Project

General

Profile

Actions

Feature #281

closed

Password-protected SVN repositories...

Added by Chris Grant almost 18 years ago. Updated almost 18 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Resolution:

Description

It would be great to be able to access password-protected repositories. I'm not sure if this support is already present
but, if it is, I've not been able to find it.

Thanks,
Chris

Actions #1

Updated by Jean-Philippe Lang almost 18 years ago

The feature has just been committed in the repository.
Two properties were added to the repository: login and password.

Regards

Actions #2

Updated by Chris Grant almost 18 years ago

I've updated to the newest build, migrated the database and attempted
to use
this new feature. First, I added the login and password to the
already-
existing repository URL for the project but it did not update.
I disabled the
repository for the project which deleted it from the database.
After the entry
was removed from the database, I attempted to enable the repository,
providing a URL, login and password, but it threw an exception:

NoMethodError in ProjectsController#edit
undefined method `password=' for #<Repository:0x312ce58>

#{RAILS_ROOT}/app/controllers/projects_controller.rb:113:in
`edit'

Parameters: {"commit"=>"Save",
"repository"=>{"url"=>"http://
svn.domain.com/project",
"password"=>"somepass",
"login"=>"username"},
"project"=>{"name"=>"My Project",
"description"=>"Cool Project",
"homepage"=>"http://www.myproject.com/",
"is_public"=>"0"},
"id"=>"1",
"repository_enabled"=>"1"}

I hope you can make sense of this ... I see that you have the
idea of a
repository implemented in a few places and I'm sure you can nail
down this
problem faster than I can make sense of it all. ;)

Thanks for adding this functionality so quickly!

Actions #3

Updated by Chris Grant almost 18 years ago

Ok, I deleted the whole project and created a new one ... this
time, when adding
the SVN details (including login and password), the SVN credentials
were stored
and allow me to access SVN repository and details.

So, the problem seems to be limited to updating a current project
rather than
creating a new one.

Actions #4

Updated by Jean-Philippe Lang almost 18 years ago

I've updated a few projects and didn't have any problem.

I can't see why you got an undefined method `password='
for #<Repository:0x312ce58> error if the password field
was added in the database and your app was properly restarted,
since this method is automatically defined by AR.

Let me know if you experience this problem again.

Thanks.

Actions #5

Updated by Chris Grant almost 18 years ago

Yeah, after looking through the code, this matter is entirely
driven by AR. I was
sure to shutdown, update/migrate, clear session information and
then restart. I
don't know why it bombed but it's working now. Again, I appreciate
the quick
feature addition.

Actions #6

Updated by Chris Grant almost 18 years ago

One last request on this issue...

In the name of security, I'm going to look into how we can
store the password within the database differently. I
notice that the password is stored in clear-text within the
database. This is necessary because redMine needs to pass
it on to the repository.

First of all, even simply-encrypted would fair better than
leaving the password in clear-text. I'll look around to see
how other organizations are implementing encryption on
values that they'll need to know (not just simple hashing).

Also, another approach would be to have the SVN repository
password only stored for as long as needed (i.e. within the
session). This, too, would be encrypted and only asked for
once within a session. Personally, I feel that this is the
most secure way of handling this ... at least for my own
paranoid needs.

If anyone has any suggestions as to how they'd implement
this stuff, start up a forum post and we'll collaborate.

-Chris

Actions #7

Updated by Jean-Philippe Lang almost 18 years ago

I close this feature since it has been implemented.
If you have specific needs concerning password storage security,
you can open a new request.

Actions

Also available in: Atom PDF