Skip to content

Commit

Permalink
fix: password is removed from DB if registry is modified without chec…
Browse files Browse the repository at this point in the history 
…king the change password option (#2875)

resolves #2874

**Changes:**
Added a new mutation `ContainerRegistryEditorModalModifyWithoutPasswordMutation` to handle registry modifications when the password remains unchanged. This prevents sending unnecessary password data during updates.

**Implementation Details:**
- Created a separate mutation path for registry modifications without password changes
- Updated the `handleSave` function to use the appropriate mutation based on whether the password was modified
- Added loading state tracking for the new mutation in the modal's confirm button

**Rationale:**
This change improves security by not transmitting password data when it hasn't been modified, following the principle of least privilege.

**Checklist:**
- [x] Mention to the original issue
- [ ] Documentation
- [x] Minium required manager version: 24.09
- [x] Specific setting for review: refer issue
- [ ] Minimum requirements to check during review
- [ ] Test case(s) to demonstrate the difference of before/after

**Testing Requirements:**
1. Verify registry updates work when password is not modified
2. Confirm password updates still function when modified
3. Check error handling for both mutation paths
  • Loading branch information
@agatha197
agatha197 committed Nov 26, 2024
1 parent 3f18c86 commit a37c79c
Showing 1 changed file with 87 additions and 27 deletions.
114 changes: 87 additions & 27 deletions react/src/components/ContainerRegistryEditorModal.tsx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ import HiddenFormItem from './HiddenFormItem';
import { ContainerRegistryEditorModalCreateMutation } from './__generated__/ContainerRegistryEditorModalCreateMutation.graphql';
import { ContainerRegistryEditorModalFragment$key } from './__generated__/ContainerRegistryEditorModalFragment.graphql';
import { ContainerRegistryEditorModalModifyMutation } from './__generated__/ContainerRegistryEditorModalModifyMutation.graphql';
import { ContainerRegistryEditorModalModifyWithoutPasswordMutation } from './__generated__/ContainerRegistryEditorModalModifyWithoutPasswordMutation.graphql';
import { Form, Input, Select, Checkbox, FormInstance, App } from 'antd';
import graphql from 'babel-plugin-relay/macro';
import _ from 'lodash';
Expand Down Expand Up @@ -99,6 +100,39 @@ const ContainerRegistryEditorModal: React.FC<
}
`);

const [
commitModifyRegistryWithoutPassword,
isInflightModifyRegistryWithoutPassword,
] = useMutation<ContainerRegistryEditorModalModifyWithoutPasswordMutation>(
graphql`
mutation ContainerRegistryEditorModalModifyWithoutPasswordMutation(
$id: String!
$registry_name: String
$type: ContainerRegistryTypeField
$url: String
$is_global: Boolean
$project: String
$ssl_verify: Boolean
$username: String
) {
modify_container_registry_node(
id: $id
registry_name: $registry_name
type: $type
url: $url
is_global: $is_global
project: $project
ssl_verify: $ssl_verify
username: $username
) {
container_registry {
id
}
}
}
`,
);

const handleSave = async () => {
return formRef.current
?.validateFields()
Expand All @@ -120,34 +154,56 @@ const ContainerRegistryEditorModal: React.FC<
if (containerRegistry) {
if (!values.isChangedPassword) {
delete mutationVariables.password;
}
mutationVariables = _.omitBy(mutationVariables, _.isNil) as Required<
typeof mutationVariables
>;
commitModifyRegistry({
variables: mutationVariables,
onCompleted: (res, errors) => {
if (
_.isEmpty(
res.modify_container_registry_node?.container_registry,
)
) {
commitModifyRegistryWithoutPassword({
variables: mutationVariables,
onCompleted: (res, errors) => {
if (
_.isEmpty(
res.modify_container_registry_node?.container_registry,
)
) {
message.error(t('dialog.ErrorOccurred'));
return;
}
if (errors && errors.length > 0) {
const errorMsgList = _.map(errors, (error) => error.message);
for (const error of errorMsgList) {
message.error(error, 2.5);
}
} else {
onOk && onOk('modify');
}
},
onError: (error) => {
message.error(t('dialog.ErrorOccurred'));
return;
}
if (errors && errors.length > 0) {
const errorMsgList = _.map(errors, (error) => error.message);
for (const error of errorMsgList) {
message.error(error, 2.5);
},
});
} else {
commitModifyRegistry({
variables: mutationVariables,
onCompleted: (res, errors) => {
if (
_.isEmpty(
res.modify_container_registry_node?.container_registry,
)
) {
message.error(t('dialog.ErrorOccurred'));
return;
}
} else {
onOk && onOk('modify');
}
},
onError: (error) => {
message.error(t('dialog.ErrorOccurred'));
},
});
if (errors && errors.length > 0) {
const errorMsgList = _.map(errors, (error) => error.message);
for (const error of errorMsgList) {
message.error(error, 2.5);
}
} else {
onOk && onOk('modify');
}
},
onError: (error) => {
message.error(t('dialog.ErrorOccurred'));
},
});
}
} else {
mutationVariables = _.omitBy(mutationVariables, _.isNil) as Required<
typeof mutationVariables
Expand Down Expand Up @@ -188,7 +244,11 @@ const ContainerRegistryEditorModal: React.FC<
: t('registry.AddRegistry')
}
okText={containerRegistry ? t('button.Save') : t('button.Add')}
confirmLoading={isInflightCreateRegistry || isInflightModifyRegistry}
confirmLoading={
isInflightCreateRegistry ||
isInflightModifyRegistry ||
isInflightModifyRegistryWithoutPassword
}
onOk={() => {
formRef.current
?.validateFields()
Expand Down

0 comments on commit a37c79c

Please sign in to comment.