Uploaded image for project: 'Blesta Core'
  1. Blesta Core
  2. CORE-2584

SolusVM: Generate a password automatically for client root password changes

    Details

    • Type: New Feature
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 4.2.0
    • Fix Version/s: 4.3.0-b1
    • Component/s: Modules
    • Labels:
      None

      Description

      When managing a SolusVM service (admin or client), there is a tab to change the root password.

      1. Update the root password box to add a link/button to Generate Password
        • This Generate Password button will open a modal to allow a password to be generated, as described in CORE-552
        • The password should be alphanumeric, i.e. lower-case and upper-case A-Z characters, and 0-9 characters
        • The password length appears to support anywhere from 6 to 50 characters, but we'll go with a 25 character length
        • After generating the password using the modal, it should update both the Password field and Confirm Password field and be saved accordingly upon submission

      When managing a SolusVM service, clients can reset the root password. Clients may choose a password that is rejected by SolusVM's API, or one that is very weak.

      Change this option so that Blesta generates a new password automatically.

      Currently clients click the "Change Password" button, then enter the new password twice and click "Change Password" button below that form. Instead of the "New Root Password" and "Confirm Root Password" fields, generate a new password here and display it instead.

      New Root Password
      PASSW0RD-GENERATED-HERE (Large text, possibly in a well)

      Replace the second "Change Password" button with a check box that says:

      [x] I have saved the above password
      [ SAVE BUTTON ]

      The checkbox must be checked before the password can be updated.

      This will solve both of these problems. We can generate a secure password, one that will not be rejected by SolusVM's API.

      I don't think anything needs to change on the admin side, we may wish admins to be able to set a specific password.

        Issue Links

          Activity

          admin Paul Phillips created issue -
          Hide
          tyson Tyson Phillips (Inactive) added a comment -

          What are the SolusVM requirements for a root password? And why not make those requirements known when setting a new password and enforce them with rules?

          This functionality looks to replace the current manual-creation of a password, which is a useful and flexible feature, with just a random password generator that creates a password in some way that is currently undefined. What would the password requirements be? Is it necessary for a client to check the checkbox to acknowledge they have saved the password when they can just reset the password any time they want if they forget it anyway?

          A general password generator is described in CORE-552 that could be useful here too. An option to display the password next to the password field in plain-text could also be an option.

          Show
          tyson Tyson Phillips (Inactive) added a comment - What are the SolusVM requirements for a root password? And why not make those requirements known when setting a new password and enforce them with rules? This functionality looks to replace the current manual-creation of a password, which is a useful and flexible feature, with just a random password generator that creates a password in some way that is currently undefined. What would the password requirements be? Is it necessary for a client to check the checkbox to acknowledge they have saved the password when they can just reset the password any time they want if they forget it anyway? A general password generator is described in CORE-552 that could be useful here too. An option to display the password next to the password field in plain-text could also be an option.
          tyson Tyson Phillips (Inactive) made changes -
          Field Original Value New Value
          Rank Ranked higher
          Hide
          admin Paul Phillips added a comment -

          SolusVM doesn't like the $ symbol in passwords, it acts as if the password is changed but it's changed to some value other than the previous pass or the supplied pass. We should have a rule that allows some common, hopefully non-problematic special characters and a-zA-Z with a minimum length of either 8 or 10. We should test all of the special characters that are allowed to ensure they work as expected.

          It would be great if we could get the actual rules accepted by SolusVM but it's not in their docs and they do not respond.

          Show
          admin Paul Phillips added a comment - SolusVM doesn't like the $ symbol in passwords, it acts as if the password is changed but it's changed to some value other than the previous pass or the supplied pass. We should have a rule that allows some common, hopefully non-problematic special characters and a-zA-Z with a minimum length of either 8 or 10. We should test all of the special characters that are allowed to ensure they work as expected. It would be great if we could get the actual rules accepted by SolusVM but it's not in their docs and they do not respond.
          Hide
          tyson Tyson Phillips (Inactive) added a comment -

          If you use a password with $ in it and it doesn't work, try using the same password bet escape the $ with \$ and see if that works. If it does, they are probably using it in a string and failed to escape it, and that could lead to issues on their end. The double quote character and backslash (" or ) wouldn't work in the password either then.

          Show
          tyson Tyson Phillips (Inactive) added a comment - If you use a password with $ in it and it doesn't work, try using the same password bet escape the $ with \$ and see if that works. If it does, they are probably using it in a string and failed to escape it, and that could lead to issues on their end. The double quote character and backslash (" or ) wouldn't work in the password either then.
          Hide
          admin Paul Phillips added a comment -

          I did some testing on an older version of the SolusVM module I had linked up already with a Xen PV server, and this is the result when using the $ symbol, with or without a backslash in front of it \$. I also received the same response with the following characters:

          • "
          • '
          • @
          • #
          • %
          • ^
          • &
          • *
          • (
          • .

          And at this point I stopped testing. I think only alphanumeric characters are supported.

          Also, the minimum character length supported appears to be 6 and max of 50

          Blesta Client Area Feedback on Pass Change
          An internal error occurred, or the server did not respond to the request.

          SolusVM Module Log on Pass Change
          <status>error</status><statusmsg>Root password invalid</statusmsg>

          Show
          admin Paul Phillips added a comment - I did some testing on an older version of the SolusVM module I had linked up already with a Xen PV server, and this is the result when using the $ symbol, with or without a backslash in front of it \$. I also received the same response with the following characters: " ' @ # % ^ & * ( . And at this point I stopped testing. I think only alphanumeric characters are supported. Also, the minimum character length supported appears to be 6 and max of 50 Blesta Client Area Feedback on Pass Change An internal error occurred, or the server did not respond to the request. SolusVM Module Log on Pass Change <status>error</status><statusmsg>Root password invalid</statusmsg>
          tyson Tyson Phillips (Inactive) made changes -
          Link This issue is blocked by CORE-552 [ CORE-552 ]
          tyson Tyson Phillips (Inactive) made changes -
          Story Points 2
          tyson Tyson Phillips (Inactive) made changes -
          Sprint 4.3.0 Sprint 6 [ 56 ]
          tyson Tyson Phillips (Inactive) made changes -
          Description When managing a SolusVM service, clients can reset the root password. Clients may choose a password that is rejected by SolusVM's API, or one that is very weak.

          Change this option so that Blesta generates a new password automatically.

          Currently clients click the "Change Password" button, then enter the new password twice and click "Change Password" button below that form. Instead of the "New Root Password" and "Confirm Root Password" fields, generate a new password here and display it instead.

          *New Root Password*
          PASSW0RD-GENERATED-HERE (Large text, possibly in a well)

          Replace the second "Change Password" button with a check box that says:

          [x] I have saved the above password
          [ SAVE BUTTON ]

          The checkbox must be checked before the password can be updated.

          This will solve both of these problems. We can generate a secure password, one that will not be rejected by SolusVM's API.

          I don't think anything needs to change on the admin side, we may wish admins to be able to set a specific password.
          When managing a SolusVM service (admin or client), there is a tab to change the root password.
          # Update the root password box to add a link/button to _Generate Password_
          #* This _Generate Password_ button will open a modal to allow a password to be generated, as described in CORE-552
          #* The password should be alphanumeric, i.e. lower-case and upper-case A-Z characters, and 0-9 characters
          #* The password length appears to support anywhere from 6 to 50 characters, but we'll go with a 25 character length
          #* After generating the password using the modal, it should update both the _Password_ field and _Confirm Password_ field and be saved accordingly upon submission

          ----

          When managing a SolusVM service, clients can reset the root password. Clients may choose a password that is rejected by SolusVM's API, or one that is very weak.

          Change this option so that Blesta generates a new password automatically.

          Currently clients click the "Change Password" button, then enter the new password twice and click "Change Password" button below that form. Instead of the "New Root Password" and "Confirm Root Password" fields, generate a new password here and display it instead.

          *New Root Password*
          PASSW0RD-GENERATED-HERE (Large text, possibly in a well)

          Replace the second "Change Password" button with a check box that says:

          [x] I have saved the above password
          [ SAVE BUTTON ]

          The checkbox must be checked before the password can be updated.

          This will solve both of these problems. We can generate a secure password, one that will not be rejected by SolusVM's API.

          I don't think anything needs to change on the admin side, we may wish admins to be able to set a specific password.
          tyson Tyson Phillips (Inactive) made changes -
          Fix Version/s 4.3.0-b1 [ 11019 ]
          Fix Version/s 4.3.0 [ 11022 ]
          jonathan Jonathan Reissmueller made changes -
          Assignee Jonathan Reissmueller [ jonathan ]
          Automated transition triggered when Jonathan Reissmueller created a branch in Stash -
          Status Open [ 1 ] In Progress [ 3 ]
          Automated transition triggered when Jonathan Reissmueller created pull request #11 in Stash -
          Status In Progress [ 3 ] In Review [ 5 ]
          Resolution Fixed [ 1 ]
          jonathan Jonathan Reissmueller made changes -
          Remaining Estimate 0 minutes [ 0 ]
          Time Spent 22 minutes [ 1320 ]
          Worklog Id 10927 [ 10927 ]
          jonathan Jonathan Reissmueller made changes -
          Time Spent 22 minutes [ 1320 ] 52 minutes [ 3120 ]
          Worklog Id 10928 [ 10928 ]
          jonathan Jonathan Reissmueller made changes -
          Remaining Estimate 0 minutes [ 0 ] 30 minutes [ 1800 ]
          Time Spent 52 minutes [ 3120 ] 22 minutes [ 1320 ]
          Worklog Id 10928 [ 10928 ]
          Worklog Time Spent 30 minutes [ 1800 ]
          jonathan Jonathan Reissmueller made changes -
          Remaining Estimate 30 minutes [ 1800 ] 0 minutes [ 0 ]
          Time Spent 22 minutes [ 1320 ] 1 hour, 10 minutes [ 4200 ]
          Worklog Id 10948 [ 10948 ]
          tyson Tyson Phillips (Inactive) made changes -
          Sprint 4.3.0 Sprint 6 [ 56 ] 4.3.0 Sprint 6, 4.3.0 Sprint 7 [ 56, 57 ]
          tyson Tyson Phillips (Inactive) made changes -
          Rank Ranked higher
          jonathan Jonathan Reissmueller made changes -
          Time Spent 1 hour, 10 minutes [ 4200 ] 1 hour, 15 minutes [ 4500 ]
          Worklog Id 10972 [ 10972 ]
          jonathan Jonathan Reissmueller made changes -
          Time Spent 1 hour, 15 minutes [ 4500 ] 1 hour, 20 minutes [ 4800 ]
          Worklog Id 10972 [ 10972 ]
          tyson Tyson Phillips (Inactive) made changes -
          Sprint 4.3.0 Sprint 6, 4.3.0 Sprint 7 [ 56, 57 ] 4.3.0 Sprint 6, 4.3.0 Sprint 7, 4.3.0 Sprint 8 [ 56, 57, 58 ]
          tyson Tyson Phillips (Inactive) made changes -
          Rank Ranked higher
          jonathan Jonathan Reissmueller made changes -
          Time Spent 1 hour, 20 minutes [ 4800 ] 1 hour, 25 minutes [ 5100 ]
          Worklog Id 10991 [ 10991 ]
          Automated transition triggered when Tyson Phillips (Inactive) merged pull request #11 in Stash -
          Status In Review [ 5 ] Closed [ 6 ]

            People

            • Assignee:
              jonathan Jonathan Reissmueller
              Reporter:
              admin Paul Phillips
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Fix Release Date:
                15/Jun/18

                Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 1 hour, 25 minutes
                1h 25m

                  Agile