glacier_on_rails 0.9.8 → 0.9.9

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: b663ef1d32ca91a3813ec747b10297b6ad713240
-  data.tar.gz: 40c52e020cf6741caa066d41a72e3059cdd1384a
+  metadata.gz: e064638350da90807ab8f7c14b788295bbdba127
+  data.tar.gz: 409fb6e65fd668c57265f8040f231e30a3c8f1a4
 SHA512:
-  metadata.gz: 35cd5d1563d57c18dc89c640beda61d4201574542a364ec2767fd32bd82e81bee9949a5dc9c281a62759595373d830ce3cc853a0ac5c24bca480df17480284b5
-  data.tar.gz: f3e56ed01834251f6f71ae72df8472d83d6b7a6d4ad67e8fab8a88fdb069ff3e5b3539ea64abc639e2d15516756f4d198a0b1c4e8285e8ecf9dd51a13859aba8
+  metadata.gz: f38b8ea5ed087142468409256cad1d3a448ce036a6a8950c4593ebc2a70533c18f12a06733b3b1fd69f487d31e96d06953f1f7412b01ac29d4db8fd1c41047f2
+  data.tar.gz: 3618d038b088fdfb83bf6ea31fab36647bc4e96a8c5efac6836f167dc7c03578a77169a85ca9802c63becf8bcb1659b08a0ee7fb0a5ba14e8fa1a8606da397be

data/Gemfile.lock

@@ -57,7 +57,7 @@ GIT
 PATH
   remote: .
   specs:
-    glacier_on_rails (0.9.8)
+    glacier_on_rails (0.9.9)
       httparty (~> 0.15.5)
       rails (~> 5.1)
 

data/Rakefile

@@ -1,4 +1,5 @@
 require "rspec/core/rake_task"
+require "bundler/gem_tasks"
 
 RSpec::Core::RakeTask.new(:spec)
 

data/app/models/application_database/postgres_adapter.rb

@@ -9,6 +9,13 @@ class ApplicationDatabase::PostgresAdapter < ApplicationDatabase::BaseAdapter
       super(message)
     end
   end
+  class PgPassFilePermissionsError < StandardError
+    def initialize
+      message = "password file #{File.expand_path("~/.pgpass")} has group or world access; permissions should be u=rw (0600)"
+      AwsLog.error "ApplicationDatabase::PostgresAdapter::PgPassFilePermissionsError exception: #{message}"
+      super(message)
+    end
+  end
 
   RestoreExclusions = %w{ application_data_backups
                           glacier_archives
@@ -17,7 +24,11 @@ class ApplicationDatabase::PostgresAdapter < ApplicationDatabase::BaseAdapter
   RestoreList = GlacierArchive::BackupFileDir.join('restore.list')
 
   def contents
-    raise PgPassFileMissing if db_config["password"].present? && !File.exists?(File.expand_path("~/.pgpass"))
+    if db_config["password"].present?
+      password_file = File.expand_path("~/.pgpass")
+      raise PgPassFileMissing unless File.exists?(password_file)
+      raise PgPassFilePermissionsError unless sprintf("%o", File.stat(password_file).mode) =~ /600$/
+    end
     `#{pg_dump} -w -Fc -U #{db_config['username']} #{db_config['database']}`
   end
 

data/app/models/glacier_db_archive.rb

@@ -11,6 +11,8 @@ class GlacierDbArchive < GlacierArchive
 
   def archive_contents
     ApplicationDatabase.new.contents
+  rescue ApplicationDatabase::PostgresAdapter::PgPassFilePermissionsError
+    nil
   rescue ApplicationDatabase::PostgresAdapter::PgPassFileMissing
     nil
   rescue ApplicationDatabase::MissingConfigurationKeys

data/glacier_on_rails.gemspec

@@ -3,11 +3,11 @@
 
 Gem::Specification.new do |s|
   s.name = "glacier_on_rails"
-  s.version = "0.9.8"
+  s.version = "0.9.9"
 
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
   s.authors = ["Les Nightingill"]
-  s.date = "2017-07-12"
+  s.date = "2017-07-13"
   s.description = "Rails engine for database backup/restore to/from Amazon Glacier, including file attachments."
   s.email = ["codehacker@comcast.net"]
   s.files = Dir.glob("{{app,config,db,lib,script,spec}/**/*,*}").reject{|f| f =~ /(cache|\.log|\.gem$)/}

data/spec/features/application_data_backup_spec.rb

@@ -195,4 +195,27 @@ feature "backup_now", :js => true do
       expect(aws_log).to match /ApplicationDatabase::PostgresAdapter::PgPassFileMissing exception: #{File.expand_path("~/.pgpass")} file not found, cannot dump database contents/
     end
   end
+
+  context "when database password file has incorrect permissions" do
+    before do
+      @config = ActiveRecord::Base.configurations[Rails.env].dup
+      ActiveRecord::Base.configurations[Rails.env].merge!({"password" => "sekret"})
+      allow(File).to receive(:exists?)
+      allow(File).to receive(:exists?).with(File.expand_path("~/.pgpass")).and_return(true)
+      status = Struct.new(:mode).new(33204) # octal: 100664
+      allow(File).to receive(:stat)
+      allow(File).to receive(:stat).with(File.expand_path("~/.pgpass")).and_return(status)
+    end
+
+    after do
+      ActiveRecord::Base.configurations[Rails.env] = @config
+    end
+
+    it "should not create a new application_data_backup" do
+      expect{page.find('#backup_now').click; wait_for_ajax}.not_to change{ApplicationDataBackup.count}
+      expect(page).not_to have_selector("#application_data_backups .application_data_backup")
+      expect(flash_message).to eq "failed to create backup"
+      expect(aws_log).to match /#{Regexp.escape ApplicationDatabase::PostgresAdapter::PgPassFilePermissionsError.new.message}/
+    end
+  end
 end

data/spec/models/postgres_adapter_spec.rb

@@ -13,7 +13,7 @@ describe "PostgresAdapter#contents dependence on password file ~/.pgpass" do
     before do
       ActiveRecord::Base.configurations[Rails.env].merge!({"password" => nil })
       allow(File).to receive(:exists?)
-      allow(File).to receive(:exists?).with("~/.pgpass").and_return(false)
+      allow(File).to receive(:exists?).with(File.expand_path("~/.pgpass")).and_return(false)
     end
 
     it "should not raise an exception" do
@@ -25,7 +25,7 @@ describe "PostgresAdapter#contents dependence on password file ~/.pgpass" do
     before do
       ActiveRecord::Base.configurations[Rails.env].merge!({"password" => "sekret"})
       allow(File).to receive(:exists?)
-      allow(File).to receive(:exists?).with("~/.pgpass").and_return(false)
+      allow(File).to receive(:exists?).with(File.expand_path("~/.pgpass")).and_return(false)
     end
 
     it "should raise an exception" do
@@ -38,12 +38,31 @@ describe "PostgresAdapter#contents dependence on password file ~/.pgpass" do
       ActiveRecord::Base.configurations[Rails.env].merge!({"password" => "sekret"})
       allow(File).to receive(:exists?)
       allow(File).to receive(:exists?).with(File.expand_path("~/.pgpass")).and_return(true)
+      status = Struct.new(:mode).new(33152) # octal: 100600
+      allow(File).to receive(:stat)
+      allow(File).to receive(:stat).with(File.expand_path("~/.pgpass")).and_return(status)
     end
 
     it "should not raise an exception" do
       expect{ ApplicationDatabase.new.contents }.not_to raise_exception
     end
   end
+
+  context "pgpass file has incorrect permissions" do
+    before do
+      ActiveRecord::Base.configurations[Rails.env].merge!({"password" => "sekret"})
+      allow(File).to receive(:exists?)
+      allow(File).to receive(:exists?).with(File.expand_path("~/.pgpass")).and_return(true)
+      status = Struct.new(:mode).new(33204) # octal: 100664
+      allow(File).to receive(:stat)
+      allow(File).to receive(:stat).with(File.expand_path("~/.pgpass")).and_return(status)
+    end
+
+    it "should raise an exception" do
+      expect{ ApplicationDatabase.new.contents }.to raise_exception ApplicationDatabase::PostgresAdapter::PgPassFilePermissionsError
+    end
+  end
+
 end
 
 describe "PostgresAdapter#create_object_restoral_list_omitting_exclusions" do

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: glacier_on_rails
 version: !ruby/object:Gem::Version
-  version: 0.9.8
+  version: 0.9.9
 platform: ruby
 authors:
 - Les Nightingill
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-07-12 00:00:00.000000000 Z
+date: 2017-07-13 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails