NeoAnd/netbox
1
0
Fork 0
mirror of https://github.com/netbox-community/netbox.git synced 2025-07-23 04:22:01 -06:00
Code Issues Actions 8 Packages Projects Releases Wiki Activity

Fixes #1049: Prompt user if missing session key when adding/editing a secret

Browse Source
This commit is contained in:
Jeremy Stretch 2017-04-06 13:55:40 -04:00
parent ee11775425
commit 82d53a8c3d
3 changed files with 36 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
netbox/project-static/js/secrets.js
View File

@ -1,15 +1,25 @@
$(document).ready(function() { $(document).ready(function() {
// Unlocking a secret // Unlocking a secret
$('button.unlock-secret').click(function() { $('button.unlock-secret').click(function(event) {
var secret_id = $(this).attr('secret-id'); var secret_id = $(this).attr('secret-id');
unlock_secret(secret_id); unlock_secret(secret_id);
event.preventDefault();
}); });
// Locking a secret // Locking a secret
$('button.lock-secret').click(function() { $('button.lock-secret').click(function(event) {
var secret_id = $(this).attr('secret-id'); var secret_id = $(this).attr('secret-id');
lock_secret(secret_id); lock_secret(secret_id);
event.preventDefault();
});
// Adding/editing a secret
$('form.requires-session-key').submit(function(event) {
if ($('#id_plaintext').val() && document.cookie.indexOf('session_key') == -1) {
$('#privkey_modal').modal('show');
event.preventDefault();
}
}); });
// Retrieve a session key // Retrieve a session key

17
netbox/secrets/views.py
View File

@ -14,7 +14,17 @@ from utilities.views import BulkDeleteView, BulkEditView, ObjectDeleteView, Obje
from . import filters, forms, tables from . import filters, forms, tables
from .decorators import userkey_required from .decorators import userkey_required
from .models import SecretRole, Secret, SessionKey, UserKey from .models import SecretRole, Secret, SessionKey
def get_session_key(request):
"""
Extract and decode the session key sent with a request. Returns None if no session key was provided.
"""
session_key = request.COOKIES.get('session_key', None)
if session_key is not None:
return base64.b64decode(session_key)
return session_key
# #
@ -73,14 +83,13 @@ def secret_add(request, pk):
device = get_object_or_404(Device, pk=pk) device = get_object_or_404(Device, pk=pk)
secret = Secret(device=device) secret = Secret(device=device)
uk = UserKey.objects.get(user=request.user) session_key = get_session_key(request)
if request.method == 'POST': if request.method == 'POST':
form = forms.SecretForm(request.POST, instance=secret) form = forms.SecretForm(request.POST, instance=secret)
if form.is_valid(): if form.is_valid():
# We need a valid session key in order to create a Secret # We need a valid session key in order to create a Secret
session_key = base64.b64decode(request.COOKIES.get('session_key', None))
if session_key is None: if session_key is None:
form.add_error(None, "No session key was provided with the request. Unable to encrypt secret data.") form.add_error(None, "No session key was provided with the request. Unable to encrypt secret data.")
@ -119,13 +128,13 @@ def secret_add(request, pk):
def secret_edit(request, pk): def secret_edit(request, pk):
secret = get_object_or_404(Secret, pk=pk) secret = get_object_or_404(Secret, pk=pk)
session_key = get_session_key(request)
if request.method == 'POST': if request.method == 'POST':
form = forms.SecretForm(request.POST, instance=secret) form = forms.SecretForm(request.POST, instance=secret)
if form.is_valid(): if form.is_valid():
# Re-encrypt the Secret if a plaintext and session key have been provided. # Re-encrypt the Secret if a plaintext and session key have been provided.
session_key = base64.b64decode(request.COOKIES.get('session_key', None))
if form.cleaned_data['plaintext'] and session_key is not None: if form.cleaned_data['plaintext'] and session_key is not None:
# Retrieve the master key using the provided session key # Retrieve the master key using the provided session key

14
netbox/templates/secrets/secret_edit.html
View File

@ -5,7 +5,7 @@
{% block title %}{% if secret.pk %}Editing {{ secret }}{% else %}Add a Secret{% endif %}{% endblock %} {% block title %}{% if secret.pk %}Editing {{ secret }}{% else %}Add a Secret{% endif %}{% endblock %}
{% block content %} {% block content %}
<form action="." method="post" class="form form-horizontal"> <form action="." method="post" class="form form-horizontal requires-session-key">
{% csrf_token %} {% csrf_token %}
{{ form.private_key }} {{ form.private_key }}
<div class="row"> <div class="row">
@ -39,8 +39,16 @@
{% if secret.pk %} {% if secret.pk %}
<div class="form-group"> <div class="form-group">
<label class="col-md-3 control-label required">Current Plaintext</label> <label class="col-md-3 control-label required">Current Plaintext</label>
<div class="col-md-9"> <div class="col-md-7">
<p class="form-control-static">********</p> <p class="form-control-static" id="secret_{{ secret.pk }}">********</p>
</div>
<div class="col-md-2 text-right">
<button class="btn btn-xs btn-success unlock-secret" secret-id="{{ secret.pk }}">
<i class="fa fa-lock"></i> Unlock
</button>
<button class="btn btn-xs btn-danger lock-secret collapse" secret-id="{{ secret.pk }}">
<i class="fa fa-unlock-alt"></i> Lock
</button>
</div> </div>
</div> </div>
{% endif %} {% endif %}