Added validation of the encryptedPassword attribute of password aware materials - svn, p4, tfs.

varshavaradarajan · varshavaradarajan · commit dc786012e174 · 2016-08-23T14:49:02.000+05:30
diff --git a/common/test/unit/com/thoughtworks/go/config/materials/tfs/TfsMaterialConfigUpdateTest.java b/common/test/unit/com/thoughtworks/go/config/materials/tfs/TfsMaterialConfigUpdateTest.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2015 ThoughtWorks, Inc.
+ * Copyright 2016 ThoughtWorks, Inc.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -144,6 +144,21 @@ public void validate_shouldEnsureDestFilePathIsValid() {
         assertThat(tfsMaterialConfig.errors().on(TfsMaterialConfig.FOLDER), is("Dest folder '../a' is not valid. It must be a sub-directory of the working folder."));
     }
 
+    @Test
+    public void shouldThrowErrorsIfBothPasswordAndEncryptedPasswordAreProvided() {
+        TfsMaterialConfig materialConfig = new TfsMaterialConfig(new UrlArgument("foo/bar"), "password", "encryptedPassword", new GoCipher());
+        materialConfig.validate(new ConfigSaveValidationContext(null));
+        assertThat(materialConfig.errors().on("password"), is("You may only specify `password` or `encrypted_password`, not both!"));
+        assertThat(materialConfig.errors().on("encryptedPassword"), is("You may only specify `password` or `encrypted_password`, not both!"));
+    }
+
+    @Test
+    public void shouldValidateWhetherTheEncryptedPasswordIsCorrect() {
+        TfsMaterialConfig materialConfig = new TfsMaterialConfig(new UrlArgument("foo/bar"), "", "encryptedPassword", new GoCipher());
+        materialConfig.validate(new ConfigSaveValidationContext(null));
+        assertThat(materialConfig.errors().on("encryptedPassword"), is("Encrypted password value for TFS material with url 'foo/bar' is invalid. This usually happens when the cipher text is modified to have an invalid value."));
+    }
+
     @Test
      public void shouldEncryptTfsPasswordAndMarkPasswordAsNull() throws Exception {
         GoCipher mockGoCipher = mock(GoCipher.class);
diff --git a/config/config-api/src/com/thoughtworks/go/config/materials/perforce/P4MaterialConfig.java b/config/config-api/src/com/thoughtworks/go/config/materials/perforce/P4MaterialConfig.java
@@ -32,6 +32,7 @@
 
 import static com.thoughtworks.go.util.ExceptionUtils.bomb;
 import static com.thoughtworks.go.util.ExceptionUtils.bombIfNull;
+import static java.lang.String.format;
 import static org.apache.commons.lang.StringUtils.isNotEmpty;
 
 @ConfigTag(value = "p4", label = "Perforce")
@@ -98,6 +99,14 @@ public P4MaterialConfig(String serverAndPort, String userName, String password,
         setView(viewStr);
     }
 
+    //for tests only
+    protected P4MaterialConfig(String serverAndPort, String password, String encryptedPassword, GoCipher goCipher) {
+        this(goCipher);
+        this.password = password;
+        this.encryptedPassword = encryptedPassword;
+        this.serverAndPort = serverAndPort;
+    }
+
     public GoCipher getGoCipher() {
         return goCipher;
     }
@@ -238,6 +247,14 @@ public void validateConcreteScmMaterial() {
             addError("password", "You may only specify `password` or `encrypted_password`, not both!");
             addError("encryptedPassword", "You may only specify `password` or `encrypted_password`, not both!");
         }
+        if(isNotEmpty(this.encryptedPassword)) {
+            try{
+                currentPassword();
+            }catch (Exception e) {
+                addError("encryptedPassword", format("Encrypted password value for P4 material with serverAndPort '%s' is invalid. This usually happens when the cipher text is modified to have an invalid value.",
+                        this.getServerAndPort()));
+            }
+        }
     }
 
     @Override
@@ -312,7 +329,7 @@ public void ensureEncrypted() {
     public String currentPassword() {
         try {
             return StringUtil.isBlank(encryptedPassword) ? null : this.goCipher.decrypt(encryptedPassword);
-        } catch (InvalidCipherTextException e) {
+        } catch (Exception e) {
             throw new RuntimeException("Could not decrypt the password to get the real password", e);
         }
     }
diff --git a/config/config-api/src/com/thoughtworks/go/config/materials/svn/SvnMaterialConfig.java b/config/config-api/src/com/thoughtworks/go/config/materials/svn/SvnMaterialConfig.java
@@ -32,6 +32,7 @@
 
 import static com.thoughtworks.go.util.ExceptionUtils.bomb;
 import static com.thoughtworks.go.util.ExceptionUtils.bombIfNull;
+import static java.lang.String.format;
 import static org.apache.commons.lang.StringUtils.isNotEmpty;
 
 @ConfigTag(value = "svn", label = "Subversion")
@@ -105,6 +106,15 @@ public SvnMaterialConfig(UrlArgument url, String userName, String password, bool
         this.setPassword(password);
     }
 
+    //for tests
+    protected SvnMaterialConfig(UrlArgument url, String password, String encryptedPassword, GoCipher goCipher, Filter filter, boolean invertFilter, String folder) {
+        super(new CaseInsensitiveString("test"), filter, invertFilter, folder, true, TYPE, new ConfigErrors());
+        this.url = url;
+        this.password = password;
+        this.encryptedPassword = encryptedPassword;
+        this.goCipher = goCipher;
+    }
+
     public GoCipher getGoCipher() {
         return goCipher;
     }
@@ -155,7 +165,7 @@ public boolean isCheckExternals() {
     public String currentPassword() {
         try {
             return StringUtil.isBlank(encryptedPassword) ? null : this.goCipher.decrypt(encryptedPassword);
-        } catch (InvalidCipherTextException e) {
+        } catch (Exception e) {
             throw new RuntimeException("Could not decrypt the password to get the real password", e);
         }
     }
@@ -166,7 +176,7 @@ public String getEncryptedPassword() {
     }
 
     public void setEncryptedPassword(String encryptedPassword) {
-        this.encryptedPassword=encryptedPassword;
+        this.encryptedPassword = encryptedPassword;
     }
 
     @PostConstruct
@@ -207,10 +217,18 @@ public void validateConcreteScmMaterial() {
         if (StringUtil.isBlank(url.forDisplay())) {
             errors().add(URL, "URL cannot be blank");
         }
-        if (isNotEmpty(this.password) && isNotEmpty(this.encryptedPassword)){
+        if (isNotEmpty(this.password) && isNotEmpty(this.encryptedPassword)) {
             addError("password", "You may only specify `password` or `encrypted_password`, not both!");
             addError("encryptedPassword", "You may only specify `password` or `encrypted_password`, not both!");
         }
+        if (isNotEmpty(this.encryptedPassword)) {
+            try {
+                currentPassword();
+            } catch (Exception e) {
+                addError("encryptedPassword", format("Encrypted password value for svn material with url '%s' is invalid. This usually happens when the cipher text is modified to have an invalid value.",
+                       this.getUriForDisplay()));
+            }
+        }
     }
 
     @Override
@@ -300,11 +318,11 @@ public void setConfigAttributes(Object attributes) {
         this.checkExternals = "true".equals(map.get(CHECK_EXTERNALS));
     }
 
-    public void setCheckExternals(boolean checkExternals){
+    public void setCheckExternals(boolean checkExternals) {
         this.checkExternals = checkExternals;
     }
 
-    public void setUserName(String userName){
+    public void setUserName(String userName) {
         this.userName = userName;
     }
 
@@ -316,4 +334,4 @@ public String toString() {
                 ", checkExternals=" + checkExternals +
                 '}';
     }
-}
+}
diff --git a/config/config-api/src/com/thoughtworks/go/config/materials/tfs/TfsMaterialConfig.java b/config/config-api/src/com/thoughtworks/go/config/materials/tfs/TfsMaterialConfig.java
@@ -33,6 +33,7 @@
 import java.util.Map;
 
 import static com.thoughtworks.go.util.ExceptionUtils.bomb;
+import static java.lang.String.format;
 import static org.apache.commons.lang.StringUtils.isNotEmpty;
 
 @ConfigTag(value = "tfs", label = "TFS")
@@ -99,6 +100,14 @@ public TfsMaterialConfig(UrlArgument url, String userName, String domain, String
         this.projectPath = projectPath;
     }
 
+    //for tests only
+    protected TfsMaterialConfig(UrlArgument urlArgument, String password, String encryptedPassword, GoCipher goCipher) {
+        this(goCipher);
+        this.url = urlArgument;
+        this.password = password;
+        this.encryptedPassword = encryptedPassword;
+    }
+
     public GoCipher getGoCipher() {
         return goCipher;
     }
@@ -181,6 +190,15 @@ public void validateConcreteScmMaterial() {
             addError("password", "You may only specify `password` or `encrypted_password`, not both!");
             addError("encryptedPassword", "You may only specify `password` or `encrypted_password`, not both!");
         }
+
+        if(isNotEmpty(this.encryptedPassword)) {
+            try{
+                goCipher.decrypt(encryptedPassword);
+            }catch (Exception e) {
+                addError("encryptedPassword", format("Encrypted password value for TFS material with url '%s' is invalid. This usually happens when the cipher text is modified to have an invalid value.",
+                        this.getUriForDisplay()));
+            }
+        }
     }
 
     @Override
diff --git a/config/config-api/test/com/thoughtworks/go/config/materials/perforce/P4MaterialConfigTest.java b/config/config-api/test/com/thoughtworks/go/config/materials/perforce/P4MaterialConfigTest.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2015 ThoughtWorks, Inc.
+ * Copyright 2016 ThoughtWorks, Inc.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -25,6 +25,7 @@
 import com.thoughtworks.go.config.materials.svn.SvnMaterialConfig;
 import com.thoughtworks.go.security.GoCipher;
 import com.thoughtworks.go.util.ReflectionUtil;
+import com.thoughtworks.go.util.command.UrlArgument;
 import org.junit.Test;
 
 import java.util.HashMap;
@@ -134,6 +135,21 @@ public void shouldNotSetUseTicketsIfNotInConfigAttributesMap() {
         assertThat(p4MaterialConfig.getUseTickets(), is(false));
     }
 
+    @Test
+    public void shouldThrowErrorsIfBothPasswordAndEncryptedPasswordAreProvided() {
+        P4MaterialConfig materialConfig = new P4MaterialConfig("foo/bar, 80", "password", "encryptedPassword", new GoCipher());
+        materialConfig.validate(new ConfigSaveValidationContext(null));
+        assertThat(materialConfig.errors().on("password"), is("You may only specify `password` or `encrypted_password`, not both!"));
+        assertThat(materialConfig.errors().on("encryptedPassword"), is("You may only specify `password` or `encrypted_password`, not both!"));
+    }
+
+    @Test
+    public void shouldValidateWhetherTheEncryptedPasswordIsCorrect() {
+        P4MaterialConfig materialConfig = new P4MaterialConfig("foo/bar, 80", "", "encryptedPassword", new GoCipher());
+        materialConfig.validate(new ConfigSaveValidationContext(null));
+        assertThat(materialConfig.errors().on("encryptedPassword"), is("Encrypted password value for P4 material with serverAndPort 'foo/bar, 80' is invalid. This usually happens when the cipher text is modified to have an invalid value."));
+    }
+
     private void assertNoError(String port, String view, String expectedKeyForError) {
         P4MaterialConfig p4MaterialConfig = new P4MaterialConfig(port, view);
         p4MaterialConfig.validate(new ConfigSaveValidationContext(null));
diff --git a/config/config-api/test/com/thoughtworks/go/config/materials/svn/SvnMaterialConfigTest.java b/config/config-api/test/com/thoughtworks/go/config/materials/svn/SvnMaterialConfigTest.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2015 ThoughtWorks, Inc.
+ * Copyright 2016 ThoughtWorks, Inc.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -24,6 +24,7 @@
 import com.thoughtworks.go.config.materials.ScmMaterialConfig;
 import com.thoughtworks.go.security.GoCipher;
 import com.thoughtworks.go.util.ReflectionUtil;
+import com.thoughtworks.go.util.command.UrlArgument;
 import org.hamcrest.core.Is;
 import org.junit.Before;
 import org.junit.Test;
@@ -94,6 +95,21 @@ public void validate_shouldEnsureDestFilePathIsValid() {
         assertThat(svnMaterialConfig.errors().on(SvnMaterialConfig.FOLDER), is("Dest folder '../a' is not valid. It must be a sub-directory of the working folder."));
     }
 
+    @Test
+    public void shouldThrowErrorsIfBothPasswordAndEncryptedPasswordAreProvided() {
+        SvnMaterialConfig svnMaterialConfig = new SvnMaterialConfig(new UrlArgument("foo/bar"), "password", "encryptedPassword", new GoCipher(), null, false, "folder");
+        svnMaterialConfig.validate(new ConfigSaveValidationContext(null));
+        assertThat(svnMaterialConfig.errors().on("password"), is("You may only specify `password` or `encrypted_password`, not both!"));
+        assertThat(svnMaterialConfig.errors().on("encryptedPassword"), is("You may only specify `password` or `encrypted_password`, not both!"));
+    }
+
+    @Test
+    public void shouldValidateWhetherTheEncryptedPasswordIsCorrect() {
+        SvnMaterialConfig svnMaterialConfig = new SvnMaterialConfig(new UrlArgument("foo/bar"), "", "encryptedPassword", new GoCipher(), null, false, "folder");
+        svnMaterialConfig.validate(new ConfigSaveValidationContext(null));
+        assertThat(svnMaterialConfig.errors().on("encryptedPassword"), is("Encrypted password value for svn material with url 'foo/bar' is invalid. This usually happens when the cipher text is modified to have an invalid value."));
+    }
+
     @Test
     public void setConfigAttributes_shouldUpdatePasswordWhenPasswordChangedBooleanChanged() throws Exception {
         SvnMaterialConfig svnMaterial = new SvnMaterialConfig("", "", "notSoSecret", false);
diff --git a/config/config-server/test-resources/data/big-cruise-config.xml b/config/config-server/test-resources/data/big-cruise-config.xml
@@ -12628,7 +12628,7 @@
     <pipeline name="cleanArtifacts">
       <timer>59 59 23 ? * *</timer>
       <materials>
-        <svn url="http://10.18.3.171:8080/svn/artifactsmanagement/trunk" username="cce" encryptedPassword="pVyuW5ny9I6YT4Ou+KLZhQ==" dest="keptfolder" autoUpdate="false" />
+        <svn url="http://10.18.3.171:8080/svn/artifactsmanagement/trunk" dest="keptfolder" autoUpdate="false" />
         <svn url="http://cruisetools.googlecode.com/svn/trunk/artifactsmanagement/lib" dest="app" autoUpdate="false" />
       </materials>
       <stage name="defaultStage">

Original file line number	Diff line number	Diff line change
`@@ -32,6 +32,7 @@`
`32`	`32`
`33`	`33`	`import static com.thoughtworks.go.util.ExceptionUtils.bomb;`
`34`	`34`	`import static com.thoughtworks.go.util.ExceptionUtils.bombIfNull;`
	`35`	`+import static java.lang.String.format;`
`35`	`36`	`import static org.apache.commons.lang.StringUtils.isNotEmpty;`
`36`	`37`
`37`	`38`	`@ConfigTag(value = "svn", label = "Subversion")`
`@@ -105,6 +106,15 @@ public SvnMaterialConfig(UrlArgument url, String userName, String password, bool`
`105`	`106`	`this.setPassword(password);`
`106`	`107`	`}`
`107`	`108`
	`109`	`+ //for tests`
	`110`	`+ protected SvnMaterialConfig(UrlArgument url, String password, String encryptedPassword, GoCipher goCipher, Filter filter, boolean invertFilter, String folder) {`
	`111`	`+ super(new CaseInsensitiveString("test"), filter, invertFilter, folder, true, TYPE, new ConfigErrors());`
	`112`	`+ this.url = url;`
	`113`	`+ this.password = password;`
	`114`	`+ this.encryptedPassword = encryptedPassword;`
	`115`	`+ this.goCipher = goCipher;`
	`116`	`+ }`
	`117`	`+`
`108`	`118`	`public GoCipher getGoCipher() {`
`109`	`119`	`return goCipher;`
`110`	`120`	`}`
`@@ -155,7 +165,7 @@ public boolean isCheckExternals() {`
`155`	`165`	`public String currentPassword() {`
`156`	`166`	`try {`
`157`	`167`	`return StringUtil.isBlank(encryptedPassword) ? null : this.goCipher.decrypt(encryptedPassword);`
`158`		`- } catch (InvalidCipherTextException e) {`
	`168`	`+ } catch (Exception e) {`
`159`	`169`	`throw new RuntimeException("Could not decrypt the password to get the real password", e);`
`160`	`170`	`}`
`161`	`171`	`}`
`@@ -166,7 +176,7 @@ public String getEncryptedPassword() {`
`166`	`176`	`}`
`167`	`177`
`168`	`178`	`public void setEncryptedPassword(String encryptedPassword) {`
`169`		`- this.encryptedPassword=encryptedPassword;`
	`179`	`+ this.encryptedPassword = encryptedPassword;`
`170`	`180`	`}`
`171`	`181`
`172`	`182`	`@PostConstruct`
`@@ -207,10 +217,18 @@ public void validateConcreteScmMaterial() {`
`207`	`217`	`if (StringUtil.isBlank(url.forDisplay())) {`
`208`	`218`	`errors().add(URL, "URL cannot be blank");`
`209`	`219`	`}`
`210`		`- if (isNotEmpty(this.password) && isNotEmpty(this.encryptedPassword)){`
	`220`	`+ if (isNotEmpty(this.password) && isNotEmpty(this.encryptedPassword)) {`
`211`	`221`	addError("password", "You may only specify `password` or `encrypted_password`, not both!");
`212`	`222`	addError("encryptedPassword", "You may only specify `password` or `encrypted_password`, not both!");
`213`	`223`	`}`
	`224`	`+ if (isNotEmpty(this.encryptedPassword)) {`
	`225`	`+ try {`
	`226`	`+ currentPassword();`
	`227`	`+ } catch (Exception e) {`
	`228`	`+ addError("encryptedPassword", format("Encrypted password value for svn material with url '%s' is invalid. This usually happens when the cipher text is modified to have an invalid value.",`
	`229`	`+ this.getUriForDisplay()));`
	`230`	`+ }`
	`231`	`+ }`
`214`	`232`	`}`
`215`	`233`
`216`	`234`	`@Override`
`@@ -300,11 +318,11 @@ public void setConfigAttributes(Object attributes) {`
`300`	`318`	`this.checkExternals = "true".equals(map.get(CHECK_EXTERNALS));`
`301`	`319`	`}`
`302`	`320`
`303`		`- public void setCheckExternals(boolean checkExternals){`
	`321`	`+ public void setCheckExternals(boolean checkExternals) {`
`304`	`322`	`this.checkExternals = checkExternals;`
`305`	`323`	`}`
`306`	`324`
`307`		`- public void setUserName(String userName){`
	`325`	`+ public void setUserName(String userName) {`
`308`	`326`	`this.userName = userName;`
`309`	`327`	`}`
`310`	`328`
`@@ -316,4 +334,4 @@ public String toString() {`
`316`	`334`	`", checkExternals=" + checkExternals +`
`317`	`335`	`'}';`
`318`	`336`	`}`
`319`		`-}`
	`337`	`+}`