Commit bafb8279 authored by Ibouniyamine Nabihoudine's avatar Ibouniyamine Nabihoudine
Browse files

No commit message

No commit message
parent 60d8212c
This diff is collapsed.
......@@ -31,7 +31,7 @@ from urllib.parse import urlparse
import pickle
from jflow.config_reader import JFlowConfigReader
from jflow.utils import get_octet_string_representation, get_nb_octet, display_error_message, rc4_decrypt
from jflow.utils import get_octet_string_representation, get_nb_octet, display_error_message, encrypt, decrypt
# import custom types and custom formats
from workflows.types import *
......@@ -121,7 +121,7 @@ def regexpfiles(files_pattern):
return files_pattern
def password(pwd):
return rc4_decrypt(pwd)
return pwd
def create_test_function(itype):
try:
......@@ -515,6 +515,8 @@ class ParameterFactory(object):
return FloatParameter( *args, **kwargs )
elif kwargs["type"] == "date" or kwargs["type"] == date:
return DateParameter( *args, **kwargs )
elif kwargs["type"] == "password" or kwargs["type"] == password:
return PasswordParameter( *args, **kwargs )
else:
return StrParameter( *args, **kwargs )
......@@ -733,6 +735,16 @@ class StrParameter(str, AbstractParameter):
else:
return (True if str(self) else False)
class PasswordParameter(StrParameter):
def __new__(self, name, help, default=None, type="password", choices=None, required=False,
flag=None, sub_parameters=None, group="default", display_name=None, cmd_format="", argpos=-1):
return StrParameter.__new__(self, name, help, flag=flag, default=default, type=type, choices=choices,
required=required, group=group, display_name=display_name, cmd_format=cmd_format, argpos=argpos)
def __init__(self, name, help, default=None, type="password", choices=None, required=False,
flag=None, sub_parameters=None, group="default", display_name=None, cmd_format="", argpos=-1):
StrParameter.__init__(self, name, help, flag=flag, default=default, type=type, choices=choices, required=required,
sub_parameters=sub_parameters, group=group, display_name=display_name, cmd_format=cmd_format, argpos=argpos)
class DateParameter(datetime.datetime, AbstractParameter):
......
......@@ -31,11 +31,11 @@ from argparse import ArgumentTypeError
from .workflows_manager import WorkflowsManager
from .config_reader import JFlowConfigReader
from .workflow import Workflow
from .parameter import browsefile, localfile, urlfile, inputfile, create_test_function, MiltipleAction, MiltipleAppendAction, MultipleParameters
from .parameter import password, browsefile, localfile, urlfile, inputfile, create_test_function, MiltipleAction, MiltipleAppendAction, MultipleParameters, MultiParameter
from workflows.types import *
from . import utils
from cctools.util import time_format
from .utils import get_octet_string_representation
from .utils import get_octet_string_representation, rc4_decrypt
# function in charge to upload large files
class UploadFieldStorage(cgi.FieldStorage):
......@@ -302,6 +302,18 @@ class JFlowServer (object):
@jsonify
def run_workflow(self, **kwargs):
try:
# get parameters types for password decryption
instance = self.wfmanager.get_workflow_by_class(kwargs["workflow_class"])
parameters_types = {}
instance_parameters = instance.get_parameters()
for param in instance_parameters :
# handle only multiparameter, password cannot be in handsontable
if param.__class__ == MultiParameter:
for sub_param in param.sub_parameters :
parameters_types[sub_param.name] = sub_param.type
else:
parameters_types[param.name] = param.type
kwargs_modified = {}
# handle MultiParameterList
......@@ -325,9 +337,15 @@ class JFlowServer (object):
new_values = new_values[0]
# if this is a classic Parameter
if len(parts) == 1:
# password decrypt
if key in parameters_types and (parameters_types[key] == "password" or parameters_types[key] == password):
new_values = rc4_decrypt(new_values)
kwargs_modified[key] = new_values
# if this is a MultiParameter
elif len(parts) == 2:
# password decrypt
if parts[1] in parameters_types and ( parameters_types[parts[1]] == "password" or parameters_types[parts[1]] == password):
new_values = rc4_decrypt(new_values)
if parts[0] in kwargs_modified:
kwargs_modified[parts[0]].append((parts[1], new_values))
else:
......
......@@ -22,6 +22,9 @@ import socket
import math
import shutil
import urllib.parse
import random
import base64
from hashlib import sha1
try:
import DNS
......@@ -30,29 +33,45 @@ except:
DNS = None
class ServerError(Exception): pass
def rc4_decrypt(encrypted, akey = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXZY_" ) :
def rc4(data, key):
S = list(range(256))
j = 0
out = []
#KSA Phase
for i in range(256):
j = (j + S[i] + ord( key[i % len(key)] )) % 256
S[i] , S[j] = S[j] , S[i]
#PRGA Phase
i = j = 0
for char in data:
i = ( i + 1 ) % 256
j = ( j + S[i] ) % 256
S[i] , S[j] = S[j] , S[i]
out.append(chr(ord(char) ^ S[(S[i] + S[j]) % 256]))
return ''.join(out)
def __rc4(data, key = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXZY_" ):
S = list(range(256))
j = 0
out = []
#KSA Phase
for i in range(256):
j = (j + S[i] + ord( key[i % len(key)] )) % 256
S[i] , S[j] = S[j] , S[i]
#PRGA Phase
i = j = 0
for char in data:
i = ( i + 1 ) % 256
j = ( j + S[i] ) % 256
S[i] , S[j] = S[j] , S[i]
out.append(chr(ord(char) ^ S[(S[i] + S[j]) % 256]))
return ''.join(out)
# only used to decrypt from server which is rc4 encrypted
def rc4_decrypt(encrypted) :
encrypted = urllib.parse.unquote(encrypted)
return rc4(encrypted, akey)
return __rc4(encrypted)
# encrypt with salt (command line)
def encrypt(data, key="anything", salt_length=16):
"""RC4 encryption with random salt and final encoding"""
salt = ''
for n in range(salt_length):
salt += chr(random.randrange(256))
data = salt + __rc4(data, sha1((key + salt).encode()).hexdigest())
return base64.b64encode(data.encode()).decode()
def decrypt(data, key="anything", salt_length=16):
"""RC4 decryption of encoded data"""
data = base64.b64decode(data.encode()).decode()
salt = data[:salt_length]
return __rc4(data[salt_length:], sha1((key + salt).encode()).hexdigest())
def robust_rmtree(path, logger=None, max_retries=6):
......
......@@ -307,7 +307,7 @@ class Workflow(threading.Thread):
else:
value = None
# Set new parameter
if parameter.__class__ in [StrParameter, IntParameter, FloatParameter, BoolParameter, DateParameter]:
if parameter.__class__ in [StrParameter, IntParameter, FloatParameter, BoolParameter, DateParameter, PasswordParameter]:
if value == "" and parameter.__class__ in [IntParameter, FloatParameter, BoolParameter, DateParameter] : value = None # from GUI
new_param = ParameterFactory.factory( parameter.name, parameter.help, default=value, type=parameter.type, choices=parameter.choices,
required=parameter.required, flag=parameter.flag, group=parameter.group,
......
......@@ -398,30 +398,6 @@ Handsontable.cellTypes["bootdate"] = Handsontable.BootstrapDateCell;
$(":checkbox").each(function(){
if ($(this).prop('checked')) { $(this).val(true); }
})
// encode password values
$.each($this.workflow.parameters, function(_, parameter){
// multiple
if ( parameter.hasOwnProperty('sub_parameters')){
$.each(parameter.sub_parameters, function(__, subparameter){
if ( subparameter.type == "password"){
var oldval = $('#'+subparameter.name).val();
if (oldval != ""){
$('#'+subparameter.name).val(rc4_encrypt(oldval));
}
}
});
}
// simple
else {
if ( parameter.type == "password"){
var oldval = $('#'+parameter.name).val();
if (oldval != ""){
$('#'+parameter.name).val(rc4_encrypt(oldval));
}
}
}
});
// then send data
var params = "",
......@@ -458,9 +434,29 @@ Handsontable.cellTypes["bootdate"] = Handsontable.BootstrapDateCell;
});
var parametersDescription = {};
$.each($this.workflow.parameters, function(__, parameter){
// multi parameter
if ( parameter.hasOwnProperty('sub_parameters')){
$.each(parameter.sub_parameters, function(___, subparameter){
parametersDescription[subparameter.name] = subparameter ;
});
}
// simple
else {
parametersDescription[parameter.name] = parameter ;
}
});
// when serializing, multiple data are repeated, so build a hash to gather values from the same parameter
$.each ( $('#workflow_form').serializeArray(), function(_, kv) {
if ($('#'+kv.name).is(":visible") || !$('#content_'+kv.name).hasClass("hidden-exclude")) { // visible or not exists content_NAME or content_NAME hasn't the hidden-exclude class
if (kv.value != ""){
if (parametersDescription.hasOwnProperty(kv.name) && parametersDescription[kv.name].type == "password"){
kv.value = rc4_encrypt(kv.value)
}
}
if (hash_param.hasOwnProperty(kv.name)) {
hash_param[kv.name].push(kv.value);
} else if( kv.value != "" ) { //Empty are not sended
......
This diff is collapsed.
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment