From 65ac35c4e1c192f41ed8c33fd100263a260adb43 Mon Sep 17 00:00:00 2001 From: Nasar Khan Date: Mon, 22 Jul 2024 11:26:47 -0400 Subject: [PATCH] add messaging keystore password validation --- .../message_configuration_client.rb | 2 +- .../message_configuration_server.rb | 2 +- lib/manageiq/appliance_console/prompts.rb | 12 +++++++++++- spec/message_configuration_client_spec.rb | 4 ++-- 4 files changed, 15 insertions(+), 5 deletions(-) diff --git a/lib/manageiq/appliance_console/message_configuration_client.rb b/lib/manageiq/appliance_console/message_configuration_client.rb index 3a43d44f..c7c72d17 100644 --- a/lib/manageiq/appliance_console/message_configuration_client.rb +++ b/lib/manageiq/appliance_console/message_configuration_client.rb @@ -53,7 +53,7 @@ def ask_for_parameters @message_truststore_path_src = ask_for_string("Message Server Truststore Path", truststore_path) @message_ca_cert_path_src = ask_for_string("Message Server CA Cert Path", ca_cert_path) @message_keystore_username = ask_for_string("Message Keystore Username", message_keystore_username) if secure? - @message_keystore_password = ask_for_password("Message Keystore Password") if secure? + @message_keystore_password = ask_for_messaging_password("Message Keystore Password") if secure? end def show_parameters diff --git a/lib/manageiq/appliance_console/message_configuration_server.rb b/lib/manageiq/appliance_console/message_configuration_server.rb index 6532cbdd..05743a5c 100644 --- a/lib/manageiq/appliance_console/message_configuration_server.rb +++ b/lib/manageiq/appliance_console/message_configuration_server.rb @@ -71,7 +71,7 @@ def ask_for_parameters @message_server_host = ask_for_messaging_hostname("Message Server Hostname", message_server_host) @message_keystore_username = ask_for_string("Message Keystore Username", message_keystore_username) - @message_keystore_password = ask_for_new_password("Message Keystore Password") + @message_keystore_password = ask_for_messaging_password("Message Keystore Password") @message_persistent_disk = ask_for_persistent_disk end diff --git a/lib/manageiq/appliance_console/prompts.rb b/lib/manageiq/appliance_console/prompts.rb index bf279962..069451bb 100644 --- a/lib/manageiq/appliance_console/prompts.rb +++ b/lib/manageiq/appliance_console/prompts.rb @@ -15,6 +15,7 @@ module Prompts NONE_REGEXP = /^('?NONE'?)?$/i.freeze HOSTNAME_REGEXP = /^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$/.freeze MESSAGING_HOSTNAME_REGEXP = /^(?!.*localhost)(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$/.freeze + MESSAGING_PASSWORD_REGEXP = /\A[a-zA-Z0-9_\-\.\$\*]+\z/.freeze def ask_for_uri(prompt, expected_scheme, opts = {}) require 'uri' @@ -119,7 +120,7 @@ def ask_for_password(prompt, default = nil) pass == "********" ? (default || "") : pass end - def ask_for_new_password(prompt, default: nil, allow_empty: false, retry_limit: 1, confirm_password: true) + def ask_for_new_password(prompt, default: nil, allow_empty: false, retry_limit: 1, confirm_password: true, validation: nil, validation_err: nil) count = 0 loop do password1 = ask_for_password(prompt, default) @@ -128,6 +129,11 @@ def ask_for_new_password(prompt, default: nil, allow_empty: false, retry_limit: next end + if validation && password1 !~ validation + say("\nPassword is invalid: #{validation_err}, please try again") + next + end + return password1 if password1 == default || !confirm_password password2 = ask_for_password(prompt) @@ -140,6 +146,10 @@ def ask_for_new_password(prompt, default: nil, allow_empty: false, retry_limit: end end + def ask_for_messaging_password(prompt) + ask_for_new_password(prompt, :validation => MESSAGING_PASSWORD_REGEXP, :validation_err => "allowed characters are a-z, A-Z, 0-9, -, _, ., $, and *") + end + def ask_for_string(prompt, default = nil) just_ask(prompt, default) end diff --git a/spec/message_configuration_client_spec.rb b/spec/message_configuration_client_spec.rb index 8876849d..c65954bd 100644 --- a/spec/message_configuration_client_spec.rb +++ b/spec/message_configuration_client_spec.rb @@ -49,7 +49,7 @@ expect(subject).to receive(:ask_for_messaging_hostname).with("Message Server Hostname").and_return("my-host-name.example.com") expect(subject).to receive(:ask_for_integer).with("Message Server Port number", (1..65_535), 9_093).and_return("9093") expect(subject).to receive(:ask_for_string).with("Message Keystore Username", message_keystore_username).and_return("admin") - expect(subject).to receive(:ask_for_password).with("Message Keystore Password").and_return("top_secret") + expect(subject).to receive(:ask_for_messaging_password).with("Message Keystore Password").and_return("top_secret") expect(subject).to receive(:ask_for_string).with("Message Server Truststore Path", subject.truststore_path) expect(subject).to receive(:ask_for_string).with("Message Server CA Cert Path", subject.ca_cert_path) @@ -65,7 +65,7 @@ allow(subject).to receive(:ask_for_messaging_hostname).with("Message Server Hostname").and_return("my-kafka-server.example.com") allow(subject).to receive(:ask_for_integer).with("Message Server Port number", (1..65_535), 9_093).and_return("9093") allow(subject).to receive(:ask_for_string).with("Message Keystore Username", message_keystore_username).and_return("admin") - allow(subject).to receive(:ask_for_password).with("Message Keystore Password").and_return("top_secret") + allow(subject).to receive(:ask_for_messaging_password).with("Message Keystore Password").and_return("top_secret") allow(subject).to receive(:ask_for_string).with("Message Server Truststore Path", subject.truststore_path) allow(subject).to receive(:ask_for_string).with("Message Server CA Cert Path", subject.ca_cert_path)