master to 40f343f

bhaisaab Wed, 11 Mar 2015 04:05:57 -0700

Repository: cloudstack
Updated Branches:
  refs/heads/master 182d770f9 -> 40f343ff4



api: avoid sending sensitive data in api response

- UI: use post when updating user
- S3: don't send s3 key in the response
- VPN: don't send preshared key in remoteaccessvpn api response
- Snapshot response should set zone id not volume's device id

Signed-off-by: Rohit Yadav <rohit.ya...@shapeblue.com>
(cherry picked from commit 02cadc3fb3fae7f5e8c87b7fafb977fb5eeae6eb)
Signed-off-by: Rohit Yadav <rohit.ya...@shapeblue.com>


Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/40f343ff
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/40f343ff
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/40f343ff

Branch: refs/heads/master
Commit: 40f343ff4cd2d21549b77285e9c9bf3d9f9a5858
Parents: 182d770
Author: Rohit Yadav <rohit.ya...@shapeblue.com>
Authored: Wed Mar 11 16:30:20 2015 +0530
Committer: Rohit Yadav <rohit.ya...@shapeblue.com>
Committed: Wed Mar 11 16:34:56 2015 +0530

----------------------------------------------------------------------
 .../cloudstack/api/response/RemoteAccessVpnResponse.java     | 8 --------
 server/src/com/cloud/api/ApiResponseHelper.java              | 3 +--
 .../src/com/cloud/api/query/dao/ImageStoreJoinDaoImpl.java   | 6 ++++--
 ui/scripts/installWizard.js                                  | 1 +
 4 files changed, 6 insertions(+), 12 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cloudstack/blob/40f343ff/api/src/org/apache/cloudstack/api/response/RemoteAccessVpnResponse.java
----------------------------------------------------------------------
diff --git 
a/api/src/org/apache/cloudstack/api/response/RemoteAccessVpnResponse.java 
b/api/src/org/apache/cloudstack/api/response/RemoteAccessVpnResponse.java
index 28d788b..60a45b6 100644
--- a/api/src/org/apache/cloudstack/api/response/RemoteAccessVpnResponse.java
+++ b/api/src/org/apache/cloudstack/api/response/RemoteAccessVpnResponse.java
@@ -41,10 +41,6 @@ public class RemoteAccessVpnResponse extends BaseResponse 
implements ControlledE
     @Param(description = "the range of ips to allocate to the clients")
     private String ipRange;
 
-    @SerializedName("presharedkey")
-    @Param(description = "the ipsec preshared key")
-    private String presharedKey;
-
     @SerializedName(ApiConstants.ACCOUNT)
     @Param(description = "the account of the remote access vpn")
     private String accountName;
@@ -85,10 +81,6 @@ public class RemoteAccessVpnResponse extends BaseResponse 
implements ControlledE
         this.ipRange = ipRange;
     }
 
-    public void setPresharedKey(String presharedKey) {
-        this.presharedKey = presharedKey;
-    }
-
     @Override
     public void setAccountName(String accountName) {
         this.accountName = accountName;

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/40f343ff/server/src/com/cloud/api/ApiResponseHelper.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/api/ApiResponseHelper.java 
b/server/src/com/cloud/api/ApiResponseHelper.java
index f9a65c8..275a2b8 100644
--- a/server/src/com/cloud/api/ApiResponseHelper.java
+++ b/server/src/com/cloud/api/ApiResponseHelper.java
@@ -472,7 +472,7 @@ public class ApiResponseHelper implements ResponseGenerator 
{
             snapshotResponse.setVolumeId(volume.getUuid());
             snapshotResponse.setVolumeName(volume.getName());
             snapshotResponse.setVolumeType(volume.getVolumeType().name());
-            DataCenter zone = ApiDBUtils.findZoneById(volume.getDeviceId());
+            DataCenter zone = 
ApiDBUtils.findZoneById(volume.getDataCenterId());
             if (zone != null) {
                 snapshotResponse.setZoneId(zone.getUuid());
             }
@@ -1352,7 +1352,6 @@ public class ApiResponseHelper implements 
ResponseGenerator {
             vpnResponse.setPublicIp(ip.getAddress().addr());
         }
         vpnResponse.setIpRange(vpn.getIpRange());
-        vpnResponse.setPresharedKey(vpn.getIpsecPresharedKey());
         populateOwner(vpnResponse, vpn);
         vpnResponse.setState(vpn.getState().toString());
         vpnResponse.setId(vpn.getUuid());

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/40f343ff/server/src/com/cloud/api/query/dao/ImageStoreJoinDaoImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/api/query/dao/ImageStoreJoinDaoImpl.java 
b/server/src/com/cloud/api/query/dao/ImageStoreJoinDaoImpl.java
index f1f873c..6e9c148 100644
--- a/server/src/com/cloud/api/query/dao/ImageStoreJoinDaoImpl.java
+++ b/server/src/com/cloud/api/query/dao/ImageStoreJoinDaoImpl.java
@@ -84,7 +84,8 @@ public class ImageStoreJoinDaoImpl extends 
GenericDaoBase<ImageStoreJoinVO, Long
         if ( detailName != null && detailName.length() > 0 && 
!detailName.equals(ApiConstants.PASSWORD)) {
             String detailValue = ids.getDetailValue();
             if (detailName.equals(ApiConstants.KEY) || 
detailName.equals(ApiConstants.S3_SECRET_KEY)) {
-                detailValue = DBEncryptionUtil.decrypt(detailValue);
+                // ALWAYS return an empty value for the S3 secret key since 
that key is managed by Amazon and not CloudStack
+                detailValue = "";
             }
             ImageStoreDetailResponse osdResponse = new 
ImageStoreDetailResponse(detailName, detailValue);
             osResponse.addDetail(osdResponse);
@@ -99,7 +100,8 @@ public class ImageStoreJoinDaoImpl extends 
GenericDaoBase<ImageStoreJoinVO, Long
         if ( detailName != null && detailName.length() > 0 && 
!detailName.equals(ApiConstants.PASSWORD)) {
             String detailValue = ids.getDetailValue();
             if (detailName.equals(ApiConstants.KEY) || 
detailName.equals(ApiConstants.S3_SECRET_KEY)) {
-                detailValue = DBEncryptionUtil.decrypt(detailValue);
+                // ALWAYS return an empty value for the S3 secret key since 
that key is managed by Amazon and not CloudStack
+                detailValue = "";
             }
             ImageStoreDetailResponse osdResponse = new 
ImageStoreDetailResponse(detailName, detailValue);
             response.addDetail(osdResponse);

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/40f343ff/ui/scripts/installWizard.js
----------------------------------------------------------------------
diff --git a/ui/scripts/installWizard.js b/ui/scripts/installWizard.js
index e6d840a..9d7c23d 100644
--- a/ui/scripts/installWizard.js
+++ b/ui/scripts/installWizard.js
@@ -37,6 +37,7 @@
                     id: cloudStack.context.users[0].userid,
                     password: md5Hashed ? $.md5(args.data.password) : 
args.data.password
                 },
+                type: 'POST',
                 dataType: 'json',
                 async: true,
                 success: function(data) {

git commit: updated refs/heads/master to 40f343f

Reply via email to