X Tutup
Skip to content

Obfuscate metrics shared secret#37848

Merged
micbar merged 1 commit intomasterfrom
add-metrics-secret
Aug 25, 2020
Merged

Obfuscate metrics shared secret#37848
micbar merged 1 commit intomasterfrom
add-metrics-secret

Conversation

@micbar
Copy link
Contributor

@micbar micbar commented Aug 25, 2020
edited
Loading

Description

Add the metrics API shared secret to the sensitive values list

Related Issue

Motivation and Context

How Has This Been Tested?

  • manually

Output

"config": {
        "apps_paths": [
            {
                "path": "\/Users\/xxx\/Development\/www\/owncloud-git\/apps",
                "url": "\/apps",
                "writable": false
            },
            {
                "path": "\/Users\/xxx\/Development\/www\/owncloud-git\/apps-custom",
                "url": "\/apps-custom",
                "writable": true
            }
        ],
        "trusted_domains": [
            "cloud.local"
        ],
        "license-key": "***REMOVED SENSITIVE VALUE***",
        "dav.enable.tech_preview": true,
        "phoenix.baseUrl": "localhost:8300",
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "datadirectory": "\/Users\/xxx\/Development\/www\/owncloud-git\/data",
        "overwrite.cli.url": "http:\/\/localhost",
        "dbtype": "mysql",
        "version": "10.5.1.0",
        "dbname": "owncloud",
        "dbhost": "localhost",
        "dbtableprefix": "oc_",
        "mysql.utf8mb4": true,
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "logtimezone": "UTC",
        "installed": true,
        "instanceid": "ocvxucse86f3",
        "theme": "",
        "loglevel": 2,
        "maintenance": false,
        "metrics_shared_secret": "***REMOVED SENSITIVE VALUE***"
    },

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Database schema changes (next release will require increase of minor version instead of patch)
  • Breaking change (fix or feature that would cause existing functionality to change)
  • Technical debt
  • Tests only (no source changes)

Checklist:

  • Code changes
  • Unit tests added
  • Acceptance tests added
  • Documentation ticket raised:
  • Changelog item, see TEMPLATE

@micbar micbar requested review from C0rby, cdamken and davitol August 25, 2020 13:57
@micbar micbar force-pushed the add-metrics-secret branch from e674494 to 292245c Compare August 25, 2020 14:00
C0rby
C0rby approved these changes Aug 25, 2020
View reviewed changes
Copy link
Contributor

@C0rby C0rby left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 👍

@DeepDiver1975
Copy link
Member

DeepDiver1975 commented Aug 25, 2020

We should find a way to set this by each app individual - I already have one move of such a key: https://github.com/owncloud/project_folder#setup-configphp

Just saying ...

@codecov
Copy link

codecov bot commented Aug 25, 2020

Codecov Report

Merging #37848 into master will not change coverage.
The diff coverage is n/a.

Impacted file tree graph

@@            Coverage Diff            @@
##             master   #37848   +/-   ##
=========================================
  Coverage     64.75%   64.75%           
  Complexity    19396    19396           
=========================================
  Files          1285     1285           
  Lines         75762    75762           
  Branches       1333     1333           
=========================================
  Hits          49057    49057           
  Misses        26313    26313           
  Partials        392      392
Flag Coverage Δ Complexity Δ
#javascript 54.03% <ø> (ø) 0.00 <ø> (ø)
#phpunit 65.93% <ø> (ø) 19396.00 <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files Coverage Δ Complexity Δ
lib/private/SystemConfig.php 100.00% <ø> (ø) 18.00 <0.00> (ø)

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update a992db8...292245c. Read the comment docs.

@micbar micbar merged commit 82ae830 into master Aug 25, 2020
@jnweiger
Copy link
Contributor

jnweiger commented Nov 30, 2020
edited
Loading

##Retested with 10.6.0 RC1

  • install https://github.com/owncloud/metrics/releases/download/v1.0.0RC1/metrics-1.0.0RC1.tar.gz
  • ./occ config:system:set "metrics_shared_secret" --value 1234
  • curl http://oc-10-6-0-rc1.jw-qa.owncloud.works/ocs/v1.php/apps/metrics/api/v1/metrics\?users\=true\&files\=true\&shares\=true\&quota\=true\&userData\=true\&format\=json -H "OC-MetricsApiKey: 1234" | jq -> poduces a nice report. OK.
  • Try run the metrics app. It starts with
    image
    Not sure what the intended behaviour is there, .... Okayish...

The config report has:

...
"metrics_shared_secret": "***REMOVED SENSITIVE VALUE***"

OK.

@DeepDiver1975 DeepDiver1975 deleted the add-metrics-secret branch November 30, 2020 21:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cdamken cdamken Awaiting requested review from cdamken

2 more reviewers

@C0rby C0rby C0rby approved these changes

@davitol davitol davitol approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

enhancement security

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@micbar @DeepDiver1975 @jnweiger @C0rby @davitol
X Tutup