Graham Christensen
20df86c275
api-test.t: make it work under yath
...
1. Configure the in-memory Hydra instance with a null path input cache
time to avoid caching slowing the test down.
2. Use the Catalyst::Test helpers so we talk to the application and skip
needing to actually run a webserver.
3. Change path references to use a tempdir, since this is running while
other tests are also running.
4. Change the login flow to save a cookie and pass it manually. A bit
weird, but it avoids a dependency on heavier browser-mimicking
libraries.
2021-04-28 18:28:35 -04:00
Graham Christensen
38c7f88b7c
rename api-test.pl to .t so it runs under yath
2021-04-28 18:28:35 -04:00
Graham Christensen
dd6cd33e98
move the api-test.nix in to the jobsdir
2021-04-28 18:28:35 -04:00
Graham Christensen
823da22e4f
Merge pull request #937 from DeterminateSystems/flesh-out-api
...
hydra-api: flesh out Jobset, JobsetInput schemas; implement DELETE /jobset/{project-id}/{jobset-id}
2021-04-28 13:43:04 -04:00
Cole Helbling
948b3cf073
Jobset: add HTTP API test
2021-04-28 10:37:06 -07:00
Graham Christensen
725c9c2f81
login: redirect to the current-user page
2021-04-28 08:32:10 -07:00
Graham Christensen
d589db2ed9
login: missing parameters are 400s
2021-04-28 08:31:59 -07:00
Eelco Dolstra
8d6a5aac84
Merge pull request #939 from regnat/include-localhost-features
...
Include localhost's features in the default machine file
2021-04-28 12:25:21 +02:00
regnat
abff212d06
Use system-features from the Nix conf in the default machine file
...
Fix #936
2021-04-28 11:43:04 +02:00
regnat
d58b3274f9
test: Don't generate a Nix conf in the makefile
...
The config is overriden by the `test_init` perl function, so it’s at
best misleading to create a first one there
2021-04-28 11:41:37 +02:00
Cole Helbling
42ef3b7b72
hydra-api: update Project and Jobset examples with the new schema
...
For future reference, this was generated by sending the request and piping it to
`yq -y` so that it would spit out YAML.
2021-04-27 23:09:33 -07:00
Cole Helbling
bcd3bbb680
hydra-api: implement DELETE /jobset/{project-id}/{jobset-id}
2021-04-27 16:16:42 -07:00
Cole Helbling
72fec31dbb
hydra-api: flesh out JobsetInput schema
2021-04-27 16:16:42 -07:00
Cole Helbling
2600810551
hydra-api: flesh out Jobset schema
...
* made all columns available via the API (except for forceeval)
* renamed flakeref to flake to unify the API with the database schema
* renamed inputs to jobsetinputs to unify the API with the database schema
2021-04-27 16:16:42 -07:00
Graham Christensen
0c8d016a38
Merge pull request #935 from DeterminateSystems/delete-project
...
hydra-api: implement DELETE /project/{id}
2021-04-27 11:15:15 -04:00
Cole Helbling
ddccf6a60e
hydra-api: implement DELETE /project/{id}
2021-04-27 08:10:09 -07:00
Graham Christensen
ada497db4f
Merge pull request #934 from DeterminateSystems/missing-name
...
hydra-api: add missing `name` property
2021-04-26 22:02:14 -04:00
Cole Helbling
9128802727
hydra-api: add missing name
property
...
The Hydra website allows you to change the name of a Project, so it only makes
sense for the API to expose this functionality as well.
2021-04-26 18:55:10 -07:00
Graham Christensen
fa5811eabf
Merge pull request #933 from cole-h/boolean-json
...
Serialize `enabled` and `hidden` columns as boolean
2021-04-26 19:44:59 -04:00
Cole Helbling
50fab154a4
ToJSON: serialize string_columns to JSON
...
If the column is undefined, then it should be an empty string according to your
API spec.
2021-04-26 16:39:13 -07:00
Graham Christensen
f0ede5f8b8
t: Test Projects JSON serialization and deserialization
2021-04-26 16:39:13 -07:00
Graham Christensen
f2b9649bf2
Projects: serialize enabled
and hidden
as boolean
2021-04-26 16:03:32 -07:00
Graham Christensen
4aea02e1e1
ToJSON: serialize boolean_columns to JSON boolean
2021-04-26 16:03:32 -07:00
Graham Christensen
683b8c41c1
Merge pull request #932 from cole-h/project
...
Add homepage to Projects schema
2021-04-26 18:57:02 -04:00
Graham Christensen
8e3b3c95f8
Merge pull request #931 from cole-h/put-project
...
hydra-api: hidden -> visible
2021-04-26 18:48:29 -04:00
Cole Helbling
c757867b9e
Add homepage to Projects schema
2021-04-26 15:46:30 -07:00
Cole Helbling
221cc0663d
hydra-api: hidden -> visible
...
The PUT API doesn't accept `hidden` (even though the GET API responds with it).
2021-04-26 15:28:20 -07:00
Graham Christensen
2dfcd411da
Merge pull request #928 from cole-h/put-project
...
hydra-api: add missing properties to PUT /project/{id}
2021-04-26 15:06:05 -04:00
Cole Helbling
36da978489
hydra-api: add missing properties to PUT /project/{id}
2021-04-26 12:01:11 -07:00
Graham Christensen
453b8479be
Merge pull request #927 from cole-h/nonexistent-user-400
...
Return HTTP 400 when creating Project with nonexistent user
2021-04-26 14:40:15 -04:00
Cole Helbling
47e19ba22c
Return HTTP 400 when creating Project with nonexistent user
2021-04-26 11:32:39 -07:00
Graham Christensen
bc292db45b
Merge pull request #923 from Ma27/mail-auth
...
Add AuthenSASL to perl deps; improve email docs
2021-04-26 13:11:21 -04:00
963085a04a
Add AuthenSASL to perl deps; improve email docs
...
The addition of AuthenSASL seems to be necessary to properly
authenticate against an SMTP server. Without this I got errors
such as
error with Hydra::Plugin::EmailNotification=HASH(0x6ad0128)->buildFinished: SMTP auth requires MIME::Base64 and Authen::SASL
2021-04-26 18:33:57 +02:00
Graham Christensen
18c02afe77
Merge pull request #921 from Ma27/email-notification-create-jobset
...
Make it possible to enable email notifications when creating a jobset
2021-04-26 11:22:17 -04:00
21ed005c84
Make it possible to enable email notifications when creating a jobset
...
The checkbox is only enabled if `email_notification = 1` is set in
`hydra.conf`. However, when creating jobset (in contrast to the edit
form), the checkbox is always disabled because the `emailNotification`
parameter in Catalyst's stash was missing.
2021-04-24 19:48:43 +02:00
Eelco Dolstra
85e299d3d7
flake.lock: Update
...
Flake input changes:
* Updated 'nix': 'github:NixOS/nix/906adadacd2d1c98346a2f42c0b42a32d2806d94' -> 'github:NixOS/nix/d9864be4b757468d33bc49edddce5e4f04ef4b90'
2021-04-22 10:44:21 +02:00
Eelco Dolstra
a53f6657ee
Remove gc-check-reachability setting
...
It no longer exists on nix master.
2021-04-20 13:35:39 +02:00
Graham Christensen
1bb1ba6928
Merge pull request #916 from grahamc/argon2-nested
...
Rehash existing sha1 passwords with Argon2
2021-04-17 08:46:52 -04:00
Graham Christensen
05636de7d2
hydra-init: upgrade passwords to Argon2 on startup
2021-04-16 12:32:13 -04:00
Graham Christensen
79b0ddc27d
hydra-create-user: re-hash sha1 as Argon2
2021-04-16 12:32:13 -04:00
Graham Christensen
d10d8964f2
Users: add a validation step which lets the user's password be a Argon2 hashed sha1 hash.
...
OWASP suggests expiring all passwords and requiring users to update their password.
However, we don't have a way to do this. They suggest this mechanism
as a good alternative:
https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#upgrading-legacy-hashes
2021-04-16 12:32:13 -04:00
Eelco Dolstra
fa924ea697
Merge pull request #915 from grahamc/hydra-auth
...
Hydra auth: support Argon2, transparently upgrade hashes
2021-04-15 17:40:32 +02:00
Graham Christensen
9225be0897
Drop remaining sha1_hex references
...
Co-authored-by: Graham Christensen <graham@grahamc.com>
2021-04-15 11:35:18 -04:00
Graham Christensen
1d956be61e
hydra-create-user: support Argon2
...
Co-authored-by: Graham Christensen <graham@grahamc.com>
2021-04-15 11:35:16 -04:00
Graham Christensen
beb5be4302
Users: password changes via the web UI now use Argon2
...
Co-authored-by: Graham Christensen <graham@grahamc.com>
2021-04-15 11:35:13 -04:00
Graham Christensen
1da70030b7
Users: transparently upgrade passwords to Argon2
...
Passwords that are sha1 will be transparently upgraded to argon2,
and future comparisons will use Argon2
Co-authored-by: Graham Christensen <graham@grahamc.com>
2021-04-15 11:35:11 -04:00
Graham Christensen
29620df85e
Passwords: check in constant time
...
The default password comparison logic does not use
constant time validation. Switching to constant time
offers a meager improvement by removing a timing
oracle.
A prepatory step in moving to Argon2id password storage, since we'll need this change anyway after
for validating existing passwords.
Co-authored-by: Graham Christensen <graham@grahamc.com>
2021-04-15 11:34:56 -04:00
Graham Christensen
d4d8f1ba1b
Plugin::Authentication config: modernize
...
Some time in the last decade the plugin switched to preferring
a flatter namespace for realm config.
Co-authored-by: Graham Christensen <graham@grahamc.com>
2021-04-15 11:34:47 -04:00
Eelco Dolstra
0bee194ce9
Merge pull request #914 from Ma27/fix-remote-builds
...
Fix `std::bad_alloc` errors for remote builds
2021-04-15 17:05:54 +02:00
2808227eb7
Fix std::bad_alloc
errors for remote builds
...
In Nix the protocol was slightly altered[1] to also contain more
information about realisations. This however wasn't read from the pipe
that was used to read from the store.
After the `cmdBuildDerivation` command which caused this issue, Hydra
will issue a `cmdQueryPathInfos` that tries to read from the remote
store as well. However, there's still left over to read from the
previous command and thus Nix fails to properly allocate the expected
string.
[1] See rev a2b69660a9b326b95d48bd222993c5225bbd5b5f
Fixes #898
2021-04-15 15:16:52 +02:00