From 895ad70a123b40262233d5d9e08f6d13d3c8f2a4 Mon Sep 17 00:00:00 2001
From: mabashian <mabashia@redhat.com>
Date: Mon, 16 Apr 2018 15:38:32 -0400
Subject: [PATCH] Prevent users from attempting to create a template schedule
 or workflow node with credentials that require passwords

---
 .../launchTemplateButton.partial.html             |  2 +-
 .../relaunchButton/relaunchButton.partial.html    |  2 +-
 .../job-templates/job-templates-list.partial.html |  2 +-
 .../client/src/portal-mode/portal-mode.route.js   |  2 +-
 .../src/scheduler/schedulerAdd.controller.js      |  2 ++
 .../src/scheduler/schedulerEdit.controller.js     |  2 ++
 .../src/scheduler/schedulerForm.partial.html      |  2 +-
 .../src/templates/prompt/prompt.controller.js     |  1 +
 .../src/templates/prompt/prompt.directive.js      |  3 ++-
 .../src/templates/prompt/prompt.partial.html      | 15 ++++++++++++---
 .../credential/prompt-credential.directive.js     |  3 ++-
 .../credential/prompt-credential.partial.html     | 14 +++++++++++++-
 .../workflow-maker/workflow-maker.controller.js   |  1 +
 .../workflow-maker/workflow-maker.partial.html    |  2 +-
 14 files changed, 41 insertions(+), 12 deletions(-)

diff --git a/awx/ui/client/lib/components/launchTemplateButton/launchTemplateButton.partial.html b/awx/ui/client/lib/components/launchTemplateButton/launchTemplateButton.partial.html
index 9ac0fc2e1b..fc5c90de57 100644
--- a/awx/ui/client/lib/components/launchTemplateButton/launchTemplateButton.partial.html
+++ b/awx/ui/client/lib/components/launchTemplateButton/launchTemplateButton.partial.html
@@ -5,5 +5,5 @@
             data-placement="top">
             <i class="icon-launch"></i>
     </button>
-    <prompt prompt-data="vm.promptData" on-finish="vm.launchTemplateWithPrompts()"></launch>
+    <prompt prompt-data="vm.promptData" on-finish="vm.launchTemplateWithPrompts()"></prompt>
 </div>
diff --git a/awx/ui/client/lib/components/relaunchButton/relaunchButton.partial.html b/awx/ui/client/lib/components/relaunchButton/relaunchButton.partial.html
index 69b3eea711..280380dcbc 100644
--- a/awx/ui/client/lib/components/relaunchButton/relaunchButton.partial.html
+++ b/awx/ui/client/lib/components/relaunchButton/relaunchButton.partial.html
@@ -30,5 +30,5 @@
             ng-if="!vm.showDropdown">
             <i class="{{ vm.icon }}"></i>
     </button>
-    <prompt prompt-data="vm.promptData" on-finish="vm.relaunchJobWithPassword()"></launch>
+    <prompt prompt-data="vm.promptData" on-finish="vm.relaunchJobWithPassword()"></prompt>
 </div>
diff --git a/awx/ui/client/src/home/dashboard/lists/job-templates/job-templates-list.partial.html b/awx/ui/client/src/home/dashboard/lists/job-templates/job-templates-list.partial.html
index c80c4f955e..e60a7e5c71 100644
--- a/awx/ui/client/src/home/dashboard/lists/job-templates/job-templates-list.partial.html
+++ b/awx/ui/client/src/home/dashboard/lists/job-templates/job-templates-list.partial.html
@@ -56,4 +56,4 @@
         <translate>You can create a job template <a href="#/templates/add_job_template">here</a>.</translate></p>
     </div>
 </div>
-<prompt prompt-data="promptData" on-finish="launchJob()"></launch>
+<prompt prompt-data="promptData" on-finish="launchJob()"></prompt>
diff --git a/awx/ui/client/src/portal-mode/portal-mode.route.js b/awx/ui/client/src/portal-mode/portal-mode.route.js
index cb347821b3..8812a489d6 100644
--- a/awx/ui/client/src/portal-mode/portal-mode.route.js
+++ b/awx/ui/client/src/portal-mode/portal-mode.route.js
@@ -50,7 +50,7 @@ export default {
                     list: PortalJobTemplateList,
                     mode: 'edit'
                 });
-                return html + '<prompt prompt-data="promptData" on-finish="launchJob()"></launch>';
+                return html + '<prompt prompt-data="promptData" on-finish="launchJob()"></prompt>';
             },
             controller: PortalModeJobTemplatesController
         }
diff --git a/awx/ui/client/src/scheduler/schedulerAdd.controller.js b/awx/ui/client/src/scheduler/schedulerAdd.controller.js
index 4e34389a7e..4a6ad12c9c 100644
--- a/awx/ui/client/src/scheduler/schedulerAdd.controller.js
+++ b/awx/ui/client/src/scheduler/schedulerAdd.controller.js
@@ -32,6 +32,8 @@ export default ['$filter', '$state', '$stateParams', '$http', 'Wait',
         $scope.$parent.schedulerEndDt = month + '/' + day + '/' + dt.getFullYear();
     };
 
+    $scope.preventCredsWithPasswords = true;
+
     /*
      * This is a workaround for the angular-scheduler library inserting `ll` into fields after an
      * invalid entry and never unsetting them. Presumably null is being truncated down to 2 chars
diff --git a/awx/ui/client/src/scheduler/schedulerEdit.controller.js b/awx/ui/client/src/scheduler/schedulerEdit.controller.js
index f82d89cd46..5893d7394e 100644
--- a/awx/ui/client/src/scheduler/schedulerEdit.controller.js
+++ b/awx/ui/client/src/scheduler/schedulerEdit.controller.js
@@ -10,6 +10,8 @@ function($filter, $state, $stateParams, Wait, $scope, moment,
 
     let schedule, scheduler, scheduleCredentials = [];
 
+    $scope.preventCredsWithPasswords = true;
+
     // initial end @ midnight values
     $scope.schedulerEndHour = "00";
     $scope.schedulerEndMinute = "00";
diff --git a/awx/ui/client/src/scheduler/schedulerForm.partial.html b/awx/ui/client/src/scheduler/schedulerForm.partial.html
index bea1d9eade..bb68bfbaaf 100644
--- a/awx/ui/client/src/scheduler/schedulerForm.partial.html
+++ b/awx/ui/client/src/scheduler/schedulerForm.partial.html
@@ -686,5 +686,5 @@
                 ng-disabled="!schedulerIsValid || promptModalMissingReqFields"> Save</button>
         </div>
     </div>
-    <prompt prompt-data="promptData" action-text="CONFIRM"></launch>
+    <prompt prompt-data="promptData" action-text="CONFIRM" prevent-creds-with-passwords="preventCredsWithPasswords"></prompt>
 </div>
diff --git a/awx/ui/client/src/templates/prompt/prompt.controller.js b/awx/ui/client/src/templates/prompt/prompt.controller.js
index 5b6f035dd5..95e756fd78 100644
--- a/awx/ui/client/src/templates/prompt/prompt.controller.js
+++ b/awx/ui/client/src/templates/prompt/prompt.controller.js
@@ -16,6 +16,7 @@ export default [ 'Rest', 'GetBasePath', 'ProcessErrors', 'CredentialTypeModel',
             ({ modal } = scope[scope.ns]);
 
             scope.$watch('vm.promptData.triggerModalOpen', () => {
+
                 vm.actionButtonClicked = false;
                 if(vm.promptData && vm.promptData.triggerModalOpen) {
 
diff --git a/awx/ui/client/src/templates/prompt/prompt.directive.js b/awx/ui/client/src/templates/prompt/prompt.directive.js
index 501d89f79a..b09a3bcc84 100644
--- a/awx/ui/client/src/templates/prompt/prompt.directive.js
+++ b/awx/ui/client/src/templates/prompt/prompt.directive.js
@@ -5,7 +5,8 @@ export default [ 'templateUrl',
         scope: {
             promptData: '=',
             onFinish: '&',
-            actionText: '@actionText'
+            actionText: '@actionText',
+            preventCredsWithPasswords: '<'
         },
         templateUrl: templateUrl('templates/prompt/prompt'),
         replace: true,
diff --git a/awx/ui/client/src/templates/prompt/prompt.partial.html b/awx/ui/client/src/templates/prompt/prompt.partial.html
index 98ca4f9644..a25bef7e0b 100644
--- a/awx/ui/client/src/templates/prompt/prompt.partial.html
+++ b/awx/ui/client/src/templates/prompt/prompt.partial.html
@@ -12,7 +12,11 @@
                 <prompt-inventory prompt-data="vm.promptDataClone"></prompt-inventory>
             </div>
             <div ng-if="vm.steps.credential.includeStep" ng-show="vm.steps.credential.tab._active">
-                <prompt-credential prompt-data="vm.promptDataClone" credential-passwords-form="vm.forms.credentialPasswords"></prompt-credential>
+                <prompt-credential
+                    prompt-data="vm.promptDataClone"
+                    credential-passwords-form="vm.forms.credentialPasswords"
+                    prevent-creds-with-passwords="vm.preventCredsWithPasswords">
+                </prompt-credential>
             </div>
             <div ng-if="vm.steps.other_prompts.includeStep" ng-show="vm.steps.other_prompts.tab._active">
                 <prompt-other-prompts prompt-data="vm.promptDataClone" other-prompts-form="vm.forms.otherPrompts" is-active-step="vm.steps.other_prompts.tab._active"></prompt-other-prompts>
@@ -26,8 +30,13 @@
         </div>
         <div class="Prompt-footer">
             <button class="Prompt-defaultButton" ng-click="vm.cancel()">{{:: vm.strings.get('CANCEL') }}</button>
-            <button class="Prompt-actionButton" ng-show="vm.steps.inventory.tab._active" ng-click="vm.next(vm.steps.inventory.tab)" ng-disabled="!vm.promptDataClone.prompts.inventory.value.id">{{:: vm.strings.get('NEXT') }}</button>
-            <button class="Prompt-actionButton" ng-show="vm.steps.credential.tab._active" ng-click="vm.next(vm.steps.credential.tab)" ng-disabled="!vm.forms.credentialPasswords.$valid || (vm.promptDataClone.credentialTypeMissing && vm.promptDataClone.credentialTypeMissing.length > 0)">{{:: vm.strings.get('NEXT') }}</button>
+            <button class="Prompt-actionButton" ng-show="vm.steps.inventory.tab._active" ng-click="vm.next(vm.steps.inventory.tab)" ng-disabled="!vm.vm.promptDataClone.prompts.inventory.value.id">{{:: vm.strings.get('NEXT') }}</button>
+            <button class="Prompt-actionButton"
+                ng-show="vm.steps.credential.tab._active"
+                ng-click="vm.next(vm.steps.credential.tab)"
+                ng-disabled="(preventCredsWithPasswords && (vm.promptDataClone.prompts.credentials.passwords.ssh || vm.promptDataClone.prompts.credentials.passwords.become || vm.promptDataClone.prompts.credentials.passwords.ssh_key_unlock || (vm.promptDataClone.prompts.credentials.passwords.vault && vm.promptDataClone.prompts.credentials.passwords.vault.length > 0))) ||
+                 !vm.forms.credentialPasswords.$valid ||
+                 (vm.promptData.credentialTypeMissing && vm.promptData.credentialTypeMissing.length > 0)">{{:: vm.strings.get('NEXT') }}</button>
             <button class="Prompt-actionButton" ng-show="vm.steps.other_prompts.tab._active" ng-click="vm.next(vm.steps.other_prompts.tab)" ng-disabled="!vm.forms.otherPrompts.$valid">{{:: vm.strings.get('NEXT') }}</button>
             <button class="Prompt-actionButton" ng-show="vm.steps.survey.tab._active" ng-click="vm.next(vm.steps.survey.tab)" ng-disabled="!vm.forms.survey.$valid">{{:: vm.strings.get('NEXT') }}</button>
             <button class="Prompt-actionButton" ng-show="vm.steps.preview.tab._active" ng-click="vm.finish()" ng-bind="vm.actionText" ng-disabled="vm.actionButtonClicked"></button>
diff --git a/awx/ui/client/src/templates/prompt/steps/credential/prompt-credential.directive.js b/awx/ui/client/src/templates/prompt/steps/credential/prompt-credential.directive.js
index 5d32df89fa..80d277db7a 100644
--- a/awx/ui/client/src/templates/prompt/steps/credential/prompt-credential.directive.js
+++ b/awx/ui/client/src/templates/prompt/steps/credential/prompt-credential.directive.js
@@ -11,7 +11,8 @@ export default [ 'templateUrl', '$compile', 'generateList',
     return {
         scope: {
           promptData: '=',
-          credentialPasswordsForm: '='
+          credentialPasswordsForm: '=',
+          preventCredsWithPasswords: '<'
         },
         templateUrl: templateUrl('templates/prompt/steps/credential/prompt-credential'),
         controller: promptCredentialController,
diff --git a/awx/ui/client/src/templates/prompt/steps/credential/prompt-credential.partial.html b/awx/ui/client/src/templates/prompt/steps/credential/prompt-credential.partial.html
index b7fa10066e..bcafc859d8 100644
--- a/awx/ui/client/src/templates/prompt/steps/credential/prompt-credential.partial.html
+++ b/awx/ui/client/src/templates/prompt/steps/credential/prompt-credential.partial.html
@@ -44,6 +44,18 @@
             <span class="fa fa-warning"></span>&nbsp;{{:: vm.strings.get('prompt.CREDENTIAL_TYPE_MISSING', missingCred.label) }}
         </div>
     </div>
+    <span>
+        <div ng-if="preventCredsWithPasswords && (promptData.prompts.credentials.passwords.ssh || promptData.prompts.credentials.passwords.become || promptData.prompts.credentials.passwords.ssh_key_unlock || (promptData.prompts.credentials.passwords.vault && promptData.prompts.credentials.passwords.vault.length > 0))">
+            <div style="margin-bottom: 5px;color:#D9534F;">
+                <span class="fa fa-warning"></span>
+                <span>Credentials that require passwords on launch are not permitted for template schedules and workflow nodes.  The following credentials must be removed or replaced to proceed:</span>
+            </div>
+            <div style="margin-bottom: 20px;">
+                <div ng-if="promptData.prompts.credentials.passwords.ssh || promptData.prompts.credentials.passwords.become || promptData.prompts.credentials.passwords.ssh_key_unlock">{{promptData.prompts.credentials.passwords.ssh.name || promptData.prompts.credentials.passwords.become.name || promptData.prompts.credentials.passwords.ssh_key_unlock.name}}</div>
+                <div ng-if="promptData.prompts.credentials.passwords.vault && promptData.prompts.credentials.passwords.vault.length > 0" ng-repeat="vaultCred in promptData.prompts.credentials.passwords.vault">{{vaultCred.name}}</div>
+            </div>
+        </div>
+    </span>
     <span ng-show="promptData.launchConf.ask_credential_on_launch">
         <div class="Prompt-credentialSubSection">
             <span class="Prompt-label">{{:: vm.strings.get('prompt.CREDENTIAL_TYPE') }}:</span>
@@ -53,7 +65,7 @@
         </div>
         <div id="prompt-credential"></div>
     </span>
-    <div ng-show="promptData.prompts.credentials.passwords.ssh || promptData.prompts.credentials.passwords.become || promptData.prompts.credentials.passwords.ssh_key_unlock || (promptData.prompts.credentials.passwords.vault && promptData.prompts.credentials.passwords.vault.length > 0)">
+    <div ng-show="!preventCredsWithPasswords && (promptData.prompts.credentials.passwords.ssh || promptData.prompts.credentials.passwords.become || promptData.prompts.credentials.passwords.ssh_key_unlock || (promptData.prompts.credentials.passwords.vault && promptData.prompts.credentials.passwords.vault.length > 0))">
         <div class="Prompt-instructions">{{:: vm.strings.get('prompt.PASSWORDS_REQUIRED_HELP') }}</div>
         <form name="credentialPasswordsForm" autocomplete="off" novalidate>
             <div class="form-group Form-formGroup Form-formGroup--singleColumn" ng-if="promptData.prompts.credentials.passwords.ssh">
diff --git a/awx/ui/client/src/templates/workflows/workflow-maker/workflow-maker.controller.js b/awx/ui/client/src/templates/workflows/workflow-maker/workflow-maker.controller.js
index c27ecde1d7..a4119b4a79 100644
--- a/awx/ui/client/src/templates/workflows/workflow-maker/workflow-maker.controller.js
+++ b/awx/ui/client/src/templates/workflows/workflow-maker/workflow-maker.controller.js
@@ -14,6 +14,7 @@ export default ['$scope', 'WorkflowService', 'GetBasePath', 'TemplatesService',
         let promptWatcher, surveyQuestionWatcher;
 
         $scope.strings = TemplatesStrings;
+        $scope.preventCredsWithPasswords = true;
 
         $scope.workflowMakerFormConfig = {
             nodeMode: "idle",
diff --git a/awx/ui/client/src/templates/workflows/workflow-maker/workflow-maker.partial.html b/awx/ui/client/src/templates/workflows/workflow-maker/workflow-maker.partial.html
index ad0a5fc9d5..8fb59e1349 100644
--- a/awx/ui/client/src/templates/workflows/workflow-maker/workflow-maker.partial.html
+++ b/awx/ui/client/src/templates/workflows/workflow-maker/workflow-maker.partial.html
@@ -129,5 +129,5 @@
         <button type="button" class="btn btn-sm WorkflowMaker-cancelButton" ng-click="closeWorkflowMaker()"> Close</button>
         <button type="button" class="btn btn-sm WorkflowMaker-saveButton" ng-click="saveWorkflowMaker()" ng-show="workflowJobTemplateObj.summary_fields.user_capabilities.edit || canAddWorkflowJobTemplate" ng-disabled="edgeFlags.conflict || workflowMakerFormConfig.nodeMode === 'add'"> Save</button>
     </div>
-    <prompt prompt-data="promptData" action-text="CONFIRM"></launch>
+    <prompt prompt-data="promptData" action-text="CONFIRM" prevent-creds-with-passwords="preventCredsWithPasswords"></prompt>
 </div>