Merge branch 'master' of https://github.com/litmuschaos/litmus into e…

…nable-otel Signed-off-by: namkyu1999 <[email protected]>
litmuschaos · Jul 17, 2024 · 5c4afe1 · 5c4afe1
2 parents a156bb0 + 67a1985
commit 5c4afe1
Show file tree

Hide file tree

Showing 114 changed files with 17,360 additions and 1,243 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -150,7 +150,7 @@ jobs:
         with:
           image-ref: 'docker.io/litmuschaos/litmusportal-server:${{ github.sha }}'
           format: 'table'
-          exit-code: '0'
+          exit-code: '1'
           ignore-unfixed: true
           vuln-type: 'os,library'
           severity: 'CRITICAL,HIGH'          
@@ -177,7 +177,7 @@ jobs:
         with:
           image-ref: 'docker.io/litmuschaos/litmusportal-auth-server:${{ github.sha }}'
           format: 'table'
-          exit-code: '0'
+          exit-code: '1'
           ignore-unfixed: true
           vuln-type: 'os,library'
           severity: 'CRITICAL,HIGH'
@@ -204,7 +204,7 @@ jobs:
         with:
           image-ref: 'docker.io/litmuschaos/litmusportal-subscriber:${{ github.sha }}'
           format: 'table'
-          exit-code: '0'
+          exit-code: '1'
           ignore-unfixed: true
           vuln-type: 'os,library'
           severity: 'CRITICAL,HIGH'
@@ -261,7 +261,7 @@ jobs:
         with:
           image-ref: 'docker.io/litmuschaos/litmusportal-event-tracker:${{ github.sha }}'
           format: 'table'
-          exit-code: '0'
+          exit-code: '1'
           ignore-unfixed: true
           vuln-type: 'os,library'
           severity: 'CRITICAL,HIGH'

diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml
@@ -279,4 +279,4 @@ jobs:
           source env-vars
           FRONTEND_IMAGE=${{ matrix.frontend.image_name }}
           timestamp=`date "+%s"`
-          make push-frontend
+          make push-frontend
diff --git a/chaoscenter/README.md b/chaoscenter/README.md
diff --git a/chaoscenter/authentication/Dockerfile b/chaoscenter/authentication/Dockerfile
@@ -15,13 +15,18 @@ RUN go env
 RUN CGO_ENABLED=0 go build -o /output/server -v ./api/
 
 # Packaging stage
-# Image source: https://github.com/litmuschaos/test-tools/blob/master/custom/hardened-alpine/infra/Dockerfile
-# The base image is non-root (have litmus user) with default litmus directory.
-FROM litmuschaos/infra-alpine
+# Use RedHat UBI minimal image as base
+FROM registry.access.redhat.com/ubi9/ubi-minimal:9.4
 
 LABEL maintainer="LitmusChaos"
 
-COPY --from=builder /output/server /litmus
+ENV APP_DIR="/litmus"
+
+COPY --from=builder /output/server $APP_DIR/
+RUN chown 65534:0 $APP_DIR/server && chmod 755 $APP_DIR/server
+
+WORKDIR $APP_DIR
+USER 65534
 
 CMD ["./server"]
 

diff --git a/chaoscenter/authentication/api/handlers/rest/dex_auth_handler.go b/chaoscenter/authentication/api/handlers/rest/dex_auth_handler.go
@@ -138,7 +138,15 @@ func DexCallback(userService services.ApplicationService) gin.HandlerFunc {
 			c.JSON(utils.ErrorStatusCodes[utils.ErrServerError], presenter.CreateErrorResponse(utils.ErrServerError))
 			return
 		}
-		jwtToken, err := userService.GetSignedJWT(signedInUser)
+
+		salt, err := userService.GetConfig("salt")
+		if err != nil {
+			log.Error(err)
+			c.JSON(utils.ErrorStatusCodes[utils.ErrServerError], presenter.CreateErrorResponse(utils.ErrServerError))
+			return
+		}
+
+		jwtToken, err := userService.GetSignedJWT(signedInUser, salt.Value)
 		if err != nil {
 			log.Error(err)
 			c.JSON(utils.ErrorStatusCodes[utils.ErrServerError], presenter.CreateErrorResponse(utils.ErrServerError))

diff --git a/chaoscenter/authentication/api/handlers/rest/user_handlers.go b/chaoscenter/authentication/api/handlers/rest/user_handlers.go
@@ -5,12 +5,11 @@ import (
 	"strings"
 	"time"
 
-	"github.com/litmuschaos/litmus/chaoscenter/authentication/pkg/validations"
-
 	"github.com/litmuschaos/litmus/chaoscenter/authentication/api/presenter"
 	"github.com/litmuschaos/litmus/chaoscenter/authentication/pkg/entities"
 	"github.com/litmuschaos/litmus/chaoscenter/authentication/pkg/services"
 	"github.com/litmuschaos/litmus/chaoscenter/authentication/pkg/utils"
+	"github.com/litmuschaos/litmus/chaoscenter/authentication/pkg/validations"
 
 	"github.com/gin-gonic/gin"
 	"github.com/google/uuid"
@@ -305,7 +304,13 @@ func LoginUser(service services.ApplicationService) gin.HandlerFunc {
 			return
 		}
 
-		token, err := service.GetSignedJWT(user)
+		salt, err := service.GetConfig("salt")
+		if err != nil {
+			c.JSON(utils.ErrorStatusCodes[utils.ErrServerError], presenter.CreateErrorResponse(utils.ErrServerError))
+			return
+		}
+
+		token, err := service.GetSignedJWT(user, salt.Value)
 		if err != nil {
 			log.Error(err)
 			c.JSON(utils.ErrorStatusCodes[utils.ErrServerError], presenter.CreateErrorResponse(utils.ErrServerError))
@@ -425,6 +430,15 @@ func UpdatePassword(service services.ApplicationService) gin.HandlerFunc {
 			return
 		}
 		username := c.MustGet("username").(string)
+
+		// Fetching userDetails
+		user, err := service.FindUserByUsername(username)
+		if err != nil {
+			log.Error(err)
+			c.JSON(utils.ErrorStatusCodes[utils.ErrUserNotFound], presenter.CreateErrorResponse(utils.ErrInvalidCredentials))
+			return
+		}
+
 		userPasswordRequest.Username = username
 		if userPasswordRequest.NewPassword != "" {
 			err := utils.ValidateStrictPassword(userPasswordRequest.NewPassword)
@@ -442,13 +456,63 @@ func UpdatePassword(service services.ApplicationService) gin.HandlerFunc {
 			log.Info(err)
 			if strings.Contains(err.Error(), "old and new passwords can't be same") {
 				c.JSON(utils.ErrorStatusCodes[utils.ErrOldPassword], presenter.CreateErrorResponse(utils.ErrOldPassword))
+			} else if strings.Contains(err.Error(), "invalid credentials") {
+				c.JSON(utils.ErrorStatusCodes[utils.ErrInvalidCredentials], presenter.CreateErrorResponse(utils.ErrInvalidCredentials))
 			} else {
-				c.JSON(utils.ErrorStatusCodes[utils.ErrInvalidRequest], presenter.CreateErrorResponse(utils.ErrInvalidRequest))
+				c.JSON(utils.ErrorStatusCodes[utils.ErrServerError], presenter.CreateErrorResponse(utils.ErrServerError))
 			}
 			return
 		}
+
+		var defaultProject string
+		ownerProjects, err := service.GetOwnerProjectIDs(c, user.ID)
+
+		if len(ownerProjects) > 0 {
+			defaultProject = ownerProjects[0].ID
+		} else {
+			// Adding user as project owner in project's member list
+			newMember := &entities.Member{
+				UserID:     user.ID,
+				Role:       entities.RoleOwner,
+				Invitation: entities.AcceptedInvitation,
+				Username:   user.Username,
+				Name:       user.Name,
+				Email:      user.Email,
+				JoinedAt:   time.Now().UnixMilli(),
+			}
+			var members []*entities.Member
+			members = append(members, newMember)
+			state := "active"
+			newProject := &entities.Project{
+				ID:      uuid.Must(uuid.NewRandom()).String(),
+				Name:    user.Username + "-project",
+				Members: members,
+				State:   &state,
+				Audit: entities.Audit{
+					IsRemoved: false,
+					CreatedAt: time.Now().UnixMilli(),
+					CreatedBy: entities.UserDetailResponse{
+						Username: user.Username,
+						UserID:   user.ID,
+						Email:    user.Email,
+					},
+					UpdatedAt: time.Now().UnixMilli(),
+					UpdatedBy: entities.UserDetailResponse{
+						Username: user.Username,
+						UserID:   user.ID,
+						Email:    user.Email,
+					},
+				},
+			}
+			err := service.CreateProject(newProject)
+			if err != nil {
+				return
+			}
+			defaultProject = newProject.ID
+		}
 		c.JSON(http.StatusOK, gin.H{
-			"message": "password has been updated successfully",
+			"message":   "password has been updated successfully",
+			"projectID": defaultProject,
 		})
 	}
 }

diff --git a/chaoscenter/authentication/api/handlers/rest/user_handlers_test.go b/chaoscenter/authentication/api/handlers/rest/user_handlers_test.go
@@ -13,6 +13,8 @@ import (
 	"strings"
 	"testing"
 
+	"github.com/litmuschaos/litmus/chaoscenter/authentication/pkg/authConfig"
+
 	"go.mongodb.org/mongo-driver/bson/primitive"
 
 	"github.com/gin-gonic/gin"
@@ -408,9 +410,11 @@ func TestLoginUser(t *testing.T) {
 					Password: "hashedPassword",
 					Email:    "[email protected]",
 				}
+				service.On("GetConfig", "salt").Return(&authConfig.AuthConfig{}, nil)
 				service.On("FindUserByUsername", "testUser").Return(userFromDB, nil)
 				service.On("CheckPasswordHash", "hashedPassword", "testPassword").Return(nil)
-				service.On("GetSignedJWT", userFromDB).Return("someJWTToken", nil)
+				service.On("UpdateUserByQuery", mock.Anything, mock.Anything).Return(nil)
+				service.On("GetSignedJWT", userFromDB, mock.Anything).Return("someJWTToken", nil)
 				project := &entities.Project{
 					ID: "someProjectID",
 				}
@@ -486,7 +490,7 @@ func TestUpdatePassword(t *testing.T) {
 			givenStrictPassword:  false,
 			givenServiceResponse: nil,
 			expectedCode:         http.StatusOK,
-			expectedOutput:       `{"message":"password has been updated successfully"}`,
+			expectedOutput:       `{"message":"password has been updated successfully","projectID":"someProjectID"}`,
 		},
 		{
 			name:                 "Invalid new password",
@@ -507,8 +511,6 @@ func TestUpdatePassword(t *testing.T) {
 			c.Request.Header.Set("Content-Type", "application/json")
 			c.Set("username", tt.givenUsername)
 
-			utils.StrictPasswordPolicy = tt.givenStrictPassword
-
 			userPassword := entities.UserPassword{
 				Username:    tt.givenUsername,
 				OldPassword: "oldPass@123",
@@ -520,9 +522,19 @@ func TestUpdatePassword(t *testing.T) {
 				Email:          "[email protected]",
 				IsInitialLogin: false,
 			}
+			userFromDB := &entities.User{
+				ID:       "testUserID",
+				Username: "testUser",
+				Password: "hashedPassword",
+				Email:    "[email protected]",
+			}
+			service.On("FindUserByUsername", "testUser").Return(userFromDB, nil)
 			service.On("GetUser", "testUID").Return(user, nil)
 			service.On("UpdatePassword", &userPassword, true).Return(tt.givenServiceResponse)
-
+			project := &entities.Project{
+				ID: "someProjectID",
+			}
+			service.On("GetOwnerProjectIDs", mock.Anything, "testUserID").Return([]*entities.Project{project}, nil)
 			rest.UpdatePassword(service)(c)
 
 			assert.Equal(t, tt.expectedCode, w.Code)

diff --git a/chaoscenter/authentication/api/handlers/salt.go b/chaoscenter/authentication/api/handlers/salt.go
@@ -0,0 +1,44 @@
+package response
+
+import (
+	"encoding/base64"
+
+	"github.com/litmuschaos/litmus/chaoscenter/authentication/pkg/authConfig"
+	"github.com/litmuschaos/litmus/chaoscenter/authentication/pkg/services"
+	"github.com/litmuschaos/litmus/chaoscenter/authentication/pkg/utils"
+	log "github.com/sirupsen/logrus"
+	"go.mongodb.org/mongo-driver/mongo"
+)
+
+func AddSalt(service services.ApplicationService) error {
+	// generate salt and add/update to user collection
+	// pass the salt in the below func which will act as jwt secret
+	getSalt, err := service.GetConfig("salt")
+	if err != nil && err != mongo.ErrNoDocuments {
+		log.Error(err)
+		return err
+	}
+	if getSalt != nil {
+		return nil
+	}
+
+	salt, err := utils.RandomString(6)
+	if err != nil {
+		log.Error(err)
+		return err
+	}
+	encodedSalt := base64.StdEncoding.EncodeToString([]byte(salt))
+
+	config := authConfig.AuthConfig{
+		Key:   "salt",
+		Value: encodedSalt,
+	}
+
+	err = service.CreateConfig(config)
+	if err != nil {
+		log.Error(err)
+		return err
+	}
+
+	return nil
+}