Development (#55)

* added validation of encryption key length (#49)

* Update pt-BR.yml (#50)

* Update pt-BR.yml

* New import feature: update existing keys by name instead of create new ones (and double it) (#53)

* Windows specific bugs (#52)

* Temporary file should be closed before opening as zip archive, otherwise EAccess Permission Denied will be raised
* Content of zip archive should be read as binary before sending as response or it will be corrupted

* Add group support in whitelist (#51)

* Check if current user linked to group with whitelist

* Update select to show groups and list first them before users

* set new version

* #54

* change code formating

* #47

* added French
added Japanese

* fix tests

* update travis

* fix

* set 2.3.3

Co-authored-by: Leandro Gehlen <leandrogehlen@gmail.com>
Co-authored-by: oivanenko <oivanenko@gmail.com>
Co-authored-by: AizeLeOuf <florent.coquil@gmail.com>

Author: 4 people

.travis-database.yml

@@ -0,0 +1,3 @@
+test:
+  adapter: sqlite3
+  database: db/redmine_test.sqlite3

.travis-init.sh

@@ -0,0 +1,115 @@
+#/bin/bash
+
+if [[ ! "$WORKSPACE" = /* ]] ||
+   [[ ! "$PATH_TO_PLUGIN" = /* ]] ||
+   [[ ! "$PATH_TO_REDMINE" = /* ]];
+then
+  echo "You should set"\
+       " WORKSPACE, PATH_TO_PLUGIN, PATH_TO_REDMINE"\
+       " environment variables"
+  echo "You set:"\
+       "$WORKSPACE"\
+       "$PATH_TO_PLUGIN"\
+       "$PATH_TO_REDMINE"
+  exit 1;
+fi
+
+case $REDMINE_VERSION in
+  1.4.*)  export PATH_TO_PLUGINS=./vendor/plugins # for redmine < 2.0
+          export GENERATE_SECRET=generate_session_store
+          export MIGRATE_PLUGINS=db:migrate_plugins
+          export REDMINE_TARBALL=https://github.com/redmine/redmine/archive/$REDMINE_VERSION.tar.gz
+          ;;
+  2.* | 3.*)  export PATH_TO_PLUGINS=./plugins # for redmine 2.x and 3.x
+          export GENERATE_SECRET=generate_secret_token
+          export MIGRATE_PLUGINS=redmine:plugins:migrate
+          export REDMINE_TARBALL=https://github.com/redmine/redmine/archive/$REDMINE_VERSION.tar.gz
+          ;;
+  master) export PATH_TO_PLUGINS=./plugins
+          export GENERATE_SECRET=generate_secret_token
+          export MIGRATE_PLUGINS=redmine:plugins:migrate
+          export REDMINE_GIT_REPO=https://github.com/redmine/redmine.git
+          export REDMINE_GIT_TAG=master
+          ;;
+  *)      echo "Unsupported platform $REDMINE_VERSION"
+          exit 1
+          ;;
+esac
+
+export BUNDLE_GEMFILE=$PATH_TO_REDMINE/Gemfile
+
+clone_redmine() {
+  set -e # exit if clone fails
+  rm -rf $PATH_TO_REDMINE
+  if [ ! "$VERBOSE" = "yes" ]; then
+    QUIET=--quiet
+  fi
+  if [ -n "${REDMINE_GIT_TAG}" ]; then
+    git clone -b $REDMINE_GIT_TAG --depth=100 $QUIET $REDMINE_GIT_REPO $PATH_TO_REDMINE
+    cd $PATH_TO_REDMINE
+    git checkout $REDMINE_GIT_TAG
+  else
+    mkdir -p $PATH_TO_REDMINE
+    wget $REDMINE_TARBALL -O- | tar -C $PATH_TO_REDMINE -xz --strip=1 --show-transformed -f -
+  fi
+}
+
+run_tests() {
+  # exit if tests fail
+  set -e
+
+  cd $PATH_TO_REDMINE
+
+  if [ "$VERBOSE" = "yes" ]; then
+    TRACE=--trace
+  fi
+
+  script -e -c "bundle exec rake redmine:plugins:test NAME="$PLUGIN $VERBOSE
+}
+
+uninstall() {
+  set -e # exit if migrate fails
+  cd $PATH_TO_REDMINE
+  # clean up database
+  if [ "$VERBOSE" = "yes" ]; then
+    TRACE=--trace
+  fi
+  bundle exec rake $TRACE $MIGRATE_PLUGINS NAME=$PLUGIN VERSION=0
+}
+
+run_install() {
+  # exit if install fails
+  set -e
+
+  # cd to redmine folder
+  cd $PATH_TO_REDMINE
+
+  # create a link to the plugin, but avoid recursive link.
+  if [ -L "$PATH_TO_PLUGINS/$PLUGIN" ]; then rm "$PATH_TO_PLUGINS/$PLUGIN"; fi
+  ln -s "$PATH_TO_PLUGIN" "$PATH_TO_PLUGINS/$PLUGIN"
+
+  if [ "$VERBOSE" = "yes" ]; then
+    export TRACE=--trace
+  fi
+
+  cp $PATH_TO_PLUGINS/$PLUGIN/.travis-database.yml config/database.yml
+
+  # install gems
+  mkdir -p vendor/bundle
+  bundle install --path vendor/bundle
+
+  bundle exec rake db:migrate $TRACE
+  bundle exec rake redmine:load_default_data REDMINE_LANG=en $TRACE
+  bundle exec rake $GENERATE_SECRET $TRACE
+  bundle exec rake $MIGRATE_PLUGINS $TRACE
+}
+
+while getopts :irtu opt
+do case "$opt" in
+  r)  clone_redmine; exit 0;;
+  i)  run_install;  exit 0;;
+  t)  run_tests $2;  exit 0;;
+  u)  uninstall;  exit 0;;
+  [?]) echo "i: install; r: clone redmine; t: run tests; u: uninstall";;
+  esac
+done

.travis.yml

@@ -1,6 +1,18 @@
 language: ruby
 rvm:
   - 2.3.3
-install: gem install rubocop
+branches:
+  only:
+    - testing
+env:
+  - REDMINE_VERSION=4.0.6 VERBOSE=yes
 script:
-  - rubocop 
+  - export PLUGIN=vault
+  - export WORKSPACE=$(pwd)/workspace
+  - export PATH_TO_PLUGIN=$(pwd)
+  - export PATH_TO_REDMINE=$WORKSPACE/redmine
+  - mkdir $WORKSPACE
+  - bash -x ./.travis-init.sh -r || exit 1
+  - bash -x ./.travis-init.sh -i || exit 1
+  - bash -x ./.travis-init.sh -t || exit 1
+  - bash -x ./.travis-init.sh -u || exit 1

app/controllers/keys_controller.rb

@@ -5,6 +5,7 @@ class KeysController < ApplicationController
   before_action :authorize
   before_action :find_key, only: [ :show, :edit, :update, :destroy, :copy ]
   before_action :find_keys, only: [ :context_menu ]
+  accept_api_auth :index, :show
 
   helper :sort
   include SortHelper
@@ -64,6 +65,12 @@ def index
     end
 
     @keys.map(&:decrypt!)
+
+    respond_to do |format|
+      format.html
+      format.pdf
+      format.json { render json: @keys }
+    end
   end
 
   def new

app/controllers/vault_settings_controller.rb

@@ -13,6 +13,11 @@ def index
   end
 
   def save
+    if params[:settings][:encryption_key].length < 16
+      redirect_to '/vault_settings', :flash => { :error =>  t('error.key.length') }
+      return
+    end
+
     Setting.send "plugin_vault=", params[:settings]
     redirect_to '/vault_settings', notice: t('notice.settings.saved')
   end
@@ -43,14 +48,16 @@ def backup
 
     fname = "backup.zip"
     temp_file = Tempfile.new(fname)
+    tmp_fname = temp_file.path
+    temp_file.close
 
-    Zip::File.open(temp_file.path, Zip::File::CREATE) do |zip_file|
+    Zip::File.open(tmp_fname, Zip::File::CREATE) do |zip_file|
       zip_file.file.open('keys.csv', 'w') { |f1| f1 << @csv_string }
       zip_file.file.open('tags.csv', 'w') { |f2| f2 << @csv_tag_string }
       zip_file.file.open('keys_tags.csv', 'w') { |f3| f3 << @csv_tag_keys_string }
     end
 
-    zip_data = File.read(temp_file.path)
+    zip_data = IO.binread(tmp_fname)
 
     send_data zip_data,
               :type => 'application/zip',
@@ -96,4 +103,4 @@ def restore
     redirect_to '/vault_settings', notice: t('notice.settings.keys_restore')
   end
 
-end
+end

app/models/vault/key.rb

@@ -25,27 +25,52 @@ def self.import(file)
       CSV.foreach(file.path, headers:true) do |row|
         rhash = row.to_hash
 
-        decryptb = Encryptor::decrypt(rhash['body'])
-        begin
-          Vault::Key.create(
-              project_id: rhash['project_id'],
-              name: rhash['name'],
-              body: decryptb,
-              login: rhash['login'],
-              type: rhash['type'],
-              file: rhash['file'],
-              url: rhash['url'],
-              comment: rhash['comment'],
-              whitelist: rhash['comment']
-          ).update_column(:id, rhash['id'])
-        rescue
-
-        end
+				decryptb = Encryptor::decrypt(rhash['body'])
+
+				key = Vault::Key.where("name = ?", rhash['name']).first
+		
+				unless key
+					begin
+						Vault::Key.create(
+							project_id: rhash['project_id'],
+							name: rhash['name'],
+							body: decryptb,
+							login: rhash['login'],
+							type: rhash['type'],
+							file: rhash['file'],
+							url: rhash['url'],
+							comment: rhash['comment'],
+							whitelist: rhash['comment']
+						).update_column(:id, rhash['id'])
+					rescue
+
+					end
+				else
+					begin
+						Vault::Key.update(
+						key.id,
+						project_id: rhash['project_id'],
+						name: rhash['name'],
+						body: decryptb,
+						login: rhash['login'],
+						type: rhash['type'],
+						file: rhash['file'],
+						url: rhash['url'],
+						comment: rhash['comment'],
+						whitelist: rhash['comment']
+						)
+					rescue
+
+					end
+				end
       end
     end
 
     def whitelisted?(user,project)
       return true if user.current.admin or !user.current.allowed_to?(:whitelist_keys, project)
+      self.whitelist.split(",").each do |id|
+        return true if User.in_group(id).where(:id => user.current.id).count == 1
+      end
       return self.whitelist.split(",").include?(user.current.id.to_s)
     end
 
@@ -54,4 +79,4 @@ def whitelisted?(user,project)
   class Vault::KeysVaultTags < ActiveRecord::Base
   end
 
-end
+end

app/views/keys/_form.html.erb

@@ -50,7 +50,9 @@
 
     <% if User.current.allowed_to?(:manage_whitelist_keys, @project) %>
       <%  whitelisted = @key.whitelist.split(",") %>
- 			<%  all_users = @project.memberships.active.where(:users => {:type => 'User'}).sort.map {|u| [u.principal, u.principal.id.to_s]} %>
+        <%  all_users = @project.memberships.active.where(:users => {:type => 'User'}).sort.map {|u| [u.principal, u.principal.id.to_s]} %>
+        <%  all_groups = @project.memberships.active.where(:users => {:type => 'Group'}).sort.map {|u| [u.principal, u.principal.id.to_s]} %>
+        <%  all_users = all_groups|all_users %>
       <div id="vault_whitelist">
         <%= f.label t('key.attr.whitelist') ,class: "whitelist_users"%>
 

app/views/keys/index.html.erb

@@ -2,9 +2,7 @@
   <%= stylesheet_link_tag "font-awesome.css", :plugin => "vault" %>
   <%= stylesheet_link_tag "font-awesome.min.css", :plugin => "vault" %>
   <%= javascript_include_tag 'vault', :plugin => 'vault' %>
-
-  
-  <% end %>
+<% end %>
 
 <div class="contextual">
  <%= link_to t('key.btn.new'), new_project_key_path(@project), class: 'icon icon-add' if User.current.allowed_to?(:view_keys, @project) if User.current.allowed_to?(:edit_keys, @project) %>

app/views/keys/show.html.erb

@@ -1,3 +1,9 @@
+<% content_for :header_tags do %>
+  <%= stylesheet_link_tag "font-awesome.css", :plugin => "vault" %>
+  <%= stylesheet_link_tag "font-awesome.min.css", :plugin => "vault" %>
+  <%= javascript_include_tag 'vault', :plugin => 'vault' %>
+<% end %>
+
 <h1> <%= t('key.title.show') %> </h1>
 
 <%= render @key %>

app/views/vault_settings/index.html.erb

@@ -4,8 +4,6 @@
     <%= stylesheet_link_tag "font-awesome.css", :plugin => "vault" %>
     <%= stylesheet_link_tag "font-awesome.min.css", :plugin => "vault" %>
     <%= javascript_include_tag 'vault', :plugin => 'vault' %>
-
-
 <% end %>
 
 <div id="settings">

assets/images/locked.png

@@ -1,19 +1,33 @@
 $(function () {
-	
+
 	function copyToClipboard( elementId ) {
-	    var $temp = $( "<input>" ).val( $( "#" + elementId ).text() );
-	    $( "body" ).append($temp);
-	    $temp.select();
-	    document.execCommand("copy");
-	    $temp.remove();
+		var $temp = $( "<input>" ).val( $( "#" + elementId ).text() );
+		$( "body" ).append($temp);
+		$temp.select();
+		document.execCommand("copy");
+		$temp.remove();
 	}
 
 	$("a.copy-key").click(function () {
-	  copyToClipboard($(this).data('clipboard-target'));
+		copyToClipboard($(this).data('clipboard-target'));
 	});
 
 	// toggle label display between actual passwords and *****
-    $('td.key-password-column label').click(function () {
+	/*$('td.key-password-column label').click(function () {
       $(this).parents("td:first").find('label').toggle();
-    });
+    });*/
+	$('label[id*="plain_pass"]').click(function () {
+		exchangePassword($(this));
+	});
+
+	$('label[id*="plain_pass"]').each(function(){
+		$(this).prev().click(function(){
+			exchangePassword($(this).next());
+		});
+	});
+
+	function exchangePassword(hiddenLabel){
+		hiddenLabel.toggle();
+		hiddenLabel.prev().toggle();
+	}
 });

assets/javascripts/vault.js

@@ -2,7 +2,8 @@
 
 #keys_table a.keys-actions:hover, a.keys-actions:active { color: #c61a1a; text-decoration: none; cursor: pointer; font-size: 120%; }
 #tags-list { -webkit-column-count: 3; -moz-column-count: 3; column-count: 3; }
-#admin-menu a.vault { background-image: url("/images/locked.png"); }
+
+.vault { background-image: url("../images/locked.png"); }
 
 #vault_context_menu li.conext_menu { color: #888; text-decoration: none; font-size: 100%; padding: 0; cursor: pointer; }
 #vault_context_menu a.conext_menu { color: #888; text-decoration: none; font-size: 100%; padding: 0; }

assets/stylesheets/vault.css

@@ -89,4 +89,5 @@ en:
   error:
     key:
       not_set: "The encryption key is not set in the settings"
-      not_whitelisted: "Key not allowed for you"
+      not_whitelisted: "Key not allowed for you"
+      length: "Encryption key must be at least 16 symbols"