[change] Hide sensitive fields for shared objects in the API response

Author: pandafy

openwisp_controller/connection/admin.py

@@ -57,7 +57,6 @@ class CredentialsAdmin(MultitenantAdminMixin, TimeReadonlyAdminMixin, admin.Mode
         "created",
         "modified",
     ]
-    sensitive_fields = ["params"]
 
     def get_urls(self):
         options = getattr(self.model, "_meta")

openwisp_controller/connection/base/models.py

@@ -90,6 +90,7 @@ class AbstractCredentials(ConnectorMixin, ShareableOrgMixinUniqueName, BaseModel
     # Controls the number of objects which can be stored in memory
     # before commiting them to database during bulk auto add operation.
     chunk_size = 1000
+    sensitive_fields = ["params"]
 
     connector = models.CharField(
         _("connection type"),

openwisp_controller/connection/tests/test_admin.py

@@ -166,7 +166,8 @@ def test_credential_admin_sensitive_fields(self):
         self._test_sensitive_fields_visibility_on_shared_and_org_objects(
             sensitive_fields=["params"],
             shared_obj_path=reverse(
-                f"admin:{self.app_label}_credentials_change", args=(shared_credentials.id,)
+                f"admin:{self.app_label}_credentials_change",
+                args=(shared_credentials.id,),
             ),
             org_obj_path=reverse(
                 f"admin:{self.app_label}_credentials_change", args=(org_credentials.id,)

openwisp_controller/connection/tests/test_api.py

@@ -508,6 +508,22 @@ def test_operator_access_shared_credentials(self):
             expected_count=1,
         )
 
+    def test_credentials_sensitive_fields_visibility(self):
+        """
+        Test that sensitive fields are hidden for shared objects for non-superusers.
+        """
+        org = self._get_org()
+        shared_credentials = self._create_credentials(organization=None)
+        org_credentials = self._create_credentials(organization=org)
+        self._test_sensitive_fields_visibility_on_shared_and_org_objects(
+            sensitive_fields=["params"],
+            shared_obj=shared_credentials,
+            org_obj=org_credentials,
+            listview_name="connection_api:credential_list",
+            detailview_name="connection_api:credential_detail",
+            organization=org,
+        )
+
     def test_get_deviceconnection_list(self):
         d1 = self._create_device()
         path = reverse("connection_api:deviceconnection_list", args=(d1.pk,))
@@ -523,7 +539,6 @@ def test_get_deviceconnection_list(self):
             for cred in creds:
                 DeviceConnection.objects.create(device=d1, credentials=cred)
             response = self.client.get(path)
-            print(response.data)
             self.assertEqual(response.status_code, 200)
             created_list = [conn["created"] for conn in response.data["results"]]
             sorted_created = sorted(created_list, reverse=True)

openwisp_controller/pki/admin.py

@@ -14,9 +14,6 @@
 @admin.register(Ca)
 class CaAdmin(MultitenantAdminMixin, AbstractCaAdmin, VersionAdmin):
     history_latest_first = True
-    sensitive_fields = [
-        "private_key",
-    ]
 
 
 CaAdmin.fields.insert(2, "organization")
@@ -28,9 +25,6 @@ class CaAdmin(MultitenantAdminMixin, AbstractCaAdmin, VersionAdmin):
 @admin.register(Cert)
 class CertAdmin(MultitenantAdminMixin, AbstractCertAdmin, VersionAdmin):
     multitenant_shared_relations = ("ca",)
-    sensitive_fields = [
-        "private_key",
-    ]
     history_latest_first = True
 
 

openwisp_controller/pki/base/models.py

@@ -10,6 +10,8 @@
 
 
 class AbstractCa(ShareableOrgMixin, UnqiueCommonNameMixin, BaseCa):
+    sensitive_fields = ["private_key"]
+
     class Meta(BaseCa.Meta):
         abstract = True
         constraints = [
@@ -21,6 +23,8 @@ class Meta(BaseCa.Meta):
 
 
 class AbstractCert(ShareableOrgMixin, UnqiueCommonNameMixin, BaseCert):
+    sensitive_fields = ["private_key"]
+
     ca = models.ForeignKey(
         get_model_name("django_x509", "Ca"),
         verbose_name=_("CA"),

openwisp_controller/pki/migrations/0012_update_group_permissions.py

@@ -0,0 +1,14 @@
+from django.db import migrations
+
+from . import assign_permissions_to_groups
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ("pki", "0011_disallowed_blank_key_length_or_digest"),
+    ]
+    operations = [
+        migrations.RunPython(
+            assign_permissions_to_groups, reverse_code=migrations.RunPython.noop
+        )
+    ]

openwisp_controller/pki/migrations/__init__.py

@@ -6,7 +6,7 @@
 def assign_permissions_to_groups(apps, schema_editor):
     create_default_permissions(apps, schema_editor)
     operators_read_only_admins_manage = ["ca", "cert"]
-    manage_operations = ["add", "change", "delete"]
+    manage_operations = ["add", "change", "view", "delete"]
     Group = get_swapped_model(apps, "openwisp_users", "Group")
 
     try:

openwisp_controller/pki/tests/test_api.py

@@ -175,15 +175,22 @@ def test_org_admin_access_shared_ca(self):
             create_payload=create_payload,
             update_payload=update_payload,
             expected_count=1,
-            expected_status_codes={
-                "create": 400,
-                "list": 200,
-                "retrieve": 403,
-                "update": 403,
-                "delete": 403,
-                "head": 403,
-                "option": 200,
-            },
+        )
+
+    def test_ca_sensitive_fields_visibility(self):
+        """
+        Test that sensitive fields are hidden for shared objects for non-superusers.
+        """
+        org = self._get_org()
+        shared_ca = self._create_ca(organization=None)
+        org_ca = self._create_ca(organization=org)
+        self._test_sensitive_fields_visibility_on_shared_and_org_objects(
+            sensitive_fields=["private_key"],
+            shared_obj=shared_ca,
+            org_obj=org_ca,
+            listview_name="pki_api:ca_list",
+            detailview_name="pki_api:ca_detail",
+            organization=org,
         )
 
     def test_cert_post_api(self):
@@ -341,15 +348,6 @@ def test_org_admin_access_shared_cert(self):
             create_payload=create_payload,
             update_payload=update_payload,
             expected_count=1,
-            expected_status_codes={
-                "create": 400,
-                "list": 200,
-                "retrieve": 403,
-                "update": 403,
-                "delete": 403,
-                "head": 403,
-                "option": 200,
-            },
         )
 
     def test_org_admin_access_cert_with_shared_ca(self):
@@ -379,11 +377,28 @@ def test_org_admin_access_cert_with_shared_ca(self):
                 "retrieve": 200,
                 "update": 200,
                 "delete": 204,
-                "head": 403,
+                "head": 200,
                 "option": 200,
             },
         )
 
+    def test_cert_sensitive_fields_visibility(self):
+        """
+        Test that sensitive fields are hidden for shared objects for non-superusers.
+        """
+        org = self._get_org()
+        shared_ca = self._create_ca(organization=None)
+        shared_cert = self._create_cert(ca=shared_ca, organization=None)
+        org_cert = self._create_cert(ca=shared_ca, organization=org)
+        self._test_sensitive_fields_visibility_on_shared_and_org_objects(
+            sensitive_fields=["private_key"],
+            shared_obj=shared_cert,
+            org_obj=org_cert,
+            listview_name="pki_api:cert_list",
+            detailview_name="pki_api:cert_detail",
+            organization=org,
+        )
+
     @capture_any_output()
     def test_bearer_authentication(self):
         self.client.logout()