From 82d53a8c3ddcd69618814ebaf640c910469a00dc Mon Sep 17 00:00:00 2001 From: Jeremy Stretch Date: Thu, 6 Apr 2017 13:55:40 -0400 Subject: [PATCH] Fixes #1049: Prompt user if missing session key when adding/editing a secret --- netbox/project-static/js/secrets.js | 14 ++++++++++++-- netbox/secrets/views.py | 17 +++++++++++++---- netbox/templates/secrets/secret_edit.html | 14 +++++++++++--- 3 files changed, 36 insertions(+), 9 deletions(-) diff --git a/netbox/project-static/js/secrets.js b/netbox/project-static/js/secrets.js index 82bb1790e..23af3593a 100644 --- a/netbox/project-static/js/secrets.js +++ b/netbox/project-static/js/secrets.js @@ -1,15 +1,25 @@ $(document).ready(function() { // Unlocking a secret - $('button.unlock-secret').click(function() { + $('button.unlock-secret').click(function(event) { var secret_id = $(this).attr('secret-id'); unlock_secret(secret_id); + event.preventDefault(); }); // Locking a secret - $('button.lock-secret').click(function() { + $('button.lock-secret').click(function(event) { var secret_id = $(this).attr('secret-id'); lock_secret(secret_id); + event.preventDefault(); + }); + + // Adding/editing a secret + $('form.requires-session-key').submit(function(event) { + if ($('#id_plaintext').val() && document.cookie.indexOf('session_key') == -1) { + $('#privkey_modal').modal('show'); + event.preventDefault(); + } }); // Retrieve a session key diff --git a/netbox/secrets/views.py b/netbox/secrets/views.py index 653fd06fe..e6debfc2e 100644 --- a/netbox/secrets/views.py +++ b/netbox/secrets/views.py @@ -14,7 +14,17 @@ from utilities.views import BulkDeleteView, BulkEditView, ObjectDeleteView, Obje from . import filters, forms, tables from .decorators import userkey_required -from .models import SecretRole, Secret, SessionKey, UserKey +from .models import SecretRole, Secret, SessionKey + + +def get_session_key(request): + """ + Extract and decode the session key sent with a request. Returns None if no session key was provided. + """ + session_key = request.COOKIES.get('session_key', None) + if session_key is not None: + return base64.b64decode(session_key) + return session_key # @@ -73,14 +83,13 @@ def secret_add(request, pk): device = get_object_or_404(Device, pk=pk) secret = Secret(device=device) - uk = UserKey.objects.get(user=request.user) + session_key = get_session_key(request) if request.method == 'POST': form = forms.SecretForm(request.POST, instance=secret) if form.is_valid(): # We need a valid session key in order to create a Secret - session_key = base64.b64decode(request.COOKIES.get('session_key', None)) if session_key is None: form.add_error(None, "No session key was provided with the request. Unable to encrypt secret data.") @@ -119,13 +128,13 @@ def secret_add(request, pk): def secret_edit(request, pk): secret = get_object_or_404(Secret, pk=pk) + session_key = get_session_key(request) if request.method == 'POST': form = forms.SecretForm(request.POST, instance=secret) if form.is_valid(): # Re-encrypt the Secret if a plaintext and session key have been provided. - session_key = base64.b64decode(request.COOKIES.get('session_key', None)) if form.cleaned_data['plaintext'] and session_key is not None: # Retrieve the master key using the provided session key diff --git a/netbox/templates/secrets/secret_edit.html b/netbox/templates/secrets/secret_edit.html index 0ed5cc875..4c80c85bd 100644 --- a/netbox/templates/secrets/secret_edit.html +++ b/netbox/templates/secrets/secret_edit.html @@ -5,7 +5,7 @@ {% block title %}{% if secret.pk %}Editing {{ secret }}{% else %}Add a Secret{% endif %}{% endblock %} {% block content %} -
+ {% csrf_token %} {{ form.private_key }}
@@ -39,8 +39,16 @@ {% if secret.pk %}
-
-

********

+
+

********

+
+
+ +
{% endif %}