You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@storm.apache.org by bo...@apache.org on 2015/02/03 20:33:01 UTC
[1/4] storm git commit: STORM-608. Storm UI CSRF escape characters
not work correctly.
Repository: storm
Updated Branches:
refs/heads/master 1f35f41a8 -> 8491151b6
STORM-608. Storm UI CSRF escape characters not work correctly.
Project: http://git-wip-us.apache.org/repos/asf/storm/repo
Commit: http://git-wip-us.apache.org/repos/asf/storm/commit/37442e5d
Tree: http://git-wip-us.apache.org/repos/asf/storm/tree/37442e5d
Diff: http://git-wip-us.apache.org/repos/asf/storm/diff/37442e5d
Branch: refs/heads/master
Commit: 37442e5dec821745f99f57e256470e8d1a9c6112
Parents: ab76e67
Author: Sriharsha Chintalapani <ma...@harsha.io>
Authored: Sat Jan 3 14:31:11 2015 -0800
Committer: Sriharsha Chintalapani <ma...@harsha.io>
Committed: Sat Jan 3 14:31:11 2015 -0800
----------------------------------------------------------------------
STORM-UI-REST-API.md | 21 +++++++++++++++++++++
storm-core/src/clj/backtype/storm/ui/core.clj | 2 ++
2 files changed, 23 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/storm/blob/37442e5d/STORM-UI-REST-API.md
----------------------------------------------------------------------
diff --git a/STORM-UI-REST-API.md b/STORM-UI-REST-API.md
index 1671262..3efe0e7 100644
--- a/STORM-UI-REST-API.md
+++ b/STORM-UI-REST-API.md
@@ -220,6 +220,9 @@ Response fields:
|bolts.emitted| Long |Number of tuples emitted|
|antiForgeryToken| String | CSRF token|
+Caution: users need to unescape the value before using this token to make POST calls(simple-json escapes forward slashes)
+[ISSUE-8](https://code.google.com/p/json-simple/issues/detail?id=8)
+
Examples:
@@ -563,6 +566,24 @@ Sample response:
}
```
+### /api/v1/token (GET)
+
+Returns a anti forgery token to use in POST calls
+
+Response fields:
+
+|Field |Value |Description|
+|antiForgeryToken| String | CSRF token|
+
+Sample response:
+
+```json
+{
+ "antiForgeryToken": "Dygf1UHQF7qL0syKLTKEGSX5y0rZhhQTxS2f/WWwI2PhN1zmRdh8MQ1KTd5CXRmjMVmAJ43eklqYmvD5"
+}
+```
+
+
## POST Operations
### Cross site request forgery (CSRF) prevention in POST requests
http://git-wip-us.apache.org/repos/asf/storm/blob/37442e5d/storm-core/src/clj/backtype/storm/ui/core.clj
----------------------------------------------------------------------
diff --git a/storm-core/src/clj/backtype/storm/ui/core.clj b/storm-core/src/clj/backtype/storm/ui/core.clj
index c272cf0..dddfaac 100644
--- a/storm-core/src/clj/backtype/storm/ui/core.clj
+++ b/storm-core/src/clj/backtype/storm/ui/core.clj
@@ -901,6 +901,8 @@
(let [user (.getUserName http-creds-handler servlet-request)]
(assert-authorized-user servlet-request "getTopology" (topology-config id))
(json-response (component-page id component (:window m) (check-include-sys? (:sys m)) user) (:callback m))))
+ (GET "/api/v1/token" [ & m]
+ (json-response (format "{\"antiForgeryToken\": \"%s\"}" *anti-forgery-token*) (:callback m) :serialize-fn identity))
(POST "/api/v1/topology/:id/activate" [:as {:keys [cookies servlet-request]} id]
(with-nimbus nimbus
(let [tplg (.getTopologyInfo ^Nimbus$Client nimbus id)
[3/4] storm git commit: Merge branch 'STORM-608' of
https://github.com/harshach/incubator-storm into STORM-608
Posted by bo...@apache.org.
Merge branch 'STORM-608' of https://github.com/harshach/incubator-storm into STORM-608
STORM-608: Storm UI CSRF escape characters not work correctly.
Project: http://git-wip-us.apache.org/repos/asf/storm/repo
Commit: http://git-wip-us.apache.org/repos/asf/storm/commit/01e6b12f
Tree: http://git-wip-us.apache.org/repos/asf/storm/tree/01e6b12f
Diff: http://git-wip-us.apache.org/repos/asf/storm/diff/01e6b12f
Branch: refs/heads/master
Commit: 01e6b12fc9a62e496998cd84f18991b50fc542d9
Parents: 1f35f41 8f35304
Author: Robert (Bobby) Evans <ev...@yahoo-inc.com>
Authored: Tue Feb 3 12:56:47 2015 -0600
Committer: Robert (Bobby) Evans <ev...@yahoo-inc.com>
Committed: Tue Feb 3 12:56:47 2015 -0600
----------------------------------------------------------------------
STORM-UI-REST-API.md | 21 +++++++++++++++++++++
storm-core/src/clj/backtype/storm/ui/core.clj | 2 ++
2 files changed, 23 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/storm/blob/01e6b12f/storm-core/src/clj/backtype/storm/ui/core.clj
----------------------------------------------------------------------
diff --cc storm-core/src/clj/backtype/storm/ui/core.clj
index 1b78a65,dddfaac..b36a7a9
--- a/storm-core/src/clj/backtype/storm/ui/core.clj
+++ b/storm-core/src/clj/backtype/storm/ui/core.clj
@@@ -898,12 -901,11 +898,14 @@@
(let [user (.getUserName http-creds-handler servlet-request)]
(assert-authorized-user servlet-request "getTopology" (topology-config id))
(json-response (component-page id component (:window m) (check-include-sys? (:sys m)) user) (:callback m))))
+ (GET "/api/v1/token" [ & m]
+ (json-response (format "{\"antiForgeryToken\": \"%s\"}" *anti-forgery-token*) (:callback m) :serialize-fn identity))
(POST "/api/v1/topology/:id/activate" [:as {:keys [cookies servlet-request]} id]
(with-nimbus nimbus
- (let [tplg (.getTopologyInfo ^Nimbus$Client nimbus id)
+ (let [tplg (->> (doto
+ (GetInfoOptions.)
+ (.set_num_err_choice NumErrorsChoice/NONE))
+ (.getTopologyInfoWithOpts ^Nimbus$Client nimbus id))
name (.get_name tplg)]
(assert-authorized-user servlet-request "activate" (topology-config id))
(.activate nimbus name)
[2/4] storm git commit: STORM-608. Storm UI CSRF escape characters
not work correctly.
Posted by bo...@apache.org.
STORM-608. Storm UI CSRF escape characters not work correctly.
Project: http://git-wip-us.apache.org/repos/asf/storm/repo
Commit: http://git-wip-us.apache.org/repos/asf/storm/commit/8f353040
Tree: http://git-wip-us.apache.org/repos/asf/storm/tree/8f353040
Diff: http://git-wip-us.apache.org/repos/asf/storm/diff/8f353040
Branch: refs/heads/master
Commit: 8f3530404f3550415146c484d31765028c0d98b9
Parents: 37442e5
Author: Sriharsha Chintalapani <ma...@harsha.io>
Authored: Sat Jan 3 14:32:57 2015 -0800
Committer: Sriharsha Chintalapani <ma...@harsha.io>
Committed: Sat Jan 3 14:32:57 2015 -0800
----------------------------------------------------------------------
STORM-UI-REST-API.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/storm/blob/8f353040/STORM-UI-REST-API.md
----------------------------------------------------------------------
diff --git a/STORM-UI-REST-API.md b/STORM-UI-REST-API.md
index 3efe0e7..deee134 100644
--- a/STORM-UI-REST-API.md
+++ b/STORM-UI-REST-API.md
@@ -220,7 +220,7 @@ Response fields:
|bolts.emitted| Long |Number of tuples emitted|
|antiForgeryToken| String | CSRF token|
-Caution: users need to unescape the value before using this token to make POST calls(simple-json escapes forward slashes)
+Caution: users need to unescape the antiForgeryToken value before using this token to make POST calls(simple-json escapes forward slashes)
[ISSUE-8](https://code.google.com/p/json-simple/issues/detail?id=8)
[4/4] storm git commit: Added STORM-608 to Changelog
Posted by bo...@apache.org.
Added STORM-608 to Changelog
Project: http://git-wip-us.apache.org/repos/asf/storm/repo
Commit: http://git-wip-us.apache.org/repos/asf/storm/commit/8491151b
Tree: http://git-wip-us.apache.org/repos/asf/storm/tree/8491151b
Diff: http://git-wip-us.apache.org/repos/asf/storm/diff/8491151b
Branch: refs/heads/master
Commit: 8491151b67bf07c86032b78e30ce44912fd66def
Parents: 01e6b12
Author: Robert (Bobby) Evans <ev...@yahoo-inc.com>
Authored: Tue Feb 3 13:32:19 2015 -0600
Committer: Robert (Bobby) Evans <ev...@yahoo-inc.com>
Committed: Tue Feb 3 13:32:19 2015 -0600
----------------------------------------------------------------------
CHANGELOG.md | 1 +
1 file changed, 1 insertion(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/storm/blob/8491151b/CHANGELOG.md
----------------------------------------------------------------------
diff --git a/CHANGELOG.md b/CHANGELOG.md
index b8313cf..491a1d0 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -41,6 +41,7 @@
* STORM-623: Generate latest javadocs
* STORM-635: logviewer returns 404 if storm_home/logs is a symlinked dir.
* STORM-636: Faster, optional retrieval of last component error
+ * STORM-608: Storm UI CSRF escape characters not work correctly.
## 0.9.3-rc2
* STORM-558: change "swap!" to "reset!" to fix assignment-versions in supervisor