No commit message

No commit message

src/jflow/parameter.py

@@ -31,7 +31,7 @@ from urllib.parse import urlparse
 import pickle
 
 from jflow.config_reader import JFlowConfigReader
-from jflow.utils import get_octet_string_representation, get_nb_octet, display_error_message
+from jflow.utils import get_octet_string_representation, get_nb_octet, display_error_message, rc4_decrypt
 
 # import custom types and custom formats
 from workflows.types import *
@@ -120,6 +120,9 @@ def regexpfiles(files_pattern):
         raise argparse.ArgumentTypeError("0 file selected by the regexp!")
     return files_pattern
 
+def password(pwd):
+    return rc4_decrypt(pwd)
+
 def create_test_function(itype):
     try:
         ctype, csizel = itype.split(AbstractInputFile.SIZE_LIMIT_SPLITER)    

src/jflow/utils.py

@@ -21,6 +21,7 @@ import smtplib
 import socket
 import math
 import shutil
+import urllib.parse
 
 try:
     import DNS
@@ -29,6 +30,31 @@ except:
     DNS = None
     class ServerError(Exception): pass
 
+def rc4_decrypt(encrypted, akey = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXZY_" ) :
+    def rc4(data, key):
+        S = list(range(256))
+        j = 0
+        out = []
+        
+        #KSA Phase
+        for i in range(256):
+            j = (j + S[i] + ord( key[i % len(key)] )) % 256
+            S[i] , S[j] = S[j] , S[i]
+        
+        #PRGA Phase
+        i = j = 0
+        for char in data:
+            i = ( i + 1 ) % 256
+            j = ( j + S[i] ) % 256
+            S[i] , S[j] = S[j] , S[i]
+            out.append(chr(ord(char) ^ S[(S[i] + S[j]) % 256]))
+            
+        return ''.join(out)
+    
+    encrypted = urllib.parse.unquote(encrypted)
+    return rc4(encrypted, akey)
+
+
 def robust_rmtree(path, logger=None, max_retries=6):
     """Robustly tries to delete paths.
     Retries several times (with increasing delays) if an OSError

src/js/jflow-wfform.js

@@ -49,6 +49,35 @@ var getDate = function( value, format ) {
 	return cdate;
 }
 
+var rc4_encrypt = function(data){
+    var rc4 = function (str, key) {
+        var s = [], j = 0, x, res = '';
+        for (var i = 0; i < 256; i++) {
+            s[i] = i;
+        }
+        for (i = 0; i < 256; i++) {
+            j = (j + s[i] + key.charCodeAt(i % key.length)) % 256;
+            x = s[i];
+            s[i] = s[j];
+            s[j] = x;
+        }
+        i = 0;
+        j = 0;
+        for (var y = 0; y < str.length; y++) {
+            i = (i + 1) % 256;
+            j = (j + s[i]) % 256;
+            x = s[i];
+            s[i] = s[j];
+            s[j] = x;
+            res += String.fromCharCode(str.charCodeAt(y) ^ s[(s[i] + s[j]) % 256]);
+        }
+        return res;
+    }
+    return encodeURIComponent(rc4(data, "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXZY_")).replace(/\(/g, "%28").replace(/\)/g, "%29");
+}
+
+
+
 /**
  * Checks if the input or at least one input in the element is set.
  * @param {jquery object} $element The DOM element checked.
@@ -369,6 +398,31 @@ Handsontable.cellTypes["bootdate"] = Handsontable.BootstrapDateCell;
 				$(":checkbox").each(function(){
 					if ($(this).prop('checked')) { $(this).val(true); }
 				})
+				// encode password values
+				$.each($this.workflow.parameters, function(_, parameter){
+					
+					// multiple
+					if ( parameter.hasOwnProperty('sub_parameters')){
+						$.each(parameter.sub_parameters, function(__, subparameter){
+							if ( subparameter.type == "password"){
+								var oldval = $('#'+subparameter.name).val();
+								if (oldval != ""){
+									 $('#'+subparameter.name).val(rc4_encrypt(oldval));
+								}
+							}
+						});
+					}
+					// simple
+					else {
+						if ( parameter.type == "password"){
+							var oldval = $('#'+parameter.name).val();
+							if (oldval != ""){
+								 $('#'+parameter.name).val(rc4_encrypt(oldval));
+							}
+						}
+					}
+				});
+				
 				// then send data
 				var params = "",
 					hash_param = {};
@@ -609,6 +663,7 @@ Handsontable.cellTypes["bootdate"] = Handsontable.BootstrapDateCell;
 							browsefileTemplate: $this.options.browsefileTemplate,
 							regexpfilesTemplate: $this.options.regexpfilesTemplate,
 							booleanTemplate: $this.options.booleanTemplate,
+							passwordTemplate: $this.options.passwordTemplate,
 							textTemplate: $this.options.textTemplate
 						}
 					}
@@ -1093,7 +1148,7 @@ Handsontable.cellTypes["bootdate"] = Handsontable.BootstrapDateCell;
 			var size = param.type.split(SIZE_LIMIT_SPLITER)[1];
 			crule["maxfilesize"] = [this.getNbOctet(size), size];
 		// if it is not a known type, check from the custom ones, using the validate_field address
-		} else if (param.type != "str") {
+		} else if (param.type != "str" && param.type != "password" ) {
 			crule["remote"] = {
     			url: server_url + '/validate_field?callback=?',
     			type: "post",
@@ -1125,6 +1180,8 @@ Handsontable.cellTypes["bootdate"] = Handsontable.BootstrapDateCell;
 			return "dateTemplate" ;
 		} else if( 	param.type == "bool" ){
 			return "booleanTemplate" ;
+		} else if( 	param.type == "password" ){
+			return "passwordTemplate" ;
 		} else if( param.type.indexOf("inputfile") === 0 ){
 			return "inputfileTemplate" ;
 		} else if( 	param.type.indexOf("browsefile") === 0 ){
@@ -1403,6 +1460,11 @@ Handsontable.cellTypes["bootdate"] = Handsontable.BootstrapDateCell;
 			'  {{/if}}',
 			'</div>'
 		].join('\n'),
+		passwordTemplate:[
+			'<div>',
+			'    <input id="${param.name}" name="${param.name}" value="${param.default}" class="form-control" type="password">',
+			'</div>'             
+		].join('\n'),
 		progressTemplate: ['<dl class="dl-horizontal">',
    		    '<div class="container-fluid"><div class="row"><div class="col-md-1 col-md-offset-2"><div class="inline floatingBarsG">',
             '<div class="blockG" id="rotateG_01"></div>',