[ISSUE-67869881] support orgs without encryption
diff --git a/accessEntity/api.go b/accessEntity/api.go index b239409..fb49fca 100644 --- a/accessEntity/api.go +++ b/accessEntity/api.go
@@ -246,7 +246,7 @@ log.Errorf("getCompanyDeveloper: %v", err) return nil, newDbError(err) } - email, err := a.DbMan.GetDevEmailByDevId(dev.DeveloperId) + email, err := a.DbMan.GetDevEmailByDevId(dev.DeveloperId, org) if err != nil { log.Errorf("getCompanyDeveloper: %v", err) return nil, newDbError(err)
diff --git a/accessEntity/data.go b/accessEntity/data.go index 6af4391..bb53fea 100644 --- a/accessEntity/data.go +++ b/accessEntity/data.go
@@ -86,7 +86,7 @@ return name.String, nil } -func (d *DbManager) GetDevEmailByDevId(devId string) (string, error) { +func (d *DbManager) GetDevEmailByDevId(devId string, org string) (string, error) { query := selectDeveloperById( "?", "email", @@ -96,7 +96,9 @@ if err != nil || !email.Valid { return "", err } - return email.String, nil + // decryption + ret, err := d.CipherManager.TryDecryptBase64(email.String, org) + return ret, err } func (d *DbManager) GetComNames(id string, idType string) ([]string, error) { @@ -210,12 +212,7 @@ } else if priKey == IdentifierAppName { switch secKey { case IdentifierDeveloperEmail: - var email string - email, err = d.CipherManager.EncryptBase64(secVal, org, cipher.ModeEcb, cipher.PaddingPKCS5) - if err != nil { - return - } - apiProducts, err = d.getApiProductsByAppName(priVal, email, "", "", org) + apiProducts, err = d.getApiProductsByAppName(priVal, secVal, "", "", org) case IdentifierDeveloperId: apiProducts, err = d.getApiProductsByAppName(priVal, "", secVal, "", org) case IdentifierCompanyName: @@ -248,12 +245,7 @@ case IdentifierAppName: switch secKey { case IdentifierDeveloperEmail: - var email string - email, err = d.CipherManager.EncryptBase64(secVal, org, cipher.ModeEcb, cipher.PaddingPKCS5) - if err != nil { - return - } - return d.getAppByAppName(priVal, email, "", "", org) + return d.getAppByAppName(priVal, secVal, "", "", org) case IdentifierDeveloperId: return d.getAppByAppName(priVal, "", secVal, "", org) case IdentifierCompanyName: @@ -311,12 +303,7 @@ case IdentifierAppId: developers, err = d.getDeveloperByAppId(priVal, org) case IdentifierDeveloperEmail: - var email string - email, err = d.CipherManager.EncryptBase64(priVal, org, cipher.ModeEcb, cipher.PaddingPKCS5) - if err != nil { - return - } - developers, err = d.getDeveloperByEmail(email, org) + developers, err = d.getDeveloperByEmail(priVal, org) case IdentifierConsumerKey: developers, err = d.getDeveloperByConsumerKey(priVal, org) case IdentifierDeveloperId: @@ -382,12 +369,17 @@ appQuery = selectAppByNameAndDeveloperId( "?", selectDeveloperByEmail( - "?", + "?, ?", "id", ), "id", ) - args = append(args, devEmail) + var encrypted string + encrypted, err = d.CipherManager.EncryptBase64(devEmail, org, cipher.ModeEcb, cipher.PaddingPKCS5) + if err != nil { + return + } + args = append(args, devEmail, encrypted) case devId != "": appQuery = selectAppByNameAndDeveloperId( "?", @@ -446,12 +438,17 @@ query = selectAppByNameAndDeveloperId( "?", selectDeveloperByEmail( - "?", + "?, ?", "id", ), cols..., ) - args = append(args, devEmail) + var encrypted string + encrypted, err = d.CipherManager.EncryptBase64(devEmail, org, cipher.ModeEcb, cipher.PaddingPKCS5) + if err != nil { + return + } + args = append(args, devEmail, encrypted) case devId != "": query = selectAppByNameAndDeveloperId( "?", @@ -613,11 +610,16 @@ func (d *DbManager) getDeveloperByEmail(email, org string) (developers []common.Developer, err error) { cols := []string{"*"} query := selectDeveloperByEmail( - "?", + "?, ?", cols..., ) + " AND dev.tenant_id IN " + sql_select_tenant_org //log.Debugf("getDeveloperByEmail: %v", query) - err = d.GetDb().QueryStructs(&developers, query, email, org) + var encrypted string + encrypted, err = d.CipherManager.EncryptBase64(email, org, cipher.ModeEcb, cipher.PaddingPKCS5) + if err != nil { + return + } + err = d.GetDb().QueryStructs(&developers, query, email, encrypted, org) return }
diff --git a/accessEntity/data_test.go b/accessEntity/data_test.go index 4a9c592..aa3f51c 100644 --- a/accessEntity/data_test.go +++ b/accessEntity/data_test.go
@@ -530,7 +530,7 @@ It("GetDevEmailByDevId", func() { data := "e41f04e8-9d3f-470a-8bfd-c7939945896c" expected := "bar@google.com" - Expect(dbMan.GetDevEmailByDevId(data)).Should(Equal(expected)) + Expect(dbMan.GetDevEmailByDevId(data, "apid-haoming")).Should(Equal(expected)) }) It("GetStatus", func() {
diff --git a/accessEntity/data_test.sql b/accessEntity/data_test.sql index 8b1590a..16aa13f 100644 --- a/accessEntity/data_test.sql +++ b/accessEntity/data_test.sql
@@ -36,9 +36,9 @@ CREATE TABLE kms_company_developer (tenant_id text,company_id text,developer_id text,roles text,created_at blob,created_by text,updated_at blob,updated_by text,_change_selector text, primary key (tenant_id,company_id,developer_id)); INSERT INTO "kms_company_developer" VALUES('515211e9','a94f75e2-69b0-44af-8776-155df7c7d22e','590f33bf-f05c-48c1-bb93-183759bd9ee1','admin','2017-11-02 16:00:16.287+00:00','haoming@apid.git','2017-11-02 16:00:16.287+00:00','haoming@apid.git','515211e9'); CREATE TABLE kms_developer (id text,tenant_id text,username text,first_name text,last_name text,password text,email text,status text,encrypted_password text,salt text,created_at blob,created_by text,updated_at blob,updated_by text,_change_selector text, primary key (id,tenant_id)); -INSERT INTO "kms_developer" VALUES('e41f04e8-9d3f-470a-8bfd-c7939945896c','515211e9','haoming','haoming','zhang','','bar@google.com','ACTIVE','','','2017-08-16 22:39:46.669+00:00','foo@google.com','2017-08-16 22:39:46.669+00:00','foo@google.com','515211e9'); -INSERT INTO "kms_developer" VALUES('47d862db-884f-4b8e-9649-fe6d0be1a739','515211e9','qwe','qwe','qwe','','barfoo@google.com','ACTIVE','','','2017-10-12 19:12:48.306+00:00','haoming@apid.git','2017-10-12 19:12:48.306+00:00','haoming@apid.git','515211e9'); -INSERT INTO "kms_developer" VALUES('590f33bf-f05c-48c1-bb93-183759bd9ee1','515211e9','remoteproxy','remote','proxy','','fooo@google.com','ACTIVE','','','2017-09-20 23:03:52.327+00:00','haoming@apid.git','2017-09-20 23:03:52.327+00:00','haoming@apid.git','515211e9'); +INSERT INTO "kms_developer" VALUES('e41f04e8-9d3f-470a-8bfd-c7939945896c','515211e9','haoming','haoming','zhang','','encrypted:bar@google.com','ACTIVE','','','2017-08-16 22:39:46.669+00:00','foo@google.com','2017-08-16 22:39:46.669+00:00','foo@google.com','515211e9'); +INSERT INTO "kms_developer" VALUES('47d862db-884f-4b8e-9649-fe6d0be1a739','515211e9','qwe','qwe','qwe','','encrypted:barfoo@google.com','ACTIVE','','','2017-10-12 19:12:48.306+00:00','haoming@apid.git','2017-10-12 19:12:48.306+00:00','haoming@apid.git','515211e9'); +INSERT INTO "kms_developer" VALUES('590f33bf-f05c-48c1-bb93-183759bd9ee1','515211e9','remoteproxy','remote','proxy','','encrypted:fooo@google.com','ACTIVE','','','2017-09-20 23:03:52.327+00:00','haoming@apid.git','2017-09-20 23:03:52.327+00:00','haoming@apid.git','515211e9'); CREATE TABLE edgex_apid_cluster (id text,name text,description text,umbrella_org_app_name text,created blob,created_by text,updated blob,updated_by text,_change_selector text, last_sequence text DEFAULT '', primary key (id)); INSERT INTO "edgex_apid_cluster" VALUES('950b30f1-8c41-4bf5-94a3-f10c104ff5d4','apid-haomingOrgCluster','','X-sZXhaOymL6VtWnNQqK7uPsFyPvZYq6FFnrc8','2017-08-23 23:31:49.134+00:00','temp@google.com','2017-08-23 23:31:49.134+00:00','temp@google.com','950b30f1-8c41-4bf5-94a3-f10c104ff5d4',''); CREATE TABLE kms_api_product (id text,tenant_id text,name text,display_name text,description text,api_resources text,approval_type text,scopes text,proxies text,environments text,quota text,quota_time_unit text,quota_interval integer,created_at blob,created_by text,updated_at blob,updated_by text,_change_selector text, primary key (id,tenant_id));
diff --git a/accessEntity/interfaces.go b/accessEntity/interfaces.go index ff28bf2..e12cb08 100644 --- a/accessEntity/interfaces.go +++ b/accessEntity/interfaces.go
@@ -35,6 +35,6 @@ GetApiProductNames(id string, idType string) ([]string, error) GetAppNames(id string, idType string) ([]string, error) GetComNames(id string, idType string) ([]string, error) - GetDevEmailByDevId(devId string) (string, error) + GetDevEmailByDevId(devId string, org string) (string, error) GetStatus(id, t string) (string, error) }
diff --git a/accessEntity/mock_test.go b/accessEntity/mock_test.go index b9e1367..2564f83 100644 --- a/accessEntity/mock_test.go +++ b/accessEntity/mock_test.go
@@ -16,8 +16,11 @@ import ( "github.com/apid/apid-core/cipher" "github.com/apid/apidApiMetadata/common" + "strings" ) +const dummyEncryptPrefix = "encrypted:" + type DummyCipherMan struct { } @@ -25,11 +28,14 @@ } func (d *DummyCipherMan) TryDecryptBase64(input string, org string) (string, error) { + if strings.HasPrefix(input, dummyEncryptPrefix) { + return input[len(dummyEncryptPrefix):], nil + } return input, nil } func (d *DummyCipherMan) EncryptBase64(input string, org string, mode cipher.Mode, padding cipher.Padding) (string, error) { - return input, nil + return dummyEncryptPrefix + input, nil } type DummyDbMan struct { @@ -99,7 +105,7 @@ return d.comNames, d.err } -func (d *DummyDbMan) GetDevEmailByDevId(devId string) (string, error) { +func (d *DummyDbMan) GetDevEmailByDevId(devId string, org string) (string, error) { return d.email, d.err }
diff --git a/common/cipher.go b/common/cipher.go index 7dd2014..0b665df 100644 --- a/common/cipher.go +++ b/common/cipher.go
@@ -105,7 +105,7 @@ } if res.StatusCode != http.StatusOK { err = fmt.Errorf("failed to retrieve key for org [%v] with status: %v", org, res.Status) - return fmt.Errorf("failed to create retrieving key request for org=%s : %v", org, err) + return fmt.Errorf("failed to retrieve key for org [%v] with status: %v", org, res.Status) } log.Debugf("Downloaded Encryption Key for org %s", org)