mirror of https://github.com/apache/cloudstack.git
bug 12208,12238: Do not encrypt user password and api key
status 12208,12238 : resolved fixed reviewed-by: Abhi
This commit is contained in:
kishan
parent
1dfc3f8e34
commit
af0cf90b2b
|
|
@ -44,7 +44,7 @@ public class UserAccountVO implements UserAccount {
|
|||
@Column(name="username")
|
||||
private String username = null;
|
||||
|
||||
@Column(name="password", encryptable=true)
|
||||
@Column(name="password")
|
||||
private String password = null;
|
||||
|
||||
@Column(name="firstname")
|
||||
|
|
@ -65,7 +65,7 @@ public class UserAccountVO implements UserAccount {
|
|||
@Column(name="api_key")
|
||||
private String apiKey = null;
|
||||
|
||||
@Column(name="secret_key")
|
||||
@Column(name="secret_key", encryptable=true)
|
||||
private String secretKey = null;
|
||||
|
||||
@Column(name=GenericDao.CREATED_COLUMN)
|
||||
|
|
|
|||
|
|
@ -52,7 +52,7 @@ public class UserVO implements User, Identity {
|
|||
@Column(name = "username")
|
||||
private String username = null;
|
||||
|
||||
@Column(name = "password", encryptable=true)
|
||||
@Column(name = "password")
|
||||
private String password = null;
|
||||
|
||||
@Column(name = "firstname")
|
||||
|
|
@ -71,7 +71,7 @@ public class UserVO implements User, Identity {
|
|||
@Enumerated(value=EnumType.STRING)
|
||||
private State state;
|
||||
|
||||
@Column(name = "api_key", encryptable=true)
|
||||
@Column(name = "api_key")
|
||||
private String apiKey = null;
|
||||
|
||||
@Column(name = "secret_key", encryptable=true)
|
||||
|
|
|
|||
|
|
@ -347,7 +347,7 @@ public class ConfigurationServerImpl implements ConfigurationServer {
|
|||
|
||||
// now insert the user
|
||||
insertSql = "INSERT INTO `cloud`.`user` (id, username, password, account_id, firstname, lastname, created) " +
|
||||
"VALUES (" + id + ",'" + username + "','" + DBEncryptionUtil.encrypt(sb.toString()) + "', 2, '" + firstname + "','" + lastname + "',now())";
|
||||
"VALUES (" + id + ",'" + username + "','" + sb.toString() + "', 2, '" + firstname + "','" + lastname + "',now())";
|
||||
|
||||
|
||||
txn = Transaction.currentTxn();
|
||||
|
|
|
|||
|
|
@ -134,7 +134,7 @@ public class Upgrade2214to30 implements DbUpgrade {
|
|||
} catch (SQLException e) {
|
||||
throw new CloudRuntimeException("Unable encrypt host_details values");
|
||||
} catch (UnsupportedEncodingException e) {
|
||||
throw new CloudRuntimeException("Unable encrypt configuration values");
|
||||
throw new CloudRuntimeException("Unable encrypt host_details values");
|
||||
} finally {
|
||||
try {
|
||||
if (rs != null) {
|
||||
|
|
@ -170,7 +170,7 @@ public class Upgrade2214to30 implements DbUpgrade {
|
|||
} catch (SQLException e) {
|
||||
throw new CloudRuntimeException("Unable encrypt vm_instance vnc_password");
|
||||
} catch (UnsupportedEncodingException e) {
|
||||
throw new CloudRuntimeException("Unable encrypt configuration values");
|
||||
throw new CloudRuntimeException("Unable encrypt vm_instance vnc_password");
|
||||
} finally {
|
||||
try {
|
||||
if (rs != null) {
|
||||
|
|
@ -189,39 +189,25 @@ public class Upgrade2214to30 implements DbUpgrade {
|
|||
PreparedStatement pstmt = null;
|
||||
ResultSet rs = null;
|
||||
try {
|
||||
pstmt = conn.prepareStatement("select id, password, api_key, secret_key from user");
|
||||
pstmt = conn.prepareStatement("select id, secret_key from user");
|
||||
rs = pstmt.executeQuery();
|
||||
while (rs.next()) {
|
||||
long id = rs.getLong(1);
|
||||
String password = rs.getString(2);
|
||||
String encryptedPassword = DBEncryptionUtil.encrypt(password);
|
||||
String apiKey = rs.getString(3);
|
||||
String encryptedApiKey = DBEncryptionUtil.encrypt(apiKey);
|
||||
String secretKey = rs.getString(4);
|
||||
String secretKey = rs.getString(2);
|
||||
String encryptedSecretKey = DBEncryptionUtil.encrypt(secretKey);
|
||||
pstmt = conn.prepareStatement("update user set password=?, api_key=?, secret_key=? where id=?");
|
||||
if(encryptedPassword == null){
|
||||
pstmt = conn.prepareStatement("update user set secret_key=? where id=?");
|
||||
if(encryptedSecretKey == null){
|
||||
pstmt.setNull(1, Types.VARCHAR);
|
||||
} else {
|
||||
pstmt.setBytes(1, encryptedPassword.getBytes("UTF-8"));
|
||||
pstmt.setBytes(1, encryptedSecretKey.getBytes("UTF-8"));
|
||||
}
|
||||
if(encryptedApiKey == null){
|
||||
pstmt.setNull(2, Types.VARCHAR);
|
||||
} else {
|
||||
pstmt.setBytes(2, encryptedApiKey.getBytes("UTF-8"));
|
||||
}
|
||||
if(encryptedSecretKey == null){
|
||||
pstmt.setNull(3, Types.VARCHAR);
|
||||
} else {
|
||||
pstmt.setBytes(3, encryptedSecretKey.getBytes("UTF-8"));
|
||||
}
|
||||
pstmt.setLong(4, id);
|
||||
pstmt.setLong(2, id);
|
||||
pstmt.executeUpdate();
|
||||
}
|
||||
} catch (SQLException e) {
|
||||
throw new CloudRuntimeException("Unable encrypt user credentials");
|
||||
throw new CloudRuntimeException("Unable encrypt user secret key");
|
||||
} catch (UnsupportedEncodingException e) {
|
||||
throw new CloudRuntimeException("Unable encrypt configuration values");
|
||||
throw new CloudRuntimeException("Unable encrypt user secret key");
|
||||
} finally {
|
||||
try {
|
||||
if (rs != null) {
|
||||
|
|
|
|||
|
|
@ -112,7 +112,7 @@ public class AccountDaoImpl extends GenericDaoBase<AccountVO, Long> implements A
|
|||
try {
|
||||
String sql = FIND_USER_ACCOUNT_BY_API_KEY;
|
||||
pstmt = txn.prepareAutoCloseStatement(sql);
|
||||
pstmt.setString(1, DBEncryptionUtil.encrypt(apiKey));
|
||||
pstmt.setString(1, apiKey);
|
||||
ResultSet rs = pstmt.executeQuery();
|
||||
// TODO: make sure we don't have more than 1 result? ApiKey had better be unique
|
||||
if (rs.next()) {
|
||||
|
|
|
|||
Loading…
Reference in New Issue