Encrypt auth information in the database. Closes #1653 (#1664)

brollb · web-flow · commit 4eba0494ddea · 2020-04-20T14:16:40.000-05:00
* Encrypt auth information in the database. Closes #1653 * Add tests for utils
diff --git a/src/common/utils.js b/src/common/utils.js
@@ -78,7 +78,66 @@
         };
     };
 
+    const splitObj = function (obj, nestedKeys) {
+        const selected = {};
+        const remaining = deepCopy(obj);
+        nestedKeys.forEach(keys => {
+            const value = deepGet(obj, keys);
+            deepSet(selected, keys, value);
+            deepDelete(remaining, keys);
+        });
+
+        return [selected, remaining];
+    };
+
+    const deepDelete = function (obj, nestedKeys) {
+        const allButLast = nestedKeys.slice(0, nestedKeys.length - 1);
+        const nestedObj = deepGet(obj, allButLast);
+        const lastKey = nestedKeys.slice().pop();
+        delete nestedObj[lastKey];
+    };
+
+    const deepGet = function (obj, nestedKeys) {
+        return nestedKeys.reduce((value, key) => value[key], obj);
+    };
+
+    const deepSet = function (obj, nestedKeys, value) {
+        const allButLast = nestedKeys.slice(0, nestedKeys.length-1);
+        const nestedObj = createNestedObjs(obj, allButLast);
+        const lastKey = nestedKeys[nestedKeys.length - 1];
+        nestedObj[lastKey] = value;
+    };
+
+    const createNestedObjs = function (obj, nestedKeys) {
+        nestedKeys.forEach(key => {
+            if (!obj[key]) {
+                obj[key] = {};
+            }
+            obj = obj[key];
+        });
+        return obj;
+    };
+
+    const deepCopy = v => JSON.parse(JSON.stringify(v));
+
+    const deepExtend = function (obj1, obj2) {
+        Object.entries(obj2).forEach(entry => {
+            const [key, value] = entry;
+            const mergeRequired = typeof obj1[key] === 'object' &&
+                typeof value === 'object';
+
+            if (mergeRequired) {
+                deepExtend(obj1[key], value);
+            } else {
+                obj1[key] = value;
+            }
+        });
+        return obj1;
+    };
+
     return {
+        deepExtend,
+        splitObj,
         resolveCarriageReturns,
         abbr,
         withTimeout,
diff --git a/src/common/viz/ConfigDialog.js b/src/common/viz/ConfigDialog.js
@@ -2,11 +2,13 @@
 define([
     'q',
     'js/Dialogs/PluginConfig/PluginConfigDialog',
+    'deepforge/utils',
     'text!js/Dialogs/PluginConfig/templates/PluginConfigDialog.html',
     'css!./ConfigDialog.css'
 ], function(
     Q,
     PluginConfigDialog,
+    utils,
     pluginConfigDialogTemplate,
 ) {
     var SECTION_DATA_KEY = 'section',
@@ -90,31 +92,60 @@ define([
 
         this._dialog.modal('hide');
         if (saveConfig) {
-            this.saveConfigForUser(config);
+            this.saveConfig(config);
         }
         return callback(config);
     };
 
-    ConfigDialog.prototype.saveConfigForUser = async function (config) {
+    ConfigDialog.prototype.saveConfig = async function (config) {
+        const authKeys = this.getAuthenticationKeys(this._pluginMetadata)
+            .map(keys => [this._pluginMetadata.id].concat(keys));
+        const [secretConfig, publicConfig] = utils.splitObj(config, authKeys);
+
+        await this.saveUserData({Dialog: {__secrets__: secretConfig}}, true);
+        await this.saveUserData({Dialog: publicConfig});
+    };
+
+    ConfigDialog.prototype.saveUserData = async function (config, encrypt=false) {
         const opts = {
             method: 'PATCH',
             credentials: 'same-origin',
             headers: {
                 'Content-Type': 'application/json'
             },
-            body: JSON.stringify({Dialog: config})
+            body: JSON.stringify(config)
         };
-        await fetch('/api/user/data', opts);
+        await fetch(`/api/user/data?${encrypt ? 'encrypt=1' : ''}`, opts);
+    };
+
+    ConfigDialog.prototype.getAuthenticationKeys = function (metadata) {
+        const keys = [];
+        metadata.configStructure.forEach(config => {
+            if (config.isAuth) {
+                keys.push([config.name]);
+            } else if (config.valueType === 'dict') {
+                const nestedKeys = config.valueItems
+                    .flatMap(c => this.getAuthenticationKeys(c))
+                    .map(key => [config.name, 'config'].concat(key));
+
+                keys.push(...nestedKeys);
+            }
+        });
+
+        return keys;
     };
 
     ConfigDialog.prototype.getSavedConfig = async function () {
         const opts = {
             method: 'GET',
             credentials: 'same-origin'
         };
-        const response = await fetch('/api/user/data', opts);
-        const userData = await response.json();
-        return userData.Dialog;
+        let response = await fetch('/api/user/data/Dialog/__secrets__?decrypt=true', opts);
+        const secrets = await response.json();
+
+        response = await fetch('/api/user/data/Dialog', opts);
+        const publicData = await response.json();
+        return utils.deepExtend(publicData, secrets);
     };
 
     ConfigDialog.prototype._getAllConfigValues = function () {
diff --git a/test/unit/common/utils.spec.js b/test/unit/common/utils.spec.js
@@ -0,0 +1,54 @@
+describe('common/utils', function() {
+    const assert = require('assert');
+    const utils = require('../../../src/common/utils');
+
+    describe('splitObj', function() {
+        it('should set key/value in "selected" obj', function() {
+            const [selected] = utils.splitObj({a: 1}, [['a']]);
+            assert.equal(selected.a, 1);
+        });
+
+        it('should set nested key/value in "selected" obj', function() {
+            const [selected] = utils.splitObj({a: {b: 1}}, [['a', 'b']]);
+            assert.equal(selected.a.b, 1);
+        });
+
+        it('should rm keys from "remaining" obj', function() {
+            const [,remaining] = utils.splitObj({a: 1}, [['a']]);
+            assert.equal(remaining.a, undefined);
+        });
+
+        it('should rm nested keys from "remaining" obj', function() {
+            const [,remaining] = utils.splitObj({a: {b: 1}}, [['a', 'b']]);
+            assert.equal(remaining.a.b, undefined);
+        });
+    });
+
+    describe('deepExtend', function() {
+        it('should copy primitive vals', function() {
+            const merged = utils.deepExtend({}, {a: 1});
+            assert.equal(merged.a, 1);
+        });
+
+        it('should overwrite existing primitive vals', function() {
+            const merged = utils.deepExtend({a: 2}, {a: 1});
+            assert.equal(merged.a, 1);
+        });
+
+        it('should create nested objects as needed vals', function() {
+            const merged = utils.deepExtend({}, {a: {b: 1}});
+            assert.equal(merged.a.b, 1);
+        });
+
+        it('should copy nested primitive vals', function() {
+            const merged = utils.deepExtend({a: {}}, {a: {b: 1}});
+            assert.equal(merged.a.b, 1);
+        });
+
+        it('should merge nested objects', function() {
+            const merged = utils.deepExtend({a: {c: 2}}, {a: {b: 1}});
+            assert.equal(merged.a.b, 1);
+            assert.equal(merged.a.c, 2);
+        });
+    });
+});
