From 3d0e9c35d619adbd20cddb86962b02c8007e170e Mon Sep 17 00:00:00 2001 From: Jonathan Cobb Date: Wed, 1 Apr 2020 03:24:02 -0400 Subject: [PATCH] only allow nodemanager set_password and disable for local node. allow changing password without notifying sage --- .../resources/cloud/NodeManagerResource.java | 37 +++++++++++++------ .../post_auth/ResourceMessages.properties | 1 + 2 files changed, 26 insertions(+), 12 deletions(-) diff --git a/bubble-server/src/main/java/bubble/resources/cloud/NodeManagerResource.java b/bubble-server/src/main/java/bubble/resources/cloud/NodeManagerResource.java index b9571087..393ae760 100644 --- a/bubble-server/src/main/java/bubble/resources/cloud/NodeManagerResource.java +++ b/bubble-server/src/main/java/bubble/resources/cloud/NodeManagerResource.java @@ -64,7 +64,8 @@ public class NodeManagerResource { @POST @Path("/set_password") public Response setPassword (@Context ContainerRequest ctx, - LoginRequest request) { + LoginRequest request, + @QueryParam("notify") Boolean notify) { final Account caller = userPrincipal(ctx); if (!caller.admin()) return forbidden(); @@ -72,19 +73,27 @@ public class NodeManagerResource { if (empty(password)) return invalid("err.password.required"); if (password.length() < 10) return invalid("err.password.tooShort"); + if (!node.getUuid().equals(selfNodeService.getThisNode().getUuid())) { + return invalid("err.nodemanager.nodeNotLocal"); + } + nodeManagerService.setPassword(password); - final BubbleNode selfNode = selfNodeService.getThisNode(); - if (selfNode != null && selfNode.hasSageNode() && !selfNode.getUuid().equals(selfNode.getSageNode())) { - final BubbleNode sageNode = nodeDAO.findByUuid(selfNode.getSageNode()); - if (sageNode == null) { - log.warn("setPassword: error finding sage to notify: " + selfNode.getSageNode()); - } else { - selfNode.setNodeManagerPassword(password); - final NotificationReceipt receipt = notificationService.notify(sageNode, hello_to_sage, selfNode); - if (!receipt.isSuccess()) { - log.warn("setPassword: error notifying sage of new nodemanager password: " + receipt); + + final boolean notifySage = notify == null || notify; + if (notifySage) { + final BubbleNode selfNode = selfNodeService.getThisNode(); + if (selfNode != null && selfNode.hasSageNode() && !selfNode.getUuid().equals(selfNode.getSageNode())) { + final BubbleNode sageNode = nodeDAO.findByUuid(selfNode.getSageNode()); + if (sageNode == null) { + log.warn("setPassword: error finding sage to notify: " + selfNode.getSageNode()); + } else { + selfNode.setNodeManagerPassword(password); + final NotificationReceipt receipt = notificationService.notify(sageNode, hello_to_sage, selfNode); + if (!receipt.isSuccess()) { + log.warn("setPassword: error notifying sage of new nodemanager password: " + receipt); + } + selfNode.setNodeManagerPassword(null); // just in case the object gets sync'd to db } - selfNode.setNodeManagerPassword(null); // just in case the object gets sync'd to db } } return ok_empty(); @@ -95,6 +104,10 @@ public class NodeManagerResource { final Account caller = userPrincipal(ctx); if (!caller.admin()) return forbidden(); + if (!node.getUuid().equals(selfNodeService.getThisNode().getUuid())) { + return invalid("err.nodemanager.nodeNotLocal"); + } + nodeManagerService.disable(); return ok_empty(); } diff --git a/bubble-server/src/main/resources/message_templates/en_US/server/post_auth/ResourceMessages.properties b/bubble-server/src/main/resources/message_templates/en_US/server/post_auth/ResourceMessages.properties index c3f52185..9d1cde62 100644 --- a/bubble-server/src/main/resources/message_templates/en_US/server/post_auth/ResourceMessages.properties +++ b/bubble-server/src/main/resources/message_templates/en_US/server/post_auth/ResourceMessages.properties @@ -779,3 +779,4 @@ err.addFilter.analyticsFilterRequired=Filter pattern is required err.nodemanager.error=Error calling nodemanager err.nodemanager.noPasswordSet=No nodemanager password is set err.nodemanager.invalidPath=Path is invalid +err.nodemanager.nodeNotLocal=Target node must be this node \ No newline at end of file