From b94d9c8637bd64518bc2661adfaed53e32c43829 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ren=C3=A9e=20Hendricksen?= Date: Thu, 7 Jul 2016 00:31:35 -0400 Subject: [PATCH 1/6] use the new method --- lib/travis/api/v3/service.rb | 2 +- lib/travis/api/v3/services/build/cancel.rb | 3 +-- lib/travis/api/v3/services/build/restart.rb | 3 +-- lib/travis/api/v3/services/cron/create.rb | 3 +-- lib/travis/api/v3/services/cron/delete.rb | 3 +-- lib/travis/api/v3/services/job/cancel.rb | 3 +-- lib/travis/api/v3/services/job/debug.rb | 3 +-- lib/travis/api/v3/services/job/restart.rb | 3 +-- lib/travis/api/v3/services/repository/disable.rb | 3 +-- lib/travis/api/v3/services/repository/star.rb | 3 +-- lib/travis/api/v3/services/repository/unstar.rb | 3 +-- lib/travis/api/v3/services/requests/create.rb | 3 +-- lib/travis/api/v3/services/settings/find.rb | 3 +-- lib/travis/api/v3/services/settings/update.rb | 3 +-- lib/travis/api/v3/services/user/sync.rb | 3 +-- 15 files changed, 15 insertions(+), 29 deletions(-) diff --git a/lib/travis/api/v3/service.rb b/lib/travis/api/v3/service.rb index 13b8f2aa..d0cb719f 100644 --- a/lib/travis/api/v3/service.rb +++ b/lib/travis/api/v3/service.rb @@ -68,7 +68,7 @@ module Travis::API::V3 def check_login_and_find(*args) raise LoginRequired unless access_control.full_access_or_logged_in? - find(*args) + find(*args) # should this raise NotFound if nil? Can it return nil? see above? end def not_found(actually_not_found = false, type = nil) diff --git a/lib/travis/api/v3/services/build/cancel.rb b/lib/travis/api/v3/services/build/cancel.rb index 168b3ccf..4e10a110 100644 --- a/lib/travis/api/v3/services/build/cancel.rb +++ b/lib/travis/api/v3/services/build/cancel.rb @@ -2,8 +2,7 @@ module Travis::API::V3 class Services::Build::Cancel < Service def run - raise LoginRequired unless access_control.logged_in? or access_control.full_access? - raise NotFound unless build = find(:build) + build = check_login_and_find(:build) access_control.permissions(build).cancel! query.cancel(access_control.user) diff --git a/lib/travis/api/v3/services/build/restart.rb b/lib/travis/api/v3/services/build/restart.rb index acb49727..7ba3aff6 100644 --- a/lib/travis/api/v3/services/build/restart.rb +++ b/lib/travis/api/v3/services/build/restart.rb @@ -2,8 +2,7 @@ module Travis::API::V3 class Services::Build::Restart < Service def run - raise LoginRequired unless access_control.logged_in? or access_control.full_access? - raise NotFound unless build = find(:build) + build = check_login_and_find(:build) access_control.permissions(build).restart! query.restart(access_control.user) diff --git a/lib/travis/api/v3/services/cron/create.rb b/lib/travis/api/v3/services/cron/create.rb index dcbfffb8..2fb366e1 100644 --- a/lib/travis/api/v3/services/cron/create.rb +++ b/lib/travis/api/v3/services/cron/create.rb @@ -4,8 +4,7 @@ module Travis::API::V3 params :interval, :disable_by_build def run! - raise LoginRequired unless access_control.logged_in? or access_control.full_access? - raise NotFound unless repository = find(:repository) + repository = check_login_and_find(:repository) raise NotFound unless branch = find(:branch, repository) raise Error.new('Crons can only be set up for branches existing on GitHub!', status: 422) unless branch.exists_on_github raise Error.new('Invalid value for interval. Interval must be "daily", "weekly" or "monthly"!', status: 422) unless ["daily", "weekly", "monthly"].include?(params["interval"]) diff --git a/lib/travis/api/v3/services/cron/delete.rb b/lib/travis/api/v3/services/cron/delete.rb index c5d9287d..59aa6d10 100644 --- a/lib/travis/api/v3/services/cron/delete.rb +++ b/lib/travis/api/v3/services/cron/delete.rb @@ -3,8 +3,7 @@ module Travis::API::V3 #params :id def run! - raise LoginRequired unless access_control.logged_in? or access_control.full_access? - cron = find + cron = check_login_and_find access_control.permissions(cron).delete! cron.destroy end diff --git a/lib/travis/api/v3/services/job/cancel.rb b/lib/travis/api/v3/services/job/cancel.rb index 0b565498..a6f143ec 100644 --- a/lib/travis/api/v3/services/job/cancel.rb +++ b/lib/travis/api/v3/services/job/cancel.rb @@ -2,8 +2,7 @@ module Travis::API::V3 class Services::Job::Cancel < Service def run - raise LoginRequired unless access_control.logged_in? or access_control.full_access? - raise NotFound unless job = find(:job) + job = check_login_and_find(:job) access_control.permissions(job).cancel! query.cancel(access_control.user) diff --git a/lib/travis/api/v3/services/job/debug.rb b/lib/travis/api/v3/services/job/debug.rb index 63c1939c..a892b993 100644 --- a/lib/travis/api/v3/services/job/debug.rb +++ b/lib/travis/api/v3/services/job/debug.rb @@ -5,8 +5,7 @@ module Travis::API::V3 attr_reader :job def run - raise LoginRequired unless access_control.logged_in? or access_control.full_access? - raise NotFound unless @job = find(:job) + @job = check_login_and_find(:job) raise WrongCredentials unless Travis.config.debug_tools_enabled or Travis::Features.active?(:debug_tools, job.repository) access_control.permissions(job).debug! diff --git a/lib/travis/api/v3/services/job/restart.rb b/lib/travis/api/v3/services/job/restart.rb index a10dc71b..26ef1499 100644 --- a/lib/travis/api/v3/services/job/restart.rb +++ b/lib/travis/api/v3/services/job/restart.rb @@ -2,8 +2,7 @@ module Travis::API::V3 class Services::Job::Restart < Service def run - raise LoginRequired unless access_control.logged_in? or access_control.full_access? - raise NotFound unless job = find(:job) + job = check_login_and_find(:job) access_control.permissions(job).restart! query.restart(access_control.user) diff --git a/lib/travis/api/v3/services/repository/disable.rb b/lib/travis/api/v3/services/repository/disable.rb index c904351e..169af0d7 100644 --- a/lib/travis/api/v3/services/repository/disable.rb +++ b/lib/travis/api/v3/services/repository/disable.rb @@ -1,8 +1,7 @@ module Travis::API::V3 class Services::Repository::Disable < Service def run!(activate = false) - raise LoginRequired unless access_control.logged_in? or access_control.full_access? - raise NotFound unless repository = find(:repository) + repository = check_login_and_find(:repository) check_access(repository) admin = access_control.admin_for(repository) diff --git a/lib/travis/api/v3/services/repository/star.rb b/lib/travis/api/v3/services/repository/star.rb index 0b29c2bb..cd3f1a24 100644 --- a/lib/travis/api/v3/services/repository/star.rb +++ b/lib/travis/api/v3/services/repository/star.rb @@ -1,8 +1,7 @@ module Travis::API::V3 class Services::Repository::Star < Service def run! - raise LoginRequired unless access_control.logged_in? or access_control.full_access? - raise NotFound unless repository = find(:repository) + repository = check_login_and_find(:repository) check_access(repository) current_user = access_control.user query.star(current_user) diff --git a/lib/travis/api/v3/services/repository/unstar.rb b/lib/travis/api/v3/services/repository/unstar.rb index 75874f9f..39e75856 100644 --- a/lib/travis/api/v3/services/repository/unstar.rb +++ b/lib/travis/api/v3/services/repository/unstar.rb @@ -1,8 +1,7 @@ module Travis::API::V3 class Services::Repository::Unstar < Service def run! - raise LoginRequired unless access_control.logged_in? or access_control.full_access? - raise NotFound unless repository = find(:repository) + repository = check_login_and_find(:repository) check_access(repository) current_user = access_control.user query.unstar(current_user) diff --git a/lib/travis/api/v3/services/requests/create.rb b/lib/travis/api/v3/services/requests/create.rb index 87c54d2d..ec4c6a08 100644 --- a/lib/travis/api/v3/services/requests/create.rb +++ b/lib/travis/api/v3/services/requests/create.rb @@ -8,8 +8,7 @@ module Travis::API::V3 params "request", "user", :config, :message, :branch, :token def run - raise LoginRequired unless access_control.logged_in? or access_control.full_access? - raise NotFound unless repository = find(:repository) + repository = check_login_and_find(:repository) access_control.permissions(repository).create_request! user = find(:user) if access_control.full_access? and params_for? 'user'.freeze diff --git a/lib/travis/api/v3/services/settings/find.rb b/lib/travis/api/v3/services/settings/find.rb index 9ab54fec..bd7c08c9 100644 --- a/lib/travis/api/v3/services/settings/find.rb +++ b/lib/travis/api/v3/services/settings/find.rb @@ -1,8 +1,7 @@ module Travis::API::V3 class Services::Settings::Find < Service def run! - raise LoginRequired unless access_control.logged_in? or access_control.full_access? - raise NotFound unless repo = find(:repository) + repository = check_login_and_find(:repository) find(:settings, repo) end end diff --git a/lib/travis/api/v3/services/settings/update.rb b/lib/travis/api/v3/services/settings/update.rb index c2780e20..924bc39f 100644 --- a/lib/travis/api/v3/services/settings/update.rb +++ b/lib/travis/api/v3/services/settings/update.rb @@ -3,8 +3,7 @@ module Travis::API::V3 params :builds_only_with_travis_yml, :build_pushes, :build_pull_requests, :maximum_number_of_builds, prefix: :settings def run! - raise LoginRequired unless access_control.logged_in? or access_control.full_access? - raise NotFound unless repository = find(:repository) + repository = check_login_and_find(:repository) query.update(repository) end end diff --git a/lib/travis/api/v3/services/user/sync.rb b/lib/travis/api/v3/services/user/sync.rb index 5ece301b..16cd3674 100644 --- a/lib/travis/api/v3/services/user/sync.rb +++ b/lib/travis/api/v3/services/user/sync.rb @@ -2,8 +2,7 @@ module Travis::API::V3 class Services::User::Sync < Service def run! - raise LoginRequired unless access_control.logged_in? or access_control.full_access? - raise NotFound unless user = find(:user) + user = check_login_and_find(:user) access_control.permissions(user).sync! query.sync(user) From f63bb1c6a2ec12b2326a546d7550c3c05d89eb81 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ren=C3=A9e=20Hendricksen?= Date: Thu, 7 Jul 2016 01:16:39 -0400 Subject: [PATCH 2/6] if this logic isn't needed we should take it out later --- lib/travis/api/v3/service.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/travis/api/v3/service.rb b/lib/travis/api/v3/service.rb index d0cb719f..f3243189 100644 --- a/lib/travis/api/v3/service.rb +++ b/lib/travis/api/v3/service.rb @@ -68,7 +68,7 @@ module Travis::API::V3 def check_login_and_find(*args) raise LoginRequired unless access_control.full_access_or_logged_in? - find(*args) # should this raise NotFound if nil? Can it return nil? see above? + find(*args) or raise NotFound end def not_found(actually_not_found = false, type = nil) From 3fb7c35286ebc5b598b817633acf9d4717c95d30 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ren=C3=A9e=20Hendricksen?= Date: Thu, 7 Jul 2016 01:30:35 -0400 Subject: [PATCH 3/6] copy pasta fix --- lib/travis/api/v3/services/settings/find.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/travis/api/v3/services/settings/find.rb b/lib/travis/api/v3/services/settings/find.rb index bd7c08c9..3dff2eb8 100644 --- a/lib/travis/api/v3/services/settings/find.rb +++ b/lib/travis/api/v3/services/settings/find.rb @@ -1,7 +1,7 @@ module Travis::API::V3 class Services::Settings::Find < Service def run! - repository = check_login_and_find(:repository) + repo = check_login_and_find(:repository) find(:settings, repo) end end From 2783a69f89229d71f8fd0a7b16c59d0189a1e037 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ren=C3=A9e=20Hendricksen?= Date: Tue, 12 Jul 2016 14:12:46 -0400 Subject: [PATCH 4/6] encrpted value and working tests --- lib/travis/api/v3/models/env_var.rb | 4 ++-- lib/travis/api/v3/renderer.rb | 3 ++- lib/travis/api/v3/renderer/model_renderer.rb | 1 + spec/v3/services/env_var/delete_spec.rb | 2 +- spec/v3/services/env_vars/create_spec.rb | 3 +-- 5 files changed, 7 insertions(+), 6 deletions(-) diff --git a/lib/travis/api/v3/models/env_var.rb b/lib/travis/api/v3/models/env_var.rb index 1d4c7f8f..27f2606f 100644 --- a/lib/travis/api/v3/models/env_var.rb +++ b/lib/travis/api/v3/models/env_var.rb @@ -2,7 +2,7 @@ module Travis::API::V3 class Models::EnvVar < Travis::Settings::Model attribute :id, Integer attribute :name, String - attribute :value, String + attribute :value, Travis::Settings::EncryptedValue attribute :public, Boolean attribute :repository_id, Integer @@ -11,7 +11,7 @@ module Travis::API::V3 end validates_each :id, :name do |record, attr, value| - others = record.repository.env_vars.select { |ev| ev.id != record.id } + others = record.repository.env_vars.select { |ev| ev.id != record.id } record.errors.add(:base, :duplicate_resource) if others.find { |ev| ev.send(attr) == record.send(attr) } end end diff --git a/lib/travis/api/v3/renderer.rb b/lib/travis/api/v3/renderer.rb index 637f937d..2710fbc5 100644 --- a/lib/travis/api/v3/renderer.rb +++ b/lib/travis/api/v3/renderer.rb @@ -10,7 +10,7 @@ module Travis::API::V3 extend self def clear(**args) - args.select { |key, value| !value.nil? } + args.compact end def href(type, string_args = nil, script_name: nil, **args) @@ -49,6 +49,7 @@ module Travis::API::V3 when Model then render_model(value, **options) when ActiveRecord::Relation then render_value(value.to_a, **options) when ActiveRecord::Associations::CollectionProxy then render_value(value.to_a, **options) + when Travis::Settings::EncryptedValue then value # Should this be value.decrypt ?? If so do we want to add if options[:included].first.public? so we ensure we only decrypt public values? else raise ArgumentError, 'cannot render %p (%p)' % [value.class, value] end end diff --git a/lib/travis/api/v3/renderer/model_renderer.rb b/lib/travis/api/v3/renderer/model_renderer.rb index dd5bdc0b..9df7506f 100644 --- a/lib/travis/api/v3/renderer/model_renderer.rb +++ b/lib/travis/api/v3/renderer/model_renderer.rb @@ -110,6 +110,7 @@ module Travis::API::V3 end fields.each do |field| + next if field == :value && !@model.public? value = Renderer.render_value(send(field), access_control: access_control, script_name: script_name, diff --git a/spec/v3/services/env_var/delete_spec.rb b/spec/v3/services/env_var/delete_spec.rb index 870c69e9..96975893 100644 --- a/spec/v3/services/env_var/delete_spec.rb +++ b/spec/v3/services/env_var/delete_spec.rb @@ -28,6 +28,6 @@ describe Travis::API::V3::Services::EnvVar::Delete, set_app: true do end example { expect(last_response.status).to eq 200 } - example { pending 'should we return an empty body here?' } + example { expect(JSON.parse(last_response.body)["id"]).to eq(env_var[:id]) } end end diff --git a/spec/v3/services/env_vars/create_spec.rb b/spec/v3/services/env_vars/create_spec.rb index 1755e593..7a8e4587 100644 --- a/spec/v3/services/env_vars/create_spec.rb +++ b/spec/v3/services/env_vars/create_spec.rb @@ -13,7 +13,7 @@ describe Travis::API::V3::Services::EnvVars::Create, set_app: true do describe 'authenticated, repo missing' do before { post("/v3/repo/99999999/env_vars", {}, auth_headers) } - include_examples 'missing repo' + include_examples 'missing repo' end describe 'authenticated, existing repo, env var already exists' do @@ -58,7 +58,6 @@ describe Travis::API::V3::Services::EnvVars::Create, set_app: true do '@type' => 'env_var', '@representation' => 'standard', 'name' => 'FOO', - 'value' => 'bar', 'public' => false ) expect(response).to include('@href', 'id') From 58cd17158c36932cd9a3ada553a22c83ea915d83 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ren=C3=A9e=20Hendricksen?= Date: Thu, 14 Jul 2016 17:24:49 -0400 Subject: [PATCH 5/6] decrypt the public values for return and fix the tests --- lib/travis/api/v3/renderer.rb | 2 +- spec/v3/services/env_var/delete_spec.rb | 2 +- spec/v3/services/env_var/find_spec.rb | 4 +- spec/v3/services/env_var/update_spec.rb | 4 +- spec/v3/services/env_vars/create_spec.rb | 63 +++++++++++++------ .../services/env_vars/for_repository_spec.rb | 8 +-- 6 files changed, 55 insertions(+), 28 deletions(-) diff --git a/lib/travis/api/v3/renderer.rb b/lib/travis/api/v3/renderer.rb index 2710fbc5..e31a7c77 100644 --- a/lib/travis/api/v3/renderer.rb +++ b/lib/travis/api/v3/renderer.rb @@ -49,7 +49,7 @@ module Travis::API::V3 when Model then render_model(value, **options) when ActiveRecord::Relation then render_value(value.to_a, **options) when ActiveRecord::Associations::CollectionProxy then render_value(value.to_a, **options) - when Travis::Settings::EncryptedValue then value # Should this be value.decrypt ?? If so do we want to add if options[:included].first.public? so we ensure we only decrypt public values? + when Travis::Settings::EncryptedValue then value.decrypt else raise ArgumentError, 'cannot render %p (%p)' % [value.class, value] end end diff --git a/spec/v3/services/env_var/delete_spec.rb b/spec/v3/services/env_var/delete_spec.rb index 96975893..305b01da 100644 --- a/spec/v3/services/env_var/delete_spec.rb +++ b/spec/v3/services/env_var/delete_spec.rb @@ -3,7 +3,7 @@ require 'spec_helper' describe Travis::API::V3::Services::EnvVar::Delete, set_app: true do let(:repo) { Travis::API::V3::Models::Repository.where(owner_name: 'svenfuchs', name: 'minimal').first_or_create } let(:token) { Travis::Api::App::AccessToken.create(user: repo.owner, app_id: 1) } - let(:env_var) { { id: 'abc', name: 'FOO', value: 'bar', public: true, repository_id: repo.id } } + let(:env_var) { { id: 'abc', name: 'FOO', value: Travis::Settings::EncryptedValue.new('bar'), public: true, repository_id: repo.id } } let(:auth_headers) { { 'HTTP_AUTHORIZATION' => "token #{token}" } } describe 'not authenticated' do diff --git a/spec/v3/services/env_var/find_spec.rb b/spec/v3/services/env_var/find_spec.rb index f80cfdc1..1438ccca 100644 --- a/spec/v3/services/env_var/find_spec.rb +++ b/spec/v3/services/env_var/find_spec.rb @@ -3,7 +3,7 @@ require 'spec_helper' describe Travis::API::V3::Services::EnvVar::Find, set_app: true do let(:repo) { Travis::API::V3::Models::Repository.where(owner_name: 'svenfuchs', name: 'minimal').first_or_create } let(:token) { Travis::Api::App::AccessToken.create(user: repo.owner, app_id: 1) } - let(:env_var) { { id: 'abc', name: 'FOO', value: 'bar', public: true, repository_id: repo.id } } + let(:env_var) { { id: 'abc', name: 'FOO', value: Travis::Settings::EncryptedValue.new('bar'), public: true, repository_id: repo.id } } let(:auth_headers) { { 'HTTP_AUTHORIZATION' => "token #{token}" } } describe 'not authenticated' do @@ -36,7 +36,7 @@ describe Travis::API::V3::Services::EnvVar::Find, set_app: true do 'id' => env_var[:id], 'name' => env_var[:name], 'public' => env_var[:public], - 'value' => env_var[:value] + 'value' => env_var[:value].decrypt ) end end diff --git a/spec/v3/services/env_var/update_spec.rb b/spec/v3/services/env_var/update_spec.rb index bac9a065..c4cab579 100644 --- a/spec/v3/services/env_var/update_spec.rb +++ b/spec/v3/services/env_var/update_spec.rb @@ -3,7 +3,7 @@ require 'spec_helper' describe Travis::API::V3::Services::EnvVar::Update, set_app: true do let(:repo) { Travis::API::V3::Models::Repository.where(owner_name: 'svenfuchs', name: 'minimal').first_or_create } let(:token) { Travis::Api::App::AccessToken.create(user: repo.owner, app_id: 1) } - let(:env_var) { { id: 'abc', name: 'FOO', value: 'bar', public: true, repository_id: repo.id } } + let(:env_var) { { id: 'abc', name: 'FOO', value: Travis::Settings::EncryptedValue.new('bar'), public: true, repository_id: repo.id } } let(:auth_headers) { { 'HTTP_AUTHORIZATION' => "token #{token}" } } let(:json_headers) { { 'CONTENT_TYPE' => 'application/json' } } @@ -42,7 +42,7 @@ describe Travis::API::V3::Services::EnvVar::Update, set_app: true do '@representation' => 'standard', 'id' => env_var[:id], 'name' => params['env_var.name'], - 'value' => env_var[:value], + 'value' => env_var[:value].decrypt, 'public' => env_var[:public] ) end diff --git a/spec/v3/services/env_vars/create_spec.rb b/spec/v3/services/env_vars/create_spec.rb index 7a8e4587..48e82f21 100644 --- a/spec/v3/services/env_vars/create_spec.rb +++ b/spec/v3/services/env_vars/create_spec.rb @@ -26,7 +26,7 @@ describe Travis::API::V3::Services::EnvVars::Create, set_app: true do end before do - repo.update_attributes(settings: JSON.generate(env_vars: [{ id: 'abc', name: 'FOO', value: 'bar', public: false }])) + repo.update_attributes(settings: JSON.generate(env_vars: [{ id: 'abc', name: 'FOO', value: Travis::Settings::EncryptedValue.new('bar'), public: false }])) post("/v3/repo/#{repo.id}/env_vars", JSON.generate(params), auth_headers.merge(json_headers)) end @@ -41,26 +41,53 @@ describe Travis::API::V3::Services::EnvVars::Create, set_app: true do end describe 'authenticated, existing repo, env var is new' do - let(:params) do - { - 'env_var.name' => 'FOO', - 'env_var.value' => 'bar', - 'env_var.public' => false - } + describe 'private' do + let(:params) do + { + 'env_var.name' => 'FOO', + 'env_var.value' => 'bar', + 'env_var.public' => false + } + end + + before { post("/v3/repo/#{repo.id}/env_vars", JSON.generate(params), auth_headers.merge(json_headers)) } + + example { expect(last_response.status).to eq 201 } + example do + response = JSON.load(body) + expect(response).to include( + '@type' => 'env_var', + '@representation' => 'standard', + 'name' => 'FOO', + 'public' => false + ) + expect(response).to include('@href', 'id') + end end - before { post("/v3/repo/#{repo.id}/env_vars", JSON.generate(params), auth_headers.merge(json_headers)) } + describe 'public' do + let(:params) do + { + 'env_var.name' => 'FOO', + 'env_var.value' => 'bar', + 'env_var.public' => true + } + end - example { expect(last_response.status).to eq 201 } - example do - response = JSON.load(body) - expect(response).to include( - '@type' => 'env_var', - '@representation' => 'standard', - 'name' => 'FOO', - 'public' => false - ) - expect(response).to include('@href', 'id') + before { post("/v3/repo/#{repo.id}/env_vars", JSON.generate(params), auth_headers.merge(json_headers)) } + + example { expect(last_response.status).to eq 201 } + example do + response = JSON.load(body) + expect(response).to include( + '@type' => 'env_var', + '@representation' => 'standard', + 'name' => 'FOO', + 'value' => 'bar', + 'public' => true + ) + expect(response).to include('@href', 'id') + end end end end diff --git a/spec/v3/services/env_vars/for_repository_spec.rb b/spec/v3/services/env_vars/for_repository_spec.rb index fd20de9d..eeb4e928 100644 --- a/spec/v3/services/env_vars/for_repository_spec.rb +++ b/spec/v3/services/env_vars/for_repository_spec.rb @@ -3,9 +3,9 @@ require 'spec_helper' describe Travis::API::V3::Services::EnvVars::ForRepository, set_app: true do let(:repo) { Travis::API::V3::Models::Repository.where(owner_name: 'svenfuchs', name: 'minimal').first_or_create } let(:token) { Travis::Api::App::AccessToken.create(user: repo.owner, app_id: 1) } - let(:env_var) { { id: 'abc', name: 'FOO', value: 'bar', public: true, repository_id: repo.id } } + let(:env_var) { { id: 'abc', name: 'FOO', value: Travis::Settings::EncryptedValue.new('bar'), public: true, repository_id: repo.id } } let(:auth_headers) { { 'HTTP_AUTHORIZATION' => "token #{token}" } } - + describe 'not authenticated' do before { get("/v3/repo/#{repo.id}/env_vars") } include_examples 'not authenticated' @@ -13,7 +13,7 @@ describe Travis::API::V3::Services::EnvVars::ForRepository, set_app: true do describe 'authenticated, missing repo' do before { get("/v3/repo/999999999/env_vars", {}, auth_headers) } - include_examples 'missing repo' + include_examples 'missing repo' end describe 'authenticated, existing repo, no env vars' do @@ -49,7 +49,7 @@ describe Travis::API::V3::Services::EnvVars::ForRepository, set_app: true do '@representation' => 'standard', 'id' => env_var[:id], 'name' => env_var[:name], - 'value' => env_var[:value], + 'value' => env_var[:value].decrypt, 'public' => env_var[:public] } ] From 48e4a2c589c6961b5655dd79b0bcf5f43d88f24a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ren=C3=A9e=20Hendricksen?= Date: Thu, 14 Jul 2016 17:47:17 -0400 Subject: [PATCH 6/6] use travis settings for encrypted columns --- .../api/v3/extensions/encrypted_column.rb | 109 ------------------ lib/travis/api/v3/models/ssl_key.rb | 2 +- lib/travis/api/v3/models/token.rb | 2 +- lib/travis/api/v3/models/user.rb | 2 +- 4 files changed, 3 insertions(+), 112 deletions(-) delete mode 100644 lib/travis/api/v3/extensions/encrypted_column.rb diff --git a/lib/travis/api/v3/extensions/encrypted_column.rb b/lib/travis/api/v3/extensions/encrypted_column.rb deleted file mode 100644 index 6818b887..00000000 --- a/lib/travis/api/v3/extensions/encrypted_column.rb +++ /dev/null @@ -1,109 +0,0 @@ -require 'securerandom' -require 'base64' - -module Travis::API::V3 - module Extensions - class EncryptedColumn - attr_reader :disable, :options - alias disabled? disable - - def initialize(options = {}) - @options = options || {} - @disable = self.options[:disable] - @key = self.options[:key] - end - - def enabled? - !disabled? - end - - def load(data) - return nil unless data - - data = data.to_s - - decrypt?(data) ? decrypt(data) : data - end - - def dump(data) - encrypt?(data) ? encrypt(data.to_s) : data - end - - def key - @key || config.key - end - - def iv - SecureRandom.hex(8) - end - - def prefix - '--ENCR--' - end - - def decrypt?(data) - data.present? && (!use_prefix? || prefix_used?(data)) - end - - def encrypt?(data) - data.present? && enabled? - end - - def prefix_used?(data) - data[0..7] == prefix - end - - def decrypt(data) - data = data[8..-1] if prefix_used?(data) - - data = decode data - - iv = data[-16..-1] - data = data[0..-17] - - aes = create_aes :decrypt, key.to_s, iv - - result = aes.update(data) + aes.final - end - - def encrypt(data) - iv = self.iv - - aes = create_aes :encrypt, key.to_s, iv - - encrypted = aes.update(data) + aes.final - - encrypted = "#{encrypted}#{iv}" - encrypted = encode encrypted - encrypted = "#{prefix}#{encrypted}" if use_prefix? - encrypted - end - - def use_prefix? - options.has_key?(:use_prefix) ? options[:use_prefix] : Travis::Features.feature_inactive?(:db_encryption_prefix) - end - - def create_aes(mode = :encrypt, key, iv) - aes = OpenSSL::Cipher::AES.new(256, :CBC) - - aes.send(mode) - aes.key = key - aes.iv = iv - - aes - end - - def config - Travis.config.encryption - end - - def decode(str) - Base64.strict_decode64 str - end - - def encode(str) - Base64.strict_encode64 str - end - end - end -end diff --git a/lib/travis/api/v3/models/ssl_key.rb b/lib/travis/api/v3/models/ssl_key.rb index 75e1e8a2..bd9685c7 100644 --- a/lib/travis/api/v3/models/ssl_key.rb +++ b/lib/travis/api/v3/models/ssl_key.rb @@ -2,7 +2,7 @@ module Travis::API::V3 class Models::SSLKey < Model belongs_to :repository - serialize :private_key, Travis::API::V3::Extensions::EncryptedColumn.new + serialize :private_key, Travis::Settings::EncryptedColumn.new def encoded_public_key key = build_key.public_key diff --git a/lib/travis/api/v3/models/token.rb b/lib/travis/api/v3/models/token.rb index 90965d0b..4cd6bf35 100644 --- a/lib/travis/api/v3/models/token.rb +++ b/lib/travis/api/v3/models/token.rb @@ -2,7 +2,7 @@ module Travis::API::V3 class Models::Token < Model belongs_to :user validate :token, presence: true - serialize :token, Extensions::EncryptedColumn.new(disable: true) + serialize :token, Travis::Settings::EncryptedColumn.new(disable: true) before_validation :generate_token, on: :create protected diff --git a/lib/travis/api/v3/models/user.rb b/lib/travis/api/v3/models/user.rb index 510542c8..66ccf86d 100644 --- a/lib/travis/api/v3/models/user.rb +++ b/lib/travis/api/v3/models/user.rb @@ -9,7 +9,7 @@ module Travis::API::V3 has_many :stars has_one :subscription, as: :owner - serialize :github_oauth_token, Extensions::EncryptedColumn.new(disable: true) + serialize :github_oauth_token, Travis::Settings::EncryptedColumn.new(disable: true) def token tokens.first_or_create.token