export const accountsToDbusUsers = (accounts) => {
     return [{
         name: cockpit.variant("s", accounts.userAccount || ""),
         gecos: cockpit.variant("s", accounts.fullName || ""),
         password: cockpit.variant("s", accounts.password || ""),
-        "is-crypted": cockpit.variant("b", false),
+        "is-crypted": cockpit.variant("b", true),
         groups: cockpit.variant("as", ["wheel"]),
     }];
 };

diff --git a/ui/webui/test/check-users b/ui/webui/test/check-users
@@ -44,8 +44,7 @@ class TestUsers(anacondalib.VirtInstallMachineCase):
 
         users = u.dbus_get_users()
         self.assertIn('"groups" as 1 "wheel"', users)
-        self.assertIn('"is-crypted" b false', users)
-        self.assertIn('"password" s "password"', users)
+        self.assertIn('"is-crypted" b true', users)
 
 if __name__ == '__main__':
     test_main()