mirror of
https://github.com/netbox-community/netbox.git
synced 2024-05-10 07:54:54 +00:00
Finished work on secrets views; removed path from cookie assignment
This commit is contained in:
Jeremy Stretch
@ -169,6 +169,9 @@ class GetSessionKeyViewSet(ViewSet):
|
|||||||
sk = SessionKey(userkey=user_key)
|
sk = SessionKey(userkey=user_key)
|
||||||
sk.save(master_key=master_key)
|
sk.save(master_key=master_key)
|
||||||
encoded_key = base64.b64encode(sk.key)
|
encoded_key = base64.b64encode(sk.key)
|
||||||
|
# b64decode() returns a bytestring under Python 3
|
||||||
|
if not isinstance(encoded_key, str):
|
||||||
|
encoded_key = encoded_key.decode()
|
||||||
|
|
||||||
# Craft the response
|
# Craft the response
|
||||||
response = Response({
|
response = Response({
|
||||||
@ -177,7 +180,7 @@ class GetSessionKeyViewSet(ViewSet):
|
|||||||
|
|
||||||
# If token authentication is not in use, assign the session key as a cookie
|
# If token authentication is not in use, assign the session key as a cookie
|
||||||
if request.auth is None:
|
if request.auth is None:
|
||||||
response.set_cookie('session_key', value=encoded_key, path=reverse('secrets-api:secret-list'))
|
response.set_cookie('session_key', value=encoded_key)
|
||||||
|
|
||||||
return response
|
return response
|
||||||
|
|
||||||
|
|||||||
@ -79,18 +79,25 @@ def secret_add(request, pk):
|
|||||||
form = forms.SecretForm(request.POST, instance=secret)
|
form = forms.SecretForm(request.POST, instance=secret)
|
||||||
if form.is_valid():
|
if form.is_valid():
|
||||||
|
|
||||||
# Retrieve the master key from the current user's UserKey
|
# We need a valid session key in order to create a Secret
|
||||||
master_key = uk.get_master_key(form.cleaned_data['private_key'])
|
session_key = base64.b64decode(request.COOKIES.get('session_key', None))
|
||||||
if master_key is None:
|
if session_key is None:
|
||||||
form.add_error(None, "Invalid private key! Unable to encrypt secret data.")
|
form.add_error(None, "No session key was provided with the request. Unable to encrypt secret data.")
|
||||||
|
|
||||||
# Create and encrypt the new Secret
|
# Create and encrypt the new Secret
|
||||||
else:
|
else:
|
||||||
|
master_key = None
|
||||||
|
try:
|
||||||
|
sk = SessionKey.objects.get(userkey__user=request.user)
|
||||||
|
master_key = sk.get_master_key(session_key)
|
||||||
|
except SessionKey.DoesNotExist:
|
||||||
|
form.add_error(None, "No session key found for this user.")
|
||||||
|
|
||||||
|
if master_key is not None:
|
||||||
secret = form.save(commit=False)
|
secret = form.save(commit=False)
|
||||||
secret.plaintext = str(form.cleaned_data['plaintext'])
|
secret.plaintext = str(form.cleaned_data['plaintext'])
|
||||||
secret.encrypt(master_key)
|
secret.encrypt(master_key)
|
||||||
secret.save()
|
secret.save()
|
||||||
|
|
||||||
messages.success(request, u"Added new secret: {}.".format(secret))
|
messages.success(request, u"Added new secret: {}.".format(secret))
|
||||||
if '_addanother' in request.POST:
|
if '_addanother' in request.POST:
|
||||||
return redirect('dcim:device_addsecret', pk=device.pk)
|
return redirect('dcim:device_addsecret', pk=device.pk)
|
||||||
@ -118,14 +125,13 @@ def secret_edit(request, pk):
|
|||||||
if form.is_valid():
|
if form.is_valid():
|
||||||
|
|
||||||
# Re-encrypt the Secret if a plaintext and session key have been provided.
|
# Re-encrypt the Secret if a plaintext and session key have been provided.
|
||||||
session_key = request.COOKIES.get('session_key', None)
|
session_key = base64.b64decode(request.COOKIES.get('session_key', None))
|
||||||
if form.cleaned_data['plaintext'] and session_key is not None:
|
if form.cleaned_data['plaintext'] and session_key is not None:
|
||||||
|
|
||||||
# Retrieve the master key using the provided session key
|
# Retrieve the master key using the provided session key
|
||||||
session_key = base64.b64decode(session_key)
|
|
||||||
master_key = None
|
master_key = None
|
||||||
try:
|
try:
|
||||||
sk = SessionKey.objects.get(user=request.user)
|
sk = SessionKey.objects.get(userkey__user=request.user)
|
||||||
master_key = sk.get_master_key(session_key)
|
master_key = sk.get_master_key(session_key)
|
||||||
except SessionKey.DoesNotExist:
|
except SessionKey.DoesNotExist:
|
||||||
form.add_error(None, "No session key found for this user.")
|
form.add_error(None, "No session key found for this user.")
|
||||||
@ -186,7 +192,7 @@ def secret_import(request):
|
|||||||
session_key = base64.b64decode(session_key)
|
session_key = base64.b64decode(session_key)
|
||||||
master_key = None
|
master_key = None
|
||||||
try:
|
try:
|
||||||
sk = SessionKey.objects.get(user=request.user)
|
sk = SessionKey.objects.get(userkey__user=request.user)
|
||||||
master_key = sk.get_master_key(session_key)
|
master_key = sk.get_master_key(session_key)
|
||||||
except SessionKey.DoesNotExist:
|
except SessionKey.DoesNotExist:
|
||||||
form.add_error(None, "No session key found for this user.")
|
form.add_error(None, "No session key found for this user.")
|
||||||
|
|||||||
@ -149,7 +149,7 @@ class SessionKeyDeleteView(LoginRequiredMixin, View):
|
|||||||
|
|
||||||
# Delete cookie
|
# Delete cookie
|
||||||
response = redirect('user:userkey')
|
response = redirect('user:userkey')
|
||||||
response.delete_cookie('session_key', path=reverse('secrets-api:secret-list'))
|
response.delete_cookie('session_key')
|
||||||
|
|
||||||
return response
|
return response
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user