Merge pull request #3498 from sammachin/sammachin_credentials

Error on invalid encrypted credentials
2023-10-10 13:36:53 +02:00 · 2022-04-21 10:59:43 +01:00 · 2022-04-21 10:59:43 +01:00 · 3a26c5cd65
commit 3a26c5cd65
parent 4706e20a1d 50718495da
4 changed files with 28 additions and 4 deletions
--- a/packages/node_modules/@node-red/runtime/lib/nodes/credentials.js
+++ b/packages/node_modules/@node-red/runtime/lib/nodes/credentials.js
@ -239,7 +239,15 @@ var api = module.exports = {
                    throw error;
                }
            } else {
-                credentialCache = credentials;
+                if (encryptionEnabled) {
+                    // Our config expects the credentials to be encrypted but the encrypted object is not found
+                    log.warn(log._("nodes.credentials.encryptedNotFound"))
+                    credentialCache = credentials;
+                } else {
+                    // credentialSecret is set to False
+                    log.warn(log._("nodes.credentials.unencrypted"))
+                    credentialCache = credentials;
+                }
            }
            if (clearInvalidFlag) {
                // TODO: this delves too deep into Project structure
--- a/packages/node_modules/@node-red/runtime/locales/en-US/runtime.json
+++ b/packages/node_modules/@node-red/runtime/locales/en-US/runtime.json
@ -104,7 +104,9 @@
            "error":"Error loading credentials: __message__",
            "error-saving":"Error saving credentials: __message__",
            "not-registered": "Credential type '__type__' is not registered",
-            "system-key-warning": "\n\n---------------------------------------------------------------------\nYour flow credentials file is encrypted using a system-generated key.\n\nIf the system-generated key is lost for any reason, your credentials\nfile will not be recoverable, you will have to delete it and re-enter\nyour credentials.\n\nYou should set your own key using the 'credentialSecret' option in\nyour settings file. Node-RED will then re-encrypt your credentials\nfile using your chosen key the next time you deploy a change.\n---------------------------------------------------------------------\n"
+            "system-key-warning": "\n\n---------------------------------------------------------------------\nYour flow credentials file is encrypted using a system-generated key.\n\nIf the system-generated key is lost for any reason, your credentials\nfile will not be recoverable, you will have to delete it and re-enter\nyour credentials.\n\nYou should set your own key using the 'credentialSecret' option in\nyour settings file. Node-RED will then re-encrypt your credentials\nfile using your chosen key the next time you deploy a change.\n---------------------------------------------------------------------\n",
+            "unencrypted" : "Using unencrypted credentials",
+            "encryptedNotFound" : "Encrypted credentials not found"
        },
        "flows": {
            "safe-mode": "Flows stopped in safe mode. Deploy to start.",
--- a/test/unit/@node-red/runtime/lib/nodes/credentials_spec.js
+++ b/test/unit/@node-red/runtime/lib/nodes/credentials_spec.js
@ -379,7 +379,6 @@ describe('red/runtime/nodes/credentials', function() {
                credentials.export().then(function(result) {
                    result.should.have.a.property("$");
                    settings.should.not.have.a.property("_credentialSecret");
-
                    // reset everything - but with _credentialSecret still set
                    credentials.init(runtime);
                    // load the freshly encrypted version
@ -445,6 +444,21 @@ describe('red/runtime/nodes/credentials', function() {
            });
        });

+        it('handles bad credentials object - resets credentials', function(done) {
+            settings = {
+                credentialSecret: "e3a36f47f005bf2aaa51ce3fc6fcaafd79da8d03f2b1a9281f8fb0a285e6255a"
+            };
+            // {"node":{user1:"abc",password1:"123"}}
+            var cryptedFlows = {"BADKEY":"5b89d8209b5158a3c313675561b1a5b5phN1gDBe81Zv98KqS/hVDmc9EKvaKqRIvcyXYvBlFNzzzJtvN7qfw06i"};
+            credentials.init(runtime);
+            credentials.load(cryptedFlows).then(function() {
+                done();
+            }).catch(function(err) {
+                err.should.have.property('code','credentials_load_failed');
+                done();
+            });
+        });
+
        it('handles unavailable settings - leaves creds unencrypted', function(done) {
            var runtime = {
                log: log,
--- a/test/unit/@node-red/runtime/lib/nodes/index_spec.js
+++ b/test/unit/@node-red/runtime/lib/nodes/index_spec.js
@ -63,7 +63,7 @@ describe("red/nodes/index", function() {
    var runtime = {
        settings: settings,
        storage: storage,
-        log: {debug:function() {}, warn:function() {}},
+        log: {debug:function() {}, warn:function() {}, _: function() {}},
        events: new EventEmitter()
    };