Clear password feature
All checks were successful
Unittests / unittests (push) Successful in 50s
Unittests / deploy-dev (push) Successful in 1m27s

This commit is contained in:
Adam Štrauch 2024-05-25 13:35:45 +02:00
parent 9e82bfc2b5
commit 2077271306
Signed by: cx
GPG key ID: 7262DAFE292BCE20
5 changed files with 85 additions and 0 deletions

View file

@ -242,6 +242,23 @@ func (c *Container) SetPassword(password string) error {
return err
}
// ClearPassword removes password for system user app in the container
func (c *Container) ClearPassword() error {
driver := c.getDriver()
_, err := driver.Exec(c.App.Name, []string{"passwd", "-d", "app"}, "", []string{}, false)
if err != nil {
return err
}
_, err = driver.Exec(c.App.Name, []string{"rm", "-f", passwordFile}, "", []string{}, false)
if err != nil {
return err
}
return err
}
// Generate SSH keys and copies it into authorized keys
// Returns true if the key was generated in this call and error if there is any.
// The container has to run for this to work.

View file

@ -591,6 +591,26 @@ func (p *Processor) SetPassword(password string) error {
return nil
}
// ClearPassword removes password from the SSH user
func (p *Processor) ClearPassword() error {
err := p.waitForApp()
if err != nil {
return err
}
container, err := p.getContainer()
if err != nil {
return err
}
err = container.ClearPassword()
if err != nil {
return err
}
return nil
}
// Generate SSH key and adds it into authorized_keys
// These pair of keys is used for deployment.
// Returns private key, pubkey and error.

View file

@ -212,6 +212,26 @@ func setPasswordHandler(c echo.Context) error {
return c.JSON(http.StatusOK, Message{Message: "ok"})
}
// Clear password for the app user in the container
func clearPasswordHandler(c echo.Context) error {
name := c.Param("name")
processor := glue.Processor{
AppName: name,
DB: common.GetDBConnection(),
DockerSock: config.DockerSocket,
BindIPHTTP: config.AppsBindIPHTTP,
BindIPSSH: config.AppsBindIPSSH,
AppsPath: config.AppsPath,
}
err := processor.ClearPassword()
if err != nil {
return c.JSONPretty(http.StatusInternalServerError, Message{Message: err.Error()}, JSONIndent)
}
return c.JSON(http.StatusOK, Message{Message: "ok"})
}
// Copies body of the request into /srv/.ssh/authorized_keys
func setKeysHandler(c echo.Context) error {
name := c.Param("name")

View file

@ -57,6 +57,7 @@ func _messageHandler(m *nats.Msg) error {
"get_active_tech": getActiveTechHandler,
"update_keys": updateKeysEventHandler,
"set_password": setPasswordEventHandler,
"clear_password": clearPasswordEventHandler,
"processes": processesEventHandler,
"enable_tech": enableTechEventHandler,
"rebuild": rebuildEventHandler,
@ -538,6 +539,30 @@ func setPasswordEventHandler(m *nats.Msg, message *RequestMessage) error {
return nil
}
// Clear password for the app user in the container
func clearPasswordEventHandler(m *nats.Msg, message *RequestMessage) error {
processor := glue.Processor{
AppName: message.AppName,
DB: common.GetDBConnection(),
SnapshotProcessor: &snapshotProcessor,
DockerSock: config.DockerSocket,
BindIPHTTP: config.AppsBindIPHTTP,
BindIPSSH: config.AppsBindIPSSH,
AppsPath: config.AppsPath,
}
err := processor.ClearPassword()
if err != nil {
log.Println("ERROR password clearing problem: " + err.Error())
publish(message.AppName, "backend problem", true)
return err
}
publish(message.AppName, "password deleted", false)
return nil
}
// Application processes
func processesEventHandler(m *nats.Msg, message *RequestMessage) error {
processor := glue.Processor{

View file

@ -174,6 +174,9 @@ func main() {
// Set password for the app user in the container
e.PUT("/v1/apps/:name/password", setPasswordHandler)
// Clear password for the app user in the container
e.DELETE("/v1/apps/:name/password", clearPasswordHandler)
// Copies body of the request into /srv/.ssh/authorized_keys
e.PUT("/v1/apps/:name/keys", setKeysHandler)