diff options
author | Thomas Citharel <tcit@tcit.fr> | 2017-06-14 15:02:34 +0200 |
---|---|---|
committer | Jeremy Benoist <jeremy.benoist@gmail.com> | 2017-06-20 16:03:39 +0200 |
commit | bead8b42da4f17238dc0d5e0f90184b224ec5df7 (patch) | |
tree | 67af15e3f45dc496e492767095e5f4b477e56848 | |
parent | 906424c1b6fd884bf2081bfe6dd0b1f9651c2801 (diff) | |
download | wallabag-bead8b42da4f17238dc0d5e0f90184b224ec5df7.tar.gz wallabag-bead8b42da4f17238dc0d5e0f90184b224ec5df7.tar.zst wallabag-bead8b42da4f17238dc0d5e0f90184b224ec5df7.zip |
Fix reviews
Encrypt username too
Redirect to list after saving credentials
Fix typos
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
11 files changed, 43 insertions, 22 deletions
diff --git a/app/DoctrineMigrations/Version20170501115751.php b/app/DoctrineMigrations/Version20170501115751.php index 2597f1ff..7f068eb8 100644 --- a/app/DoctrineMigrations/Version20170501115751.php +++ b/app/DoctrineMigrations/Version20170501115751.php | |||
@@ -38,7 +38,7 @@ class Version20170501115751 extends AbstractMigration implements ContainerAwareI | |||
38 | $table->addColumn('id', 'integer', ['autoincrement' => true]); | 38 | $table->addColumn('id', 'integer', ['autoincrement' => true]); |
39 | $table->addColumn('user_id', 'integer'); | 39 | $table->addColumn('user_id', 'integer'); |
40 | $table->addColumn('host', 'string', ['length' => 255]); | 40 | $table->addColumn('host', 'string', ['length' => 255]); |
41 | $table->addColumn('username', 'string', ['length' => 255]); | 41 | $table->addColumn('username', 'text'); |
42 | $table->addColumn('password', 'text'); | 42 | $table->addColumn('password', 'text'); |
43 | $table->addColumn('createdAt', 'datetime'); | 43 | $table->addColumn('createdAt', 'datetime'); |
44 | $table->addIndex(['user_id'], 'idx_user'); | 44 | $table->addIndex(['user_id'], 'idx_user'); |
diff --git a/src/Wallabag/CoreBundle/Controller/SiteCredentialController.php b/src/Wallabag/CoreBundle/Controller/SiteCredentialController.php index 0bacafb7..98781dab 100644 --- a/src/Wallabag/CoreBundle/Controller/SiteCredentialController.php +++ b/src/Wallabag/CoreBundle/Controller/SiteCredentialController.php | |||
@@ -26,9 +26,9 @@ class SiteCredentialController extends Controller | |||
26 | { | 26 | { |
27 | $credentials = $this->get('wallabag_core.site_credential_repository')->findByUser($this->getUser()); | 27 | $credentials = $this->get('wallabag_core.site_credential_repository')->findByUser($this->getUser()); |
28 | 28 | ||
29 | return $this->render('WallabagCoreBundle:SiteCredential:index.html.twig', array( | 29 | return $this->render('WallabagCoreBundle:SiteCredential:index.html.twig', [ |
30 | 'credentials' => $credentials, | 30 | 'credentials' => $credentials, |
31 | )); | 31 | ]); |
32 | } | 32 | } |
33 | 33 | ||
34 | /** | 34 | /** |
@@ -36,6 +36,10 @@ class SiteCredentialController extends Controller | |||
36 | * | 36 | * |
37 | * @Route("/new", name="site_credentials_new") | 37 | * @Route("/new", name="site_credentials_new") |
38 | * @Method({"GET", "POST"}) | 38 | * @Method({"GET", "POST"}) |
39 | * | ||
40 | * @param Request $request | ||
41 | * | ||
42 | * @return \Symfony\Component\HttpFoundation\Response | ||
39 | */ | 43 | */ |
40 | public function newAction(Request $request) | 44 | public function newAction(Request $request) |
41 | { | 45 | { |
@@ -45,24 +49,25 @@ class SiteCredentialController extends Controller | |||
45 | $form->handleRequest($request); | 49 | $form->handleRequest($request); |
46 | 50 | ||
47 | if ($form->isSubmitted() && $form->isValid()) { | 51 | if ($form->isSubmitted() && $form->isValid()) { |
52 | $credential->setUsername($this->get('wallabag_core.helper.crypto_proxy')->crypt($credential->getUsername())); | ||
48 | $credential->setPassword($this->get('wallabag_core.helper.crypto_proxy')->crypt($credential->getPassword())); | 53 | $credential->setPassword($this->get('wallabag_core.helper.crypto_proxy')->crypt($credential->getPassword())); |
49 | 54 | ||
50 | $em = $this->getDoctrine()->getManager(); | 55 | $em = $this->getDoctrine()->getManager(); |
51 | $em->persist($credential); | 56 | $em->persist($credential); |
52 | $em->flush($credential); | 57 | $em->flush(); |
53 | 58 | ||
54 | $this->get('session')->getFlashBag()->add( | 59 | $this->get('session')->getFlashBag()->add( |
55 | 'notice', | 60 | 'notice', |
56 | $this->get('translator')->trans('flashes.site_credential.notice.added', ['%host%' => $credential->getHost()]) | 61 | $this->get('translator')->trans('flashes.site_credential.notice.added', ['%host%' => $credential->getHost()]) |
57 | ); | 62 | ); |
58 | 63 | ||
59 | return $this->redirectToRoute('site_credentials_edit', array('id' => $credential->getId())); | 64 | return $this->redirectToRoute('site_credentials_index'); |
60 | } | 65 | } |
61 | 66 | ||
62 | return $this->render('WallabagCoreBundle:SiteCredential:new.html.twig', array( | 67 | return $this->render('WallabagCoreBundle:SiteCredential:new.html.twig', [ |
63 | 'credential' => $credential, | 68 | 'credential' => $credential, |
64 | 'form' => $form->createView(), | 69 | 'form' => $form->createView(), |
65 | )); | 70 | ]); |
66 | } | 71 | } |
67 | 72 | ||
68 | /** | 73 | /** |
@@ -70,6 +75,11 @@ class SiteCredentialController extends Controller | |||
70 | * | 75 | * |
71 | * @Route("/{id}/edit", name="site_credentials_edit") | 76 | * @Route("/{id}/edit", name="site_credentials_edit") |
72 | * @Method({"GET", "POST"}) | 77 | * @Method({"GET", "POST"}) |
78 | * | ||
79 | * @param Request $request | ||
80 | * @param SiteCredential $siteCredential | ||
81 | * | ||
82 | * @return \Symfony\Component\HttpFoundation\Response | ||
73 | */ | 83 | */ |
74 | public function editAction(Request $request, SiteCredential $siteCredential) | 84 | public function editAction(Request $request, SiteCredential $siteCredential) |
75 | { | 85 | { |
@@ -80,6 +90,9 @@ class SiteCredentialController extends Controller | |||
80 | $editForm->handleRequest($request); | 90 | $editForm->handleRequest($request); |
81 | 91 | ||
82 | if ($editForm->isSubmitted() && $editForm->isValid()) { | 92 | if ($editForm->isSubmitted() && $editForm->isValid()) { |
93 | $siteCredential->setUsername($this->get('wallabag_core.helper.crypto_proxy')->crypt($siteCredential->getUsername())); | ||
94 | $siteCredential->setPassword($this->get('wallabag_core.helper.crypto_proxy')->crypt($siteCredential->getPassword())); | ||
95 | |||
83 | $em = $this->getDoctrine()->getManager(); | 96 | $em = $this->getDoctrine()->getManager(); |
84 | $em->persist($siteCredential); | 97 | $em->persist($siteCredential); |
85 | $em->flush(); | 98 | $em->flush(); |
@@ -89,14 +102,14 @@ class SiteCredentialController extends Controller | |||
89 | $this->get('translator')->trans('flashes.site_credential.notice.updated', ['%host%' => $siteCredential->getHost()]) | 102 | $this->get('translator')->trans('flashes.site_credential.notice.updated', ['%host%' => $siteCredential->getHost()]) |
90 | ); | 103 | ); |
91 | 104 | ||
92 | return $this->redirectToRoute('site_credentials_edit', array('id' => $siteCredential->getId())); | 105 | return $this->redirectToRoute('site_credentials_index'); |
93 | } | 106 | } |
94 | 107 | ||
95 | return $this->render('WallabagCoreBundle:SiteCredential:edit.html.twig', array( | 108 | return $this->render('WallabagCoreBundle:SiteCredential:edit.html.twig', [ |
96 | 'credential' => $siteCredential, | 109 | 'credential' => $siteCredential, |
97 | 'edit_form' => $editForm->createView(), | 110 | 'edit_form' => $editForm->createView(), |
98 | 'delete_form' => $deleteForm->createView(), | 111 | 'delete_form' => $deleteForm->createView(), |
99 | )); | 112 | ]); |
100 | } | 113 | } |
101 | 114 | ||
102 | /** | 115 | /** |
@@ -104,6 +117,11 @@ class SiteCredentialController extends Controller | |||
104 | * | 117 | * |
105 | * @Route("/{id}", name="site_credentials_delete") | 118 | * @Route("/{id}", name="site_credentials_delete") |
106 | * @Method("DELETE") | 119 | * @Method("DELETE") |
120 | * | ||
121 | * @param Request $request | ||
122 | * @param SiteCredential $siteCredential | ||
123 | * | ||
124 | * @return \Symfony\Component\HttpFoundation\RedirectResponse | ||
107 | */ | 125 | */ |
108 | public function deleteAction(Request $request, SiteCredential $siteCredential) | 126 | public function deleteAction(Request $request, SiteCredential $siteCredential) |
109 | { | 127 | { |
@@ -136,7 +154,7 @@ class SiteCredentialController extends Controller | |||
136 | private function createDeleteForm(SiteCredential $siteCredential) | 154 | private function createDeleteForm(SiteCredential $siteCredential) |
137 | { | 155 | { |
138 | return $this->createFormBuilder() | 156 | return $this->createFormBuilder() |
139 | ->setAction($this->generateUrl('site_credentials_delete', array('id' => $siteCredential->getId()))) | 157 | ->setAction($this->generateUrl('site_credentials_delete', ['id' => $siteCredential->getId()])) |
140 | ->setMethod('DELETE') | 158 | ->setMethod('DELETE') |
141 | ->getForm() | 159 | ->getForm() |
142 | ; | 160 | ; |
diff --git a/src/Wallabag/CoreBundle/Entity/SiteCredential.php b/src/Wallabag/CoreBundle/Entity/SiteCredential.php index 732d9506..58075e92 100644 --- a/src/Wallabag/CoreBundle/Entity/SiteCredential.php +++ b/src/Wallabag/CoreBundle/Entity/SiteCredential.php | |||
@@ -37,8 +37,7 @@ class SiteCredential | |||
37 | * @var string | 37 | * @var string |
38 | * | 38 | * |
39 | * @Assert\NotBlank() | 39 | * @Assert\NotBlank() |
40 | * @Assert\Length(max=255) | 40 | * @ORM\Column(name="username", type="text") |
41 | * @ORM\Column(name="username", type="string", length=255) | ||
42 | */ | 41 | */ |
43 | private $username; | 42 | private $username; |
44 | 43 | ||
diff --git a/src/Wallabag/CoreBundle/Form/Type/SiteCredentialType.php b/src/Wallabag/CoreBundle/Form/Type/SiteCredentialType.php index 9db7c155..fd409ad2 100644 --- a/src/Wallabag/CoreBundle/Form/Type/SiteCredentialType.php +++ b/src/Wallabag/CoreBundle/Form/Type/SiteCredentialType.php | |||
@@ -19,6 +19,7 @@ class SiteCredentialType extends AbstractType | |||
19 | ]) | 19 | ]) |
20 | ->add('username', TextType::class, [ | 20 | ->add('username', TextType::class, [ |
21 | 'label' => 'site_credential.form.username_label', | 21 | 'label' => 'site_credential.form.username_label', |
22 | 'data' => '', | ||
22 | ]) | 23 | ]) |
23 | ->add('password', PasswordType::class, [ | 24 | ->add('password', PasswordType::class, [ |
24 | 'label' => 'site_credential.form.password_label', | 25 | 'label' => 'site_credential.form.password_label', |
diff --git a/src/Wallabag/CoreBundle/GuzzleSiteAuthenticator/GrabySiteConfigBuilder.php b/src/Wallabag/CoreBundle/GuzzleSiteAuthenticator/GrabySiteConfigBuilder.php index 62a3bc13..a79e6ebe 100644 --- a/src/Wallabag/CoreBundle/GuzzleSiteAuthenticator/GrabySiteConfigBuilder.php +++ b/src/Wallabag/CoreBundle/GuzzleSiteAuthenticator/GrabySiteConfigBuilder.php | |||
@@ -87,7 +87,8 @@ class GrabySiteConfigBuilder implements SiteConfigBuilder | |||
87 | 87 | ||
88 | $config = new SiteConfig($parameters); | 88 | $config = new SiteConfig($parameters); |
89 | 89 | ||
90 | // do not leak password in log | 90 | // do not leak usernames and passwords in log |
91 | $parameters['username'] = '**masked**'; | ||
91 | $parameters['password'] = '**masked**'; | 92 | $parameters['password'] = '**masked**'; |
92 | 93 | ||
93 | $this->logger->debug('Auth: add parameters.', ['host' => $host, 'parameters' => $parameters]); | 94 | $this->logger->debug('Auth: add parameters.', ['host' => $host, 'parameters' => $parameters]); |
diff --git a/src/Wallabag/CoreBundle/Helper/CryptoProxy.php b/src/Wallabag/CoreBundle/Helper/CryptoProxy.php index d0a9b85c..e8b19cb9 100644 --- a/src/Wallabag/CoreBundle/Helper/CryptoProxy.php +++ b/src/Wallabag/CoreBundle/Helper/CryptoProxy.php | |||
@@ -65,7 +65,7 @@ class CryptoProxy | |||
65 | /** | 65 | /** |
66 | * Load the private key. | 66 | * Load the private key. |
67 | * | 67 | * |
68 | * @return string | 68 | * @return Key |
69 | */ | 69 | */ |
70 | private function loadKey() | 70 | private function loadKey() |
71 | { | 71 | { |
@@ -81,6 +81,6 @@ class CryptoProxy | |||
81 | */ | 81 | */ |
82 | private function mask($value) | 82 | private function mask($value) |
83 | { | 83 | { |
84 | return $value[0].'*****'.$value[strlen($value) - 1]; | 84 | return strlen($value) > 0 ? $value[0].'*****'.$value[strlen($value) - 1] : 'Empty value'; |
85 | } | 85 | } |
86 | } | 86 | } |
diff --git a/src/Wallabag/CoreBundle/Repository/SiteCredentialRepository.php b/src/Wallabag/CoreBundle/Repository/SiteCredentialRepository.php index 6f904f0a..36906761 100644 --- a/src/Wallabag/CoreBundle/Repository/SiteCredentialRepository.php +++ b/src/Wallabag/CoreBundle/Repository/SiteCredentialRepository.php | |||
@@ -38,7 +38,8 @@ class SiteCredentialRepository extends \Doctrine\ORM\EntityRepository | |||
38 | return; | 38 | return; |
39 | } | 39 | } |
40 | 40 | ||
41 | // decrypt password before returning it | 41 | // decrypt user & password before returning them |
42 | $res['username'] = $this->cryptoProxy->decrypt($res['username']); | ||
42 | $res['password'] = $this->cryptoProxy->decrypt($res['password']); | 43 | $res['password'] = $this->cryptoProxy->decrypt($res['password']); |
43 | 44 | ||
44 | return $res; | 45 | return $res; |
diff --git a/src/Wallabag/CoreBundle/Resources/translations/messages.fr.yml b/src/Wallabag/CoreBundle/Resources/translations/messages.fr.yml index 542ddf48..cd239b5c 100644 --- a/src/Wallabag/CoreBundle/Resources/translations/messages.fr.yml +++ b/src/Wallabag/CoreBundle/Resources/translations/messages.fr.yml | |||
@@ -515,7 +515,7 @@ user: | |||
515 | twofactor_label: "Double authentification" | 515 | twofactor_label: "Double authentification" |
516 | save: "Sauvegarder" | 516 | save: "Sauvegarder" |
517 | delete: "Supprimer" | 517 | delete: "Supprimer" |
518 | delete_confirm: "Êtes-vous sur ?" | 518 | delete_confirm: "Êtes-vous sûr ?" |
519 | back_to_list: "Revenir à la liste" | 519 | back_to_list: "Revenir à la liste" |
520 | search: | 520 | search: |
521 | placeholder: "Filtrer par nom d’utilisateur ou email" | 521 | placeholder: "Filtrer par nom d’utilisateur ou email" |
@@ -537,7 +537,7 @@ site_credential: | |||
537 | password_label: 'Mot de passe' | 537 | password_label: 'Mot de passe' |
538 | save: "Sauvegarder" | 538 | save: "Sauvegarder" |
539 | delete: "Supprimer" | 539 | delete: "Supprimer" |
540 | delete_confirm: "Êtes-vous sur ?" | 540 | delete_confirm: "Êtes-vous sûr ?" |
541 | back_to_list: "Revenir à la liste" | 541 | back_to_list: "Revenir à la liste" |
542 | 542 | ||
543 | error: | 543 | error: |
diff --git a/src/Wallabag/CoreBundle/Resources/views/themes/material/SiteCredential/index.html.twig b/src/Wallabag/CoreBundle/Resources/views/themes/material/SiteCredential/index.html.twig index c128bceb..4d30a692 100644 --- a/src/Wallabag/CoreBundle/Resources/views/themes/material/SiteCredential/index.html.twig +++ b/src/Wallabag/CoreBundle/Resources/views/themes/material/SiteCredential/index.html.twig | |||
@@ -16,6 +16,7 @@ | |||
16 | <tr> | 16 | <tr> |
17 | <th>{{ 'site_credential.form.host_label'|trans }}</th> | 17 | <th>{{ 'site_credential.form.host_label'|trans }}</th> |
18 | <th>{{ 'site_credential.form.username_label'|trans }}</th> | 18 | <th>{{ 'site_credential.form.username_label'|trans }}</th> |
19 | <th>{{ 'site_credential.form.password_label'|trans }}</th> | ||
19 | <th>{{ 'site_credential.list.actions'|trans }}</th> | 20 | <th>{{ 'site_credential.list.actions'|trans }}</th> |
20 | </tr> | 21 | </tr> |
21 | </thead> | 22 | </thead> |
@@ -23,7 +24,8 @@ | |||
23 | {% for credential in credentials %} | 24 | {% for credential in credentials %} |
24 | <tr> | 25 | <tr> |
25 | <td>{{ credential.host }}</td> | 26 | <td>{{ credential.host }}</td> |
26 | <td>{{ credential.username }}</td> | 27 | <td>*****</td> |
28 | <td>*****</td> | ||
27 | <td> | 29 | <td> |
28 | <a href="{{ path('site_credentials_edit', { 'id': credential.id }) }}">{{ 'site_credential.list.edit_action'|trans }}</a> | 30 | <a href="{{ path('site_credentials_edit', { 'id': credential.id }) }}">{{ 'site_credential.list.edit_action'|trans }}</a> |
29 | </td> | 31 | </td> |
diff --git a/tests/Wallabag/CoreBundle/Controller/EntryControllerTest.php b/tests/Wallabag/CoreBundle/Controller/EntryControllerTest.php index 80380685..f17dc97b 100644 --- a/tests/Wallabag/CoreBundle/Controller/EntryControllerTest.php +++ b/tests/Wallabag/CoreBundle/Controller/EntryControllerTest.php | |||
@@ -1340,7 +1340,7 @@ class EntryControllerTest extends WallabagCoreTestCase | |||
1340 | $user = $client->getContainer()->get('security.token_storage')->getToken()->getUser(); | 1340 | $user = $client->getContainer()->get('security.token_storage')->getToken()->getUser(); |
1341 | $credential = new SiteCredential($user); | 1341 | $credential = new SiteCredential($user); |
1342 | $credential->setHost('monde-diplomatique.fr'); | 1342 | $credential->setHost('monde-diplomatique.fr'); |
1343 | $credential->setUsername('foo'); | 1343 | $credential->setUsername($client->getContainer()->get('wallabag_core.helper.crypto_proxy')->crypt('foo')); |
1344 | $credential->setPassword($client->getContainer()->get('wallabag_core.helper.crypto_proxy')->crypt('bar')); | 1344 | $credential->setPassword($client->getContainer()->get('wallabag_core.helper.crypto_proxy')->crypt('bar')); |
1345 | 1345 | ||
1346 | $em->persist($credential); | 1346 | $em->persist($credential); |
diff --git a/tests/Wallabag/CoreBundle/Controller/SiteCredentialControllerTest.php b/tests/Wallabag/CoreBundle/Controller/SiteCredentialControllerTest.php index 7e6dafee..e73a9743 100644 --- a/tests/Wallabag/CoreBundle/Controller/SiteCredentialControllerTest.php +++ b/tests/Wallabag/CoreBundle/Controller/SiteCredentialControllerTest.php | |||
@@ -85,7 +85,6 @@ class SiteCredentialControllerTest extends WallabagCoreTestCase | |||
85 | $crawler = $client->followRedirect(); | 85 | $crawler = $client->followRedirect(); |
86 | 86 | ||
87 | $this->assertContains('flashes.site_credential.notice.updated', $crawler->filter('body')->extract(['_text'])[0]); | 87 | $this->assertContains('flashes.site_credential.notice.updated', $crawler->filter('body')->extract(['_text'])[0]); |
88 | $this->assertContains('larry', $crawler->filter('input[id=site_credential_username]')->attr('value')); | ||
89 | } | 88 | } |
90 | 89 | ||
91 | public function testEditFromADifferentUserSiteCredential() | 90 | public function testEditFromADifferentUserSiteCredential() |