Bug 1127449 - For Mozharness' developer's mode do not store the LDAP password unencrypted. NPOTB. DONTBUILD. r=sfink

In Mozharness we support a developer mode which is capable of downloading artifacts from the Release Engineering LDAP protected artifacts. The credentials are stored for developers convenience unencrypted in a plain text. This is not wanted by most developers. In this patch we make sure that the password is prompted of the user once but we do not store on disk.
2024-09-13 09:24:08 -07:00 · 2015-09-29 10:00:27 -04:00 · 2015-09-29 10:00:27 -04:00 · e8312284c0
commit e8312284c0
parent 713a83f52d
1 changed files with 15 additions and 6 deletions
--- a/testing/mozharness/mozharness/lib/python/authentication.py
+++ b/testing/mozharness/mozharness/lib/python/authentication.py
@ -10,11 +10,15 @@ import os

 CREDENTIALS_PATH = os.path.expanduser("~/.mozilla/credentials.cfg")
 DIRNAME = os.path.dirname(CREDENTIALS_PATH)
+LDAP_PASSWORD = None

 def get_credentials():
-    """ Returns credentials for http access either from
-    disk or directly from the user (which we store)
+    """ Returns http credentials.
+
+    The user's email address is stored on disk (for convenience in the future)
+    while the password is requested from the user on first invocation.
    """
+    global LDAP_PASSWORD
    if not os.path.exists(DIRNAME):
        os.makedirs(DIRNAME)

@ -23,19 +27,24 @@ def get_credentials():
            content = file_handler.read().splitlines()

        https_username = content[0].strip()
-        https_password = content[1].strip()
+
+        if len(content) > 1:
+            # We want to remove files which contain the password
+            os.remove(CREDENTIALS_PATH)
    else:
        https_username = \
                raw_input("Please enter your full LDAP email address: ")
-        https_password = getpass.getpass()

        with open(CREDENTIALS_PATH, "w+") as file_handler:
            file_handler.write("%s\n" % https_username)
-            file_handler.write("%s\n" % https_password)

        os.chmod(CREDENTIALS_PATH, 0600)

-    return https_username, https_password
+    if not LDAP_PASSWORD:
+        print "Please enter your LDAP password (we won't store it):"
+        LDAP_PASSWORD = getpass.getpass()
+
+    return https_username, LDAP_PASSWORD

 def get_credentials_path():
    if os.path.isfile(CREDENTIALS_PATH):