HUE-8464 [core] Fix SAML encryption missing key file passphrase

Review Request #13215 - Created July 24, 2018 and submitted

Ying Chen
hue
master
HUE-8464
hue
enricoberti, jgauthier, johan, ranade, romain, weixia
commit 3057ee37ee951bcc24f640704ae725df0f59508a (HEAD -> master)
Author: Ben Gooley <bgooley@cloudera.com>
Date:   Tue Jul 24 15:07:43 2018 -0700

    HUE-8464 [core] Fix SAML encryption missing key file passphrase

:100644 100644 638b27b1ac... 951af83a03... M    desktop/core/ext-py/pysaml2-4.4.0/src/saml2/sigver.py
:100644 100644 d3720d63bf... 38bc50f640... M    desktop/libs/libsaml/src/libsaml/saml_settings.py


  • 0
  • 0
  • 3
  • 0
  • 3
Description From Last Updated
  1. Very nice!

    One nit

  2. Ben, do you think we still need these two lines?

    1. I think we can leave those lines so that both the decrypt() calls have a password. I think we can just remove the original password set on lines 1540-1541 as they are redundant after the changes. I am not sure how do that, so I could use a hand

  3. 
      
  1. 
      
    1. And BTW, might be worth checking on pysaml2 upstream https://github.com/IdentityPython/pysaml2 and send a PR with the change there if we need?
      (as we need to upgrade the lib to 4.5 soon )

  2. Isn't doing the opposite and keeping line 1504 cleaner?

    (or you are worried that we call decrypt() somewhere without passing the passphrase parameter)

    In any case, +1

    1. https://github.com/cloudera/hue/blob/master/desktop/core/ext-py/pysaml2-4.4.0/src/saml2/response.py#L633
      https://github.com/cloudera/hue/blob/master/desktop/core/ext-py/pysaml2-4.4.0/src/saml2/response.py#L637
      https://github.com/cloudera/hue/blob/master/desktop/core/ext-py/pysaml2-4.4.0/src/saml2/response.py#L763

  3. 
      
  1. And send a pull request to https://github.com/IdentityPython/pysaml2 ?

    1. We add lots of changes for Hue, and won't easily fit upstream.
      https://github.com/cloudera/hue/commit/b5899021a22412005e5c6266a06a003fc3564875#diff-dc6ea8e287764d98f51fb1b4b0c22f1f

  2. 
      
Review request changed

Status: Closed (submitted)

Loading...