Minor fixes for opensearch to work with >=2.12.0

Shuffle · Mar 21, 2024 · 593ace3 · 593ace3
1 parent f77d4cd
commit 593ace3
Show file tree

Hide file tree

Showing 4 changed files with 17 additions and 7 deletions.
diff --git a/app_upload/stitcher.go b/app_upload/stitcher.go
@@ -844,8 +844,8 @@ func main() {
 		bucketName = os.Args[5]
 	}
 
-	appname := "shuffle-tools"
-	appversion := "1.2.0"
+	appname := "email"
+	appversion := "1.3.0"
 	err := deployConfigToBackend(appfolder, appname, appversion)
 	if err != nil {
 		log.Printf("[WARNING] Failed uploading config: %s", err)

diff --git a/db-connector.go b/db-connector.go
@@ -10019,7 +10019,9 @@ func GetEsConfig() *opensearch.Client {
 
 	password := os.Getenv("SHUFFLE_OPENSEARCH_PASSWORD")
 	if len(password) == 0 {
-		password = "admin"
+		// New password that is set by default. 
+		// Security Audit points to changing this during onboarding.
+		password = "StrongShufflePassword321!"
 	}
 
 	log.Printf("[DEBUG] Using custom opensearch url '%s'", esUrl)

diff --git a/go.sum b/go.sum
@@ -105,8 +105,6 @@ github.com/envoyproxy/go-control-plane v0.9.7/go.mod h1:cwu0lG7PUMfa9snN8LXBig5y
 github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
 github.com/frikky/kin-openapi v0.41.0 h1:oMmjo+ekGS971lb3KLeZZOqRDZOwWi3+g/OiSWP08+s=
 github.com/frikky/kin-openapi v0.41.0/go.mod h1:ev9OZAw7Bv5p0w93j91++6a1ElPzGcCofst+kmrWsj4=
-github.com/frikky/schemaless v0.0.4 h1:m3Tas+7l3OCfZq6iXi8ZmrqEo2NxQrGttFzyv5ZZsm8=
-github.com/frikky/schemaless v0.0.4/go.mod h1:mooDxY+D6weHjhKvjy3+IE9S7P4g4cpNnidkdRv/cHQ=
 github.com/frikky/schemaless v0.0.6 h1:mPWbqCxiOz0HUmdN+IiVOHqquCzA0aachzOdMTCaKtg=
 github.com/frikky/schemaless v0.0.6/go.mod h1:mooDxY+D6weHjhKvjy3+IE9S7P4g4cpNnidkdRv/cHQ=
 github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=

diff --git a/shared.go b/shared.go
@@ -5935,7 +5935,11 @@ func SaveWorkflow(resp http.ResponseWriter, request *http.Request) {
 
 
 								// Some internal reserves
-								if ((strings.ToLower(action.Name) == "send_sms_shuffle" || strings.ToLower(action.Name) == "send_email_shuffle") && param.Name == "apikey") || (action.Name == "repeat_back_to_me") {
+								if (
+									(strings.ToLower(action.Name) == "send_sms_shuffle" || strings.ToLower(action.Name) == "send_email_shuffle") && param.Name == "apikey") || (action.Name == "repeat_back_to_me") ||
+									(action.Name == "filter_list" && param.Name == "field") 
+								{
+									// Do nothing
 								} else {
 									thisError := fmt.Sprintf("Action %s is missing required parameter %s", action.Label, param.Name)
 									if actionParam.Configuration && len(action.AuthenticationId) == 0 {
@@ -8085,6 +8089,11 @@ func HandleChangeUserOrg(resp http.ResponseWriter, request *http.Request) {
 		return
 	}
 
+	if user.SupportAccess {
+		usr.Role = "admin"
+		user.Role = "admin"
+	}
+
 	user.ActiveOrg = OrgMini{
 		Name: org.Name,
 		Id:   org.Id,
@@ -13402,7 +13411,8 @@ func HandleListCacheKeys(resp http.ResponseWriter, request *http.Request) {
 		return
 	}
 
-	if user.Role != "admin" {
+	if user.Role != "admin" && !user.SupportAccess {
+		log.Printf("[AUDIT] User %s (%s) tried to list cache keys without admin role", user.Username, user.Id)
 		resp.WriteHeader(401)
 		resp.Write([]byte(`{"success": false, "reason": "Admin required"}`))
 		return