From 6d8da2bffd6ae7ee52488fb158ed2cdc6aae01a6 Mon Sep 17 00:00:00 2001 From: Nick Gerakines Date: Fri, 3 Jan 2020 11:28:06 -0500 Subject: [PATCH] Encrypting email from oauth signup as per PR feedback. T710 --- account.go | 23 ++++++++++++++--------- oauth.go | 8 +++----- oauth_test.go | 5 ++++- 3 files changed, 21 insertions(+), 15 deletions(-) diff --git a/account.go b/account.go index c41f24d..6fb8053 100644 --- a/account.go +++ b/account.go @@ -156,17 +156,9 @@ func signupWithRegistration(app *App, signup userRegistration, w http.ResponseWr Username: signup.Alias, HashedPass: hashedPass, HasPass: createdWithPass, - Email: zero.NewString("", signup.Email != ""), + Email: prepareUserEmail(signup.Email, app.keys.EmailKey), Created: time.Now().Truncate(time.Second).UTC(), } - if signup.Email != "" { - encEmail, err := data.Encrypt(app.keys.EmailKey, signup.Email) - if err != nil { - log.Error("Unable to encrypt email: %s\n", err) - } else { - u.Email.String = string(encEmail) - } - } // Create actual user if err := app.db.CreateUser(app.cfg, u, desiredUsername); err != nil { @@ -1097,3 +1089,16 @@ func getTempInfo(app *App, key string, r *http.Request, w http.ResponseWriter) s // Return value return s } + +func prepareUserEmail(input string, emailKey []byte) zero.String { + email := zero.NewString("", input != "") + if len(input) > 0 { + encEmail, err := data.Encrypt(emailKey, input) + if err != nil { + log.Error("Unable to encrypt email: %s\n", err) + } else { + email.String = string(encEmail) + } + } + return email +} diff --git a/oauth.go b/oauth.go index 7dfc4c7..f9d9e99 100644 --- a/oauth.go +++ b/oauth.go @@ -6,7 +6,6 @@ import ( "fmt" "github.com/gorilla/mux" "github.com/gorilla/sessions" - "github.com/guregu/null/zero" "github.com/writeas/impart" "github.com/writeas/nerds/store" "github.com/writeas/web-core/auth" @@ -83,6 +82,7 @@ type oauthHandler struct { Config *config.Config DB OAuthDatastore Store sessions.Store + EmailKey []byte oauthClient oauthClient } @@ -122,9 +122,6 @@ func configureWriteAsOauth(parentHandler *Handler, r *mux.Router, app *App) { AuthLocation: config.OrDefaultString(app.Config().WriteAsOauth.AuthLocation, writeAsAuthLocation), HttpClient: config.DefaultHTTPClient(), CallbackLocation: app.Config().App.Host + "/oauth/callback", - } - if oauthClient.ExchangeLocation == "" { - } configureOauthRoutes(parentHandler, r, app, oauthClient) } @@ -136,6 +133,7 @@ func configureOauthRoutes(parentHandler *Handler, r *mux.Router, app *App, oauth DB: app.DB(), Store: app.SessionStore(), oauthClient: oauthClient, + EmailKey: app.keys.EmailKey, } r.HandleFunc("/oauth/"+oauthClient.GetProvider(), parentHandler.OAuth(handler.viewOauthInit)).Methods("GET") r.HandleFunc("/oauth/callback", parentHandler.OAuth(handler.viewOauthCallback)).Methods("GET") @@ -187,7 +185,7 @@ func (h oauthHandler) viewOauthCallback(app *App, w http.ResponseWriter, r *http Username: tokenInfo.Username, HashedPass: hashedPass, HasPass: true, - Email: zero.NewString(tokenInfo.Email, tokenInfo.Email != ""), + Email: prepareUserEmail(tokenInfo.Email, h.EmailKey), Created: time.Now().Truncate(time.Second).UTC(), } displayName := tokenInfo.DisplayName diff --git a/oauth_test.go b/oauth_test.go index 1daabd5..f8ffcf5 100644 --- a/oauth_test.go +++ b/oauth_test.go @@ -140,6 +140,7 @@ func TestViewOauthInit(t *testing.T) { Config: app.Config(), DB: app.DB(), Store: app.SessionStore(), + EmailKey: []byte{0xd, 0xe, 0xc, 0xa, 0xf, 0xf, 0xb, 0xa, 0xd}, oauthClient: writeAsOauthClient{ ClientID: app.Config().WriteAsOauth.ClientID, ClientSecret: app.Config().WriteAsOauth.ClientSecret, @@ -182,6 +183,7 @@ func TestViewOauthInit(t *testing.T) { Config: app.Config(), DB: app.DB(), Store: app.SessionStore(), + EmailKey: []byte{0xd, 0xe, 0xc, 0xa, 0xf, 0xf, 0xb, 0xa, 0xd}, oauthClient: writeAsOauthClient{ ClientID: app.Config().WriteAsOauth.ClientID, ClientSecret: app.Config().WriteAsOauth.ClientSecret, @@ -211,6 +213,7 @@ func TestViewOauthCallback(t *testing.T) { Config: app.Config(), DB: app.DB(), Store: app.SessionStore(), + EmailKey: []byte{0xd, 0xe, 0xc, 0xa, 0xf, 0xf, 0xb, 0xa, 0xd}, oauthClient: writeAsOauthClient{ ClientID: app.Config().WriteAsOauth.ClientID, ClientSecret: app.Config().WriteAsOauth.ClientSecret, @@ -243,7 +246,7 @@ func TestViewOauthCallback(t *testing.T) { req, err := http.NewRequest("GET", "/oauth/callback", nil) assert.NoError(t, err) rr := httptest.NewRecorder() - h.viewOauthCallback(nil, rr, req) + err = h.viewOauthCallback(nil, rr, req) assert.NoError(t, err) assert.Equal(t, http.StatusTemporaryRedirect, rr.Code) })