mirror of
https://github.com/MAGICGrants/truenas-apps.git
synced 2026-01-09 20:47:58 -05:00
lib: fix basic auth and htpasswd (#432)
* lib: fix basic auth and htpasswd * remove old * escape dollars redis/pg in password * add test case * remove old
This commit is contained in:
Stavros Kois
@@ -20,8 +20,8 @@ icon: https://media.sys.truenas.net/apps/paperless-ngx/icons/icon.svg
|
||||
keywords:
|
||||
- document
|
||||
- management
|
||||
lib_version: 1.0.2
|
||||
lib_version_hash: 4d8ed8593eb4333a91c4e64cfb5fd4fc790c30a512581315c34bc9aca08f44ff
|
||||
lib_version: 1.0.4
|
||||
lib_version_hash: 828240901df7d23541b7a35b1be99ef0df10fd59bdafb2ecec6469f42d9ce45f
|
||||
maintainers:
|
||||
- email: dev@ixsystems.com
|
||||
name: truenas
|
||||
@@ -44,17 +44,17 @@ run_as_context:
|
||||
uid: 0
|
||||
user_name: redis
|
||||
screenshots:
|
||||
- https://media.sys.truenas.net/apps/paperless-ngx/screenshots/screenshot1.png
|
||||
- https://media.sys.truenas.net/apps/paperless-ngx/screenshots/screenshot2.png
|
||||
- https://media.sys.truenas.net/apps/paperless-ngx/screenshots/screenshot3.png
|
||||
- https://media.sys.truenas.net/apps/paperless-ngx/screenshots/screenshot4.png
|
||||
- https://media.sys.truenas.net/apps/paperless-ngx/screenshots/screenshot5.png
|
||||
- https://media.sys.truenas.net/apps/paperless-ngx/screenshots/screenshot6.png
|
||||
- https://media.sys.truenas.net/apps/paperless-ngx/screenshots/screenshot7.png
|
||||
- https://media.sys.truenas.net/apps/paperless-ngx/screenshots/screenshot8.png
|
||||
- https://media.sys.truenas.net/apps/paperless-ngx/screenshots/screenshot1.png
|
||||
- https://media.sys.truenas.net/apps/paperless-ngx/screenshots/screenshot2.png
|
||||
- https://media.sys.truenas.net/apps/paperless-ngx/screenshots/screenshot3.png
|
||||
- https://media.sys.truenas.net/apps/paperless-ngx/screenshots/screenshot4.png
|
||||
- https://media.sys.truenas.net/apps/paperless-ngx/screenshots/screenshot5.png
|
||||
- https://media.sys.truenas.net/apps/paperless-ngx/screenshots/screenshot6.png
|
||||
- https://media.sys.truenas.net/apps/paperless-ngx/screenshots/screenshot7.png
|
||||
- https://media.sys.truenas.net/apps/paperless-ngx/screenshots/screenshot8.png
|
||||
sources:
|
||||
- https://hub.docker.com/r/paperlessngx/paperless-ngx
|
||||
- https://github.com/paperless-ngx/paperless-ngx
|
||||
title: Paperless-ngx
|
||||
train: community
|
||||
version: 1.0.4
|
||||
version: 1.0.5
|
||||
|
||||
@@ -2,10 +2,14 @@ categories:
|
||||
- productivity
|
||||
icon_url: https://media.sys.truenas.net/apps/paperless-ngx/icons/icon.svg
|
||||
screenshots:
|
||||
- https://media.sys.truenas.net/apps/n8n/screenshots/screenshot1.png
|
||||
- https://media.sys.truenas.net/apps/n8n/screenshots/screenshot2.png
|
||||
- https://media.sys.truenas.net/apps/n8n/screenshots/screenshot3.png
|
||||
- https://media.sys.truenas.net/apps/n8n/screenshots/screenshot4.png
|
||||
- https://media.sys.truenas.net/apps/paperless-ngx/screenshots/screenshot1.png
|
||||
- https://media.sys.truenas.net/apps/paperless-ngx/screenshots/screenshot2.png
|
||||
- https://media.sys.truenas.net/apps/paperless-ngx/screenshots/screenshot3.png
|
||||
- https://media.sys.truenas.net/apps/paperless-ngx/screenshots/screenshot4.png
|
||||
- https://media.sys.truenas.net/apps/paperless-ngx/screenshots/screenshot5.png
|
||||
- https://media.sys.truenas.net/apps/paperless-ngx/screenshots/screenshot6.png
|
||||
- https://media.sys.truenas.net/apps/paperless-ngx/screenshots/screenshot7.png
|
||||
- https://media.sys.truenas.net/apps/paperless-ngx/screenshots/screenshot8.png
|
||||
tags:
|
||||
- document
|
||||
- management
|
||||
|
||||
@@ -34,7 +34,7 @@ def pg_env(user, password, dbname, port=5432):
|
||||
utils.throw_error("Expected [dbname] to be set for postgres")
|
||||
return {
|
||||
"POSTGRES_USER": user,
|
||||
"POSTGRES_PASSWORD": password,
|
||||
"POSTGRES_PASSWORD": utils.escape_dollar(password),
|
||||
"POSTGRES_DB": dbname,
|
||||
"POSTGRES_PORT": port,
|
||||
}
|
||||
@@ -44,6 +44,6 @@ def redis_env(password, port=6379):
|
||||
|
||||
return {
|
||||
"ALLOW_EMPTY_PASSWORD": "no",
|
||||
"REDIS_PASSWORD": password,
|
||||
"REDIS_PASSWORD": utils.escape_dollar(password),
|
||||
"REDIS_PORT_NUMBER": port,
|
||||
}
|
||||
@@ -1,5 +1,7 @@
|
||||
from base64 import b64encode
|
||||
|
||||
from . import utils
|
||||
|
||||
|
||||
def get_caps(add=None, drop=None):
|
||||
add = add or []
|
||||
@@ -24,4 +26,9 @@ def get_sec_opts(add=None, remove=None):
|
||||
|
||||
|
||||
def htpasswd(username, password):
|
||||
hashed = utils.bcrypt_hash(password)
|
||||
return username + ":" + hashed
|
||||
|
||||
|
||||
def basic_auth(username, password):
|
||||
return b64encode(f"{username}:{password}".encode("utf-8")).decode("utf-8")
|
||||
@@ -24,11 +24,7 @@ def secure_string(length):
|
||||
|
||||
|
||||
def basic_auth_header(username, password):
|
||||
return f"Basic {basic_auth(username, password)}"
|
||||
|
||||
|
||||
def basic_auth(username, password):
|
||||
return security.htpasswd(username, password)
|
||||
return f"Basic {security.basic_auth(username, password)}"
|
||||
|
||||
|
||||
def bcrypt_hash(password, escape=True):
|
||||
@@ -6,8 +6,8 @@ resources:
|
||||
TZ: Europe/Paris
|
||||
|
||||
paperless:
|
||||
db_password: db-paperless-password
|
||||
redis_password: redis-paperless-password
|
||||
db_password: db-paperless-password$
|
||||
redis_password: redis-paperles$s-password$
|
||||
secret_key: paperless-secret-key
|
||||
admin_user: admin
|
||||
admin_mail: admin@example.com
|
||||
|
||||
@@ -10,8 +10,8 @@ icon: https://media.sys.truenas.net/apps/webdav/icons/icon.png
|
||||
keywords:
|
||||
- webdav
|
||||
- file-sharing
|
||||
lib_version: 1.0.3
|
||||
lib_version_hash: 8eb06c4c993956df11c68196e96384d38a4e03ca1ca88738a94965de4bb83cc3
|
||||
lib_version: 1.0.4
|
||||
lib_version_hash: 828240901df7d23541b7a35b1be99ef0df10fd59bdafb2ecec6469f42d9ce45f
|
||||
maintainers:
|
||||
- email: dev@ixsystems.com
|
||||
name: truenas
|
||||
@@ -28,4 +28,4 @@ sources:
|
||||
- http://www.webdav.org/
|
||||
title: WebDAV
|
||||
train: community
|
||||
version: 1.0.7
|
||||
version: 1.0.8
|
||||
|
||||
@@ -72,7 +72,7 @@ configs:
|
||||
content: {{ httpd_conf.httpd_conf(values) | tojson }}
|
||||
{% if values.webdav.auth_type != "none" %}
|
||||
htauth:
|
||||
content: {{ ix_lib.base.utils.basic_auth(values.webdav.username, values.webdav.password) | tojson }}
|
||||
content: {{ ix_lib.base.security.htpasswd(values.webdav.username, values.webdav.password) | tojson }}
|
||||
{% endif %}
|
||||
{% if values.network.certificate_id %}
|
||||
private:
|
||||
|
||||
@@ -34,7 +34,7 @@ def pg_env(user, password, dbname, port=5432):
|
||||
utils.throw_error("Expected [dbname] to be set for postgres")
|
||||
return {
|
||||
"POSTGRES_USER": user,
|
||||
"POSTGRES_PASSWORD": password,
|
||||
"POSTGRES_PASSWORD": utils.escape_dollar(password),
|
||||
"POSTGRES_DB": dbname,
|
||||
"POSTGRES_PORT": port,
|
||||
}
|
||||
@@ -44,6 +44,6 @@ def redis_env(password, port=6379):
|
||||
|
||||
return {
|
||||
"ALLOW_EMPTY_PASSWORD": "no",
|
||||
"REDIS_PASSWORD": password,
|
||||
"REDIS_PASSWORD": utils.escape_dollar(password),
|
||||
"REDIS_PORT_NUMBER": port,
|
||||
}
|
||||
@@ -1,5 +1,7 @@
|
||||
from base64 import b64encode
|
||||
|
||||
from . import utils
|
||||
|
||||
|
||||
def get_caps(add=None, drop=None):
|
||||
add = add or []
|
||||
@@ -24,4 +26,9 @@ def get_sec_opts(add=None, remove=None):
|
||||
|
||||
|
||||
def htpasswd(username, password):
|
||||
hashed = utils.bcrypt_hash(password)
|
||||
return username + ":" + hashed
|
||||
|
||||
|
||||
def basic_auth(username, password):
|
||||
return b64encode(f"{username}:{password}".encode("utf-8")).decode("utf-8")
|
||||
@@ -24,11 +24,7 @@ def secure_string(length):
|
||||
|
||||
|
||||
def basic_auth_header(username, password):
|
||||
return f"Basic {basic_auth(username, password)}"
|
||||
|
||||
|
||||
def basic_auth(username, password):
|
||||
return security.htpasswd(username, password)
|
||||
return f"Basic {security.basic_auth(username, password)}"
|
||||
|
||||
|
||||
def bcrypt_hash(password, escape=True):
|
||||
@@ -23,8 +23,8 @@ keywords:
|
||||
- monitoring
|
||||
- management
|
||||
- discovery
|
||||
lib_version: 1.0.2
|
||||
lib_version_hash: 4d8ed8593eb4333a91c4e64cfb5fd4fc790c30a512581315c34bc9aca08f44ff
|
||||
lib_version: 1.0.4
|
||||
lib_version_hash: 828240901df7d23541b7a35b1be99ef0df10fd59bdafb2ecec6469f42d9ce45f
|
||||
maintainers:
|
||||
- email: dev@ixsystems.com
|
||||
name: truenas
|
||||
@@ -50,4 +50,4 @@ sources:
|
||||
- https://github.com/linuxserver/docker-diskover
|
||||
title: Diskover Data
|
||||
train: stable
|
||||
version: 1.2.5
|
||||
version: 1.2.6
|
||||
|
||||
@@ -74,7 +74,7 @@ services:
|
||||
cap_drop: {{ ix_lib.base.security.get_caps().drop | tojson }}
|
||||
security_opt: {{ ix_lib.base.security.get_sec_opts() | tojson }}
|
||||
{% set test = ix_lib.base.healthchecks.curl_test(port=values.consts.elastic_port, path="/_cluster/health", config={
|
||||
"headers": [("Authorization", ix_lib.base.utils.basic_auth(values.consts.elastic_basic_auth_user, es_password))]
|
||||
"headers": [("Authorization", ix_lib.base.utils.basic_auth_header(values.consts.elastic_basic_auth_user, es_password))]
|
||||
}) %}
|
||||
healthcheck: {{ ix_lib.base.healthchecks.check_health(test) | tojson }}
|
||||
volumes: {{ es_volume_mounts.items | tojson }}
|
||||
|
||||
@@ -34,7 +34,7 @@ def pg_env(user, password, dbname, port=5432):
|
||||
utils.throw_error("Expected [dbname] to be set for postgres")
|
||||
return {
|
||||
"POSTGRES_USER": user,
|
||||
"POSTGRES_PASSWORD": password,
|
||||
"POSTGRES_PASSWORD": utils.escape_dollar(password),
|
||||
"POSTGRES_DB": dbname,
|
||||
"POSTGRES_PORT": port,
|
||||
}
|
||||
@@ -44,6 +44,6 @@ def redis_env(password, port=6379):
|
||||
|
||||
return {
|
||||
"ALLOW_EMPTY_PASSWORD": "no",
|
||||
"REDIS_PASSWORD": password,
|
||||
"REDIS_PASSWORD": utils.escape_dollar(password),
|
||||
"REDIS_PORT_NUMBER": port,
|
||||
}
|
||||
@@ -1,3 +1,5 @@
|
||||
from base64 import b64encode
|
||||
|
||||
from . import utils
|
||||
|
||||
|
||||
@@ -26,3 +28,7 @@ def get_sec_opts(add=None, remove=None):
|
||||
def htpasswd(username, password):
|
||||
hashed = utils.bcrypt_hash(password)
|
||||
return username + ":" + hashed
|
||||
|
||||
|
||||
def basic_auth(username, password):
|
||||
return b64encode(f"{username}:{password}".encode("utf-8")).decode("utf-8")
|
||||
@@ -24,11 +24,7 @@ def secure_string(length):
|
||||
|
||||
|
||||
def basic_auth_header(username, password):
|
||||
return f"Basic {basic_auth(username, password)}"
|
||||
|
||||
|
||||
def basic_auth(username, password):
|
||||
return security.htpasswd(username, password)
|
||||
return f"Basic {security.basic_auth(username, password)}"
|
||||
|
||||
|
||||
def bcrypt_hash(password, escape=True):
|
||||
@@ -34,7 +34,7 @@ def pg_env(user, password, dbname, port=5432):
|
||||
utils.throw_error("Expected [dbname] to be set for postgres")
|
||||
return {
|
||||
"POSTGRES_USER": user,
|
||||
"POSTGRES_PASSWORD": password,
|
||||
"POSTGRES_PASSWORD": utils.escape_dollar(password),
|
||||
"POSTGRES_DB": dbname,
|
||||
"POSTGRES_PORT": port,
|
||||
}
|
||||
@@ -44,6 +44,6 @@ def redis_env(password, port=6379):
|
||||
|
||||
return {
|
||||
"ALLOW_EMPTY_PASSWORD": "no",
|
||||
"REDIS_PASSWORD": password,
|
||||
"REDIS_PASSWORD": utils.escape_dollar(password),
|
||||
"REDIS_PORT_NUMBER": port,
|
||||
}
|
||||
@@ -1,3 +1,5 @@
|
||||
from base64 import b64encode
|
||||
|
||||
from . import utils
|
||||
|
||||
|
||||
@@ -26,3 +28,7 @@ def get_sec_opts(add=None, remove=None):
|
||||
def htpasswd(username, password):
|
||||
hashed = utils.bcrypt_hash(password)
|
||||
return username + ":" + hashed
|
||||
|
||||
|
||||
def basic_auth(username, password):
|
||||
return b64encode(f"{username}:{password}".encode("utf-8")).decode("utf-8")
|
||||
@@ -24,11 +24,7 @@ def secure_string(length):
|
||||
|
||||
|
||||
def basic_auth_header(username, password):
|
||||
return f"Basic {basic_auth(username, password)}"
|
||||
|
||||
|
||||
def basic_auth(username, password):
|
||||
return security.htpasswd(username, password)
|
||||
return f"Basic {security.basic_auth(username, password)}"
|
||||
|
||||
|
||||
def bcrypt_hash(password, escape=True):
|
||||
@@ -1,2 +1,2 @@
|
||||
0.0.1: f074617a82a86d2a6cc78a4c8a4296fc9d168e456f12713e50c696557b302133
|
||||
1.0.3: 8eb06c4c993956df11c68196e96384d38a4e03ca1ca88738a94965de4bb83cc3
|
||||
1.0.4: 828240901df7d23541b7a35b1be99ef0df10fd59bdafb2ecec6469f42d9ce45f
|
||||
|
||||
Reference in New Issue
Block a user