einar/maubot-osc
1
0
Fork 0
Code Issues Pull requests Releases 5 Activity

Encrypt the OBS password on first run

Browse source 
This makes sure it is at least not stored in plaintext somewhere.
This commit is contained in:
Luca Beltrame 2022-01-29 09:52:08 +01:00
parent 4c8d4dc8b3
commit 2c5fbcc2fd
Signed by: einar
GPG key ID: 4707F46E9EC72DEC
1 changed files with 40 additions and 21 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

61
oscbot/__init__.py
View file

@ -1,10 +1,11 @@
# SPDX-FileCopyrightText: 2022 Luca Beltrame <lbeltrame@kde.org> # SPDX-FileCopyrightText: 2022 Luca Beltrame <lbeltrame@kde.org>
# SPDX-License-Identifier: AGPL-3.0-or-later # SPDX-License-Identifier: AGPL-3.0-or-later
from dataclasses import dataclass from dataclasses import dataclass, field
from typing import Optional, List, Type, Tuple from typing import Optional, List, Type, Tuple
import aiohttp import aiohttp
import cryptocode
from lxml import objectify from lxml import objectify
from jinja2 import BaseLoader, Environment from jinja2 import BaseLoader, Environment
@ -46,7 +47,7 @@ class BuildResult:
class BuildRepository: class BuildRepository:
name: str name: str
arch: str arch: str
packages: List[BuildResult] packages: List[BuildResult] = field(default_factory=list)
class Config(BaseProxyConfig): class Config(BaseProxyConfig):
@ -56,8 +57,17 @@ class Config(BaseProxyConfig):
helper.copy("instance_url") helper.copy("instance_url")
helper.copy("rebuild_token") helper.copy("rebuild_token")
helper.copy("trigger_token") helper.copy("trigger_token")
helper.copy("secret")
password = self["password"]
if len(password) < 91 and not password.endswith("=="):
encrypted_password = cryptocode.encrypt(password, self["secret"])
helper.base["password"] = encrypted_password
else:
helper.copy("password")
helper.copy("username") helper.copy("username")
helper.copy("password") helper.copy("repo_aliases")
class OSCBot(Plugin): class OSCBot(Plugin):
@ -76,6 +86,19 @@ class OSCBot(Plugin):
def get_config_class(cls) -> Type[BaseProxyConfig]: def get_config_class(cls) -> Type[BaseProxyConfig]:
return Config return Config
def get_alias(self, project_alias: str) -> Tuple[str, str, str, str, str]:
data = self.config["repo_aliases"][project_alias]
# There is no concept of non-positional arguments in maubot
# So we just use "all" in case we want to skip something
package = data["package"] if data["package"] != "all" else None
repository = (data["repository"] if data["repository"] != "all"
else None)
arch = data["arch"] if data["arch"] != "all" else None
project = data["project"]
state = data["state"] if data["state"] != "all" else None
return (project, package, repository, state, arch)
async def parse_rebuilpac( async def parse_rebuilpac(
self, self,
project: str, project: str,
@ -112,7 +135,8 @@ class OSCBot(Plugin):
arch: Optional[str] = None) -> List[BuildRepository]: arch: Optional[str] = None) -> List[BuildRepository]:
username = self.config["username"] username = self.config["username"]
password = self.config["password"] password = cryptocode.decrypt(self.config["password"],
self.config["secret"])
api_url = self.config["api_url"] api_url = self.config["api_url"]
api_call = f"{api_url}/build/{project}/_result" api_call = f"{api_url}/build/{project}/_result"
@ -179,7 +203,7 @@ class OSCBot(Plugin):
@osc.subcommand( @osc.subcommand(
"rebuildpac", aliases=("rb",), "rebuildpac", aliases=("rb",),
help="Rebuild a package or all packages in the repositories") help="Rebuild a package or all packages in the repositories")
@command.argument("project", "project name") @command.argument("project", "project name/alias")
@command.argument("package", "package name (or \"all\" for all packages)") @command.argument("package", "package name (or \"all\" for all packages)")
@command.argument("repository", "repository (optional)", required=False) @command.argument("repository", "repository (optional)", required=False)
@command.argument("arch", "architecture (optional)", required=False) @command.argument("arch", "architecture (optional)", required=False)
@ -189,12 +213,9 @@ class OSCBot(Plugin):
repository: Optional[str] = None, repository: Optional[str] = None,
arch: Optional[str] = None) -> None: arch: Optional[str] = None) -> None:
if package == "all": package = None if package == "all" else package
package = None repository = None if repository == "all" else repository
if repository == "all": arch = None if arch == "all" else arch
repository = None
if arch == "all":
arch = None
result, status = await self.parse_rebuilpac(project, package, result, status = await self.parse_rebuilpac(project, package,
repository, repository,
@ -244,16 +265,14 @@ class OSCBot(Plugin):
repository: Optional[str] = None, repository: Optional[str] = None,
arch: Optional[str] = None) -> None: arch: Optional[str] = None) -> None:
# There is no concept of non-positional arguments in maubot if project in self.config["repo_aliases"]:
# So we just use "all" in case we want to skip something project, package, repository, state, arch = self.get_alias(project)
if state == "all": else:
state = None # There is no concept of non-positional arguments in maubot
if package == "all": # So we just use "all" in case we want to skip something
package = None package = None if package == "all" else package
if repository == "all": repository = None if repository == "all" else repository
repository = None arch = None if arch == "all" else arch
if arch == "all":
arch = None
response = await self.parse_status(project, package, state=state, response = await self.parse_status(project, package, state=state,
repo=repository, arch=arch) repo=repository, arch=arch)