PM-7392 - TokenSvc - (1) Remove test code (2) Refactor decryptAccessToken method to accept access token key and error on failure to pass required decryption key to method.
This commit is contained in:
Jared Snider
parent
457e7a4819
commit
1b372b4cf7
|
|
@ -211,9 +211,6 @@ export class TokenService implements TokenServiceAbstraction {
|
||||||
// So, let's add a check to ensure we can read the value after writing it.
|
// So, let's add a check to ensure we can read the value after writing it.
|
||||||
const accessTokenKey = await this.getAccessTokenKey(userId);
|
const accessTokenKey = await this.getAccessTokenKey(userId);
|
||||||
|
|
||||||
// TODO: remove this test code
|
|
||||||
// accessTokenKey = null;
|
|
||||||
|
|
||||||
if (!accessTokenKey) {
|
if (!accessTokenKey) {
|
||||||
throw new Error("New Access token key unable to be retrieved from secure storage.");
|
throw new Error("New Access token key unable to be retrieved from secure storage.");
|
||||||
}
|
}
|
||||||
|
|
@ -242,9 +239,6 @@ export class TokenService implements TokenServiceAbstraction {
|
||||||
// distro doesn't have a secure storage provider
|
// distro doesn't have a secure storage provider
|
||||||
let accessTokenKey: AccessTokenKey = await this.getAccessTokenKey(userId);
|
let accessTokenKey: AccessTokenKey = await this.getAccessTokenKey(userId);
|
||||||
|
|
||||||
// TODO: remove this test code
|
|
||||||
// accessTokenKey = null;
|
|
||||||
|
|
||||||
if (!accessTokenKey) {
|
if (!accessTokenKey) {
|
||||||
// Otherwise, create a new one and save it to secure storage, then return it
|
// Otherwise, create a new one and save it to secure storage, then return it
|
||||||
accessTokenKey = await this.createAndSaveAccessTokenKey(userId);
|
accessTokenKey = await this.createAndSaveAccessTokenKey(userId);
|
||||||
|
|
@ -260,15 +254,13 @@ export class TokenService implements TokenServiceAbstraction {
|
||||||
}
|
}
|
||||||
|
|
||||||
private async decryptAccessToken(
|
private async decryptAccessToken(
|
||||||
|
accessTokenKey: AccessTokenKey,
|
||||||
encryptedAccessToken: EncString,
|
encryptedAccessToken: EncString,
|
||||||
userId: UserId,
|
|
||||||
): Promise<string | null> {
|
): Promise<string | null> {
|
||||||
const accessTokenKey = await this.getAccessTokenKey(userId);
|
|
||||||
|
|
||||||
if (!accessTokenKey) {
|
if (!accessTokenKey) {
|
||||||
// If we don't have an accessTokenKey, then that means we don't have an access token as it hasn't been set yet
|
throw new Error(
|
||||||
// and we have to return null here to properly indicate the user isn't logged in.
|
"decryptAccessToken: Access token key required. Cannot decrypt access token.",
|
||||||
return null;
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
const decryptedAccessToken = await this.encryptService.decryptToUtf8(
|
const decryptedAccessToken = await this.encryptService.decryptToUtf8(
|
||||||
|
|
@ -307,6 +299,7 @@ export class TokenService implements TokenServiceAbstraction {
|
||||||
accessToken,
|
accessToken,
|
||||||
userId,
|
userId,
|
||||||
);
|
);
|
||||||
|
|
||||||
// Save the encrypted access token to disk
|
// Save the encrypted access token to disk
|
||||||
await this.singleUserStateProvider
|
await this.singleUserStateProvider
|
||||||
.get(userId, ACCESS_TOKEN_DISK)
|
.get(userId, ACCESS_TOKEN_DISK)
|
||||||
|
|
@ -433,9 +426,6 @@ export class TokenService implements TokenServiceAbstraction {
|
||||||
return accessTokenDisk;
|
return accessTokenDisk;
|
||||||
}
|
}
|
||||||
|
|
||||||
// TODO: remove this test code
|
|
||||||
// accessTokenKey = null;
|
|
||||||
|
|
||||||
if (!accessTokenKey) {
|
if (!accessTokenKey) {
|
||||||
if (EncString.isSerializedEncString(accessTokenDisk)) {
|
if (EncString.isSerializedEncString(accessTokenDisk)) {
|
||||||
// The access token is encrypted but we don't have the key to decrypt it for
|
// The access token is encrypted but we don't have the key to decrypt it for
|
||||||
|
|
@ -458,8 +448,8 @@ export class TokenService implements TokenServiceAbstraction {
|
||||||
const encryptedAccessTokenEncString = new EncString(accessTokenDisk as EncryptedString);
|
const encryptedAccessTokenEncString = new EncString(accessTokenDisk as EncryptedString);
|
||||||
|
|
||||||
const decryptedAccessToken = await this.decryptAccessToken(
|
const decryptedAccessToken = await this.decryptAccessToken(
|
||||||
|
accessTokenKey,
|
||||||
encryptedAccessTokenEncString,
|
encryptedAccessTokenEncString,
|
||||||
userId,
|
|
||||||
);
|
);
|
||||||
return decryptedAccessToken;
|
return decryptedAccessToken;
|
||||||
} catch (error) {
|
} catch (error) {
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue