diff --git a/app/controllers/api/hosts_controller.rb b/app/controllers/api/hosts_controller.rb index 35cc459235..244514f86d 100644 --- a/app/controllers/api/hosts_controller.rb +++ b/app/controllers/api/hosts_controller.rb @@ -1,6 +1,5 @@ module Api class HostsController < BaseProviderController - CREDENTIALS_ATTR = "credentials".freeze AUTH_ATTR = "authentications".freeze AUTH_TYPE_ATTR = "auth_type".freeze DEFAULT_AUTH_TYPE = "default".freeze @@ -12,45 +11,28 @@ class HostsController < BaseProviderController include Subcollections::Tags def edit_resource(type, id, data = {}) - # TODO: drop 'credentials' parameter field when ui-classic hosts is in react - credentials = data.delete(CREDENTIALS_ATTR) authentications = data.delete(AUTH_ATTR) + raise BadRequestError, "Cannot update non-credentials attributes of host resource" if data.any? + resource_search(id, type).tap do |host| - # begin legacy ui-classic - all_credentials = Array.wrap(credentials).each_with_object({}) do |creds, hash| - auth_type = creds.delete(AUTH_TYPE_ATTR) || DEFAULT_AUTH_TYPE - creds.symbolize_keys! - creds.reverse_merge!(:userid => host.authentication_userid(auth_type)) - hash[auth_type.to_sym] = creds + if authentications.present? + authentications.deep_symbolize_keys! + host.update_authentication(authentications) end - # end legacy ui-classic. if they provided the newer authentications, it will overwrite - all_credentials, _ = symbolize_password_keys!(authentications) if authentications - host.update_authentication(all_credentials) if all_credentials.present? end end def verify_credentials_resource(type, id = nil, data = {}) api_resource(type, id, "Verifying Credentials for") do |host| - remember_host = data["remember_host"] == "true" - authentications, auth_type = symbolize_password_keys!(data[AUTH_ATTR]) - {:task_id => host.verify_credentials_task(User.current_userid, auth_type, :credentials => authentications, :remember_host => remember_host)} + auth_type = data["authentications"].keys.first + + {:task_id => host.verify_credentials_task(User.current_userid, auth_type, data)} end end def check_compliance_resource(type, id, _data = nil) enqueue_ems_action(type, id, "Check Compliance for", :method_name => "check_compliance", :supports => true) end - - private - - # takes credentials from params and converts into something for update_authentications - def symbolize_password_keys!(authentications) - auth_type = authentications.keys.first - # symbolize userid, password - authentications[auth_type].symbolize_keys! - - return authentications, auth_type - end end end diff --git a/spec/requests/hosts_spec.rb b/spec/requests/hosts_spec.rb index 26f1eec137..9a720ac17f 100644 --- a/spec/requests/hosts_spec.rb +++ b/spec/requests/hosts_spec.rb @@ -1,18 +1,6 @@ RSpec.describe "hosts API" do describe "editing a host's password" do context "with an appropriate role" do - # credentials parameter is the legacy rail controller format for editing a host - it "can edit the password on a host" do - host = FactoryBot.create(:host_with_authentication) - api_basic_authorize action_identifier(:hosts, :edit) - options = {:credentials => {:authtype => "default", :password => "abc123"}} - - expect do - post api_host_url(nil, host), :params => gen_request(:edit, options) - end.to change { host.reload.authentication_password(:default) }.to("abc123") - expect(response).to have_http_status(:ok) - end - it "can edit the password on a host using new/react format" do host = FactoryBot.create(:host_with_authentication) api_basic_authorize action_identifier(:hosts, :edit) @@ -24,28 +12,6 @@ expect(response).to have_http_status(:ok) end - it "will update the default authentication if no type is given" do - host = FactoryBot.create(:host_with_authentication) - api_basic_authorize action_identifier(:hosts, :edit) - options = {:credentials => {:password => "abc123"}} - - expect do - post api_host_url(nil, host), :params => gen_request(:edit, options) - end.to change { host.reload.authentication_password(:default) }.to("abc123") - expect(response).to have_http_status(:ok) - end - - it "can edit the password on a host without creating duplicate keys" do - host = FactoryBot.create(:host) - api_basic_authorize action_identifier(:hosts, :edit) - options = { :credentials => { 'userid' => "I'm", 'password' => 'abc123' } } - - expect do - post api_host_url(nil, host), :params => gen_request(:edit, options) - end.to change { host.reload.authentication_password(:default) }.to('abc123') - expect(response).to have_http_status(:ok) - end - it "sending non-credentials attributes will result in a bad request error" do host = FactoryBot.create(:host_with_authentication) api_basic_authorize action_identifier(:hosts, :edit) @@ -62,23 +28,8 @@ host2 = FactoryBot.create(:host_with_authentication) api_basic_authorize action_identifier(:hosts, :edit) options = [ - {:href => api_host_url(nil, host1), :credentials => {:password => "abc123"}}, - {:href => api_host_url(nil, host2), :credentials => {:password => "def456"}} - ] - - post api_hosts_url, :params => gen_request(:edit, options) - expect(response).to have_http_status(:ok) - expect(host1.reload.authentication_password(:default)).to eq("abc123") - expect(host2.reload.authentication_password(:default)).to eq("def456") - end - - it "can update passwords on multiple hosts by id (via credentials)" do - host1 = FactoryBot.create(:host_with_authentication) - host2 = FactoryBot.create(:host_with_authentication) - api_basic_authorize action_identifier(:hosts, :edit) - options = [ - {:id => host1.id, :credentials => {:password => "abc123"}}, - {:id => host2.id, :credentials => {:password => "def456"}} + {"href" => api_host_url(nil, host1), "authentications" => {"default" => {"password" => "abc123"}}}, + {"href" => api_host_url(nil, host2), "authentications" => {"default" => {"password" => "def456"}}} ] post api_hosts_url, :params => gen_request(:edit, options) @@ -94,8 +45,8 @@ params = { "action" => "edit", "resources" => [ - {:id => host1.id, :authentications => {"default" => {:username => "abc", :password => "abc123"}}}, - {:id => host2.id, :authentications => {"default" => {:username => "def", :password => "def456"}}} + {"id" => host1.id, "authentications" => {"default" => {"username" => "abc", "password" => "abc123"}}}, + {"id" => host2.id, "authentications" => {"default" => {"username" => "def", "password" => "def456"}}} ] } @@ -110,7 +61,7 @@ it "cannot edit the password on a host" do host = FactoryBot.create(:host_with_authentication) api_basic_authorize - options = {:credentials => {:authtype => "default", :password => "abc123"}} + options = {"authentications" => {"default" => {"username" => "abc", "password" => "abc123"}}} expect do post api_host_url(nil, host), :params => gen_request(:edit, options) @@ -174,15 +125,13 @@ api_basic_authorize action_identifier(:hosts, :edit) verify_options = { - :credentials => { - "default" => {:userid => "root", :password => "abc123"} - }, - :remember_host => true + "authentications" => { + "default" => {"userid" => "root", "password" => "abc123"} + } } api_options = { - "authentications" => {"default" => {"userid" => "root", "password" => "abc123"}}, - "remember_host" => "true" + "authentications" => {"default" => {"userid" => "root", "password" => "abc123"}} } post api_host_url(nil, host), :params => gen_request(:verify_credentials, api_options)