Commit graph

3241 commits

Author SHA1 Message Date
Graham Christensen fdb6e7dd97 fixup: return the user entity on login 2021-04-28 18:30:35 -04:00
Graham Christensen a34f23f7e6 api-test: use is for nicer errors 2021-04-28 18:28:35 -04:00
Graham Christensen 20df86c275 api-test.t: make it work under yath
1. Configure the in-memory Hydra instance with a null path input cache
time to avoid caching slowing the test down.
2. Use the Catalyst::Test helpers so we talk to the application and skip
needing to actually run a webserver.
3. Change path references to use a tempdir, since this is running while
other tests are also running.
4. Change the login flow to save a cookie and pass it manually. A bit
weird, but it avoids a dependency on heavier browser-mimicking
libraries.
2021-04-28 18:28:35 -04:00
Graham Christensen 38c7f88b7c rename api-test.pl to .t so it runs under yath 2021-04-28 18:28:35 -04:00
Graham Christensen dd6cd33e98 move the api-test.nix in to the jobsdir 2021-04-28 18:28:35 -04:00
Graham Christensen 823da22e4f
Merge pull request #937 from DeterminateSystems/flesh-out-api
hydra-api: flesh out Jobset, JobsetInput schemas; implement DELETE /jobset/{project-id}/{jobset-id}
2021-04-28 13:43:04 -04:00
Cole Helbling 948b3cf073
Jobset: add HTTP API test 2021-04-28 10:37:06 -07:00
Graham Christensen 725c9c2f81
login: redirect to the current-user page 2021-04-28 08:32:10 -07:00
Graham Christensen d589db2ed9
login: missing parameters are 400s 2021-04-28 08:31:59 -07:00
Eelco Dolstra 8d6a5aac84
Merge pull request #939 from regnat/include-localhost-features
Include localhost's features in the default machine file
2021-04-28 12:25:21 +02:00
regnat abff212d06 Use system-features from the Nix conf in the default machine file
Fix #936
2021-04-28 11:43:04 +02:00
regnat d58b3274f9 test: Don't generate a Nix conf in the makefile
The config is overriden by the `test_init` perl function, so it’s at
best misleading to create a first one there
2021-04-28 11:41:37 +02:00
Cole Helbling 42ef3b7b72
hydra-api: update Project and Jobset examples with the new schema
For future reference, this was generated by sending the request and piping it to
`yq -y` so that it would spit out YAML.
2021-04-27 23:09:33 -07:00
Cole Helbling bcd3bbb680
hydra-api: implement DELETE /jobset/{project-id}/{jobset-id} 2021-04-27 16:16:42 -07:00
Cole Helbling 72fec31dbb
hydra-api: flesh out JobsetInput schema 2021-04-27 16:16:42 -07:00
Cole Helbling 2600810551
hydra-api: flesh out Jobset schema
* made all columns available via the API (except for forceeval)
* renamed flakeref to flake to unify the API with the database schema
* renamed inputs to jobsetinputs to unify the API with the database schema
2021-04-27 16:16:42 -07:00
Graham Christensen 0c8d016a38
Merge pull request #935 from DeterminateSystems/delete-project
hydra-api: implement DELETE /project/{id}
2021-04-27 11:15:15 -04:00
Cole Helbling ddccf6a60e
hydra-api: implement DELETE /project/{id} 2021-04-27 08:10:09 -07:00
Graham Christensen ada497db4f
Merge pull request #934 from DeterminateSystems/missing-name
hydra-api: add missing `name` property
2021-04-26 22:02:14 -04:00
Cole Helbling 9128802727
hydra-api: add missing name property
The Hydra website allows you to change the name of a Project, so it only makes
sense for the API to expose this functionality as well.
2021-04-26 18:55:10 -07:00
Graham Christensen fa5811eabf
Merge pull request #933 from cole-h/boolean-json
Serialize `enabled` and `hidden` columns as boolean
2021-04-26 19:44:59 -04:00
Cole Helbling 50fab154a4
ToJSON: serialize string_columns to JSON
If the column is undefined, then it should be an empty string according to your
API spec.
2021-04-26 16:39:13 -07:00
Graham Christensen f0ede5f8b8
t: Test Projects JSON serialization and deserialization 2021-04-26 16:39:13 -07:00
Graham Christensen f2b9649bf2
Projects: serialize enabled and hidden as boolean 2021-04-26 16:03:32 -07:00
Graham Christensen 4aea02e1e1
ToJSON: serialize boolean_columns to JSON boolean 2021-04-26 16:03:32 -07:00
Graham Christensen 683b8c41c1
Merge pull request #932 from cole-h/project
Add homepage to Projects schema
2021-04-26 18:57:02 -04:00
Graham Christensen 8e3b3c95f8
Merge pull request #931 from cole-h/put-project
hydra-api: hidden -> visible
2021-04-26 18:48:29 -04:00
Cole Helbling c757867b9e
Add homepage to Projects schema 2021-04-26 15:46:30 -07:00
Cole Helbling 221cc0663d
hydra-api: hidden -> visible
The PUT API doesn't accept `hidden` (even though the GET API responds with it).
2021-04-26 15:28:20 -07:00
Graham Christensen 2dfcd411da
Merge pull request #928 from cole-h/put-project
hydra-api: add missing properties to PUT /project/{id}
2021-04-26 15:06:05 -04:00
Cole Helbling 36da978489
hydra-api: add missing properties to PUT /project/{id} 2021-04-26 12:01:11 -07:00
Graham Christensen 453b8479be
Merge pull request #927 from cole-h/nonexistent-user-400
Return HTTP 400 when creating Project with nonexistent user
2021-04-26 14:40:15 -04:00
Cole Helbling 47e19ba22c
Return HTTP 400 when creating Project with nonexistent user 2021-04-26 11:32:39 -07:00
Graham Christensen bc292db45b
Merge pull request #923 from Ma27/mail-auth
Add AuthenSASL to perl deps; improve email docs
2021-04-26 13:11:21 -04:00
Maximilian Bosch 963085a04a
Add AuthenSASL to perl deps; improve email docs
The addition of AuthenSASL seems to be necessary to properly
authenticate against an SMTP server. Without this I got errors
such as

    error with Hydra::Plugin::EmailNotification=HASH(0x6ad0128)->buildFinished: SMTP auth requires MIME::Base64 and Authen::SASL
2021-04-26 18:33:57 +02:00
Graham Christensen 18c02afe77
Merge pull request #921 from Ma27/email-notification-create-jobset
Make it possible to enable email notifications when creating a jobset
2021-04-26 11:22:17 -04:00
Maximilian Bosch 21ed005c84
Make it possible to enable email notifications when creating a jobset
The checkbox is only enabled if `email_notification = 1` is set in
`hydra.conf`. However, when creating jobset (in contrast to the edit
form), the checkbox is always disabled because the `emailNotification`
parameter in Catalyst's stash was missing.
2021-04-24 19:48:43 +02:00
Eelco Dolstra 85e299d3d7 flake.lock: Update
Flake input changes:

* Updated 'nix': 'github:NixOS/nix/906adadacd2d1c98346a2f42c0b42a32d2806d94' -> 'github:NixOS/nix/d9864be4b757468d33bc49edddce5e4f04ef4b90'
2021-04-22 10:44:21 +02:00
Eelco Dolstra a53f6657ee
Remove gc-check-reachability setting
It no longer exists on nix master.
2021-04-20 13:35:39 +02:00
Graham Christensen 1bb1ba6928
Merge pull request #916 from grahamc/argon2-nested
Rehash existing sha1 passwords with Argon2
2021-04-17 08:46:52 -04:00
Graham Christensen 05636de7d2 hydra-init: upgrade passwords to Argon2 on startup 2021-04-16 12:32:13 -04:00
Graham Christensen 79b0ddc27d hydra-create-user: re-hash sha1 as Argon2 2021-04-16 12:32:13 -04:00
Graham Christensen d10d8964f2 Users: add a validation step which lets the user's password be a Argon2 hashed sha1 hash.
OWASP suggests expiring all passwords and requiring users to update their password.
However, we don't have a way to do this. They suggest this mechanism
as a good alternative:
https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#upgrading-legacy-hashes
2021-04-16 12:32:13 -04:00
Eelco Dolstra fa924ea697
Merge pull request #915 from grahamc/hydra-auth
Hydra auth: support Argon2, transparently upgrade hashes
2021-04-15 17:40:32 +02:00
Graham Christensen 9225be0897 Drop remaining sha1_hex references
Co-authored-by: Graham Christensen <graham@grahamc.com>
2021-04-15 11:35:18 -04:00
Graham Christensen 1d956be61e hydra-create-user: support Argon2
Co-authored-by: Graham Christensen <graham@grahamc.com>
2021-04-15 11:35:16 -04:00
Graham Christensen beb5be4302 Users: password changes via the web UI now use Argon2
Co-authored-by: Graham Christensen <graham@grahamc.com>
2021-04-15 11:35:13 -04:00
Graham Christensen 1da70030b7 Users: transparently upgrade passwords to Argon2
Passwords that are sha1 will be transparently upgraded to argon2,
and future comparisons will use Argon2

Co-authored-by: Graham Christensen <graham@grahamc.com>
2021-04-15 11:35:11 -04:00
Graham Christensen 29620df85e Passwords: check in constant time
The default password comparison logic does not use
constant time validation. Switching to constant time
offers a meager improvement by removing a timing
oracle.

A prepatory step in moving to Argon2id password storage, since we'll need this change anyway after
for validating existing passwords.

Co-authored-by: Graham Christensen <graham@grahamc.com>
2021-04-15 11:34:56 -04:00
Graham Christensen d4d8f1ba1b Plugin::Authentication config: modernize
Some time in the last decade the plugin switched to preferring
a flatter namespace for realm config.

Co-authored-by: Graham Christensen <graham@grahamc.com>
2021-04-15 11:34:47 -04:00