IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

Abstract encrypt/encode and decode/decrypt into their own functions

Browse Source
This commit is contained in:
Sean Lafferty
2019-03-20 15:18:22 -04:00
parent b696492891
commit 3b9b6c571a
1 changed files with 53 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files

84
pkg/services/sqlstore/user_auth.go
View File

@@ -127,40 +127,21 @@ func GetAuthInfo(query *m.GetAuthInfoQuery) error {
return m.ErrUserNotFound return m.ErrUserNotFound
} }
if userAuth.OAuthAccessToken != "" { secretAccessToken, err := decodeAndDecrypt(userAuth.OAuthAccessToken)
decodedAccessToken, err := base64.StdEncoding.DecodeString(userAuth.OAuthAccessToken)
if err != nil { if err != nil {
return err return err
} }
decryptedAccessToken, err := util.Decrypt(decodedAccessToken, setting.SecretKey) secretRefreshToken, err := decodeAndDecrypt(userAuth.OAuthRefreshToken)
if err != nil { if err != nil {
return err return err
} }
userAuth.OAuthAccessToken = string(decryptedAccessToken) secretTokenType, err := decodeAndDecrypt(userAuth.OAuthTokenType)
}
if userAuth.OAuthRefreshToken != "" {
decodedRefreshToken, err := base64.StdEncoding.DecodeString(userAuth.OAuthRefreshToken)
if err != nil { if err != nil {
return err return err
} }
decryptedRefreshToken, err := util.Decrypt(decodedRefreshToken, setting.SecretKey) userAuth.OAuthAccessToken = secretAccessToken
if err != nil { userAuth.OAuthRefreshToken = secretRefreshToken
return err userAuth.OAuthTokenType = secretTokenType
}
userAuth.OAuthRefreshToken = string(decryptedRefreshToken)
}
if userAuth.OAuthTokenType != "" {
decodedTokenType, err := base64.StdEncoding.DecodeString(userAuth.OAuthTokenType)
if err != nil {
return err
}
decryptedTokenType, err := util.Decrypt(decodedTokenType, setting.SecretKey)
if err != nil {
return err
}
userAuth.OAuthTokenType = string(decryptedTokenType)
}
query.Result = userAuth query.Result = userAuth
return nil return nil
@@ -176,22 +157,22 @@ func SetAuthInfo(cmd *m.SetAuthInfoCommand) error {
} }
if cmd.OAuthToken != nil { if cmd.OAuthToken != nil {
secretAccessToken, err := util.Encrypt([]byte(cmd.OAuthToken.AccessToken), setting.SecretKey) secretAccessToken, err := encryptAndEncode(cmd.OAuthToken.AccessToken)
if err != nil { if err != nil {
return err return err
} }
secretRefreshToken, err := util.Encrypt([]byte(cmd.OAuthToken.RefreshToken), setting.SecretKey) secretRefreshToken, err := encryptAndEncode(cmd.OAuthToken.RefreshToken)
if err != nil { if err != nil {
return err return err
} }
secretTokenType, err := util.Encrypt([]byte(cmd.OAuthToken.TokenType), setting.SecretKey) secretTokenType, err := encryptAndEncode(cmd.OAuthToken.TokenType)
if err != nil { if err != nil {
return err return err
} }
authUser.OAuthAccessToken = base64.StdEncoding.EncodeToString(secretAccessToken) authUser.OAuthAccessToken = secretAccessToken
authUser.OAuthRefreshToken = base64.StdEncoding.EncodeToString(secretRefreshToken) authUser.OAuthRefreshToken = secretRefreshToken
authUser.OAuthTokenType = base64.StdEncoding.EncodeToString(secretTokenType) authUser.OAuthTokenType = secretTokenType
authUser.OAuthExpiry = cmd.OAuthToken.Expiry authUser.OAuthExpiry = cmd.OAuthToken.Expiry
} }
@@ -210,21 +191,22 @@ func UpdateAuthInfo(cmd *m.UpdateAuthInfoCommand) error {
} }
if cmd.OAuthToken != nil { if cmd.OAuthToken != nil {
secretAccessToken, err := util.Encrypt([]byte(cmd.OAuthToken.AccessToken), setting.SecretKey) secretAccessToken, err := encryptAndEncode(cmd.OAuthToken.AccessToken)
if err != nil { if err != nil {
return err return err
} }
secretRefreshToken, err := util.Encrypt([]byte(cmd.OAuthToken.RefreshToken), setting.SecretKey) secretRefreshToken, err := encryptAndEncode(cmd.OAuthToken.RefreshToken)
if err != nil { if err != nil {
return err return err
} }
secretTokenType, err := util.Encrypt([]byte(cmd.OAuthToken.TokenType), setting.SecretKey) secretTokenType, err := encryptAndEncode(cmd.OAuthToken.TokenType)
if err != nil { if err != nil {
return err return err
} }
authUser.OAuthAccessToken = base64.StdEncoding.EncodeToString(secretAccessToken)
authUser.OAuthRefreshToken = base64.StdEncoding.EncodeToString(secretRefreshToken) authUser.OAuthAccessToken = secretAccessToken
authUser.OAuthTokenType = base64.StdEncoding.EncodeToString(secretTokenType) authUser.OAuthRefreshToken = secretRefreshToken
authUser.OAuthTokenType = secretTokenType
authUser.OAuthExpiry = cmd.OAuthToken.Expiry authUser.OAuthExpiry = cmd.OAuthToken.Expiry
} }
@@ -244,3 +226,31 @@ func DeleteAuthInfo(cmd *m.DeleteAuthInfoCommand) error {
return err return err
}) })
} }
// decodeAndDecrypt will decode the string with the standard bas64 decoder
// and then decrypt it with grafana's secretKey
func decodeAndDecrypt(s string) (string, error) {
// Bail out if empty string since it'll cause a segfault in util.Decrypt
if s == "" {
return "", nil
}
decoded, err := base64.StdEncoding.DecodeString(s)
if err != nil {
return "", err
}
decrypted, err := util.Decrypt(decoded, setting.SecretKey)
if err != nil {
return "", err
}
return string(decrypted), nil
}
// encryptAndEncode will encrypt a string with grafana's secretKey, and
// then encode it with the standard bas64 encoder
func encryptAndEncode(s string) (string, error) {
encrypted, err := util.Encrypt([]byte(s), setting.SecretKey)
if err != nil {
return "", err
}
return base64.StdEncoding.EncodeToString(encrypted), nil
}