From 7899fea95d1cb1831c971235558795637a38317e Mon Sep 17 00:00:00 2001 From: Jorge Manrubia Date: Fri, 1 Apr 2022 15:41:22 +0200 Subject: [PATCH 1/4] Add option to ask for username when the username is not set. When the username is not set, Console1984 will now raise an error, or, optionally ask the user to enter their name. --- lib/console1984/config.rb | 3 ++- lib/console1984/errors.rb | 3 +++ lib/console1984/shield/modes.rb | 2 +- lib/console1984/supervisor.rb | 12 ++++++++-- test/dummy/config/application.rb | 14 ++++++++++++ test/supervisor_test.rb | 29 +++++++++++++++++++++++++ test/support/supervised_test_console.rb | 4 ++-- 7 files changed, 61 insertions(+), 6 deletions(-) create mode 100644 test/supervisor_test.rb diff --git a/lib/console1984/config.rb b/lib/console1984/config.rb index 7676484..463be65 100644 --- a/lib/console1984/config.rb +++ b/lib/console1984/config.rb @@ -7,7 +7,7 @@ class Console1984::Config PROTECTIONS_CONFIG_FILE_PATH = Console1984::Engine.root.join("config/protections.yml") PROPERTIES = %i[ - session_logger username_resolver shield command_executor + session_logger username_resolver ask_for_username_if_empty shield command_executor protected_environments protected_urls production_data_warning enter_unprotected_encryption_mode_warning enter_protected_mode_warning incinerate incinerate_after incineration_queue @@ -54,6 +54,7 @@ def set_defaults self.incinerate = true self.incinerate_after = 30.days self.incineration_queue = "console1984_incineration" + self.ask_for_username_if_empty = false self.debug = false self.test_mode = false diff --git a/lib/console1984/errors.rb b/lib/console1984/errors.rb index bfdc804..44b3bc9 100644 --- a/lib/console1984/errors.rb +++ b/lib/console1984/errors.rb @@ -23,5 +23,8 @@ class ForbiddenCommandExecuted < StandardError; end # Attempt to incinerate a session ahead of time as determined by # +config.console1984.incinerate_after+. class ForbiddenIncineration < StandardError; end + + # The console username is not set. Only raised when `config.ask_for_username_if_empty = false`. + class MissingUsername < StandardError; end end end diff --git a/lib/console1984/shield/modes.rb b/lib/console1984/shield/modes.rb index b5d43e8..b53b73e 100644 --- a/lib/console1984/shield/modes.rb +++ b/lib/console1984/shield/modes.rb @@ -55,6 +55,6 @@ def protected_mode? private def current_username - username_resolver.current + Console1984.supervisor.current_username end end diff --git a/lib/console1984/supervisor.rb b/lib/console1984/supervisor.rb index 7d49459..f3fbcfa 100644 --- a/lib/console1984/supervisor.rb +++ b/lib/console1984/supervisor.rb @@ -35,6 +35,10 @@ def exit_irb IRB.CurrentContext.exit end + def current_username + @current_username ||= username_resolver.current.presence || handle_empty_username + end + private def require_dependencies Kernel.silence_warnings do @@ -61,7 +65,11 @@ def stop_session session_logger.finish_session end - def current_username - username_resolver.current + def handle_empty_username + if Console1984.config.ask_for_username_if_empty + ask_for_value "Please, enter your name:" + else + raise Console1984::Errors::MissingUsername + end end end diff --git a/test/dummy/config/application.rb b/test/dummy/config/application.rb index c250569..2a143a3 100644 --- a/test/dummy/config/application.rb +++ b/test/dummy/config/application.rb @@ -6,6 +6,18 @@ require "console1984" module Dummy + class MutableUsernameEnvResolver + attr_accessor :username + + def initialize(username) + @username = username + end + + def current + "#{username}" + end + end + class Application < Rails::Application # Initialize configuration defaults for originally generated Rails version. config.load_defaults 6.0 @@ -16,6 +28,8 @@ class Application < Rails::Application # the framework and any gems in your application. config.console1984.protected_environments = %i[ production test development ] config.console1984.protected_urls = [ "localhost:#{6379}", "http://elastic:changeme@localhost:39201" ] + config.console1984.ask_for_username_if_empty = true + config.console1984.username_resolver = MutableUsernameEnvResolver.new("jorge") config.active_record.encryption.encrypt_fixtures = true end diff --git a/test/supervisor_test.rb b/test/supervisor_test.rb new file mode 100644 index 0000000..c089da6 --- /dev/null +++ b/test/supervisor_test.rb @@ -0,0 +1,29 @@ +require "test_helper" + +class IncinerationTest < ActiveSupport::TestCase + setup do + @supervisor = Console1984::Supervisor.new + end + + test "raises error when allow_empty_username is false and no username is provided" do + original, Console1984.config.ask_for_username_if_empty = Console1984.config.ask_for_username_if_empty, false + Console1984.username_resolver.username = "" + + assert_raises Console1984::Errors::MissingUsername do + @supervisor.current_username + end + ensure + Console1984.config.ask_for_username_if_empty = original + end + + test "asks for username allow_empty_username is true and no username is provided" do + original, Console1984.config.ask_for_username_if_empty = Console1984.config.ask_for_username_if_empty, true + Console1984.username_resolver.username = "" + + type_when_prompted "Jorge M." do + assert_equal "Jorge M.", @supervisor.current_username + end + ensure + Console1984.config.ask_for_username_if_empty = original + end +end diff --git a/test/support/supervised_test_console.rb b/test/support/supervised_test_console.rb index 6301916..ead395f 100644 --- a/test/support/supervised_test_console.rb +++ b/test/support/supervised_test_console.rb @@ -5,7 +5,7 @@ class SupervisedTestConsole def initialize(reason: "No reason", user: "Not set") @string_io = StringIO.new - ENV["CONSOLE_USER"] = user + Console1984.username_resolver.username = user @context = Context.new IRB.stubs(CurrentContext: @context) @@ -37,7 +37,7 @@ def output private def simulate_evaluation(statement) simulated_console.instance_eval statement - rescue NoMethodError + rescue NoMethodError => e eval(statement) end From a9de3ffa3adb80a856a35323e3bff11c629182a0 Mon Sep 17 00:00:00 2001 From: Jorge Manrubia Date: Fri, 1 Apr 2022 15:46:13 +0200 Subject: [PATCH 2/4] Document the new property --- README.md | 23 ++++++++++++----------- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/README.md b/README.md index b3a69f8..bb960bb 100644 --- a/README.md +++ b/README.md @@ -143,18 +143,19 @@ When starting a console session, `console1984` will eager load all the applicati These config options are namespaced in `config.console1984`: -| Name | Description | -| ------------------------------------------- | ------------------------------------------------------------ | -| `protected_environments` | The list of environments where `console1984` will act on. Defaults to `%i[ production ]`. | -| `protected_urls` | The list of URLs corresponding with external systems to protect. | -| `session_logger` | The system used to record session data. The default logger is `Console1984::SessionsLogger::Database`. | +| Name | Description | +|---------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `protected_environments` | The list of environments where `console1984` will act on. Defaults to `%i[ production ]`. | +| `protected_urls` | The list of URLs corresponding with external systems to protect. | +| `session_logger` | The system used to record session data. The default logger is `Console1984::SessionsLogger::Database`. | | `username_resolver` | Configure how the current user is determined for a given console session. The default is `Console1984::Username::EnvResolver.new("CONSOLE_USER")`, which returns the value of the environment variable `CONSOLE_USER`. | -| `production_data_warning` | The text to show when a console session starts. | -| `enter_unprotected_encryption_mode_warning` | The text to show when user enters into unprotected mode. | -| `enter_protected_mode_warning` | The text to show when user go backs to protected mode. | -| `incinerate` | Whether incinerate sessions automatically after a period of time or not. Default to `true`. | -| `incinerate_after` | The period to keep sessions around before incinerate them. Default `30.days`. | -| `incineration_queue` | The name of the queue for session incineration jobs. Default `console1984_incineration`. | + | `ask_for_username_if_empty` | If `true`, the console will ask for a username if it is empty. If `false`, it will raise an error if no username is set. Defaults to `false`. | +| `production_data_warning` | The text to show when a console session starts. | +| `enter_unprotected_encryption_mode_warning` | The text to show when user enters into unprotected mode. | +| `enter_protected_mode_warning` | The text to show when user go backs to protected mode. | +| `incinerate` | Whether incinerate sessions automatically after a period of time or not. Default to `true`. | +| `incinerate_after` | The period to keep sessions around before incinerate them. Default `30.days`. | +| `incineration_queue` | The name of the queue for session incineration jobs. Default `console1984_incineration`. | ### SSH Config From fa9bce55bea1768d5fff4add21324a2accbbd00f Mon Sep 17 00:00:00 2001 From: Jorge Manrubia Date: Fri, 1 Apr 2022 15:46:25 +0200 Subject: [PATCH 3/4] Bump version --- Gemfile.lock | 2 +- lib/console1984/version.rb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 22f2c2e..362b881 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -10,7 +10,7 @@ GIT PATH remote: . specs: - console1984 (0.1.22) + console1984 (0.1.23) colorize parser diff --git a/lib/console1984/version.rb b/lib/console1984/version.rb index e553294..448719c 100644 --- a/lib/console1984/version.rb +++ b/lib/console1984/version.rb @@ -1,3 +1,3 @@ module Console1984 - VERSION = '0.1.22' + VERSION = '0.1.23' end From 56745be9a551f22d3409e71c5f7ca2356455207f Mon Sep 17 00:00:00 2001 From: Jorge Manrubia Date: Fri, 1 Apr 2022 15:51:28 +0200 Subject: [PATCH 4/4] Update rubocop --- Gemfile.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 362b881..7dc31ca 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -109,8 +109,8 @@ GEM racc (~> 1.4) nokogiri (1.12.5-x86_64-linux) racc (~> 1.4) - parallel (1.21.0) - parser (3.0.3.2) + parallel (1.22.1) + parser (3.1.1.0) ast (~> 2.4.1) pg (1.2.3) racc (1.6.0) @@ -143,21 +143,21 @@ GEM rake (>= 12.2) thor (~> 1.0) zeitwerk (~> 2.5) - rainbow (3.0.0) + rainbow (3.1.1) rake (13.0.6) - regexp_parser (2.2.0) + regexp_parser (2.2.1) rexml (3.2.5) - rubocop (1.23.0) + rubocop (1.26.1) parallel (~> 1.10) - parser (>= 3.0.0.0) + parser (>= 3.1.0.0) rainbow (>= 2.2.2, < 4.0) regexp_parser (>= 1.8, < 3.0) rexml - rubocop-ast (>= 1.12.0, < 2.0) + rubocop-ast (>= 1.16.0, < 2.0) ruby-progressbar (~> 1.7) unicode-display_width (>= 1.4.0, < 3.0) - rubocop-ast (1.15.0) - parser (>= 3.0.1.1) + rubocop-ast (1.16.0) + parser (>= 3.1.1.0) rubocop-minitest (0.17.0) rubocop (>= 0.90, < 2.0) rubocop-packaging (0.5.1)