cloudstack-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CLOUDSTACK-9099) SecretKey is returned from the APIs
Date Fri, 04 Dec 2015 05:01:10 GMT

    [ https://issues.apache.org/jira/browse/CLOUDSTACK-9099?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15039748#comment-15039748
] 

ASF GitHub Bot commented on CLOUDSTACK-9099:
--------------------------------------------

Github user jburwell commented on a diff in the pull request:

    https://github.com/apache/cloudstack/pull/1152#discussion_r46649429
  
    --- Diff: api/src/org/apache/cloudstack/api/command/admin/user/ListKeysCmd.java ---
    @@ -0,0 +1,72 @@
    +// Licensed to the Apache Software Foundation (ASF) under one
    +// or more contributor license agreements.  See the NOTICE file
    +// distributed with this work for additional information
    +// regarding copyright ownership.  The ASF licenses this file
    +// to you under the Apache License, Version 2.0 (the
    +// "License"); you may not use this file except in compliance
    +// with the License.  You may obtain a copy of the License at
    +//
    +//   http://www.apache.org/licenses/LICENSE-2.0
    +//
    +// Unless required by applicable law or agreed to in writing,
    +// software distributed under the License is distributed on an
    +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
    +// KIND, either express or implied.  See the License for the
    +// specific language governing permissions and limitations
    +// under the License.
    +
    +package org.apache.cloudstack.api.command.admin.user;
    +
    +
    +import com.cloud.user.Account;
    +import com.cloud.user.User;
    +import org.apache.cloudstack.api.APICommand;
    +import org.apache.cloudstack.api.ApiConstants;
    +import org.apache.cloudstack.api.BaseCmd;
    +import org.apache.cloudstack.api.Parameter;
    +import org.apache.cloudstack.api.response.RegisterResponse;
    +import org.apache.cloudstack.api.response.UserResponse;
    +
    +import java.util.logging.Logger;
    +
    +@APICommand(name = "listUserKeys",
    +            description = "This command allows the user to query the seceret and API
keys for the account",
    +            responseObject = RegisterResponse.class,
    +            requestHasSensitiveInfo = false,
    +            responseHasSensitiveInfo = true)
    +
    +public class ListKeysCmd extends BaseCmd{
    +
    +    @Parameter(name= ApiConstants.ID, type = CommandType.UUID, entityType = UserResponse.class,
required = true, description = "ID of the user whose keys are required")
    +    private Long id;
    +
    +    public static final Logger s_logger = Logger.getLogger(RegisterCmd.class.getName());
    +    public static final String s_name = "listuserkeysresponse";
    +
    +    public Long getID(){
    +        return id;
    +    }
    +
    +    public String getCommandName(){
    +        return s_name;
    +    }
    +
    +    public long getEntityOwnerId(){
    +        User user = _entityMgr.findById(User.class, getID());
    +        if(user != null){
    +            return user.getAccountId();
    +        }
    +        else return Account.ACCOUNT_ID_SYSTEM;
    +    }
    +    public void execute(){
    +        String[] keys = _accountService.getKeys(this);
    +        RegisterResponse response = new RegisterResponse();
    +        if(keys != null){
    --- End diff --
    
    Add an check before setting the keys to check that ``keys`` has a length = 2 to avoid
an ``ArrayIndexOutOfBoundsException``.  If the length is not equal to 2, throw an ``IllegalStateException``.


> SecretKey is returned from the APIs
> -----------------------------------
>
>                 Key: CLOUDSTACK-9099
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-9099
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the default.) 
>            Reporter: Kshitij Kansal
>            Assignee: Kshitij Kansal
>
> The sercreKey parameter is returned from the following APIs:
> createAccount
> createUser
> disableAccount
> disableUser
> enableAccount
> enableUser
> listAccounts
> listUsers
> lockAccount
> lockUser
> registerUserKeys
> updateAccount
> updateUser



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message