Add support for encrypting settings that are passwords.

2026-02-01 01:28:09 -03:30 · 2016-11-30 11:22:39 -05:00
parent 2efe178fd4
commit 6a02ca1de0
8 changed files with 90 additions and 2 deletions
--- a/awx/main/tests/functional/api/test_settings.py
+++ b/awx/main/tests/functional/api/test_settings.py
@@ -65,6 +65,40 @@ def test_ldap_settings(get, put, patch, delete, admin, enterprise_license):
    patch(url, user=admin, data={'AUTH_LDAP_SERVER_URI': 'ldap://ldap.example.com, ldap://ldap2.example.com'}, expect=200)


+@pytest.mark.django_db
+def test_radius_settings(get, put, patch, delete, admin, enterprise_license, settings):
+    url = reverse('api:setting_singleton_detail', args=('radius',))
+    get(url, user=admin, expect=404)
+    Setting.objects.create(key='LICENSE', value=enterprise_license)
+    response = get(url, user=admin, expect=200)
+    put(url, user=admin, data=response.data, expect=200)
+    # Set secret via the API.
+    patch(url, user=admin, data={'RADIUS_SECRET': 'mysecret'}, expect=200)
+    response = get(url, user=admin, expect=200)
+    assert response.data['RADIUS_SECRET'] == '$encrypted$'
+    assert Setting.objects.filter(key='RADIUS_SECRET').first().value.startswith('$encrypted$')
+    assert settings.RADIUS_SECRET == 'mysecret'
+    # Set secret via settings wrapper.
+    settings_wrapper = settings._awx_conf_settings
+    settings_wrapper.RADIUS_SECRET = 'mysecret2'
+    response = get(url, user=admin, expect=200)
+    assert response.data['RADIUS_SECRET'] == '$encrypted$'
+    assert Setting.objects.filter(key='RADIUS_SECRET').first().value.startswith('$encrypted$')
+    assert settings.RADIUS_SECRET == 'mysecret2'
+    # If we send back $encrypted$, the setting is not updated.
+    patch(url, user=admin, data={'RADIUS_SECRET': '$encrypted$'}, expect=200)
+    response = get(url, user=admin, expect=200)
+    assert response.data['RADIUS_SECRET'] == '$encrypted$'
+    assert Setting.objects.filter(key='RADIUS_SECRET').first().value.startswith('$encrypted$')
+    assert settings.RADIUS_SECRET == 'mysecret2'
+    # If we send an empty string, the setting is also set to an empty string.
+    patch(url, user=admin, data={'RADIUS_SECRET': ''}, expect=200)
+    response = get(url, user=admin, expect=200)
+    assert response.data['RADIUS_SECRET'] == ''
+    assert Setting.objects.filter(key='RADIUS_SECRET').first().value == ''
+    assert settings.RADIUS_SECRET == ''
+
+
@pytest.mark.django_db
 def test_ui_settings(get, put, patch, delete, admin, enterprise_license):
    url = reverse('api:setting_singleton_detail', args=('ui',))