Skip to content

Commit 8d3672b

Browse files
0x0elliot0x0elliot
committed
fix: cleaning creds better
1 parent edcb876 commit 8d3672b

File tree

1 file changed

+44
-15
lines changed

1 file changed

+44
-15
lines changed

shared.go

Lines changed: 44 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -1025,7 +1025,7 @@ func HandleGetOrg(resp http.ResponseWriter, request *http.Request) {
10251025
}
10261026
}
10271027

1028-
if !found {
1028+
if !found {
10291029
log.Printf("[ERROR] User '%s' (%s) isn't a part of org %s (get)", user.Username, user.Id, org.Id)
10301030
resp.WriteHeader(401)
10311031
resp.Write([]byte(`{"success": false, "reason": "User doesn't have access to org"}`))
@@ -9185,6 +9185,33 @@ func HandleSettings(resp http.ResponseWriter, request *http.Request) {
91859185
resp.Write(newjson)
91869186
}
91879187

9188+
func CleanCreds(user *User) *User {
9189+
user.Password = ""
9190+
user.ApiKey = ""
9191+
user.Session = ""
9192+
user.UsersLastSession = ""
9193+
user.VerificationToken = ""
9194+
user.ValidatedSessionOrgs = []string{}
9195+
user.Orgs = []string{}
9196+
user.Authentication = []UserAuth{}
9197+
user.PrivateApps = []WorkflowApp{}
9198+
9199+
// let's come back to this
9200+
user.MFA = MFAInfo{
9201+
Active: user.MFA.Active,
9202+
}
9203+
user.ActiveOrg = OrgMini{}
9204+
if !user.SupportAccess {
9205+
user.LoginInfo = []LoginInfo{}
9206+
}
9207+
9208+
user.LoginInfo = []LoginInfo{}
9209+
user.LoginType = "DELETED"
9210+
user.Role = "user"
9211+
9212+
return user
9213+
}
9214+
91889215
func HandleGetUsers(resp http.ResponseWriter, request *http.Request) {
91899216
cors := HandleCors(resp, request)
91909217
if cors {
@@ -9239,6 +9266,7 @@ func HandleGetUsers(resp http.ResponseWriter, request *http.Request) {
92399266
// Overrides to ensure the user we are returning
92409267
// is accurate and not an org copy. Keeping roles from
92419268
// org, as that controls the actual roles.
9269+
foundUser = CleanCreds(foundUser)
92429270
newItem := *foundUser
92439271
newItem.Role = item.Role
92449272
newItem.Roles = []string{item.Role}
@@ -9318,15 +9346,16 @@ func HandleGetUsers(resp http.ResponseWriter, request *http.Request) {
93189346
log.Printf("[WARNING] Failed getting org users for support access: %s", err)
93199347
} else {
93209348
for _, orgUser := range orgUsers {
9321-
found := false
9349+
orgUser = *CleanCreds(&orgUser)
9350+
found := false
93229351
for _, existingUser := range newUsers {
93239352
if existingUser.Id == orgUser.Id {
93249353
found = true
93259354
break
93269355
}
93279356
}
93289357

9329-
if found {
9358+
if found {
93309359
continue
93319360
}
93329361

@@ -11591,7 +11620,7 @@ func HandleChangeUserOrg(resp http.ResponseWriter, request *http.Request) {
1159111620
if strings.ToLower(strings.TrimSpace(loopUser.Username)) != fileId {
1159211621
continue
1159311622
}
11594-
11623+
1159511624
newUsers = append(newUsers, loopUser)
1159611625
}
1159711626

@@ -11717,10 +11746,10 @@ func HandleChangeUserOrg(resp http.ResponseWriter, request *http.Request) {
1171711746

1171811747
if !userFound && !user.SupportAccess {
1171911748

11720-
// FIXME: This changes the source of truth from JUST org.Users to user.Orgs
11721-
// May be a problem in worst case scenarios, but only works for orgids
11749+
// FIXME: This changes the source of truth from JUST org.Users to user.Orgs
11750+
// May be a problem in worst case scenarios, but only works for orgids
1172211751
// you know, so chance of causing an issue is **VERY** low.
11723-
found := false
11752+
found := false
1172411753
for _, orgId := range user.Orgs {
1172511754
if orgId == org.Id {
1172611755
usr.Role = "user"
@@ -17591,7 +17620,7 @@ func ParsedExecutionResult(ctx context.Context, workflowExecution WorkflowExecut
1759117620
var subflowDataList []SubflowData
1759217621
err = json.Unmarshal([]byte(actionResult.Result), &subflowDataList)
1759317622

17594-
//if debug {
17623+
//if debug {
1759517624
// log.Printf("\n\n\n\n\nSUBFLOW RESULT DATA: %#v\n\n\n\n\n", subflowData)
1759617625
//}
1759717626

@@ -21471,12 +21500,12 @@ func GetDocList(resp http.ResponseWriter, request *http.Request) {
2147121500
//250 = average read time / minute
2147221501
// Doubling this for bloat removal in Markdown~
2147321502
githubResp := GithubResp{
21474-
Name: (*item.Name)[0 : len(*item.Name)-3],
21475-
Contributors: []GithubAuthor{},
21503+
Name: (*item.Name)[0 : len(*item.Name)-3],
21504+
Contributors: []GithubAuthor{},
2147621505
PublishedDate: publishedDate,
21477-
Edited: "",
21478-
ReadTime: *item.Size / 6 / 250,
21479-
Link: fmt.Sprintf("https://github.com/%s/%s/blob/master/%s/%s", owner, repo, path, *item.Name),
21506+
Edited: "",
21507+
ReadTime: *item.Size / 6 / 250,
21508+
Link: fmt.Sprintf("https://github.com/%s/%s/blob/master/%s/%s", owner, repo, path, *item.Name),
2148021509
}
2148121510

2148221511
names = append(names, githubResp)
@@ -33727,12 +33756,12 @@ func GetDockerClient() (*dockerclient.Client, string, error) {
3372733756
dockerApiVersion := os.Getenv("DOCKER_API_VERSION")
3372833757
cli, err := dockerclient.NewEnvClient()
3372933758
if err != nil {
33730-
return nil, dockerApiVersion,err
33759+
return nil, dockerApiVersion, err
3373133760
}
3373233761

3373333762
_, err = cli.Info(ctx)
3373433763
if err == nil {
33735-
return cli, dockerApiVersion,nil
33764+
return cli, dockerApiVersion, nil
3373633765
}
3373733766

3373833767
if strings.Contains(strings.ToLower(err.Error()), strings.ToLower("Minimum supported API version is")) {

0 commit comments

Comments
 (0)