aboutsummaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorThomas Citharel <tcit@tcit.fr>2017-06-14 15:02:34 +0200
committerJeremy Benoist <jeremy.benoist@gmail.com>2017-06-20 16:03:39 +0200
commitbead8b42da4f17238dc0d5e0f90184b224ec5df7 (patch)
tree67af15e3f45dc496e492767095e5f4b477e56848
parent906424c1b6fd884bf2081bfe6dd0b1f9651c2801 (diff)
downloadwallabag-bead8b42da4f17238dc0d5e0f90184b224ec5df7.tar.gz
wallabag-bead8b42da4f17238dc0d5e0f90184b224ec5df7.tar.zst
wallabag-bead8b42da4f17238dc0d5e0f90184b224ec5df7.zip
Fix reviews
Encrypt username too Redirect to list after saving credentials Fix typos Signed-off-by: Thomas Citharel <tcit@tcit.fr>
-rw-r--r--app/DoctrineMigrations/Version20170501115751.php2
-rw-r--r--src/Wallabag/CoreBundle/Controller/SiteCredentialController.php38
-rw-r--r--src/Wallabag/CoreBundle/Entity/SiteCredential.php3
-rw-r--r--src/Wallabag/CoreBundle/Form/Type/SiteCredentialType.php1
-rw-r--r--src/Wallabag/CoreBundle/GuzzleSiteAuthenticator/GrabySiteConfigBuilder.php3
-rw-r--r--src/Wallabag/CoreBundle/Helper/CryptoProxy.php4
-rw-r--r--src/Wallabag/CoreBundle/Repository/SiteCredentialRepository.php3
-rw-r--r--src/Wallabag/CoreBundle/Resources/translations/messages.fr.yml4
-rw-r--r--src/Wallabag/CoreBundle/Resources/views/themes/material/SiteCredential/index.html.twig4
-rw-r--r--tests/Wallabag/CoreBundle/Controller/EntryControllerTest.php2
-rw-r--r--tests/Wallabag/CoreBundle/Controller/SiteCredentialControllerTest.php1
11 files changed, 43 insertions, 22 deletions
diff --git a/app/DoctrineMigrations/Version20170501115751.php b/app/DoctrineMigrations/Version20170501115751.php
index 2597f1ff..7f068eb8 100644
--- a/app/DoctrineMigrations/Version20170501115751.php
+++ b/app/DoctrineMigrations/Version20170501115751.php
@@ -38,7 +38,7 @@ class Version20170501115751 extends AbstractMigration implements ContainerAwareI
38 $table->addColumn('id', 'integer', ['autoincrement' => true]); 38 $table->addColumn('id', 'integer', ['autoincrement' => true]);
39 $table->addColumn('user_id', 'integer'); 39 $table->addColumn('user_id', 'integer');
40 $table->addColumn('host', 'string', ['length' => 255]); 40 $table->addColumn('host', 'string', ['length' => 255]);
41 $table->addColumn('username', 'string', ['length' => 255]); 41 $table->addColumn('username', 'text');
42 $table->addColumn('password', 'text'); 42 $table->addColumn('password', 'text');
43 $table->addColumn('createdAt', 'datetime'); 43 $table->addColumn('createdAt', 'datetime');
44 $table->addIndex(['user_id'], 'idx_user'); 44 $table->addIndex(['user_id'], 'idx_user');
diff --git a/src/Wallabag/CoreBundle/Controller/SiteCredentialController.php b/src/Wallabag/CoreBundle/Controller/SiteCredentialController.php
index 0bacafb7..98781dab 100644
--- a/src/Wallabag/CoreBundle/Controller/SiteCredentialController.php
+++ b/src/Wallabag/CoreBundle/Controller/SiteCredentialController.php
@@ -26,9 +26,9 @@ class SiteCredentialController extends Controller
26 { 26 {
27 $credentials = $this->get('wallabag_core.site_credential_repository')->findByUser($this->getUser()); 27 $credentials = $this->get('wallabag_core.site_credential_repository')->findByUser($this->getUser());
28 28
29 return $this->render('WallabagCoreBundle:SiteCredential:index.html.twig', array( 29 return $this->render('WallabagCoreBundle:SiteCredential:index.html.twig', [
30 'credentials' => $credentials, 30 'credentials' => $credentials,
31 )); 31 ]);
32 } 32 }
33 33
34 /** 34 /**
@@ -36,6 +36,10 @@ class SiteCredentialController extends Controller
36 * 36 *
37 * @Route("/new", name="site_credentials_new") 37 * @Route("/new", name="site_credentials_new")
38 * @Method({"GET", "POST"}) 38 * @Method({"GET", "POST"})
39 *
40 * @param Request $request
41 *
42 * @return \Symfony\Component\HttpFoundation\Response
39 */ 43 */
40 public function newAction(Request $request) 44 public function newAction(Request $request)
41 { 45 {
@@ -45,24 +49,25 @@ class SiteCredentialController extends Controller
45 $form->handleRequest($request); 49 $form->handleRequest($request);
46 50
47 if ($form->isSubmitted() && $form->isValid()) { 51 if ($form->isSubmitted() && $form->isValid()) {
52 $credential->setUsername($this->get('wallabag_core.helper.crypto_proxy')->crypt($credential->getUsername()));
48 $credential->setPassword($this->get('wallabag_core.helper.crypto_proxy')->crypt($credential->getPassword())); 53 $credential->setPassword($this->get('wallabag_core.helper.crypto_proxy')->crypt($credential->getPassword()));
49 54
50 $em = $this->getDoctrine()->getManager(); 55 $em = $this->getDoctrine()->getManager();
51 $em->persist($credential); 56 $em->persist($credential);
52 $em->flush($credential); 57 $em->flush();
53 58
54 $this->get('session')->getFlashBag()->add( 59 $this->get('session')->getFlashBag()->add(
55 'notice', 60 'notice',
56 $this->get('translator')->trans('flashes.site_credential.notice.added', ['%host%' => $credential->getHost()]) 61 $this->get('translator')->trans('flashes.site_credential.notice.added', ['%host%' => $credential->getHost()])
57 ); 62 );
58 63
59 return $this->redirectToRoute('site_credentials_edit', array('id' => $credential->getId())); 64 return $this->redirectToRoute('site_credentials_index');
60 } 65 }
61 66
62 return $this->render('WallabagCoreBundle:SiteCredential:new.html.twig', array( 67 return $this->render('WallabagCoreBundle:SiteCredential:new.html.twig', [
63 'credential' => $credential, 68 'credential' => $credential,
64 'form' => $form->createView(), 69 'form' => $form->createView(),
65 )); 70 ]);
66 } 71 }
67 72
68 /** 73 /**
@@ -70,6 +75,11 @@ class SiteCredentialController extends Controller
70 * 75 *
71 * @Route("/{id}/edit", name="site_credentials_edit") 76 * @Route("/{id}/edit", name="site_credentials_edit")
72 * @Method({"GET", "POST"}) 77 * @Method({"GET", "POST"})
78 *
79 * @param Request $request
80 * @param SiteCredential $siteCredential
81 *
82 * @return \Symfony\Component\HttpFoundation\Response
73 */ 83 */
74 public function editAction(Request $request, SiteCredential $siteCredential) 84 public function editAction(Request $request, SiteCredential $siteCredential)
75 { 85 {
@@ -80,6 +90,9 @@ class SiteCredentialController extends Controller
80 $editForm->handleRequest($request); 90 $editForm->handleRequest($request);
81 91
82 if ($editForm->isSubmitted() && $editForm->isValid()) { 92 if ($editForm->isSubmitted() && $editForm->isValid()) {
93 $siteCredential->setUsername($this->get('wallabag_core.helper.crypto_proxy')->crypt($siteCredential->getUsername()));
94 $siteCredential->setPassword($this->get('wallabag_core.helper.crypto_proxy')->crypt($siteCredential->getPassword()));
95
83 $em = $this->getDoctrine()->getManager(); 96 $em = $this->getDoctrine()->getManager();
84 $em->persist($siteCredential); 97 $em->persist($siteCredential);
85 $em->flush(); 98 $em->flush();
@@ -89,14 +102,14 @@ class SiteCredentialController extends Controller
89 $this->get('translator')->trans('flashes.site_credential.notice.updated', ['%host%' => $siteCredential->getHost()]) 102 $this->get('translator')->trans('flashes.site_credential.notice.updated', ['%host%' => $siteCredential->getHost()])
90 ); 103 );
91 104
92 return $this->redirectToRoute('site_credentials_edit', array('id' => $siteCredential->getId())); 105 return $this->redirectToRoute('site_credentials_index');
93 } 106 }
94 107
95 return $this->render('WallabagCoreBundle:SiteCredential:edit.html.twig', array( 108 return $this->render('WallabagCoreBundle:SiteCredential:edit.html.twig', [
96 'credential' => $siteCredential, 109 'credential' => $siteCredential,
97 'edit_form' => $editForm->createView(), 110 'edit_form' => $editForm->createView(),
98 'delete_form' => $deleteForm->createView(), 111 'delete_form' => $deleteForm->createView(),
99 )); 112 ]);
100 } 113 }
101 114
102 /** 115 /**
@@ -104,6 +117,11 @@ class SiteCredentialController extends Controller
104 * 117 *
105 * @Route("/{id}", name="site_credentials_delete") 118 * @Route("/{id}", name="site_credentials_delete")
106 * @Method("DELETE") 119 * @Method("DELETE")
120 *
121 * @param Request $request
122 * @param SiteCredential $siteCredential
123 *
124 * @return \Symfony\Component\HttpFoundation\RedirectResponse
107 */ 125 */
108 public function deleteAction(Request $request, SiteCredential $siteCredential) 126 public function deleteAction(Request $request, SiteCredential $siteCredential)
109 { 127 {
@@ -136,7 +154,7 @@ class SiteCredentialController extends Controller
136 private function createDeleteForm(SiteCredential $siteCredential) 154 private function createDeleteForm(SiteCredential $siteCredential)
137 { 155 {
138 return $this->createFormBuilder() 156 return $this->createFormBuilder()
139 ->setAction($this->generateUrl('site_credentials_delete', array('id' => $siteCredential->getId()))) 157 ->setAction($this->generateUrl('site_credentials_delete', ['id' => $siteCredential->getId()]))
140 ->setMethod('DELETE') 158 ->setMethod('DELETE')
141 ->getForm() 159 ->getForm()
142 ; 160 ;
diff --git a/src/Wallabag/CoreBundle/Entity/SiteCredential.php b/src/Wallabag/CoreBundle/Entity/SiteCredential.php
index 732d9506..58075e92 100644
--- a/src/Wallabag/CoreBundle/Entity/SiteCredential.php
+++ b/src/Wallabag/CoreBundle/Entity/SiteCredential.php
@@ -37,8 +37,7 @@ class SiteCredential
37 * @var string 37 * @var string
38 * 38 *
39 * @Assert\NotBlank() 39 * @Assert\NotBlank()
40 * @Assert\Length(max=255) 40 * @ORM\Column(name="username", type="text")
41 * @ORM\Column(name="username", type="string", length=255)
42 */ 41 */
43 private $username; 42 private $username;
44 43
diff --git a/src/Wallabag/CoreBundle/Form/Type/SiteCredentialType.php b/src/Wallabag/CoreBundle/Form/Type/SiteCredentialType.php
index 9db7c155..fd409ad2 100644
--- a/src/Wallabag/CoreBundle/Form/Type/SiteCredentialType.php
+++ b/src/Wallabag/CoreBundle/Form/Type/SiteCredentialType.php
@@ -19,6 +19,7 @@ class SiteCredentialType extends AbstractType
19 ]) 19 ])
20 ->add('username', TextType::class, [ 20 ->add('username', TextType::class, [
21 'label' => 'site_credential.form.username_label', 21 'label' => 'site_credential.form.username_label',
22 'data' => '',
22 ]) 23 ])
23 ->add('password', PasswordType::class, [ 24 ->add('password', PasswordType::class, [
24 'label' => 'site_credential.form.password_label', 25 'label' => 'site_credential.form.password_label',
diff --git a/src/Wallabag/CoreBundle/GuzzleSiteAuthenticator/GrabySiteConfigBuilder.php b/src/Wallabag/CoreBundle/GuzzleSiteAuthenticator/GrabySiteConfigBuilder.php
index 62a3bc13..a79e6ebe 100644
--- a/src/Wallabag/CoreBundle/GuzzleSiteAuthenticator/GrabySiteConfigBuilder.php
+++ b/src/Wallabag/CoreBundle/GuzzleSiteAuthenticator/GrabySiteConfigBuilder.php
@@ -87,7 +87,8 @@ class GrabySiteConfigBuilder implements SiteConfigBuilder
87 87
88 $config = new SiteConfig($parameters); 88 $config = new SiteConfig($parameters);
89 89
90 // do not leak password in log 90 // do not leak usernames and passwords in log
91 $parameters['username'] = '**masked**';
91 $parameters['password'] = '**masked**'; 92 $parameters['password'] = '**masked**';
92 93
93 $this->logger->debug('Auth: add parameters.', ['host' => $host, 'parameters' => $parameters]); 94 $this->logger->debug('Auth: add parameters.', ['host' => $host, 'parameters' => $parameters]);
diff --git a/src/Wallabag/CoreBundle/Helper/CryptoProxy.php b/src/Wallabag/CoreBundle/Helper/CryptoProxy.php
index d0a9b85c..e8b19cb9 100644
--- a/src/Wallabag/CoreBundle/Helper/CryptoProxy.php
+++ b/src/Wallabag/CoreBundle/Helper/CryptoProxy.php
@@ -65,7 +65,7 @@ class CryptoProxy
65 /** 65 /**
66 * Load the private key. 66 * Load the private key.
67 * 67 *
68 * @return string 68 * @return Key
69 */ 69 */
70 private function loadKey() 70 private function loadKey()
71 { 71 {
@@ -81,6 +81,6 @@ class CryptoProxy
81 */ 81 */
82 private function mask($value) 82 private function mask($value)
83 { 83 {
84 return $value[0].'*****'.$value[strlen($value) - 1]; 84 return strlen($value) > 0 ? $value[0].'*****'.$value[strlen($value) - 1] : 'Empty value';
85 } 85 }
86} 86}
diff --git a/src/Wallabag/CoreBundle/Repository/SiteCredentialRepository.php b/src/Wallabag/CoreBundle/Repository/SiteCredentialRepository.php
index 6f904f0a..36906761 100644
--- a/src/Wallabag/CoreBundle/Repository/SiteCredentialRepository.php
+++ b/src/Wallabag/CoreBundle/Repository/SiteCredentialRepository.php
@@ -38,7 +38,8 @@ class SiteCredentialRepository extends \Doctrine\ORM\EntityRepository
38 return; 38 return;
39 } 39 }
40 40
41 // decrypt password before returning it 41 // decrypt user & password before returning them
42 $res['username'] = $this->cryptoProxy->decrypt($res['username']);
42 $res['password'] = $this->cryptoProxy->decrypt($res['password']); 43 $res['password'] = $this->cryptoProxy->decrypt($res['password']);
43 44
44 return $res; 45 return $res;
diff --git a/src/Wallabag/CoreBundle/Resources/translations/messages.fr.yml b/src/Wallabag/CoreBundle/Resources/translations/messages.fr.yml
index 542ddf48..cd239b5c 100644
--- a/src/Wallabag/CoreBundle/Resources/translations/messages.fr.yml
+++ b/src/Wallabag/CoreBundle/Resources/translations/messages.fr.yml
@@ -515,7 +515,7 @@ user:
515 twofactor_label: "Double authentification" 515 twofactor_label: "Double authentification"
516 save: "Sauvegarder" 516 save: "Sauvegarder"
517 delete: "Supprimer" 517 delete: "Supprimer"
518 delete_confirm: "Êtes-vous sur ?" 518 delete_confirm: "Êtes-vous sûr ?"
519 back_to_list: "Revenir à la liste" 519 back_to_list: "Revenir à la liste"
520 search: 520 search:
521 placeholder: "Filtrer par nom d’utilisateur ou email" 521 placeholder: "Filtrer par nom d’utilisateur ou email"
@@ -537,7 +537,7 @@ site_credential:
537 password_label: 'Mot de passe' 537 password_label: 'Mot de passe'
538 save: "Sauvegarder" 538 save: "Sauvegarder"
539 delete: "Supprimer" 539 delete: "Supprimer"
540 delete_confirm: "Êtes-vous sur ?" 540 delete_confirm: "Êtes-vous sûr ?"
541 back_to_list: "Revenir à la liste" 541 back_to_list: "Revenir à la liste"
542 542
543error: 543error:
diff --git a/src/Wallabag/CoreBundle/Resources/views/themes/material/SiteCredential/index.html.twig b/src/Wallabag/CoreBundle/Resources/views/themes/material/SiteCredential/index.html.twig
index c128bceb..4d30a692 100644
--- a/src/Wallabag/CoreBundle/Resources/views/themes/material/SiteCredential/index.html.twig
+++ b/src/Wallabag/CoreBundle/Resources/views/themes/material/SiteCredential/index.html.twig
@@ -16,6 +16,7 @@
16 <tr> 16 <tr>
17 <th>{{ 'site_credential.form.host_label'|trans }}</th> 17 <th>{{ 'site_credential.form.host_label'|trans }}</th>
18 <th>{{ 'site_credential.form.username_label'|trans }}</th> 18 <th>{{ 'site_credential.form.username_label'|trans }}</th>
19 <th>{{ 'site_credential.form.password_label'|trans }}</th>
19 <th>{{ 'site_credential.list.actions'|trans }}</th> 20 <th>{{ 'site_credential.list.actions'|trans }}</th>
20 </tr> 21 </tr>
21 </thead> 22 </thead>
@@ -23,7 +24,8 @@
23 {% for credential in credentials %} 24 {% for credential in credentials %}
24 <tr> 25 <tr>
25 <td>{{ credential.host }}</td> 26 <td>{{ credential.host }}</td>
26 <td>{{ credential.username }}</td> 27 <td>*****</td>
28 <td>*****</td>
27 <td> 29 <td>
28 <a href="{{ path('site_credentials_edit', { 'id': credential.id }) }}">{{ 'site_credential.list.edit_action'|trans }}</a> 30 <a href="{{ path('site_credentials_edit', { 'id': credential.id }) }}">{{ 'site_credential.list.edit_action'|trans }}</a>
29 </td> 31 </td>
diff --git a/tests/Wallabag/CoreBundle/Controller/EntryControllerTest.php b/tests/Wallabag/CoreBundle/Controller/EntryControllerTest.php
index 80380685..f17dc97b 100644
--- a/tests/Wallabag/CoreBundle/Controller/EntryControllerTest.php
+++ b/tests/Wallabag/CoreBundle/Controller/EntryControllerTest.php
@@ -1340,7 +1340,7 @@ class EntryControllerTest extends WallabagCoreTestCase
1340 $user = $client->getContainer()->get('security.token_storage')->getToken()->getUser(); 1340 $user = $client->getContainer()->get('security.token_storage')->getToken()->getUser();
1341 $credential = new SiteCredential($user); 1341 $credential = new SiteCredential($user);
1342 $credential->setHost('monde-diplomatique.fr'); 1342 $credential->setHost('monde-diplomatique.fr');
1343 $credential->setUsername('foo'); 1343 $credential->setUsername($client->getContainer()->get('wallabag_core.helper.crypto_proxy')->crypt('foo'));
1344 $credential->setPassword($client->getContainer()->get('wallabag_core.helper.crypto_proxy')->crypt('bar')); 1344 $credential->setPassword($client->getContainer()->get('wallabag_core.helper.crypto_proxy')->crypt('bar'));
1345 1345
1346 $em->persist($credential); 1346 $em->persist($credential);
diff --git a/tests/Wallabag/CoreBundle/Controller/SiteCredentialControllerTest.php b/tests/Wallabag/CoreBundle/Controller/SiteCredentialControllerTest.php
index 7e6dafee..e73a9743 100644
--- a/tests/Wallabag/CoreBundle/Controller/SiteCredentialControllerTest.php
+++ b/tests/Wallabag/CoreBundle/Controller/SiteCredentialControllerTest.php
@@ -85,7 +85,6 @@ class SiteCredentialControllerTest extends WallabagCoreTestCase
85 $crawler = $client->followRedirect(); 85 $crawler = $client->followRedirect();
86 86
87 $this->assertContains('flashes.site_credential.notice.updated', $crawler->filter('body')->extract(['_text'])[0]); 87 $this->assertContains('flashes.site_credential.notice.updated', $crawler->filter('body')->extract(['_text'])[0]);
88 $this->assertContains('larry', $crawler->filter('input[id=site_credential_username]')->attr('value'));
89 } 88 }
90 89
91 public function testEditFromADifferentUserSiteCredential() 90 public function testEditFromADifferentUserSiteCredential()