1
0
mirror of https://github.com/mail-in-a-box/mailinabox.git synced 2024-11-22 02:17:26 +00:00

S3 credentials for backup should not be displayed in the control panel, fixes #529

This commit is contained in:
Joshua Tauberer 2015-08-28 11:37:04 +00:00
parent ef1779ba80
commit 2b1f7da654
2 changed files with 9 additions and 2 deletions

View File

@ -386,7 +386,7 @@ def backup_set_custom(env, target, target_user, target_pass, min_age):
return "Updated backup config" return "Updated backup config"
def get_backup_config(env, for_save=False): def get_backup_config(env, for_save=False, for_ui=False):
backup_root = os.path.join(env["STORAGE_ROOT"], 'backup') backup_root = os.path.join(env["STORAGE_ROOT"], 'backup')
# Defaults. # Defaults.
@ -407,6 +407,13 @@ def get_backup_config(env, for_save=False):
if for_save: if for_save:
return config return config
# When passing this back to the admin to show the current settings, do not include
# authentication details. The user will have to re-enter it.
if for_ui:
for field in ("target_user", "target_pass"):
if field in config:
del config[field]
# helper fields for the admin # helper fields for the admin
config["file_target_directory"] = os.path.join(backup_root, 'encrypted') config["file_target_directory"] = os.path.join(backup_root, 'encrypted')
config["enc_pw_file"] = os.path.join(backup_root, 'secret_key.txt') config["enc_pw_file"] = os.path.join(backup_root, 'secret_key.txt')

View File

@ -413,7 +413,7 @@ def backup_status():
@authorized_personnel_only @authorized_personnel_only
def backup_get_custom(): def backup_get_custom():
from backup import get_backup_config from backup import get_backup_config
return json_response(get_backup_config(env)) return json_response(get_backup_config(env, for_ui=True))
@app.route('/system/backup/config', methods=["POST"]) @app.route('/system/backup/config', methods=["POST"])
@authorized_personnel_only @authorized_personnel_only