mask the default value for survey_spec password fields

2026-01-17 20:51:21 -03:30 · 2017-01-24 13:03:57 -05:00 · 2017-01-24 13:03:57 -05:00 · cf6c4fe7ac
commit cf6c4fe7ac
parent 7c8896a96e
2 changed files with 21 additions and 3 deletions
--- a/awx/api/views.py
+++ b/awx/api/views.py
@ -2420,7 +2420,13 @@ class JobTemplateSurveySpec(GenericAPIView):
        if not feature_enabled('surveys'):
            raise LicenseForbids(_('Your license does not allow '
                                   'adding surveys.'))
-        return Response(obj.survey_spec)
+        survey_spec = obj.survey_spec
+        for pos, field in enumerate(survey_spec['spec']):
+            if field.get('type') == 'password':
+                if 'default' in field and field['default']:
+                    field['default'] = '$encrypted$'
+
+        return Response(survey_spec)

    def post(self, request, *args, **kwargs):
        obj = self.get_object()
@ -2446,6 +2452,7 @@ class JobTemplateSurveySpec(GenericAPIView):
            return Response(dict(error=_("'spec' doesn't contain any items.")), status=status.HTTP_400_BAD_REQUEST)
        idx = 0
        variable_set = set()
+
        for survey_item in new_spec["spec"]:
            if not isinstance(survey_item, dict):
                return Response(dict(error=_("Survey question %s is not a json object.") % str(idx)), status=status.HTTP_400_BAD_REQUEST)
@ -2462,7 +2469,15 @@ class JobTemplateSurveySpec(GenericAPIView):
                variable_set.add(survey_item['variable'])
            if "required" not in survey_item:
                return Response(dict(error=_("'required' missing from survey question %s.") % str(idx)), status=status.HTTP_400_BAD_REQUEST)
+
+            if survey_item["type"] == "password":
+                if "default" in survey_item and survey_item["default"].startswith('$encrypted$'):
+                    old_spec = obj.survey_spec
+                    for old_item in old_spec['spec']:
+                        if old_item['variable'] == survey_item['variable']:
+                            survey_item['default'] = old_item['default']
            idx += 1
+
        obj.survey_spec = new_spec
        obj.save(update_fields=['survey_spec'])
        return Response()
--- a/awx/main/models/mixins.py
+++ b/awx/main/models/mixins.py
@ -108,8 +108,10 @@ class SurveyJobTemplateMixin(models.Model):
        # Overwrite with job template extra vars with survey default vars
        if self.survey_enabled and 'spec' in self.survey_spec:
            for survey_element in self.survey_spec.get("spec", []):
-                if 'default' in survey_element and survey_element['default']:
-                    extra_vars[survey_element['variable']] = survey_element['default']
+                if survey_element.get('type') == 'password':
+                    if 'default' in survey_element and survey_element['default'].startswith('$encrypted$'):
+                        continue
+                extra_vars[survey_element['variable']] = survey_element['default']

        # transform to dict
        if 'extra_vars' in kwargs:
@ -148,6 +150,7 @@ class SurveyJobTemplateMixin(models.Model):
                    if 'max' in survey_element and survey_element['max'] not in ["", None] and len(data[survey_element['variable']]) > int(survey_element['max']):
                        errors.append("'%s' value %s is too large (must be no more than %s)." %
                                      (survey_element['variable'], data[survey_element['variable']], survey_element['max']))
+
            elif survey_element['type'] == 'integer':
                if survey_element['variable'] in data:
                    if type(data[survey_element['variable']]) != int: