Closed adrianluisgonzalez closed 11 years ago
The problem is the settings are internally stored in an immutable map which makes it difficult to modify values before they are persisted. One option would be to schedule a handler to reload the settings and save them encrypted after a short delay.
RepositoryHookResource.java
@PUT
@Path("{hookKey}/settings")
public Response setSettings(
@Context Repository repository,
@PathParam("hookKey") String hookKey,
Map<String, Object> rawSettings) throws IOException {
Settings settings = createSettings(rawSettings);
settings = repositoryHookService.setSettings(repository, hookKey, settings);
return ResponseFactory
.ok(settings.asMap())
.build();
}
DefaultRepositoryHookService.java
public Settings setSettings(@Nonnull Repository repository, @Nonnull String hookKey, @Nonnull Settings settings) throws FormValidationException {
checkNotNull(settings, "settings");
return repositorySettingsService.save(repository, hookKey, settings);
}
DefaultRepositorySettingService.java
public Settings save(@Nonnull Repository repository, @Nonnull String moduleKey, @Nonnull Settings settings) throws FormValidationException {
checkNotNull(repository, "repository");
checkNotNull(moduleKey, "moduleKey");
checkNotNull(settings, "settings");
ModuleDescriptor<?> enabledPluginModule = pluginAccessor.getEnabledPluginModule(moduleKey);
Preconditions.checkArgument(enabledPluginModule instanceof ValidatorModuleDescriptor,
"Module '" + moduleKey + "' does not implement ValidatorModuleDescriptor");
ValidatorModuleDescriptor<?> moduleDescriptor = (ValidatorModuleDescriptor<?>) enabledPluginModule;
validate(moduleDescriptor.getValidator(), repository, settings);
save(convertToInternalRepository(repository), moduleKey, serialize(settings));
return settings;
}
private void validate(RepositorySettingsValidator validator, Repository repository, Settings settings) throws FormValidationException {
if (validator != null) {
Errors errors = new SettingsErrors(settings);
validator.validate(settings, new SettingsValidationErrorsImpl(errors), repository);
if (errors.hasErrors()) {
throw new FormValidationException(i18nService.getKeyedText("stash.repository.setting.validation.error", "Validation errors occurred when saving settings"), new ErrorsWrapper(errors));
}
}
}
The RepositorySettingsValidator validate method does not allow modifying the settings.
Password should not be returned to the client in clear text json