You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@storm.apache.org by bo...@apache.org on 2015/02/03 20:33:01 UTC

[1/4] storm git commit: STORM-608. Storm UI CSRF escape characters not work correctly.

Repository: storm
Updated Branches:
  refs/heads/master 1f35f41a8 -> 8491151b6


STORM-608. Storm UI CSRF escape characters not work correctly.


Project: http://git-wip-us.apache.org/repos/asf/storm/repo
Commit: http://git-wip-us.apache.org/repos/asf/storm/commit/37442e5d
Tree: http://git-wip-us.apache.org/repos/asf/storm/tree/37442e5d
Diff: http://git-wip-us.apache.org/repos/asf/storm/diff/37442e5d

Branch: refs/heads/master
Commit: 37442e5dec821745f99f57e256470e8d1a9c6112
Parents: ab76e67
Author: Sriharsha Chintalapani <ma...@harsha.io>
Authored: Sat Jan 3 14:31:11 2015 -0800
Committer: Sriharsha Chintalapani <ma...@harsha.io>
Committed: Sat Jan 3 14:31:11 2015 -0800

----------------------------------------------------------------------
 STORM-UI-REST-API.md                          | 21 +++++++++++++++++++++
 storm-core/src/clj/backtype/storm/ui/core.clj |  2 ++
 2 files changed, 23 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/storm/blob/37442e5d/STORM-UI-REST-API.md
----------------------------------------------------------------------
diff --git a/STORM-UI-REST-API.md b/STORM-UI-REST-API.md
index 1671262..3efe0e7 100644
--- a/STORM-UI-REST-API.md
+++ b/STORM-UI-REST-API.md
@@ -220,6 +220,9 @@ Response fields:
 |bolts.emitted| Long |Number of tuples emitted|
 |antiForgeryToken| String | CSRF token|
 
+Caution: users need to unescape the value before using this token to make POST calls(simple-json escapes forward slashes)
+[ISSUE-8](https://code.google.com/p/json-simple/issues/detail?id=8)
+
 
 Examples:
 
@@ -563,6 +566,24 @@ Sample response:
 }
 ```
 
+### /api/v1/token (GET)
+
+Returns a anti forgery token to use in POST calls
+
+Response fields:
+
+|Field  |Value |Description|
+|antiForgeryToken| String | CSRF token|
+
+Sample response:
+
+```json
+{
+    "antiForgeryToken": "Dygf1UHQF7qL0syKLTKEGSX5y0rZhhQTxS2f/WWwI2PhN1zmRdh8MQ1KTd5CXRmjMVmAJ43eklqYmvD5"
+}
+```
+
+
 ## POST Operations
 
 ### Cross site request forgery (CSRF) prevention in POST requests

http://git-wip-us.apache.org/repos/asf/storm/blob/37442e5d/storm-core/src/clj/backtype/storm/ui/core.clj
----------------------------------------------------------------------
diff --git a/storm-core/src/clj/backtype/storm/ui/core.clj b/storm-core/src/clj/backtype/storm/ui/core.clj
index c272cf0..dddfaac 100644
--- a/storm-core/src/clj/backtype/storm/ui/core.clj
+++ b/storm-core/src/clj/backtype/storm/ui/core.clj
@@ -901,6 +901,8 @@
        (let [user (.getUserName http-creds-handler servlet-request)]
          (assert-authorized-user servlet-request "getTopology" (topology-config id))
          (json-response (component-page id component (:window m) (check-include-sys? (:sys m)) user) (:callback m))))
+  (GET "/api/v1/token" [ & m]
+       (json-response (format "{\"antiForgeryToken\": \"%s\"}" *anti-forgery-token*) (:callback m) :serialize-fn identity))
   (POST "/api/v1/topology/:id/activate" [:as {:keys [cookies servlet-request]} id]
     (with-nimbus nimbus
       (let [tplg (.getTopologyInfo ^Nimbus$Client nimbus id)

[3/4] storm git commit: Merge branch 'STORM-608' of https://github.com/harshach/incubator-storm into STORM-608

Posted by bo...@apache.org.

Merge branch 'STORM-608' of https://github.com/harshach/incubator-storm into STORM-608

STORM-608: Storm UI CSRF escape characters not work correctly.


Project: http://git-wip-us.apache.org/repos/asf/storm/repo
Commit: http://git-wip-us.apache.org/repos/asf/storm/commit/01e6b12f
Tree: http://git-wip-us.apache.org/repos/asf/storm/tree/01e6b12f
Diff: http://git-wip-us.apache.org/repos/asf/storm/diff/01e6b12f

Branch: refs/heads/master
Commit: 01e6b12fc9a62e496998cd84f18991b50fc542d9
Parents: 1f35f41 8f35304
Author: Robert (Bobby) Evans <ev...@yahoo-inc.com>
Authored: Tue Feb 3 12:56:47 2015 -0600
Committer: Robert (Bobby) Evans <ev...@yahoo-inc.com>
Committed: Tue Feb 3 12:56:47 2015 -0600

----------------------------------------------------------------------
 STORM-UI-REST-API.md                          | 21 +++++++++++++++++++++
 storm-core/src/clj/backtype/storm/ui/core.clj |  2 ++
 2 files changed, 23 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/storm/blob/01e6b12f/storm-core/src/clj/backtype/storm/ui/core.clj
----------------------------------------------------------------------
diff --cc storm-core/src/clj/backtype/storm/ui/core.clj
index 1b78a65,dddfaac..b36a7a9
--- a/storm-core/src/clj/backtype/storm/ui/core.clj
+++ b/storm-core/src/clj/backtype/storm/ui/core.clj
@@@ -898,12 -901,11 +898,14 @@@
         (let [user (.getUserName http-creds-handler servlet-request)]
           (assert-authorized-user servlet-request "getTopology" (topology-config id))
           (json-response (component-page id component (:window m) (check-include-sys? (:sys m)) user) (:callback m))))
+   (GET "/api/v1/token" [ & m]
+        (json-response (format "{\"antiForgeryToken\": \"%s\"}" *anti-forgery-token*) (:callback m) :serialize-fn identity))
    (POST "/api/v1/topology/:id/activate" [:as {:keys [cookies servlet-request]} id]
      (with-nimbus nimbus
 -      (let [tplg (.getTopologyInfo ^Nimbus$Client nimbus id)
 +      (let [tplg (->> (doto
 +                        (GetInfoOptions.)
 +                        (.set_num_err_choice NumErrorsChoice/NONE))
 +                      (.getTopologyInfoWithOpts ^Nimbus$Client nimbus id))
              name (.get_name tplg)]
          (assert-authorized-user servlet-request "activate" (topology-config id))
          (.activate nimbus name)

[2/4] storm git commit: STORM-608. Storm UI CSRF escape characters not work correctly.

Posted by bo...@apache.org.

STORM-608. Storm UI CSRF escape characters not work correctly.


Project: http://git-wip-us.apache.org/repos/asf/storm/repo
Commit: http://git-wip-us.apache.org/repos/asf/storm/commit/8f353040
Tree: http://git-wip-us.apache.org/repos/asf/storm/tree/8f353040
Diff: http://git-wip-us.apache.org/repos/asf/storm/diff/8f353040

Branch: refs/heads/master
Commit: 8f3530404f3550415146c484d31765028c0d98b9
Parents: 37442e5
Author: Sriharsha Chintalapani <ma...@harsha.io>
Authored: Sat Jan 3 14:32:57 2015 -0800
Committer: Sriharsha Chintalapani <ma...@harsha.io>
Committed: Sat Jan 3 14:32:57 2015 -0800

----------------------------------------------------------------------
 STORM-UI-REST-API.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/storm/blob/8f353040/STORM-UI-REST-API.md
----------------------------------------------------------------------
diff --git a/STORM-UI-REST-API.md b/STORM-UI-REST-API.md
index 3efe0e7..deee134 100644
--- a/STORM-UI-REST-API.md
+++ b/STORM-UI-REST-API.md
@@ -220,7 +220,7 @@ Response fields:
 |bolts.emitted| Long |Number of tuples emitted|
 |antiForgeryToken| String | CSRF token|
 
-Caution: users need to unescape the value before using this token to make POST calls(simple-json escapes forward slashes)
+Caution: users need to unescape the antiForgeryToken value before using this token to make POST calls(simple-json escapes forward slashes)
 [ISSUE-8](https://code.google.com/p/json-simple/issues/detail?id=8)

[4/4] storm git commit: Added STORM-608 to Changelog

Posted by bo...@apache.org.

Added STORM-608 to Changelog


Project: http://git-wip-us.apache.org/repos/asf/storm/repo
Commit: http://git-wip-us.apache.org/repos/asf/storm/commit/8491151b
Tree: http://git-wip-us.apache.org/repos/asf/storm/tree/8491151b
Diff: http://git-wip-us.apache.org/repos/asf/storm/diff/8491151b

Branch: refs/heads/master
Commit: 8491151b67bf07c86032b78e30ce44912fd66def
Parents: 01e6b12
Author: Robert (Bobby) Evans <ev...@yahoo-inc.com>
Authored: Tue Feb 3 13:32:19 2015 -0600
Committer: Robert (Bobby) Evans <ev...@yahoo-inc.com>
Committed: Tue Feb 3 13:32:19 2015 -0600

----------------------------------------------------------------------
 CHANGELOG.md | 1 +
 1 file changed, 1 insertion(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/storm/blob/8491151b/CHANGELOG.md
----------------------------------------------------------------------
diff --git a/CHANGELOG.md b/CHANGELOG.md
index b8313cf..491a1d0 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -41,6 +41,7 @@
  * STORM-623: Generate latest javadocs
  * STORM-635: logviewer returns 404 if storm_home/logs is a symlinked dir.
  * STORM-636: Faster, optional retrieval of last component error
+ * STORM-608: Storm UI CSRF escape characters not work correctly.
 
 ## 0.9.3-rc2
  * STORM-558: change "swap!" to "reset!" to fix assignment-versions in supervisor