Merge pull request #19 from documize/save-secrets

Keep user section secrets safe
2025-07-24 23:59:47 +02:00 · 2016-07-08 20:27:02 +01:00 · 2016-07-08 20:27:02 +01:00 · 1c92691bdb
commit 1c92691bdb
parent e815f9b1c7 c3ef29ff2c
9 changed files with 489 additions and 392 deletions
--- a/app/app/components/section/gemini/type-editor.js
+++ b/app/app/components/section/gemini/type-editor.js
@ -45,9 +45,27 @@ export default Ember.Component.extend(SectionMixin, NotifierMixin, TooltipMixin,

 		this.set('config', config);

-        if (this.get('config.userId') > 0) {
-            this.send('auth');
+		let self = this;
+		self.set('waiting', true);
+		this.get('sectionService').fetch(this.get('page'), "secrets", this.get('config'))
+			.then(function (response) {
+				console.log(response);
+				self.set('waiting', false);
+
+				self.set('config.APIKey', response.apikey);
+				self.set('config.url', response.url);
+				self.set('config.username', response.username);
+
+				if (response.apikey.length > 0 && response.url.length > 0 && response.username.length > 0) {
+					self.send('auth');
 				}
+			}, function (reason) { //jshint ignore: line
+				console.log(reason);
+				self.set('waiting', false);
+				if (self.get('config.userId') > 0) {
+					self.send('auth');
+				}
+			});
 	},

 	willDestroyElement() {
--- a/app/app/components/section/papertrail/type-editor.js
+++ b/app/app/components/section/papertrail/type-editor.js
@ -42,9 +42,7 @@ export default Ember.Component.extend(SectionMixin, NotifierMixin, TooltipMixin,

 		this.set('config', config);

-		if (this.get('config.APIToken').length > 0) {
 		this.send('auth');
-		}
 	},

 	willDestroyElement() {
@ -65,15 +63,6 @@ export default Ember.Component.extend(SectionMixin, NotifierMixin, TooltipMixin,
 		},

 		auth() {
-			// missing data?
-			this.set('config.APIToken', this.get('config.APIToken').trim());
-
-			if (is.empty(this.get('config.APIToken'))) {
-				$("#papertrail-apitoken").addClass("error").focus();
-				console.log("auth token empty");
-				return;
-			}
-
 			let page = this.get('page');
 			let config = this.get('config');
 			let self = this;
@ -93,7 +82,12 @@ export default Ember.Component.extend(SectionMixin, NotifierMixin, TooltipMixin,
 							self.set('waiting', false);

 							let options = self.get('options');
-							let group = _.findWhere(options.groups, { id: config.group.id });
+							let group = {};
+							if (is.not.null(config.group)) {
+								group = _.findWhere(options.groups, { id: config.group.id });
+							} else {
+								group = options.groups[0];
+							}
 							if (is.not.undefined(group)) {
 								Ember.set(config, 'group', group);
 							}
--- a/app/app/components/section/trello/type-editor.js
+++ b/app/app/components/section/trello/type-editor.js
@ -43,8 +43,7 @@ export default Ember.Component.extend(SectionMixin, NotifierMixin, TooltipMixin,

 		try {
 			config = JSON.parse(this.get('meta.config'));
-        }
-        catch (e) {}
+		} catch (e) {}

 		if (is.empty(config)) {
 			config = {
@ -60,6 +59,7 @@ export default Ember.Component.extend(SectionMixin, NotifierMixin, TooltipMixin,
 		this.get('sectionService').fetch(page, "config", {})
 			.then(function (s) {
 				self.set('appKey', s.appKey);
+				self.set('config.token', s.token); // the user's own token has been stored in the DB

 				// On auth callback capture user token
 				let hashToken = window.location.hash;
@ -72,8 +72,7 @@ export default Ember.Component.extend(SectionMixin, NotifierMixin, TooltipMixin,

 				if (self.get('appKey') !== "" && self.get('config.token') !== "") {
 					self.send('auth');
-		        }
-		        else {
+				} else {
 					Ember.$.getScript("https://api.trello.com/1/client.js?key=" + self.get('appKey'), function () {
 						Trello.deauthorize();
 					});
@ -107,8 +106,7 @@ export default Ember.Component.extend(SectionMixin, NotifierMixin, TooltipMixin,
 				board = boards[0];
 				this.set('config.board', board);
 			}
-        }
-        else {
+		} else {
 			this.set('config.board', boards.findBy('id', board.id));
 		}

--- a/documize/section/gemini/gemini.go
+++ b/documize/section/gemini/gemini.go
@ -74,12 +74,14 @@ func (*Provider) Command(ctx *provider.Context, w http.ResponseWriter, r *http.R
 	}

 	switch method {
+	case "secrets":
+		secs(ctx, w, r)
 	case "auth":
-		auth(w, r)
+		auth(ctx, w, r)
 	case "workspace":
-		workspace(w, r)
+		workspace(ctx, w, r)
 	case "items":
-		items(w, r)
+		items(ctx, w, r)
 	}
 }

@ -93,7 +95,7 @@ func (*Provider) Refresh(ctx *provider.Context, config, data string) (newData st
 		return
 	}

-	c.Clean()
+	c.Clean(ctx)

 	if len(c.URL) == 0 {
 		log.Info("Gemini.Refresh received empty URL")
@ -150,7 +152,7 @@ func (*Provider) Refresh(ctx *provider.Context, config, data string) (newData st
 	return
 }

-func auth(w http.ResponseWriter, r *http.Request) {
+func auth(ctx *provider.Context, w http.ResponseWriter, r *http.Request) {
 	defer r.Body.Close()
 	body, err := ioutil.ReadAll(r.Body)

@ -167,7 +169,7 @@ func auth(w http.ResponseWriter, r *http.Request) {
 		return
 	}

-	config.Clean()
+	config.Clean(nil) // don't look at the database for the parameters

 	if len(config.URL) == 0 {
 		provider.WriteMessage(w, "gemini", "Missing URL value")
@ -203,6 +205,8 @@ func auth(w http.ResponseWriter, r *http.Request) {
 		return
 	}

+	config.SaveSecrets(ctx)
+
 	defer res.Body.Close()
 	var g = geminiUser{}

@ -218,7 +222,7 @@ func auth(w http.ResponseWriter, r *http.Request) {
 	provider.WriteJSON(w, g)
 }

-func workspace(w http.ResponseWriter, r *http.Request) {
+func workspace(ctx *provider.Context, w http.ResponseWriter, r *http.Request) {
 	defer r.Body.Close()
 	body, err := ioutil.ReadAll(r.Body)

@ -235,7 +239,7 @@ func workspace(w http.ResponseWriter, r *http.Request) {
 		return
 	}

-	config.Clean()
+	config.Clean(ctx)

 	if len(config.URL) == 0 {
 		provider.WriteMessage(w, "gemini", "Missing URL value")
@ -291,7 +295,7 @@ func workspace(w http.ResponseWriter, r *http.Request) {
 	provider.WriteJSON(w, workspace)
 }

-func items(w http.ResponseWriter, r *http.Request) {
+func items(ctx *provider.Context, w http.ResponseWriter, r *http.Request) {
 	defer r.Body.Close()
 	body, err := ioutil.ReadAll(r.Body)

@ -308,7 +312,7 @@ func items(w http.ResponseWriter, r *http.Request) {
 		return
 	}

-	config.Clean()
+	config.Clean(ctx)

 	if len(config.URL) == 0 {
 		provider.WriteMessage(w, "gemini", "Missing URL value")
@ -367,3 +371,9 @@ func items(w http.ResponseWriter, r *http.Request) {

 	provider.WriteJSON(w, items)
 }
+
+func secs(ctx *provider.Context, w http.ResponseWriter, r *http.Request) {
+	sec, err := getSecrets(ctx)
+	log.IfErr(err)
+	provider.WriteJSON(w, sec)
+}
--- a/documize/section/gemini/model.go
+++ b/documize/section/gemini/model.go
@ -11,7 +11,12 @@

 package gemini

-import "strings"
+import (
+	"strings"
+
+	"github.com/documize/community/documize/section/provider"
+	"github.com/documize/community/wordsmith/log"
+)

 // the HTML that is rendered by this section.
 const renderTemplate = `
@ -82,8 +87,37 @@ type geminiConfig struct {
 	Filter        map[string]interface{} `json:"filter"`
 }

-func (c *geminiConfig) Clean() {
+func (c *geminiConfig) Clean(ctx *provider.Context) {
+	if ctx != nil {
+		sec, err := getSecrets(ctx)
+		if err == nil {
+			if len(sec.APIKey) > 0 && len(sec.Username) > 0 && len(sec.URL) > 0 {
+				c.APIKey = strings.TrimSpace(sec.APIKey)
+				c.Username = strings.TrimSpace(sec.Username)
+				c.URL = strings.TrimSpace(sec.URL)
+			}
+		}
+	}
 	c.APIKey = strings.TrimSpace(c.APIKey)
 	c.Username = strings.TrimSpace(c.Username)
 	c.URL = strings.TrimSpace(c.URL)
 }
+
+func (c *geminiConfig) SaveSecrets(ctx *provider.Context) {
+	var sec secrets
+	sec.APIKey = strings.TrimSpace(c.APIKey)
+	sec.Username = strings.TrimSpace(c.Username)
+	sec.URL = strings.TrimSpace(c.URL)
+	log.IfErr(ctx.MarshalSecrets(sec))
+}
+
+type secrets struct {
+	URL      string `json:"url"`
+	Username string `json:"username"`
+	APIKey   string `json:"apikey"`
+}
+
+func getSecrets(ctx *provider.Context) (sec secrets, err error) {
+	err = ctx.UnmarshalSecrets(&sec)
+	return
+}
--- a/documize/section/papertrail/papertrail.go
+++ b/documize/section/papertrail/papertrail.go
@ -104,7 +104,7 @@ func (p *Provider) Command(ctx *provider.Context, w http.ResponseWriter, r *http

 	config.Clean()

-	if config.APIToken == provider.SecretReplacement {
+	if config.APIToken == provider.SecretReplacement || config.APIToken == "" {
 		config.APIToken = ctx.GetSecrets("APIToken")
 	}

--- a/documize/section/provider/provider.go
+++ b/documize/section/provider/provider.go
@ -209,7 +209,21 @@ func (c *Context) SaveSecrets(JSONobj string) error {
 	if !c.inCommand {
 		return errors.New("SaveSecrets() may only be called from within Command()")
 	}
-	return request.UserConfigSetJSON(c.OrgID, c.UserID, c.prov.Meta().ContentType, JSONobj)
+	m := c.prov.Meta()
+	return request.UserConfigSetJSON(c.OrgID, c.UserID, m.ContentType, JSONobj)
+}
+
+// MarshalSecrets to the database.
+// Parameter the same as for json.Marshal().
+func (c *Context) MarshalSecrets(sec interface{}) error {
+	if !c.inCommand {
+		return errors.New("MarshalSecrets() may only be called from within Command()")
+	}
+	byts, err := json.Marshal(sec)
+	if err != nil {
+		return err
+	}
+	return c.SaveSecrets(string(byts))
 }

 // GetSecrets for the current context user/org.
@ -218,7 +232,21 @@ func (c *Context) SaveSecrets(JSONobj string) error {
 // An empty JSONpath returns the whole JSON object, as JSON.
 // Errors return the empty string.
 func (c *Context) GetSecrets(JSONpath string) string {
-	return request.UserConfigGetJSON(c.OrgID, c.UserID, c.prov.Meta().ContentType, JSONpath)
+	m := c.prov.Meta()
+	return request.UserConfigGetJSON(c.OrgID, c.UserID, m.ContentType, JSONpath)
+}
+
+// ErrNoSecrets is returned if no secret is found in the database.
+var ErrNoSecrets = errors.New("no secrets in database")
+
+// UnmarshalSecrets from the database.
+// Parameter the same as for "v" in json.Unmarshal().
+func (c *Context) UnmarshalSecrets(v interface{}) error {
+	secTxt := c.GetSecrets("") // get all the json of the secrets
+	if len(secTxt) > 0 {
+		return json.Unmarshal([]byte(secTxt), v)
+	}
+	return ErrNoSecrets
 }

 // sort sections in order that that should be presented.
--- a/documize/section/trello/model.go
+++ b/documize/section/trello/model.go
@ -35,6 +35,10 @@ const renderTemplate = `
 </div>
 `

+type secrets struct {
+	Token  string `json:"token"`
+}
+
 type trelloConfig struct {
 	AppKey string       `json:"appKey"`
 	Token  string       `json:"token"`
--- a/documize/section/trello/trello.go
+++ b/documize/section/trello/trello.go
@ -25,7 +25,6 @@ import (
 )

 var meta provider.TypeMeta
-var appKey string

 func init() {
 	meta = provider.TypeMeta{}
@ -49,11 +48,6 @@ func (*Provider) Command(ctx *provider.Context, w http.ResponseWriter, r *http.R
 	query := r.URL.Query()
 	method := query.Get("method")

-	if len(method) == 0 {
-		provider.WriteMessage(w, "trello", "missing method name")
-		return
-	}
-
 	defer r.Body.Close()
 	body, err := ioutil.ReadAll(r.Body)

@ -70,19 +64,20 @@ func (*Provider) Command(ctx *provider.Context, w http.ResponseWriter, r *http.R
 		return
 	}

-	if appKey == "" {
-		appKey = request.ConfigString(meta.ConfigHandle(), "appKey")
-	}
-
 	config.Clean()
-	config.AppKey = appKey
+	config.AppKey = request.ConfigString(meta.ConfigHandle(), "appKey")

-	if method != "config" {
 	if len(config.AppKey) == 0 {
+		log.ErrorString("missing trello App Key")
 		provider.WriteMessage(w, "trello", "Missing appKey")
 		return
 	}

+	if len(config.Token) == 0 {
+		config.Token = ctx.GetSecrets("token") // get a token, if we have one
+	}
+
+	if method != "config" {
 		if len(config.Token) == 0 {
 			provider.WriteMessage(w, "trello", "Missing token")
 			return
@ -94,8 +89,9 @@ func (*Provider) Command(ctx *provider.Context, w http.ResponseWriter, r *http.R
 		render, err := getCards(config)

 		if err != nil {
-			fmt.Println(err)
+			log.IfErr(err)
 			provider.WriteError(w, "trello", err)
+			log.IfErr(ctx.SaveSecrets("")) // failure means our secrets are invalid
 			return
 		}

@ -105,8 +101,9 @@ func (*Provider) Command(ctx *provider.Context, w http.ResponseWriter, r *http.R
 		render, err := getBoards(config)

 		if err != nil {
-			fmt.Println(err)
+			log.IfErr(err)
 			provider.WriteError(w, "trello", err)
+			log.IfErr(ctx.SaveSecrets("")) // failure means our secrets are invalid
 			return
 		}

@ -116,24 +113,38 @@ func (*Provider) Command(ctx *provider.Context, w http.ResponseWriter, r *http.R
 		render, err := getLists(config)

 		if err != nil {
-			fmt.Println(err)
+			log.IfErr(err)
 			provider.WriteError(w, "trello", err)
+			log.IfErr(ctx.SaveSecrets("")) // failure means our secrets are invalid
 			return
 		}

 		provider.WriteJSON(w, render)

 	case "config":
-		if method == "config" {
-			var config struct {
+		var ret struct {
 			AppKey string `json:"appKey"`
+			Token  string `json:"token"`
 		}
+		ret.AppKey = config.AppKey
+		if config.Token != "" {
+			ret.Token = provider.SecretReplacement
+		}
+		provider.WriteJSON(w, ret)
+		return

-			config.AppKey = appKey
-			provider.WriteJSON(w, config)
+	default:
+		log.ErrorString("trello unknown method name: " + method)
+		provider.WriteMessage(w, "trello", "missing method name")
 		return
 	}
-	}
+
+	// the token has just worked, so save it as our secret
+	var s secrets
+	s.Token = config.Token
+	b, e := json.Marshal(s)
+	log.IfErr(e)
+	log.IfErr(ctx.SaveSecrets(string(b)))
 }

 // Render just sends back HMTL as-is.