iBridges-for-iRODS / iBridges-GUI

A graphical user interface to iRODS employing the iBridges python package.
https://ibridges-for-irods.github.io/iBridges-GUI/
GNU General Public License v3.0
16 stars 10 forks source link

Securing the obfuscated password file/folder #282

Closed joergsteinkamp closed 3 weeks ago

joergsteinkamp commented 3 weeks ago

Dear all, Nice and usefull tool. The obfuscated password needs a better protection in my opinion. I inserted two possibilities, how to create either a folder with permission (700) or a file with (600). Nevertheless, I don't know how this would translate inti the Windows world. See also Stackoverflow where I got the code snippet from: https://stackoverflow.com/questions/36745577/how-do-you-create-in-python-a-file-with-permissions-other-users-can-write Kind regards, Jörg

chStaiger commented 3 weeks ago

Thank you for the code contribution, it is. indeed very useful. We will test whether it will also work in our windows environments. And we will also adjust the iBridges CLI in our API package accordingly.

chStaiger commented 3 weeks ago

@joergsteinkamp I started our linting and it finds some python errors. E.g. the os module is not imported etc. Could you have a look at this please?

chStaiger commented 3 weeks ago

Thanks for the update. Unfortunately the linters are still complaining. You can check it yourself locally with

ruff ibridgesgui
pylint ibridgesgui
joergsteinkamp commented 3 weeks ago

Sorry, I missed inserting the 'import os' in login.py in my github repo. It's now in there. Also the docstring in imperative: 'Creates' and 'Creating' was not accepted.

chStaiger commented 3 weeks ago

Thank you for the update. I tested your new feature on Mac, but I run into an error:

ERROR:ibridges-gui:Failed to login: TypeError("'str' object cannot be interpreted as an integer")
Traceback (most recent call last):
  File "/Users/user/test-git/iBridges-GUI/ibridgesgui/login.py", line 113, in login_function
    with open(IRODSA, "w",  encoding="utf-8", opener=strictwrite) as f:
         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/Users/user/test-git/iBridges-GUI/ibridgesgui/login.py", line 29, in strictwrite
    return os.open(path, flags, mode)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^
TypeError: 'str' object cannot be interpreted as an integer
chStaiger commented 3 weeks ago

Thanks for the update. I tried the new feature on Mac but I run into this error:

ERROR:ibridges-gui:Failed to login: TypeError("'str' object cannot be interpreted as an integer")
Traceback (most recent call last):
  File "/Users/user/test-git/iBridges-GUI/ibridgesgui/login.py", line 113, in login_function
    with open(IRODSA, "w",  encoding="utf-8", opener=strictwrite) as f:
         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/Users/user/test-git/iBridges-GUI/ibridgesgui/login.py", line 29, in strictwrite
    return os.open(path, flags, mode)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^
TypeError: 'str' object cannot be interpreted as an integer

I also receive that error on Windows.

It might also be nice to have a unit test for this function. Would you like to write that test or would you like us to do it?

joergsteinkamp commented 3 weeks ago

Ok, on Linux I had trouble with integers looking like permissions, the mode was more readable for me in the octal version. 511 is 0o777 in octal, which is the default and would give the default as access rights. 0o600 would be 384 and 0o700 448, respectiively. Use print(0o700) to convert it to integers and oct(511) vice versa.

chStaiger commented 3 weeks ago

I found it!!! The mode must NOT be passed as string. If strictwrite is defined like this:

def strictwrite(path, flags, mode=0o600):

It works also on MAC.