Merge pull request #2808 from RedisInsight/feature/RI-5190_hide_sentinel_password

#RI-5190 - hide sentinel password

Author: vlad-dargel

redisinsight/api/src/modules/database/dto/database.response.ts

@@ -1,10 +1,11 @@
 import { ApiPropertyOptional, OmitType } from '@nestjs/swagger';
 import { Database } from 'src/modules/database/models/database';
-import { SshOptionsResponse } from 'src/modules/ssh/dto/ssh-options.response.';
+import { SshOptionsResponse } from 'src/modules/ssh/dto/ssh-options.response';
+import { SentinelMasterResponse } from 'src/modules/redis-sentinel/dto/sentinel.master.response.dto';
 import { Expose, Type } from 'class-transformer';
 import { HiddenField } from 'src/common/decorators/hidden-field.decorator';
 
-export class DatabaseResponse extends OmitType(Database, ['password', 'sshOptions'] as const) {
+export class DatabaseResponse extends OmitType(Database, ['password', 'sshOptions', 'sentinelMaster'] as const) {
   @ApiPropertyOptional({
     description: 'The database password flag (true if password was set)',
     type: Boolean,
@@ -20,4 +21,12 @@ export class DatabaseResponse extends OmitType(Database, ['password', 'sshOption
   @Expose()
   @Type(() => SshOptionsResponse)
   sshOptions?: SshOptionsResponse;
+
+  @ApiPropertyOptional({
+    description: 'Sentinel master',
+    type: SentinelMasterResponse,
+  })
+  @Expose()
+  @Type(() => SentinelMasterResponse)
+  sentinelMaster?: SentinelMasterResponse;
 }

redisinsight/api/src/modules/database/dto/update.database.dto.ts

@@ -6,10 +6,11 @@ import {
   IsInt, IsNotEmpty, IsNotEmptyObject, IsOptional, Max, Min, ValidateNested, ValidateIf, IsString, MaxLength,
 } from 'class-validator';
 import { UpdateSshOptionsDto } from 'src/modules/ssh/dto/update.ssh-options.dto';
+import { UpdateSentinelMasterDto } from 'src/modules/redis-sentinel/dto/update.sentinel.master.dto';
 import { CreateDatabaseDto } from 'src/modules/database/dto/create.database.dto';
 
 export class UpdateDatabaseDto extends PartialType(OmitType(CreateDatabaseDto, [
-  'sshOptions', 'timeout',
+  'sshOptions', 'timeout', 'sentinelMaster',
 ] as const)) {
   @ValidateIf((object, value) => value !== undefined)
   @IsString({ always: true })
@@ -45,4 +46,14 @@ export class UpdateDatabaseDto extends PartialType(OmitType(CreateDatabaseDto, [
   @Max(1_000_000_000)
   @IsInt({ always: true })
   timeout?: number;
+
+  @ApiPropertyOptional({
+    description: 'Updated sentinel master fields',
+  })
+  @Expose()
+  @IsOptional()
+  @IsNotEmptyObject()
+  @Type(() => UpdateSentinelMasterDto)
+  @ValidateNested()
+  sentinelMaster?: UpdateSentinelMasterDto;
 }

redisinsight/api/src/modules/redis-sentinel/dto/sentinel.master.response.dto.ts

@@ -0,0 +1,16 @@
+import { ApiPropertyOptional, OmitType } from '@nestjs/swagger';
+import { SentinelMaster } from 'src/modules/redis-sentinel/models/sentinel-master';
+import { Expose } from 'class-transformer';
+import { HiddenField } from 'src/common/decorators/hidden-field.decorator';
+
+export class SentinelMasterResponse extends OmitType(SentinelMaster, ['password'] as const) {
+  @ApiPropertyOptional({
+    description:
+    'The password for your Redis Sentinel master. '
+      + 'If your master doesn’t require a password, leave this field empty.',
+    type: Boolean,
+  })
+  @Expose()
+  @HiddenField(true)
+  password?: boolean;
+}

redisinsight/api/src/modules/redis-sentinel/dto/update.sentinel.master.dto.ts

@@ -0,0 +1,4 @@
+import { PickType } from '@nestjs/swagger';
+import { SentinelMaster } from 'src/modules/redis-sentinel/models/sentinel-master';
+
+export class UpdateSentinelMasterDto extends PickType(SentinelMaster, ['username', 'password'] as const) {}

redisinsight/api/src/modules/ssh/dto/ssh-options.response..ts renamed to redisinsight/api/src/modules/ssh/dto/ssh-options.response.ts

@@ -920,4 +920,47 @@ describe(`PATCH /databases/:id`, () => {
       });
     });
   });
+
+  describe('SENTINEL', () => {
+    describe('PASS', function () {
+      requirements('rte.type=SENTINEL', '!rte.tls', 'rte.pass');
+      it('Should update database without full sentinel master information', async () => {
+        const dbName = constants.getRandomString();
+
+        expect(await localDb.getInstanceByName(dbName)).to.eql(null);
+
+        await validateApiCall({
+          endpoint,
+          data: {
+            name: dbName,
+            sentinelMaster: {
+              password: constants.TEST_SENTINEL_MASTER_PASS || null,
+            },
+          },
+        });
+
+        expect(await localDb.getInstanceByName(dbName)).to.be.an('object');
+      });
+
+      it('Should throw Unauthorized error', async () => {
+        const dbName = constants.getRandomString();
+
+        await validateApiCall({
+          endpoint,
+          statusCode: 401,
+          data: {
+            name: dbName,
+            sentinelMaster: {
+              password: 'incorrect password'
+            },
+          },
+          responseBody: {
+            statusCode: 401,
+            message: 'Failed to authenticate, please check the username or password.',
+            error: 'Unauthorized'
+          },
+        });
+      });
+    });
+  });
 });

redisinsight/api/test/api/database/PATCH-databases-id.test.ts

@@ -563,4 +563,42 @@ describe(`POST /databases/test/:id`, () => {
       });
     });
   });
+  describe('SENTINEL', () => {
+    describe('PASS', function () {
+      requirements('rte.type=SENTINEL', '!rte.tls', 'rte.pass');
+      it('Should test connection without full sentinel master information', async () => {
+        const dbName = constants.getRandomString();
+
+        await validateApiCall({
+          endpoint,
+          data: {
+            name: dbName,
+            sentinelMaster: {
+              password: constants.TEST_SENTINEL_MASTER_PASS || null,
+            },
+          },
+        });
+      });
+
+      it('Should throw Unauthorized error', async () => {
+        const dbName = constants.getRandomString();
+
+        await validateApiCall({
+          endpoint,
+          statusCode: 401,
+          data: {
+            name: dbName,
+            sentinelMaster: {
+              password: 'incorrect password'
+            },
+          },
+          responseBody: {
+            statusCode: 401,
+            message: 'Failed to authenticate, please check the username or password.',
+            error: 'Unauthorized'
+          },
+        });
+      });
+    });
+  });
 });

redisinsight/api/test/api/database/POST-databases-test-id.test.ts

@@ -24,7 +24,7 @@ export const databaseSchema = Joi.object().keys({
   sentinelMaster: Joi.object({
     name: Joi.string().required(),
     username: Joi.string().allow(null),
-    password: Joi.string().allow(null),
+    password: Joi.boolean().allow(null),
   }).allow(null),
   nodes: Joi.array().items({
     host: Joi.string().required(),

redisinsight/api/test/api/database/constants.ts

@@ -23,7 +23,7 @@ import {
   validatePortNumber,
   validateTimeoutNumber,
 } from 'uiSrc/utils'
-import { DbConnectionInfo, IPasswordType } from 'uiSrc/pages/home/interfaces'
+import { DbConnectionInfo } from 'uiSrc/pages/home/interfaces'
 
 interface IShowFields {
   alias: boolean
@@ -39,7 +39,6 @@ export interface Props {
   onHostNamePaste: (content: string) => boolean
   showFields: IShowFields
   autoFocus?: boolean
-  passwordType?: IPasswordType
 }
 
 const DatabaseForm = (props: Props) => {
@@ -50,7 +49,6 @@ const DatabaseForm = (props: Props) => {
     onHostNamePaste,
     autoFocus = false,
     showFields,
-    passwordType = IPasswordType.Password,
   } = props
 
   const { server } = useSelector(appInfoSelector)
@@ -185,7 +183,7 @@ const DatabaseForm = (props: Props) => {
         <EuiFlexItem className={flexItemClassName}>
           <EuiFormRow label="Password">
             <EuiFieldPassword
-              type={passwordType}
+              type="password"
               name="password"
               id="password"
               data-testid="password"

redisinsight/ui/src/pages/home/components/form/DatabaseForm.tsx

@@ -11,7 +11,9 @@ import {
 import { FormikProps } from 'formik'
 
 import { Nullable } from 'uiSrc/utils'
+import { SECURITY_FIELD } from 'uiSrc/constants'
 import { DbConnectionInfo } from 'uiSrc/pages/home/interfaces'
+
 import styles from '../../styles.module.scss'
 
 export interface Props {
@@ -53,16 +55,24 @@ const SentinelMasterDatabase = (props: Props) => {
         <EuiFlexItem className={flexItemClassName}>
           <EuiFormRow label="Password">
             <EuiFieldPassword
-              type="dual"
+              type="password"
               name="sentinelMasterPassword"
               id="sentinelMasterPassword"
               data-testid="sentinel-master-password"
               fullWidth
               className="passwordField"
               maxLength={200}
               placeholder="Enter Password"
-              value={formik.values.sentinelMasterPassword ?? ''}
+              value={formik.values.sentinelMasterPassword === true ? SECURITY_FIELD : formik.values.sentinelMasterPassword ?? ''}
               onChange={formik.handleChange}
+              onFocus={() => {
+                if (formik.values.sentinelMasterPassword === true) {
+                  formik.setFieldValue(
+                    'sentinelMasterPassword',
+                    '',
+                  )
+                }
+              }}
               dualToggleProps={{ color: 'text' }}
               autoComplete="new-password"
             />