Snapshots: Store dashboard data encrypted in the database (#28129)

* end 2 end * fix import * refactor * introduce securedata * check err * use testify instead of convey * cleanup test * cleanup test * blob time * rename funcs
2025-02-25 18:55:37 -06:00 · 2020-10-13 10:19:42 +02:00
parent 87d6f90acb
commit ef22ff7315
8 changed files with 249 additions and 122 deletions
--- a/pkg/api/dashboard_snapshot_test.go
+++ b/pkg/api/dashboard_snapshot_test.go
@@ -7,9 +7,12 @@ import (
 	"testing"
 	"time"

+	"github.com/grafana/grafana/pkg/components/securedata"
+
 	"github.com/grafana/grafana/pkg/bus"
 	"github.com/grafana/grafana/pkg/components/simplejson"
 	"github.com/grafana/grafana/pkg/models"
+	"github.com/grafana/grafana/pkg/setting"

 	. "github.com/smartystreets/goconvey/convey"
 )
@@ -198,6 +201,62 @@ func TestDashboardSnapshotApiEndpoint(t *testing.T) {
 					So(sc.resp.Code, ShouldEqual, 500)
 				})
 			})
+
+			Convey("Should be able to read a snapshot's un-encrypted data", func() {
+				loggedInUserScenarioWithRole("When calling GET on", "GET", "/api/snapshots/12345", "/api/snapshots/:key", models.ROLE_EDITOR, func(sc *scenarioContext) {
+					sc.handlerFunc = GetDashboardSnapshot
+					sc.fakeReqWithParams("GET", sc.url, map[string]string{"key": "12345"}).exec()
+
+					So(sc.resp.Code, ShouldEqual, 200)
+					respJSON, err := simplejson.NewJson(sc.resp.Body.Bytes())
+					So(err, ShouldBeNil)
+
+					dashboard := respJSON.Get("dashboard")
+					id := dashboard.Get("id")
+
+					So(id.MustInt64(), ShouldEqual, 100)
+				})
+			})
+
+			Convey("Should be able to read a snapshot's encrypted data", func() {
+				origSecret := setting.SecretKey
+				setting.SecretKey = "dashboard_snapshot_api_test"
+				t.Cleanup(func() {
+					setting.SecretKey = origSecret
+				})
+
+				dashboardId := 123
+				jsonModel, err := simplejson.NewJson([]byte(fmt.Sprintf(`{"id":%d}`, dashboardId)))
+				So(err, ShouldBeNil)
+
+				jsonModelEncoded, err := jsonModel.Encode()
+				So(err, ShouldBeNil)
+
+				encrypted, err := securedata.Encrypt(jsonModelEncoded)
+				So(err, ShouldBeNil)
+
+				// mock snapshot with encrypted dashboard info
+				mockSnapshotResult := &models.DashboardSnapshot{
+					Key:                "12345",
+					DashboardEncrypted: encrypted,
+					Expires:            time.Now().Add(time.Duration(1000) * time.Second),
+				}
+
+				bus.AddHandler("test", func(query *models.GetDashboardSnapshotQuery) error {
+					query.Result = mockSnapshotResult
+					return nil
+				})
+
+				loggedInUserScenarioWithRole("When calling GET on", "GET", "/api/snapshots/12345", "/api/snapshots/:key", models.ROLE_EDITOR, func(sc *scenarioContext) {
+					sc.handlerFunc = GetDashboardSnapshot
+					sc.fakeReqWithParams("GET", sc.url, map[string]string{"key": "12345"}).exec()
+
+					So(sc.resp.Code, ShouldEqual, 200)
+					respJSON, err := simplejson.NewJson(sc.resp.Body.Bytes())
+					So(err, ShouldBeNil)
+					So(respJSON.Get("dashboard").Get("id").MustInt64(), ShouldEqual, dashboardId)
+				})
+			})
 		})
 	})
 }