Encrypting email from oauth signup as per PR feedback. T710
This commit is contained in:
parent
2486b3c100
commit
6d8da2bffd
23
account.go
23
account.go
|
@ -156,17 +156,9 @@ func signupWithRegistration(app *App, signup userRegistration, w http.ResponseWr
|
||||||
Username: signup.Alias,
|
Username: signup.Alias,
|
||||||
HashedPass: hashedPass,
|
HashedPass: hashedPass,
|
||||||
HasPass: createdWithPass,
|
HasPass: createdWithPass,
|
||||||
Email: zero.NewString("", signup.Email != ""),
|
Email: prepareUserEmail(signup.Email, app.keys.EmailKey),
|
||||||
Created: time.Now().Truncate(time.Second).UTC(),
|
Created: time.Now().Truncate(time.Second).UTC(),
|
||||||
}
|
}
|
||||||
if signup.Email != "" {
|
|
||||||
encEmail, err := data.Encrypt(app.keys.EmailKey, signup.Email)
|
|
||||||
if err != nil {
|
|
||||||
log.Error("Unable to encrypt email: %s\n", err)
|
|
||||||
} else {
|
|
||||||
u.Email.String = string(encEmail)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// Create actual user
|
// Create actual user
|
||||||
if err := app.db.CreateUser(app.cfg, u, desiredUsername); err != nil {
|
if err := app.db.CreateUser(app.cfg, u, desiredUsername); err != nil {
|
||||||
|
@ -1097,3 +1089,16 @@ func getTempInfo(app *App, key string, r *http.Request, w http.ResponseWriter) s
|
||||||
// Return value
|
// Return value
|
||||||
return s
|
return s
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func prepareUserEmail(input string, emailKey []byte) zero.String {
|
||||||
|
email := zero.NewString("", input != "")
|
||||||
|
if len(input) > 0 {
|
||||||
|
encEmail, err := data.Encrypt(emailKey, input)
|
||||||
|
if err != nil {
|
||||||
|
log.Error("Unable to encrypt email: %s\n", err)
|
||||||
|
} else {
|
||||||
|
email.String = string(encEmail)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return email
|
||||||
|
}
|
||||||
|
|
8
oauth.go
8
oauth.go
|
@ -6,7 +6,6 @@ import (
|
||||||
"fmt"
|
"fmt"
|
||||||
"github.com/gorilla/mux"
|
"github.com/gorilla/mux"
|
||||||
"github.com/gorilla/sessions"
|
"github.com/gorilla/sessions"
|
||||||
"github.com/guregu/null/zero"
|
|
||||||
"github.com/writeas/impart"
|
"github.com/writeas/impart"
|
||||||
"github.com/writeas/nerds/store"
|
"github.com/writeas/nerds/store"
|
||||||
"github.com/writeas/web-core/auth"
|
"github.com/writeas/web-core/auth"
|
||||||
|
@ -83,6 +82,7 @@ type oauthHandler struct {
|
||||||
Config *config.Config
|
Config *config.Config
|
||||||
DB OAuthDatastore
|
DB OAuthDatastore
|
||||||
Store sessions.Store
|
Store sessions.Store
|
||||||
|
EmailKey []byte
|
||||||
oauthClient oauthClient
|
oauthClient oauthClient
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -122,9 +122,6 @@ func configureWriteAsOauth(parentHandler *Handler, r *mux.Router, app *App) {
|
||||||
AuthLocation: config.OrDefaultString(app.Config().WriteAsOauth.AuthLocation, writeAsAuthLocation),
|
AuthLocation: config.OrDefaultString(app.Config().WriteAsOauth.AuthLocation, writeAsAuthLocation),
|
||||||
HttpClient: config.DefaultHTTPClient(),
|
HttpClient: config.DefaultHTTPClient(),
|
||||||
CallbackLocation: app.Config().App.Host + "/oauth/callback",
|
CallbackLocation: app.Config().App.Host + "/oauth/callback",
|
||||||
}
|
|
||||||
if oauthClient.ExchangeLocation == "" {
|
|
||||||
|
|
||||||
}
|
}
|
||||||
configureOauthRoutes(parentHandler, r, app, oauthClient)
|
configureOauthRoutes(parentHandler, r, app, oauthClient)
|
||||||
}
|
}
|
||||||
|
@ -136,6 +133,7 @@ func configureOauthRoutes(parentHandler *Handler, r *mux.Router, app *App, oauth
|
||||||
DB: app.DB(),
|
DB: app.DB(),
|
||||||
Store: app.SessionStore(),
|
Store: app.SessionStore(),
|
||||||
oauthClient: oauthClient,
|
oauthClient: oauthClient,
|
||||||
|
EmailKey: app.keys.EmailKey,
|
||||||
}
|
}
|
||||||
r.HandleFunc("/oauth/"+oauthClient.GetProvider(), parentHandler.OAuth(handler.viewOauthInit)).Methods("GET")
|
r.HandleFunc("/oauth/"+oauthClient.GetProvider(), parentHandler.OAuth(handler.viewOauthInit)).Methods("GET")
|
||||||
r.HandleFunc("/oauth/callback", parentHandler.OAuth(handler.viewOauthCallback)).Methods("GET")
|
r.HandleFunc("/oauth/callback", parentHandler.OAuth(handler.viewOauthCallback)).Methods("GET")
|
||||||
|
@ -187,7 +185,7 @@ func (h oauthHandler) viewOauthCallback(app *App, w http.ResponseWriter, r *http
|
||||||
Username: tokenInfo.Username,
|
Username: tokenInfo.Username,
|
||||||
HashedPass: hashedPass,
|
HashedPass: hashedPass,
|
||||||
HasPass: true,
|
HasPass: true,
|
||||||
Email: zero.NewString(tokenInfo.Email, tokenInfo.Email != ""),
|
Email: prepareUserEmail(tokenInfo.Email, h.EmailKey),
|
||||||
Created: time.Now().Truncate(time.Second).UTC(),
|
Created: time.Now().Truncate(time.Second).UTC(),
|
||||||
}
|
}
|
||||||
displayName := tokenInfo.DisplayName
|
displayName := tokenInfo.DisplayName
|
||||||
|
|
|
@ -140,6 +140,7 @@ func TestViewOauthInit(t *testing.T) {
|
||||||
Config: app.Config(),
|
Config: app.Config(),
|
||||||
DB: app.DB(),
|
DB: app.DB(),
|
||||||
Store: app.SessionStore(),
|
Store: app.SessionStore(),
|
||||||
|
EmailKey: []byte{0xd, 0xe, 0xc, 0xa, 0xf, 0xf, 0xb, 0xa, 0xd},
|
||||||
oauthClient: writeAsOauthClient{
|
oauthClient: writeAsOauthClient{
|
||||||
ClientID: app.Config().WriteAsOauth.ClientID,
|
ClientID: app.Config().WriteAsOauth.ClientID,
|
||||||
ClientSecret: app.Config().WriteAsOauth.ClientSecret,
|
ClientSecret: app.Config().WriteAsOauth.ClientSecret,
|
||||||
|
@ -182,6 +183,7 @@ func TestViewOauthInit(t *testing.T) {
|
||||||
Config: app.Config(),
|
Config: app.Config(),
|
||||||
DB: app.DB(),
|
DB: app.DB(),
|
||||||
Store: app.SessionStore(),
|
Store: app.SessionStore(),
|
||||||
|
EmailKey: []byte{0xd, 0xe, 0xc, 0xa, 0xf, 0xf, 0xb, 0xa, 0xd},
|
||||||
oauthClient: writeAsOauthClient{
|
oauthClient: writeAsOauthClient{
|
||||||
ClientID: app.Config().WriteAsOauth.ClientID,
|
ClientID: app.Config().WriteAsOauth.ClientID,
|
||||||
ClientSecret: app.Config().WriteAsOauth.ClientSecret,
|
ClientSecret: app.Config().WriteAsOauth.ClientSecret,
|
||||||
|
@ -211,6 +213,7 @@ func TestViewOauthCallback(t *testing.T) {
|
||||||
Config: app.Config(),
|
Config: app.Config(),
|
||||||
DB: app.DB(),
|
DB: app.DB(),
|
||||||
Store: app.SessionStore(),
|
Store: app.SessionStore(),
|
||||||
|
EmailKey: []byte{0xd, 0xe, 0xc, 0xa, 0xf, 0xf, 0xb, 0xa, 0xd},
|
||||||
oauthClient: writeAsOauthClient{
|
oauthClient: writeAsOauthClient{
|
||||||
ClientID: app.Config().WriteAsOauth.ClientID,
|
ClientID: app.Config().WriteAsOauth.ClientID,
|
||||||
ClientSecret: app.Config().WriteAsOauth.ClientSecret,
|
ClientSecret: app.Config().WriteAsOauth.ClientSecret,
|
||||||
|
@ -243,7 +246,7 @@ func TestViewOauthCallback(t *testing.T) {
|
||||||
req, err := http.NewRequest("GET", "/oauth/callback", nil)
|
req, err := http.NewRequest("GET", "/oauth/callback", nil)
|
||||||
assert.NoError(t, err)
|
assert.NoError(t, err)
|
||||||
rr := httptest.NewRecorder()
|
rr := httptest.NewRecorder()
|
||||||
h.viewOauthCallback(nil, rr, req)
|
err = h.viewOauthCallback(nil, rr, req)
|
||||||
assert.NoError(t, err)
|
assert.NoError(t, err)
|
||||||
assert.Equal(t, http.StatusTemporaryRedirect, rr.Code)
|
assert.Equal(t, http.StatusTemporaryRedirect, rr.Code)
|
||||||
})
|
})
|
||||||
|
|
Loading…
Reference in New Issue