From 846484a2cbbdc582778a86a70c135273b3ddafb7 Mon Sep 17 00:00:00 2001 From: Sebastian Helzle Date: Sat, 21 Jun 2025 11:18:52 +0200 Subject: [PATCH 1/4] TASK: Move Login Fusion code into subfolder --- .../Fusion/Backend/{Views => Login}/Login.fusion | 7 +++++++ .../Resources/Private/Fusion/Backend/Root.fusion | 11 +++-------- 2 files changed, 10 insertions(+), 8 deletions(-) rename Neos.Neos/Resources/Private/Fusion/Backend/{Views => Login}/Login.fusion (97%) diff --git a/Neos.Neos/Resources/Private/Fusion/Backend/Views/Login.fusion b/Neos.Neos/Resources/Private/Fusion/Backend/Login/Login.fusion similarity index 97% rename from Neos.Neos/Resources/Private/Fusion/Backend/Views/Login.fusion rename to Neos.Neos/Resources/Private/Fusion/Backend/Login/Login.fusion index 26702972c48..3cf1947feb8 100644 --- a/Neos.Neos/Resources/Private/Fusion/Backend/Views/Login.fusion +++ b/Neos.Neos/Resources/Private/Fusion/Backend/Login/Login.fusion @@ -146,3 +146,10 @@ prototype(Neos.Neos:Component.Login.Form) < prototype(Neos.Fusion:Component) { ` } + +Neos.Neos.LoginController.index = Neos.Neos:View.Login { + site = ${site} + styles = ${styles} + username = ${username} + flashMessages = ${flashMessages} +} diff --git a/Neos.Neos/Resources/Private/Fusion/Backend/Root.fusion b/Neos.Neos/Resources/Private/Fusion/Backend/Root.fusion index 71b34e6ed02..3f0c37c2027 100644 --- a/Neos.Neos/Resources/Private/Fusion/Backend/Root.fusion +++ b/Neos.Neos/Resources/Private/Fusion/Backend/Root.fusion @@ -1,11 +1,6 @@ include: resource://Neos.Fusion/Private/Fusion/Root.fusion include: resource://Neos.Fusion.Form/Private/Fusion/Root.fusion include: resource://Neos.Neos/Private/Fusion/SharedCoreComponents/* -include: Views/*.fusion - -Neos.Neos.LoginController.index = Neos.Neos:View.Login { - site = ${site} - styles = ${styles} - username = ${username} - flashMessages = ${flashMessages} -} +include: resource://Neos.Neos/Private/Fusion/* +include: resource://Neos.Workspace.Ui/Private/Fusion/* +include: **/* From f68d8d80ab0f3dab9c55dc23a3a537f303ef4e42 Mon Sep 17 00:00:00 2001 From: Felix Gradinaru Date: Sat, 21 Jun 2025 10:59:41 +0200 Subject: [PATCH 2/4] FEATURE: Configurable settings paths with secrets can be scrubbed --- .../Administration/ConfigurationController.php | 18 +++++++++++++++++- Neos.Neos/Configuration/Settings.yaml | 7 +++++++ 2 files changed, 24 insertions(+), 1 deletion(-) diff --git a/Neos.Neos/Classes/Controller/Module/Administration/ConfigurationController.php b/Neos.Neos/Classes/Controller/Module/Administration/ConfigurationController.php index d530ccdc1df..b8c71807a70 100644 --- a/Neos.Neos/Classes/Controller/Module/Administration/ConfigurationController.php +++ b/Neos.Neos/Classes/Controller/Module/Administration/ConfigurationController.php @@ -19,6 +19,7 @@ use Neos\Flow\Configuration\ConfigurationSchemaValidator; use Neos\Flow\Configuration\Exception\SchemaValidationException; use Neos\Neos\Controller\Module\ModuleTranslationTrait; +use Neos\Utility\Arrays; use Neos\Utility\SchemaGenerator; use Neos\Neos\Controller\Module\AbstractModuleController; use Neos\Error\Messages\Message; @@ -61,7 +62,10 @@ public function indexAction($type = 'Settings') ]); if (in_array($type, $availableConfigurationTypes)) { - $this->view->assign('configuration', $this->configurationManager->getConfiguration($type)); + $this->view->assign('configuration', self::scrubConfiguredSecrets( + $this->configurationManager->getConfiguration($type), + $this->moduleConfiguration['settings']['configurationPathsWithSecrets'][$type] ?? [] + )); try { $this->view->assign('validationResult', $this->configurationSchemaValidator->validate($type)); @@ -84,4 +88,16 @@ public function indexAction($type = 'Settings') ); } } + + public static function scrubConfiguredSecrets(array $configuration, array $pathsToBeScrubbed): array + { + $scrubbedConfiguration = $configuration; + foreach ($pathsToBeScrubbed as $path) { + $doesPathExistInConfiguration = Arrays::getValueByPath($scrubbedConfiguration, $path) !== null; + if ($doesPathExistInConfiguration) { + $scrubbedConfiguration = Arrays::setValueByPath($scrubbedConfiguration, $path, '***'); + } + } + return $scrubbedConfiguration; + } } diff --git a/Neos.Neos/Configuration/Settings.yaml b/Neos.Neos/Configuration/Settings.yaml index f58bca74c5a..313878f1ac2 100755 --- a/Neos.Neos/Configuration/Settings.yaml +++ b/Neos.Neos/Configuration/Settings.yaml @@ -379,6 +379,13 @@ Neos: description: 'Neos.Neos:Modules:configuration.description' icon: fas fa-list-alt mainStylesheet: 'Lite' + settings: + # + # Here you can define paths by configuration type that contain secrets and should be scrubbed before displaying + # + configurationPathsWithSecrets: + Settings: + - Neos.Flow.persistence.backendOptions.password dimensions: label: 'Neos.Neos:Modules:dimensions.label' controller: 'Neos\Neos\Controller\Module\Administration\DimensionController' From 847dba320bcd4dab6da5bbe4777f2fe41cc8ceb5 Mon Sep 17 00:00:00 2001 From: Felix Gradinaru Date: Sat, 21 Jun 2025 11:42:22 +0200 Subject: [PATCH 3/4] FEATURE: Configurable settings paths with secrets can be scrubbed #2 --- .../ConfigurationController.php | 27 +++++++++++++++---- Neos.Neos/Configuration/Settings.yaml | 15 +++++++++-- 2 files changed, 35 insertions(+), 7 deletions(-) diff --git a/Neos.Neos/Classes/Controller/Module/Administration/ConfigurationController.php b/Neos.Neos/Classes/Controller/Module/Administration/ConfigurationController.php index b8c71807a70..4ce37b62a3a 100644 --- a/Neos.Neos/Classes/Controller/Module/Administration/ConfigurationController.php +++ b/Neos.Neos/Classes/Controller/Module/Administration/ConfigurationController.php @@ -64,6 +64,7 @@ public function indexAction($type = 'Settings') if (in_array($type, $availableConfigurationTypes)) { $this->view->assign('configuration', self::scrubConfiguredSecrets( $this->configurationManager->getConfiguration($type), + $this->moduleConfiguration['settings']['automaticSecretScrubbingPattern'] ?? null, $this->moduleConfiguration['settings']['configurationPathsWithSecrets'][$type] ?? [] )); @@ -89,15 +90,31 @@ public function indexAction($type = 'Settings') } } - public static function scrubConfiguredSecrets(array $configuration, array $pathsToBeScrubbed): array + public static function scrubConfiguredSecrets(array $configuration, ?string $automaticSecretScrubbingPattern, array $pathsToBeScrubbed, string $currentPathPrefix = ''): array { $scrubbedConfiguration = $configuration; - foreach ($pathsToBeScrubbed as $path) { - $doesPathExistInConfiguration = Arrays::getValueByPath($scrubbedConfiguration, $path) !== null; - if ($doesPathExistInConfiguration) { - $scrubbedConfiguration = Arrays::setValueByPath($scrubbedConfiguration, $path, '***'); + foreach ($scrubbedConfiguration as $key => $value) { + $path = $currentPathPrefix . $key; + if (is_array($value)) { + $scrubbedConfiguration[$key] = self::scrubConfiguredSecrets($value, $automaticSecretScrubbingPattern, $pathsToBeScrubbed, $path . '.'); + continue; + } + + if (in_array($path, $pathsToBeScrubbed, true)) { + // If the path is in the list of paths to be scrubbed, replace the value with '***' + $scrubbedConfiguration[$key] = '***'; + continue; + } + + if ($automaticSecretScrubbingPattern && preg_match( + $automaticSecretScrubbingPattern, + (string)$key + )) { + // If the path matches the automatic secret scrubbing pattern, replace the value with '***' + $scrubbedConfiguration[$key] = '***'; } } + return $scrubbedConfiguration; } } diff --git a/Neos.Neos/Configuration/Settings.yaml b/Neos.Neos/Configuration/Settings.yaml index 313878f1ac2..eab7c0b8c5c 100755 --- a/Neos.Neos/Configuration/Settings.yaml +++ b/Neos.Neos/Configuration/Settings.yaml @@ -381,11 +381,22 @@ Neos: mainStylesheet: 'Lite' settings: # - # Here you can define paths by configuration type that contain secrets and should be scrubbed before displaying + # This pattern is matched against the last part of a configuration path + # e.g. '/^(password|secret)$/' will lead to any path with the last part containing 'password' or 'secret' + # being scrubbed before displaying in the backend. + # + automaticSecretScrubbingPattern: '/^(password|secret)$/' + # + # Here you can additionally define explicit paths by configuration type + # that contain secrets and should be scrubbed before displaying + # e.g.: + # configurationPathsWithSecrets: + # Settings: + # - Neos.Flow.persistence.backendOptions.dbname # configurationPathsWithSecrets: Settings: - - Neos.Flow.persistence.backendOptions.password + - Neos.Flow.persistence.backendOptions.dbname dimensions: label: 'Neos.Neos:Modules:dimensions.label' controller: 'Neos\Neos\Controller\Module\Administration\DimensionController' From 5e2a82d41e87421bb0ea3afb187c74eb4d41f528 Mon Sep 17 00:00:00 2001 From: Felix Gradinaru Date: Sat, 21 Jun 2025 13:08:48 +0200 Subject: [PATCH 4/4] Fix typo --- .../Module/Administration/ConfigurationController.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Neos.Neos/Classes/Controller/Module/Administration/ConfigurationController.php b/Neos.Neos/Classes/Controller/Module/Administration/ConfigurationController.php index 4ce37b62a3a..7142fb06de1 100644 --- a/Neos.Neos/Classes/Controller/Module/Administration/ConfigurationController.php +++ b/Neos.Neos/Classes/Controller/Module/Administration/ConfigurationController.php @@ -110,7 +110,7 @@ public static function scrubConfiguredSecrets(array $configuration, ?string $aut $automaticSecretScrubbingPattern, (string)$key )) { - // If the path matches the automatic secret scrubbing pattern, replace the value with '***' + // If the key matches the automatic secret scrubbing pattern, replace the value with '***' $scrubbedConfiguration[$key] = '***'; } }