Commit graph

3385 commits

Author SHA1 Message Date
Graham Christensen d589db2ed9
login: missing parameters are 400s 2021-04-28 08:31:59 -07:00
Eelco Dolstra 8d6a5aac84
Merge pull request #939 from regnat/include-localhost-features
Include localhost's features in the default machine file
2021-04-28 12:25:21 +02:00
regnat 0d3977866e Run the tests with a remote dest store
Set `dest_store` in the test hydra config, so that the testsuite ensures
that the distinction between the local store and the destination store
is properly taken into account.

Fix #938
2021-04-28 12:22:54 +02:00
regnat abff212d06 Use system-features from the Nix conf in the default machine file
Fix #936
2021-04-28 11:43:04 +02:00
regnat d58b3274f9 test: Don't generate a Nix conf in the makefile
The config is overriden by the `test_init` perl function, so it’s at
best misleading to create a first one there
2021-04-28 11:41:37 +02:00
Cole Helbling 42ef3b7b72
hydra-api: update Project and Jobset examples with the new schema
For future reference, this was generated by sending the request and piping it to
`yq -y` so that it would spit out YAML.
2021-04-27 23:09:33 -07:00
Cole Helbling bcd3bbb680
hydra-api: implement DELETE /jobset/{project-id}/{jobset-id} 2021-04-27 16:16:42 -07:00
Cole Helbling 72fec31dbb
hydra-api: flesh out JobsetInput schema 2021-04-27 16:16:42 -07:00
Cole Helbling 2600810551
hydra-api: flesh out Jobset schema
* made all columns available via the API (except for forceeval)
* renamed flakeref to flake to unify the API with the database schema
* renamed inputs to jobsetinputs to unify the API with the database schema
2021-04-27 16:16:42 -07:00
Graham Christensen 0c8d016a38
Merge pull request #935 from DeterminateSystems/delete-project
hydra-api: implement DELETE /project/{id}
2021-04-27 11:15:15 -04:00
Cole Helbling ddccf6a60e
hydra-api: implement DELETE /project/{id} 2021-04-27 08:10:09 -07:00
Graham Christensen ada497db4f
Merge pull request #934 from DeterminateSystems/missing-name
hydra-api: add missing `name` property
2021-04-26 22:02:14 -04:00
Cole Helbling 9128802727
hydra-api: add missing name property
The Hydra website allows you to change the name of a Project, so it only makes
sense for the API to expose this functionality as well.
2021-04-26 18:55:10 -07:00
Graham Christensen fa5811eabf
Merge pull request #933 from cole-h/boolean-json
Serialize `enabled` and `hidden` columns as boolean
2021-04-26 19:44:59 -04:00
Cole Helbling 50fab154a4
ToJSON: serialize string_columns to JSON
If the column is undefined, then it should be an empty string according to your
API spec.
2021-04-26 16:39:13 -07:00
Graham Christensen f0ede5f8b8
t: Test Projects JSON serialization and deserialization 2021-04-26 16:39:13 -07:00
Graham Christensen f2b9649bf2
Projects: serialize enabled and hidden as boolean 2021-04-26 16:03:32 -07:00
Graham Christensen 4aea02e1e1
ToJSON: serialize boolean_columns to JSON boolean 2021-04-26 16:03:32 -07:00
Graham Christensen 683b8c41c1
Merge pull request #932 from cole-h/project
Add homepage to Projects schema
2021-04-26 18:57:02 -04:00
Graham Christensen 8e3b3c95f8
Merge pull request #931 from cole-h/put-project
hydra-api: hidden -> visible
2021-04-26 18:48:29 -04:00
Cole Helbling c757867b9e
Add homepage to Projects schema 2021-04-26 15:46:30 -07:00
Cole Helbling 221cc0663d
hydra-api: hidden -> visible
The PUT API doesn't accept `hidden` (even though the GET API responds with it).
2021-04-26 15:28:20 -07:00
Graham Christensen 2dfcd411da
Merge pull request #928 from cole-h/put-project
hydra-api: add missing properties to PUT /project/{id}
2021-04-26 15:06:05 -04:00
Cole Helbling 36da978489
hydra-api: add missing properties to PUT /project/{id} 2021-04-26 12:01:11 -07:00
Graham Christensen 453b8479be
Merge pull request #927 from cole-h/nonexistent-user-400
Return HTTP 400 when creating Project with nonexistent user
2021-04-26 14:40:15 -04:00
Cole Helbling 47e19ba22c
Return HTTP 400 when creating Project with nonexistent user 2021-04-26 11:32:39 -07:00
Graham Christensen bc292db45b
Merge pull request #923 from Ma27/mail-auth
Add AuthenSASL to perl deps; improve email docs
2021-04-26 13:11:21 -04:00
Maximilian Bosch 963085a04a
Add AuthenSASL to perl deps; improve email docs
The addition of AuthenSASL seems to be necessary to properly
authenticate against an SMTP server. Without this I got errors
such as

    error with Hydra::Plugin::EmailNotification=HASH(0x6ad0128)->buildFinished: SMTP auth requires MIME::Base64 and Authen::SASL
2021-04-26 18:33:57 +02:00
Graham Christensen 18c02afe77
Merge pull request #921 from Ma27/email-notification-create-jobset
Make it possible to enable email notifications when creating a jobset
2021-04-26 11:22:17 -04:00
Drew Hess 523d6df5b8
Fix GitHub status update for private flakes.
Also, if the parse fails, don't try to update the GitHub status, as
this will eventually cause rate-limiting.
2021-04-26 01:38:24 +01:00
Maximilian Bosch 21ed005c84
Make it possible to enable email notifications when creating a jobset
The checkbox is only enabled if `email_notification = 1` is set in
`hydra.conf`. However, when creating jobset (in contrast to the edit
form), the checkbox is always disabled because the `emailNotification`
parameter in Catalyst's stash was missing.
2021-04-24 19:48:43 +02:00
Eelco Dolstra 85e299d3d7 flake.lock: Update
Flake input changes:

* Updated 'nix': 'github:NixOS/nix/906adadacd2d1c98346a2f42c0b42a32d2806d94' -> 'github:NixOS/nix/d9864be4b757468d33bc49edddce5e4f04ef4b90'
2021-04-22 10:44:21 +02:00
Eelco Dolstra a53f6657ee
Remove gc-check-reachability setting
It no longer exists on nix master.
2021-04-20 13:35:39 +02:00
Graham Christensen 1bb1ba6928
Merge pull request #916 from grahamc/argon2-nested
Rehash existing sha1 passwords with Argon2
2021-04-17 08:46:52 -04:00
Graham Christensen 05636de7d2 hydra-init: upgrade passwords to Argon2 on startup 2021-04-16 12:32:13 -04:00
Graham Christensen 79b0ddc27d hydra-create-user: re-hash sha1 as Argon2 2021-04-16 12:32:13 -04:00
Graham Christensen d10d8964f2 Users: add a validation step which lets the user's password be a Argon2 hashed sha1 hash.
OWASP suggests expiring all passwords and requiring users to update their password.
However, we don't have a way to do this. They suggest this mechanism
as a good alternative:
https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#upgrading-legacy-hashes
2021-04-16 12:32:13 -04:00
Eelco Dolstra fa924ea697
Merge pull request #915 from grahamc/hydra-auth
Hydra auth: support Argon2, transparently upgrade hashes
2021-04-15 17:40:32 +02:00
Graham Christensen 9225be0897 Drop remaining sha1_hex references
Co-authored-by: Graham Christensen <graham@grahamc.com>
2021-04-15 11:35:18 -04:00
Graham Christensen 1d956be61e hydra-create-user: support Argon2
Co-authored-by: Graham Christensen <graham@grahamc.com>
2021-04-15 11:35:16 -04:00
Graham Christensen beb5be4302 Users: password changes via the web UI now use Argon2
Co-authored-by: Graham Christensen <graham@grahamc.com>
2021-04-15 11:35:13 -04:00
Graham Christensen 1da70030b7 Users: transparently upgrade passwords to Argon2
Passwords that are sha1 will be transparently upgraded to argon2,
and future comparisons will use Argon2

Co-authored-by: Graham Christensen <graham@grahamc.com>
2021-04-15 11:35:11 -04:00
Graham Christensen 29620df85e Passwords: check in constant time
The default password comparison logic does not use
constant time validation. Switching to constant time
offers a meager improvement by removing a timing
oracle.

A prepatory step in moving to Argon2id password storage, since we'll need this change anyway after
for validating existing passwords.

Co-authored-by: Graham Christensen <graham@grahamc.com>
2021-04-15 11:34:56 -04:00
Graham Christensen d4d8f1ba1b Plugin::Authentication config: modernize
Some time in the last decade the plugin switched to preferring
a flatter namespace for realm config.

Co-authored-by: Graham Christensen <graham@grahamc.com>
2021-04-15 11:34:47 -04:00
Eelco Dolstra 0bee194ce9
Merge pull request #914 from Ma27/fix-remote-builds
Fix `std::bad_alloc` errors for remote builds
2021-04-15 17:05:54 +02:00
Maximilian Bosch 2808227eb7
Fix std::bad_alloc errors for remote builds
In Nix the protocol was slightly altered[1] to also contain more
information about realisations. This however wasn't read from the pipe
that was used to read from the store.

After the `cmdBuildDerivation` command which caused this issue, Hydra
will issue a `cmdQueryPathInfos` that tries to read from the remote
store as well. However, there's still left over to read from the
previous command and thus Nix fails to properly allocate the expected
string.

[1] See rev a2b69660a9b326b95d48bd222993c5225bbd5b5f

Fixes #898
2021-04-15 15:16:52 +02:00
Graham Christensen b9bcedbfdb
Merge pull request #596 from kquick/local_inp_url
Update prompt for Local path input to indicate a URL is also valid.
2021-04-14 20:01:58 +00:00
Graham Christensen d2512e327c
Merge pull request #912 from grahamc/test-notifications
Notifications: Test behavior of the queue runner
2021-04-14 18:35:44 +00:00
Graham Christensen cf4434bc9f queue runner: test notifications
Especially, test the difference in behavior of substituted and unsubstituted builds.
2021-04-14 14:19:10 -04:00
Graham Christensen e45f852277 tests: allow specifying some nix config 2021-04-14 14:19:10 -04:00