You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by bh...@apache.org on 2015/03/11 12:06:11 UTC
git commit: updated refs/heads/4.4 to c620a06
Repository: cloudstack
Updated Branches:
refs/heads/4.4 eed3db885 -> c620a0640
api: avoid sending sensitive data in api response
- UI: use post when updating user
- S3: don't send s3 key in the response
- VPN: don't send preshared key in remoteaccessvpn api response
- Snapshot response should set zone id not volume's device id
Signed-off-by: Rohit Yadav <ro...@shapeblue.com>
(cherry picked from commit 02cadc3fb3fae7f5e8c87b7fafb977fb5eeae6eb)
Signed-off-by: Rohit Yadav <ro...@shapeblue.com>
Conflicts:
server/src/com/cloud/api/ApiResponseHelper.java
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/c620a064
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/c620a064
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/c620a064
Branch: refs/heads/4.4
Commit: c620a0640a7b29957ce18d4ccc2076e5c1405cd5
Parents: eed3db8
Author: Rohit Yadav <ro...@shapeblue.com>
Authored: Wed Mar 11 16:30:20 2015 +0530
Committer: Rohit Yadav <ro...@shapeblue.com>
Committed: Wed Mar 11 16:35:55 2015 +0530
----------------------------------------------------------------------
.../cloudstack/api/response/RemoteAccessVpnResponse.java | 8 --------
server/src/com/cloud/api/ApiResponseHelper.java | 1 -
.../src/com/cloud/api/query/dao/ImageStoreJoinDaoImpl.java | 6 ++++--
ui/scripts/installWizard.js | 1 +
4 files changed, 5 insertions(+), 11 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/c620a064/api/src/org/apache/cloudstack/api/response/RemoteAccessVpnResponse.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/response/RemoteAccessVpnResponse.java b/api/src/org/apache/cloudstack/api/response/RemoteAccessVpnResponse.java
index 28d788b..60a45b6 100644
--- a/api/src/org/apache/cloudstack/api/response/RemoteAccessVpnResponse.java
+++ b/api/src/org/apache/cloudstack/api/response/RemoteAccessVpnResponse.java
@@ -41,10 +41,6 @@ public class RemoteAccessVpnResponse extends BaseResponse implements ControlledE
@Param(description = "the range of ips to allocate to the clients")
private String ipRange;
- @SerializedName("presharedkey")
- @Param(description = "the ipsec preshared key")
- private String presharedKey;
-
@SerializedName(ApiConstants.ACCOUNT)
@Param(description = "the account of the remote access vpn")
private String accountName;
@@ -85,10 +81,6 @@ public class RemoteAccessVpnResponse extends BaseResponse implements ControlledE
this.ipRange = ipRange;
}
- public void setPresharedKey(String presharedKey) {
- this.presharedKey = presharedKey;
- }
-
@Override
public void setAccountName(String accountName) {
this.accountName = accountName;
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/c620a064/server/src/com/cloud/api/ApiResponseHelper.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/api/ApiResponseHelper.java b/server/src/com/cloud/api/ApiResponseHelper.java
index df4cca8..3d174c7 100755
--- a/server/src/com/cloud/api/ApiResponseHelper.java
+++ b/server/src/com/cloud/api/ApiResponseHelper.java
@@ -1284,7 +1284,6 @@ public class ApiResponseHelper implements ResponseGenerator {
vpnResponse.setPublicIp(ip.getAddress().addr());
}
vpnResponse.setIpRange(vpn.getIpRange());
- vpnResponse.setPresharedKey(vpn.getIpsecPresharedKey());
populateOwner(vpnResponse, vpn);
vpnResponse.setState(vpn.getState().toString());
vpnResponse.setId(vpn.getUuid());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/c620a064/server/src/com/cloud/api/query/dao/ImageStoreJoinDaoImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/api/query/dao/ImageStoreJoinDaoImpl.java b/server/src/com/cloud/api/query/dao/ImageStoreJoinDaoImpl.java
index f1f873c..6e9c148 100644
--- a/server/src/com/cloud/api/query/dao/ImageStoreJoinDaoImpl.java
+++ b/server/src/com/cloud/api/query/dao/ImageStoreJoinDaoImpl.java
@@ -84,7 +84,8 @@ public class ImageStoreJoinDaoImpl extends GenericDaoBase<ImageStoreJoinVO, Long
if ( detailName != null && detailName.length() > 0 && !detailName.equals(ApiConstants.PASSWORD)) {
String detailValue = ids.getDetailValue();
if (detailName.equals(ApiConstants.KEY) || detailName.equals(ApiConstants.S3_SECRET_KEY)) {
- detailValue = DBEncryptionUtil.decrypt(detailValue);
+ // ALWAYS return an empty value for the S3 secret key since that key is managed by Amazon and not CloudStack
+ detailValue = "";
}
ImageStoreDetailResponse osdResponse = new ImageStoreDetailResponse(detailName, detailValue);
osResponse.addDetail(osdResponse);
@@ -99,7 +100,8 @@ public class ImageStoreJoinDaoImpl extends GenericDaoBase<ImageStoreJoinVO, Long
if ( detailName != null && detailName.length() > 0 && !detailName.equals(ApiConstants.PASSWORD)) {
String detailValue = ids.getDetailValue();
if (detailName.equals(ApiConstants.KEY) || detailName.equals(ApiConstants.S3_SECRET_KEY)) {
- detailValue = DBEncryptionUtil.decrypt(detailValue);
+ // ALWAYS return an empty value for the S3 secret key since that key is managed by Amazon and not CloudStack
+ detailValue = "";
}
ImageStoreDetailResponse osdResponse = new ImageStoreDetailResponse(detailName, detailValue);
response.addDetail(osdResponse);
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/c620a064/ui/scripts/installWizard.js
----------------------------------------------------------------------
diff --git a/ui/scripts/installWizard.js b/ui/scripts/installWizard.js
index 85eaff0..bf9450a 100644
--- a/ui/scripts/installWizard.js
+++ b/ui/scripts/installWizard.js
@@ -37,6 +37,7 @@
id: cloudStack.context.users[0].userid,
password: md5Hashed ? $.md5(args.data.password) : todb(args.data.password)
},
+ type: 'POST',
dataType: 'json',
async: true,
success: function(data) {