frodovdr/node-red
1
0
Fork 0
mirror of https://github.com/node-red/node-red.git synced 2023-10-10 13:36:53 +02:00
Code Issues Releases Wiki Activity

Prevent http git urls from including username/pword

Browse Source
This commit is contained in:
Nick O'Leary 2018-02-02 22:43:29 +00:00
parent fc1436a96d
commit d1f7fd8bfd
No known key found for this signature in database
GPG Key ID: 4F2157149161A6C9
5 changed files with 54 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
editor/js/ui/projects/projectSettings.js
View File

@ -1193,12 +1193,19 @@ RED.projects.settings = (function() {
editRepoButton.attr('disabled',true); editRepoButton.attr('disabled',true);
addRemoteDialog.slideDown(200, function() { addRemoteDialog.slideDown(200, function() {
addRemoteDialog[0].scrollIntoView(); addRemoteDialog[0].scrollIntoView();
if (isEmpty) {
remoteNameInput.val('origin');
remoteURLInput.focus();
} else {
remoteNameInput.focus();
}
validateForm(); validateForm();
}); });
}); });
var emptyItem = { empty: true }; var emptyItem = { empty: true };
var isEmpty = true;
var row = $('<div class="user-settings-row"></div>').appendTo(repoContainer); var row = $('<div class="user-settings-row"></div>').appendTo(repoContainer);
var addRemoteDialog = $('<div class="projects-dialog-list-dialog"></div>').hide().appendTo(row); var addRemoteDialog = $('<div class="projects-dialog-list-dialog"></div>').hide().appendTo(row);
row = $('<div class="user-settings-row projects-dialog-list"></div>').appendTo(repoContainer); row = $('<div class="user-settings-row projects-dialog-list"></div>').appendTo(repoContainer);
@ -1256,6 +1263,7 @@ RED.projects.settings = (function() {
setTimeout(spinner.remove, 100); setTimeout(spinner.remove, 100);
if (data.remotes.length === 0) { if (data.remotes.length === 0) {
delete activeProject.git.remotes; delete activeProject.git.remotes;
isEmpty = true;
remotesList.editableList('addItem',emptyItem); remotesList.editableList('addItem',emptyItem);
} else { } else {
activeProject.git.remotes = {}; activeProject.git.remotes = {};
@ -1290,16 +1298,26 @@ RED.projects.settings = (function() {
var validateForm = function() { var validateForm = function() {
var validName = /^[a-zA-Z0-9\-_]+$/.test(remoteNameInput.val()); var validName = /^[a-zA-Z0-9\-_]+$/.test(remoteNameInput.val());
var repo = remoteURLInput.val();
// var validRepo = /^(?:file|git|ssh|https?|[\d\w\.\-_]+@[\w\.]+):(?:\/\/)?[\w\.@:\/~_-]+(?:\.git)?(?:\/?|\#[\d\w\.\-_]+?)$/.test(remoteURLInput.val()); // var validRepo = /^(?:file|git|ssh|https?|[\d\w\.\-_]+@[\w\.]+):(?:\/\/)?[\w\.@:\/~_-]+(?:\.git)?(?:\/?|\#[\d\w\.\-_]+?)$/.test(remoteURLInput.val());
var validRepo = !/\s/.test(remoteURLInput.val()); var validRepo = repo.length > 0 && !/\s/.test(repo);
if (/^https?:\/\/[^/]+@/i.test(repo)) {
remoteURLLabel.text("Do not include the username/password in the url");
validRepo = false;
} else {
remoteURLLabel.text("https://, ssh:// or file://");
}
saveButton.attr('disabled',(!validName || !validRepo)) saveButton.attr('disabled',(!validName || !validRepo))
remoteNameInput.toggleClass('input-error',remoteNameInputChanged&&!validName); remoteNameInput.toggleClass('input-error',remoteNameInputChanged&&!validName);
remoteURLInput.toggleClass('input-error',remoteURLInputChanged&&!validRepo);
if (popover) { if (popover) {
popover.close(); popover.close();
popover = null; popover = null;
} }
}; };
var popover; var popover;
var remoteNameInputChanged = false;
var remoteURLInputChanged = false;
$('<div class="projects-dialog-list-dialog-header">').text('Add remote').appendTo(addRemoteDialog); $('<div class="projects-dialog-list-dialog-header">').text('Add remote').appendTo(addRemoteDialog);
@ -1309,11 +1327,14 @@ RED.projects.settings = (function() {
remoteNameInputChanged = true; remoteNameInputChanged = true;
validateForm(); validateForm();
}); });
var remoteNameInputChanged = false;
$('<label class="projects-edit-form-sublabel"><small>Must contain only A-Z 0-9 _ -</small></label>').appendTo(row).find("small"); $('<label class="projects-edit-form-sublabel"><small>Must contain only A-Z 0-9 _ -</small></label>').appendTo(row).find("small");
row = $('<div class="user-settings-row"></div>').appendTo(addRemoteDialog); row = $('<div class="user-settings-row"></div>').appendTo(addRemoteDialog);
$('<label for=""></label>').text('URL').appendTo(row); $('<label for=""></label>').text('URL').appendTo(row);
var remoteURLInput = $('<input type="text">').appendTo(row).on("change keyup paste",validateForm); var remoteURLInput = $('<input type="text">').appendTo(row).on("change keyup paste",function() {
remoteURLInputChanged = true;
validateForm()
});
var remoteURLLabel = $('<label class="projects-edit-form-sublabel"><small>https://, ssh:// or file://</small></label>').appendTo(row).find("small");
var hideEditForm = function() { var hideEditForm = function() {
editRepoButton.attr('disabled',false); editRepoButton.attr('disabled',false);
@ -1389,6 +1410,7 @@ RED.projects.settings = (function() {
} }
},payload); },payload);
}); });
var updateForm = function() { var updateForm = function() {
remotesList.editableList('empty'); remotesList.editableList('empty');
var count = 0; var count = 0;
@ -1400,7 +1422,8 @@ RED.projects.settings = (function() {
} }
} }
} }
if (count === 0) { isEmpty = (count === 0);
if (isEmpty) {
remotesList.editableList('addItem',emptyItem); remotesList.editableList('addItem',emptyItem);
} }
} }

15
editor/js/ui/projects/projects.js
View File

@ -682,7 +682,11 @@ RED.projects = (function() {
var repo = projectRepoInput.val(); var repo = projectRepoInput.val();
// var validRepo = /^(?:file|git|ssh|https?|[\d\w\.\-_]+@[\w\.]+):(?:\/\/)?[\w\.@:\/~_-]+(?:\/?|\#[\d\w\.\-_]+?)$/.test(repo); // var validRepo = /^(?:file|git|ssh|https?|[\d\w\.\-_]+@[\w\.]+):(?:\/\/)?[\w\.@:\/~_-]+(?:\/?|\#[\d\w\.\-_]+?)$/.test(repo);
var validRepo = !/\s/.test(repo); var validRepo = repo.length > 0 && !/\s/.test(repo);
if (/^https?:\/\/[^/]+@/i.test(repo)) {
$("#projects-dialog-screen-create-project-repo-label small").text("Do not include the username/password in the url");
validRepo = false;
}
if (!validRepo) { if (!validRepo) {
if (projectRepoChanged) { if (projectRepoChanged) {
projectRepoInput.addClass("input-error"); projectRepoInput.addClass("input-error");
@ -1738,6 +1742,15 @@ RED.projects = (function() {
},Math.max(300-(Date.now() - start),0)); },Math.max(300-(Date.now() - start),0));
}, },
400: { 400: {
'git_connection_failed': function(error) {
RED.notify(error.message,'error');
},
'git_not_a_repository': function(error) {
RED.notify(error.message,'error');
},
'git_repository_not_found': function(error) {
RED.notify(error.message,'error');
},
'unexpected_error': function(error) { 'unexpected_error': function(error) {
console.log(error); console.log(error);
} }

8
editor/js/ui/projects/tab-versionControl.js
View File

@ -749,7 +749,13 @@ RED.sidebar.versionControl = (function() {
}, },
400: { 400: {
'git_connection_failed': function(error) { 'git_connection_failed': function(error) {
RED.notify(error.message); RED.notify(error.message,'error');
},
'git_not_a_repository': function(error) {
RED.notify(error.message,'error');
},
'git_repository_not_found': function(error) {
RED.notify(error.message,'error');
}, },
'unexpected_error': function(error) { 'unexpected_error': function(error) {
console.log(error); console.log(error);

4
red/api/editor/projects/index.js
View File

@ -501,6 +501,10 @@ module.exports = {
// Add a remote // Add a remote
app.post("/:id/remotes", needsPermission("projects.write"), function(req,res) { app.post("/:id/remotes", needsPermission("projects.write"), function(req,res) {
var projectName = req.params.id; var projectName = req.params.id;
if (/^https?:\/\/[^/]+@/i.test(req.body.url)) {
res.status(400).json({error:"unexpected_error", message:"Git http url must not include username/password"});
return;
}
runtime.storage.projects.addRemote(req.user, projectName, req.body).then(function() { runtime.storage.projects.addRemote(req.user, projectName, req.body).then(function() {
res.redirect(303,req.baseUrl+"/"+projectName+"/remotes"); res.redirect(303,req.baseUrl+"/"+projectName+"/remotes");
}).catch(function(err) { }).catch(function(err) {

2
red/runtime/storage/localfilesystem/projects/git/index.js
View File

@ -69,6 +69,8 @@ function runGitCommand(args,cwd,env) {
err.code = "git_not_a_repository"; err.code = "git_not_a_repository";
} else if (/Repository not found/i.test(stderr)) { } else if (/Repository not found/i.test(stderr)) {
err.code = "git_repository_not_found"; err.code = "git_repository_not_found";
} else if (/repository '.*' does not exist/i.test(stderr)) {
err.code = "git_repository_not_found";
} else if (/refusing to merge unrelated histories/.test(stderr)) { } else if (/refusing to merge unrelated histories/.test(stderr)) {
err.code = "git_pull_unrelated_history" err.code = "git_pull_unrelated_history"
} }