Shadow password correctly for session config (#8984)

Fix #8718

This PR shadows passwords in session config correctly by detecting
the VirtualProvider, unmarshalling the original config and then
shadowing config within that.
This commit is contained in:
zeripath 2019-11-14 20:06:02 +00:00 committed by GitHub
parent 665ce1dcb3
commit ae36ed7ecb
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -6,6 +6,7 @@
package admin package admin
import ( import (
"encoding/json"
"fmt" "fmt"
"net/url" "net/url"
"os" "os"
@ -25,6 +26,7 @@ import (
"code.gitea.io/gitea/services/mailer" "code.gitea.io/gitea/services/mailer"
"gitea.com/macaron/macaron" "gitea.com/macaron/macaron"
"gitea.com/macaron/session"
"github.com/unknwon/com" "github.com/unknwon/com"
) )
@ -207,7 +209,7 @@ func SendTestMail(ctx *context.Context) {
ctx.Redirect(setting.AppSubURL + "/admin/config") ctx.Redirect(setting.AppSubURL + "/admin/config")
} }
func shadownPasswordKV(cfgItem, splitter string) string { func shadowPasswordKV(cfgItem, splitter string) string {
fields := strings.Split(cfgItem, splitter) fields := strings.Split(cfgItem, splitter)
for i := 0; i < len(fields); i++ { for i := 0; i < len(fields); i++ {
if strings.HasPrefix(fields[i], "password=") { if strings.HasPrefix(fields[i], "password=") {
@ -218,10 +220,10 @@ func shadownPasswordKV(cfgItem, splitter string) string {
return strings.Join(fields, splitter) return strings.Join(fields, splitter)
} }
func shadownURL(provider, cfgItem string) string { func shadowURL(provider, cfgItem string) string {
u, err := url.Parse(cfgItem) u, err := url.Parse(cfgItem)
if err != nil { if err != nil {
log.Error("shodowPassword %v failed: %v", provider, err) log.Error("Shadowing Password for %v failed: %v", provider, err)
return cfgItem return cfgItem
} }
if u.User != nil { if u.User != nil {
@ -239,7 +241,7 @@ func shadownURL(provider, cfgItem string) string {
func shadowPassword(provider, cfgItem string) string { func shadowPassword(provider, cfgItem string) string {
switch provider { switch provider {
case "redis": case "redis":
return shadownPasswordKV(cfgItem, ",") return shadowPasswordKV(cfgItem, ",")
case "mysql": case "mysql":
//root:@tcp(localhost:3306)/macaron?charset=utf8 //root:@tcp(localhost:3306)/macaron?charset=utf8
atIdx := strings.Index(cfgItem, "@") atIdx := strings.Index(cfgItem, "@")
@ -253,15 +255,21 @@ func shadowPassword(provider, cfgItem string) string {
case "postgres": case "postgres":
// user=jiahuachen dbname=macaron port=5432 sslmode=disable // user=jiahuachen dbname=macaron port=5432 sslmode=disable
if !strings.HasPrefix(cfgItem, "postgres://") { if !strings.HasPrefix(cfgItem, "postgres://") {
return shadownPasswordKV(cfgItem, " ") return shadowPasswordKV(cfgItem, " ")
} }
fallthrough
case "couchbase":
return shadowURL(provider, cfgItem)
// postgres://pqgotest:password@localhost/pqgotest?sslmode=verify-full // postgres://pqgotest:password@localhost/pqgotest?sslmode=verify-full
// Notice: use shadwonURL // Notice: use shadowURL
case "VirtualSession":
var realSession session.Options
if err := json.Unmarshal([]byte(cfgItem), &realSession); err == nil {
return shadowPassword(realSession.Provider, realSession.ProviderConfig)
}
} }
// "couchbase" return cfgItem
return shadownURL(provider, cfgItem)
} }
// Config show admin config page // Config show admin config page