1
0
mirror of https://github.com/node-red/node-red.git synced 2023-10-10 13:36:53 +02:00

Fixup SSH key auth for project repos

This commit is contained in:
Nick O'Leary 2018-01-18 22:17:48 +00:00
parent f95b414d22
commit f7f795f58a
No known key found for this signature in database
GPG Key ID: 4F2157149161A6C9
13 changed files with 130 additions and 57 deletions

View File

@ -122,12 +122,25 @@
timeout: msg.timeout
}
if (notificationId === "runtime-state") {
if (msg.error === "credentials_load_failed") {
if (msg.error === "missing-types") {
text+="<ul><li>"+msg.types.join("</li><li>")+"</li></ul>";
options.buttons = [
{
text: "Close",
click: function() {
persistentNotifications[notificationId].close();
delete persistentNotifications[notificationId];
}
}
]
} else if (msg.error === "credentials_load_failed") {
if (RED.user.hasPermission("projects.write")) {
options.buttons = [
{
text: "Setup credentials",
click: function() {
persistentNotifications[notificationId].close();
delete persistentNotifications[notificationId];
RED.projects.showCredentialsPrompt();
}
}

View File

@ -956,8 +956,8 @@ RED.projects.settings = (function() {
credentialStateLabel.find(".user-settings-credentials-state-icon").removeClass().addClass("user-settings-credentials-state-icon fa fa-unlock");
credentialStateLabel.find(".user-settings-credentials-state").text("Encryption disabled");
}
credentialSecretResetButton.toggleClass('disabled',!activeProject.settings.credentialsEncrypted);
credentialSecretResetButton.prop('disabled',!activeProject.settings.credentialsEncrypted);
credentialSecretResetButton.toggleClass('disabled',!activeProject.settings.credentialSecretInvalid && !activeProject.settings.credentialsEncrypted);
credentialSecretResetButton.prop('disabled',!activeProject.settings.credentialSecretInvalid && !activeProject.settings.credentialsEncrypted);
}
checkFiles();

View File

@ -194,21 +194,21 @@ RED.projects.userSettings = (function() {
name: keyNameInput.val()
};
var selectedButton = bg.find(".selected");
if (selectedButton[0] === addLocalButton[0]) {
payload.type = "local";
payload.publicKeyPath = localPublicKeyPathInput.val();
payload.privateKeyPath = localPrivateKeyPathInput.val();
} else if (selectedButton[0] === uploadButton[0]) {
payload.type = "upload";
payload.publicKey = publicKeyInput.val();
payload.privateKey = privateKeyInput.val();
} else if (selectedButton[0] === generateButton[0]) {
// var selectedButton = bg.find(".selected");
// if (selectedButton[0] === addLocalButton[0]) {
// payload.type = "local";
// payload.publicKeyPath = localPublicKeyPathInput.val();
// payload.privateKeyPath = localPrivateKeyPathInput.val();
// } else if (selectedButton[0] === uploadButton[0]) {
// payload.type = "upload";
// payload.publicKey = publicKeyInput.val();
// payload.privateKey = privateKeyInput.val();
// } else if (selectedButton[0] === generateButton[0]) {
payload.type = "generate";
payload.comment = gitEmailInput.val();
payload.password = passphraseInput.val();
payload.size = 4096;
}
// }
var done = function(err) {
spinner.remove();
if (err) {

View File

@ -847,7 +847,13 @@ RED.projects = (function() {
validateForm();
});
row = $('<div class="hide form-row projects-dialog-screen-create-row projects-dialog-screen-create-row-clone projects-dialog-screen-create-row-creds"></div>').hide().appendTo(container);
var cloneAuthRows = $('<div class="hide projects-dialog-screen-create-row projects-dialog-screen-create-row-clone"></div>').hide().appendTo(container);
row = $('<div class="form-row projects-dialog-screen-create-row-auth-error"></div>').hide().appendTo(cloneAuthRows);
$('<div><i class="fa fa-warning"></i> Authentication failed</div>').appendTo(row);
// Repo credentials - username/password ----------------
row = $('<div class="hide form-row projects-dialog-screen-create-row-creds"></div>').hide().appendTo(cloneAuthRows);
var subrow = $('<div style="width: calc(50% - 10px); display:inline-block;"></div>').appendTo(row);
$('<label for="projects-dialog-screen-create-project-repo-user">Username</label>').appendTo(subrow);
@ -857,7 +863,11 @@ RED.projects = (function() {
$('<label for="projects-dialog-screen-create-project-repo-pass">Password</label>').appendTo(subrow);
projectRepoPasswordInput = $('<input id="projects-dialog-screen-create-project-repo-pass" type="password"></input>').appendTo(subrow);
row = $('<div class="form-row projects-dialog-screen-create-row projects-dialog-screen-create-row-sshkey"></div>').hide().appendTo(container);
// -----------------------------------------------------
// Repo credentials - key/passphrase -------------------
row = $('<div class="form-row projects-dialog-screen-create-row projects-dialog-screen-create-row-sshkey"></div>').hide().appendTo(cloneAuthRows);
subrow = $('<div style="width: calc(50% - 10px); display:inline-block;"></div>').appendTo(row);
$('<label for="projects-dialog-screen-create-project-repo-passphrase">SSH Key</label>').appendTo(subrow);
projectRepoSSHKeySelect = $("<select>",{style:"width: 100%"}).appendTo(subrow);
@ -878,13 +888,12 @@ RED.projects = (function() {
sshwarningRow.hide();
}
});
subrow = $('<div style="width: calc(50% - 10px); margin-left: 20px; display:inline-block;"></div>').appendTo(row);
$('<label for="projects-dialog-screen-create-project-repo-passphrase">Passphrase</label>').appendTo(subrow);
projectRepoPassphrase = $('<input id="projects-dialog-screen-create-project-repo-passphrase" type="password"></input>').appendTo(subrow);
var sshwarningRow = $('<div style="padding: 20px"></div>').hide().appendTo(row);
subrow = $('<div class="form-row projects-dialog-screen-create-row projects-dialog-screen-create-row-sshkey"></div>').appendTo(cloneAuthRows);
var sshwarningRow = $('<div class="projects-dialog-screen-create-row-auth-error-no-keys"></div>').hide().appendTo(subrow);
$('<div class="form-row"><i class="fa fa-warning"></i> Before you can clone a repository over ssh you must add an SSH key to access it.</div>').appendTo(sshwarningRow);
subrow = $('<div style="text-align: center">').appendTo(sshwarningRow);
$('<button class="editor-button">Add an ssh key</button>').appendTo(subrow).click(function(e) {
@ -895,6 +904,8 @@ RED.projects = (function() {
$("#user-settings-gitconfig-add-key").click();
},500);
});
// -----------------------------------------------------
// // Secret - clone
// row = $('<div class="hide form-row projects-dialog-screen-create-row projects-dialog-screen-create-row-clone"></div>').appendTo(container);
@ -989,7 +1000,6 @@ RED.projects = (function() {
sendRequest({
url: "projects",
type: "POST",
requireCleanWorkspace: true,
handleAuthFail: false,
responses: {
200: function(data) {
@ -1006,17 +1016,22 @@ RED.projects = (function() {
projectRepoInput.addClass("input-error");
},
'git_auth_failed': function(error) {
$(".projects-dialog-screen-create-row-auth-error").show();
projectRepoUserInput.addClass("input-error");
projectRepoPasswordInput.addClass("input-error");
// getRepoAuthDetails(req);
projectRepoSSHKeySelect.addClass("input-error");
projectRepoPassphrase.addClass("input-error");
console.log("git auth error",error);
},
'project_empty': function(error) {
// This is handled via a runtime notification.
dialog.dialog("close");
},
'credentials_load_failed': function(error) {
// This is handled via a runtime notification.
dialog.dialog("close");
},
'unexpected_error': function(error) {
console.log("unexpected_error",error)
}
@ -1396,14 +1411,9 @@ RED.projects = (function() {
function sendRequest(options,body) {
// dialogBody.hide();
console.log(options.url,body);
if (options.requireCleanWorkspace && RED.nodes.dirty()) {
var message = 'You have undeployed changes that will be lost. Do you want to continue?';
var alwaysCallback;
function requireCleanWorkspace(done) {
if (RED.nodes.dirty()) {
var message = '<p>You have undeployed changes that will be lost.</p><p>Do you want to continue?</p>';
var cleanNotification = RED.notify(message,{
type:"info",
fixed: true,
@ -1415,29 +1425,57 @@ RED.projects = (function() {
text: RED._("common.label.cancel"),
click: function() {
cleanNotification.close();
if (options.cancel) {
options.cancel();
}
if (alwaysCallback) {
alwaysCallback();
}
done(true);
}
},{
text: 'Continue',
click: function() {
cleanNotification.close();
done(false);
}
}
]
});
}
}
function sendRequest(options,body) {
// dialogBody.hide();
console.log(options.url,body);
if (options.requireCleanWorkspace && RED.nodes.dirty()) {
var thenCallback;
var alwaysCallback;
requireCleanWorkspace(function(cancelled) {
if (cancelled) {
if (options.cancel) {
options.cancel();
if (alwaysCallback) {
alwaysCallback();
}
}
} else {
delete options.requireCleanWorkspace;
sendRequest(options,body).always(function() {
sendRequest(options,body).then(function() {
if (thenCallback) {
thenCallback();
}
}).always(function() {
if (alwaysCallback) {
alwaysCallback();
}
})
}
}
]
});
})
// What follows is a very hacky Promise-like api thats good enough
// for our needs.
return {
then: function(done) {
thenCallback = done;
return { always: function(done) { alwaysCallback = done; }}
},
always: function(done) { alwaysCallback = done; }
}
}
@ -1806,6 +1844,13 @@ RED.projects = (function() {
}
function showNewProjectScreen() {
if (!activeProject) {
show('welcome');
} else {
show('create')
}
}
return {
init: init,
@ -1821,10 +1866,15 @@ RED.projects = (function() {
RED.notify(RED._("user.errors.notAuthorized"),"error");
return;
}
if (!activeProject) {
show('welcome');
if (RED.nodes.dirty()) {
return requireCleanWorkspace(function(cancelled) {
if (!cancelled) {
showNewProjectScreen();
}
})
} else {
show('create')
showNewProjectScreen();
}
},
selectProject: function() {

View File

@ -36,7 +36,7 @@
}
.notification p:first-child {
font-size: 1.1em;
font-weight: 500;
font-weight: 400;
}
.notification a {
text-decoration: none;

View File

@ -88,9 +88,9 @@
"warnings": {
"undeployedChanges": "node has undeployed changes",
"nodeActionDisabled": "node actions disabled within subflow",
"missing-types": "Flows stopped due to missing node types. Check logs for details.",
"missing-types": "<p>Flows stopped due to missing node types.</p>",
"restartRequired": "Node-RED must be restarted to enable upgraded modules",
"credentials_load_failed": "<p>Flows stopped due to missing or invalid credentialSecret.</p>",
"credentials_load_failed": "<p>Flows stopped as the credentials could not be decrypted.</p><p>The flow credential file is encrypted, but the project's encryption key is missing or invalid.</p>",
"missing_flow_file": "<p>Project flow file not found.</p><p>The project is not configured with a flow file.</p>",
"project_empty": "<p>The project is empty.</p><p>Do you want to create a default set of project files?<br/>Otherwise, you will have to manually add files to the project outside of the editor.</p>"
},

View File

@ -17,11 +17,13 @@ var theme = require("../editor/theme");
var util = require('util');
var runtime;
var settings;
var log;
module.exports = {
init: function(_runtime) {
runtime = _runtime;
settings = runtime.settings;
log = runtime.log;
},
runtimeSettings: function(req,res) {
var safeSettings = {

View File

@ -254,7 +254,7 @@ function start(type,diff,muteLog) {
log.info(log._("nodes.flows.missing-type-install-2"));
log.info(" "+settings.userDir);
}
events.emit("runtime-event",{id:"runtime-state",payload:{type:"warning",text:"notification.warnings.missing-types"},retain:true});
events.emit("runtime-event",{id:"runtime-state",payload:{error:"missing-types", type:"warning",text:"notification.warnings.missing-types",types:activeFlowConfig.missingTypes},retain:true});
return when.resolve();
}
if (!muteLog) {

View File

@ -32,6 +32,15 @@ var projectsDir;
var authCache = require("./git/authCache");
// TODO: DRY - red/api/editor/sshkeys !
function getSSHKeyUsername(userObj) {
var username = '__default';
if ( userObj && userObj.name ) {
username = userObj.name;
}
return username;
}
function Project(name) {
this.name = name;
this.path = fspath.join(projectsDir,name);
@ -645,7 +654,7 @@ Project.prototype.updateRemote = function(user,remote,options) {
if (options.auth) {
var url = this.remotes[remote].fetch;
if (options.auth.keyFile) {
options.auth.key_path = sshKeys.getPrivateKeyPath(username, options.auth.keyFile);
options.auth.key_path = sshKeys.getPrivateKeyPath(getSSHKeyUsername(user), options.auth.keyFile);
}
authCache.set(this.name,url,username,options.auth);
}
@ -662,7 +671,7 @@ Project.prototype.removeRemote = function(user, remote) {
Project.prototype.getFlowFile = function() {
console.log("Project.getFlowFile = ",this.paths.flowFile);
// console.log("Project.getFlowFile = ",this.paths.flowFile);
if (this.paths.flowFile) {
return fspath.join(this.path,this.paths.flowFile);
} else {
@ -674,7 +683,7 @@ Project.prototype.getFlowFileBackup = function() {
return getBackupFilename(this.getFlowFile());
}
Project.prototype.getCredentialsFile = function() {
console.log("Project.getCredentialsFile = ",this.paths.credentialsFile);
// console.log("Project.getCredentialsFile = ",this.paths.credentialsFile);
if (this.paths.credentialsFile) {
return fspath.join(this.path,this.paths.credentialsFile);
} else {
@ -872,7 +881,7 @@ function createProject(user, metadata) {
}
else if (originRemote.hasOwnProperty("keyFile") && originRemote.hasOwnProperty("passphrase")) {
authCache.set(project,originRemote.url,username,{ // TODO: hardcoded remote name
key_path: sshKeys.getPrivateKeyPath(username, originRemote.keyFile),
key_path: sshKeys.getPrivateKeyPath(getSSHKeyUsername(user), originRemote.keyFile),
passphrase: originRemote.passphrase
}
);

View File

@ -45,7 +45,7 @@ var ResponseServer = function(auth) {
parts.push(data.substring(0, m));
data = data.substring(m);
var line = parts.join("");
console.log("LINE:",line);
// console.log("LINE:",line);
parts = [];
if (line==='Username') {
connection.end(auth.username);
@ -90,7 +90,6 @@ var ResponseSSHServer = function(auth) {
parts.push(data.substring(0, m));
data = data.substring(m);
var line = parts.join("");
console.log("LINE:",line);
parts = [];
if (line==='The') {
// TODO: document these exchanges!

View File

@ -23,7 +23,7 @@ var crypto = require('crypto');
var storageSettings = require("../settings");
var util = require("../util");
var gitTools = require("./git");
var sshTools = require("./ssh");
var sshTools = require("./sshKeygen");
var Projects = require("./Project");

View File

@ -19,7 +19,7 @@ var sinon = require("sinon");
var child_process = require('child_process');
var EventEmitter = require("events");
var ssh = require("../../../../../../red/runtime/storage/localfilesystem/projects/ssh")
var ssh = require("../../../../../../red/runtime/storage/localfilesystem/projects/sshKeygen")
describe("localfilesystem/projects/ssh", function() {