External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-02-13 14:34:44 -03:30
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #574 from ryanpetrello/fix-7764

Browse Source 
properly perform validation on encrypted survey defaults
This commit is contained in:
Ryan Petrello
2017-11-10 12:07:54 -05:00
committed by GitHub
parent e22486ada8 78961c8037
commit bc705ad8ce
2 changed files with 29 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
awx/main/models/mixins.py
View File

@@ -163,6 +163,19 @@ class SurveyJobTemplateMixin(models.Model):
def _survey_element_validation(self, survey_element, data): def _survey_element_validation(self, survey_element, data):
errors = [] errors = []
# make a copy of the data to break references (so that we don't
# inadvertently expose unencrypted default passwords as we validate)
data = data.copy()
if all([
survey_element['type'] == "password",
data.get(survey_element['variable']) == '$encrypted$'
]):
# replace encrypted password defaults so we don't validate on
# $encrypted$
data[survey_element['variable']] = decrypt_value(
get_encryption_key('value', pk=None),
survey_element['default']
)
if survey_element['variable'] not in data and survey_element['required']: if survey_element['variable'] not in data and survey_element['required']:
errors.append("'%s' value missing" % survey_element['variable']) errors.append("'%s' value missing" % survey_element['variable'])
elif survey_element['type'] in ["textarea", "text", "password"]: elif survey_element['type'] in ["textarea", "text", "password"]:

16
awx/main/tests/unit/models/test_survey_models.py
View File

@@ -8,6 +8,7 @@ from awx.main.models import (
JobTemplate, JobTemplate,
WorkflowJobTemplate WorkflowJobTemplate
) )
from awx.main.utils.encryption import encrypt_value
@pytest.fixture @pytest.fixture
@@ -143,6 +144,21 @@ def test_optional_survey_question_defaults(
assert 'c' not in defaulted_extra_vars['extra_vars'] assert 'c' not in defaulted_extra_vars['extra_vars']
@pytest.mark.survey
def test_encrypted_default_validation(survey_spec_factory):
element = {
"required": True,
"default": encrypt_value("test1234", pk=None),
"variable": "x",
"min": 0,
"max": 8,
"type": "password",
}
spec = survey_spec_factory([element])
jt = JobTemplate(name="test-jt", survey_spec=spec, survey_enabled=True)
assert not len(jt.survey_variable_validation({'x': '$encrypted$'}))
@pytest.mark.survey @pytest.mark.survey
class TestWorkflowSurveys: class TestWorkflowSurveys:
def test_update_kwargs_survey_defaults(self, survey_spec_factory): def test_update_kwargs_survey_defaults(self, survey_spec_factory):