From 4d048af384799c6c9e94e392b5cb1e1e95438bb3 Mon Sep 17 00:00:00 2001 From: Sam Machin Date: Sat, 19 Mar 2022 13:34:46 +0000 Subject: [PATCH 01/10] Check for missing encrypted credentials --- .../@node-red/runtime/lib/nodes/credentials.js | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/packages/node_modules/@node-red/runtime/lib/nodes/credentials.js b/packages/node_modules/@node-red/runtime/lib/nodes/credentials.js index 30b2ccdb0..356d5734e 100644 --- a/packages/node_modules/@node-red/runtime/lib/nodes/credentials.js +++ b/packages/node_modules/@node-red/runtime/lib/nodes/credentials.js @@ -239,7 +239,16 @@ var api = module.exports = { throw error; } } else { - credentialCache = credentials; + if (encryptionEnabled) { + // Our config expects the credentials to be encrypted but the encrypted object is not found + var error = new Error("Encrypted credentials not found"); + error.code = "credentials_load_failed"; + throw error + } else { + // credentialSecret is set to False + log.warn("Using Unecrypted credentials") + credentialCache = credentials; + } } if (clearInvalidFlag) { // TODO: this delves too deep into Project structure From af0f02d63e10288f31ca273cf8aa720002aa1a83 Mon Sep 17 00:00:00 2001 From: Sam Machin Date: Sat, 19 Mar 2022 17:44:21 +0000 Subject: [PATCH 02/10] add locale warning --- .../node_modules/@node-red/runtime/lib/nodes/credentials.js | 2 +- .../node_modules/@node-red/runtime/locales/en-US/runtime.json | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/packages/node_modules/@node-red/runtime/lib/nodes/credentials.js b/packages/node_modules/@node-red/runtime/lib/nodes/credentials.js index 356d5734e..d682b03f7 100644 --- a/packages/node_modules/@node-red/runtime/lib/nodes/credentials.js +++ b/packages/node_modules/@node-red/runtime/lib/nodes/credentials.js @@ -246,7 +246,7 @@ var api = module.exports = { throw error } else { // credentialSecret is set to False - log.warn("Using Unecrypted credentials") + log.warn(log._("nodes.credentials.unencrypted",{message:err.toString()})) credentialCache = credentials; } } diff --git a/packages/node_modules/@node-red/runtime/locales/en-US/runtime.json b/packages/node_modules/@node-red/runtime/locales/en-US/runtime.json index 815f9239c..092df794e 100644 --- a/packages/node_modules/@node-red/runtime/locales/en-US/runtime.json +++ b/packages/node_modules/@node-red/runtime/locales/en-US/runtime.json @@ -104,7 +104,8 @@ "error":"Error loading credentials: __message__", "error-saving":"Error saving credentials: __message__", "not-registered": "Credential type '__type__' is not registered", - "system-key-warning": "\n\n---------------------------------------------------------------------\nYour flow credentials file is encrypted using a system-generated key.\n\nIf the system-generated key is lost for any reason, your credentials\nfile will not be recoverable, you will have to delete it and re-enter\nyour credentials.\n\nYou should set your own key using the 'credentialSecret' option in\nyour settings file. Node-RED will then re-encrypt your credentials\nfile using your chosen key the next time you deploy a change.\n---------------------------------------------------------------------\n" + "system-key-warning": "\n\n---------------------------------------------------------------------\nYour flow credentials file is encrypted using a system-generated key.\n\nIf the system-generated key is lost for any reason, your credentials\nfile will not be recoverable, you will have to delete it and re-enter\nyour credentials.\n\nYou should set your own key using the 'credentialSecret' option in\nyour settings file. Node-RED will then re-encrypt your credentials\nfile using your chosen key the next time you deploy a change.\n---------------------------------------------------------------------\n", + "unencrypted" : "Using Unecrypted credentials" }, "flows": { "safe-mode": "Flows stopped in safe mode. Deploy to start.", From c7f48a83c0a5fa5f1dcd57415822b81899e98b3f Mon Sep 17 00:00:00 2001 From: Sam Machin Date: Sat, 19 Mar 2022 17:57:30 +0000 Subject: [PATCH 03/10] add test --- .../runtime/lib/nodes/credentials_spec.js | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/test/unit/@node-red/runtime/lib/nodes/credentials_spec.js b/test/unit/@node-red/runtime/lib/nodes/credentials_spec.js index 6db0b867b..6c53142d3 100644 --- a/test/unit/@node-red/runtime/lib/nodes/credentials_spec.js +++ b/test/unit/@node-red/runtime/lib/nodes/credentials_spec.js @@ -444,6 +444,20 @@ describe('red/runtime/nodes/credentials', function() { done(); }); }); + it('handles bad credentials object - resets credentials', function(done) { + settings = { + credentialSecret: "e3a36f47f005bf2aaa51ce3fc6fcaafd79da8d03f2b1a9281f8fb0a285e6255a" + }; + // {"node":{user1:"abc",password1:"123"}} + var cryptedFlows = {"FOO":"5b89d8209b5158a3c313675561b1a5b5phN1gDBe81Zv98KqS/hVDmc9EKvaKqRIvcyXYvBlFNzzzJtvN7qfw06i"}; + credentials.init(runtime); + credentials.load(cryptedFlows).then(function() { + done(); + }).catch(function(err) { + err.should.have.property('code','credentials_load_failed'); + done(); + }); + }); it('handles unavailable settings - leaves creds unencrypted', function(done) { var runtime = { From d9bd736159eb6eac95227ba16c28117bcd78b4c9 Mon Sep 17 00:00:00 2001 From: Sam Machin Date: Mon, 21 Mar 2022 09:29:41 +0000 Subject: [PATCH 04/10] change error to warn for moving from unencrypted to encrypted --- .../node_modules/@node-red/runtime/lib/nodes/credentials.js | 5 ++--- .../@node-red/runtime/locales/en-US/runtime.json | 3 ++- test/unit/@node-red/runtime/lib/nodes/credentials_spec.js | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/packages/node_modules/@node-red/runtime/lib/nodes/credentials.js b/packages/node_modules/@node-red/runtime/lib/nodes/credentials.js index d682b03f7..eaf5833c5 100644 --- a/packages/node_modules/@node-red/runtime/lib/nodes/credentials.js +++ b/packages/node_modules/@node-red/runtime/lib/nodes/credentials.js @@ -241,9 +241,8 @@ var api = module.exports = { } else { if (encryptionEnabled) { // Our config expects the credentials to be encrypted but the encrypted object is not found - var error = new Error("Encrypted credentials not found"); - error.code = "credentials_load_failed"; - throw error + log.warn(log._("nodes.credentials.encryptednotfound",{message:err.toString()})) + credentialCache = credentials; } else { // credentialSecret is set to False log.warn(log._("nodes.credentials.unencrypted",{message:err.toString()})) diff --git a/packages/node_modules/@node-red/runtime/locales/en-US/runtime.json b/packages/node_modules/@node-red/runtime/locales/en-US/runtime.json index 092df794e..0704e2bdc 100644 --- a/packages/node_modules/@node-red/runtime/locales/en-US/runtime.json +++ b/packages/node_modules/@node-red/runtime/locales/en-US/runtime.json @@ -105,7 +105,8 @@ "error-saving":"Error saving credentials: __message__", "not-registered": "Credential type '__type__' is not registered", "system-key-warning": "\n\n---------------------------------------------------------------------\nYour flow credentials file is encrypted using a system-generated key.\n\nIf the system-generated key is lost for any reason, your credentials\nfile will not be recoverable, you will have to delete it and re-enter\nyour credentials.\n\nYou should set your own key using the 'credentialSecret' option in\nyour settings file. Node-RED will then re-encrypt your credentials\nfile using your chosen key the next time you deploy a change.\n---------------------------------------------------------------------\n", - "unencrypted" : "Using Unecrypted credentials" + "unencrypted" : "Using unecrypted credentials", + "encryptednotfound" : "Encrypted crededntials not found" }, "flows": { "safe-mode": "Flows stopped in safe mode. Deploy to start.", diff --git a/test/unit/@node-red/runtime/lib/nodes/credentials_spec.js b/test/unit/@node-red/runtime/lib/nodes/credentials_spec.js index 6c53142d3..0668da3b6 100644 --- a/test/unit/@node-red/runtime/lib/nodes/credentials_spec.js +++ b/test/unit/@node-red/runtime/lib/nodes/credentials_spec.js @@ -379,7 +379,6 @@ describe('red/runtime/nodes/credentials', function() { credentials.export().then(function(result) { result.should.have.a.property("$"); settings.should.not.have.a.property("_credentialSecret"); - // reset everything - but with _credentialSecret still set credentials.init(runtime); // load the freshly encrypted version @@ -444,12 +443,13 @@ describe('red/runtime/nodes/credentials', function() { done(); }); }); + it('handles bad credentials object - resets credentials', function(done) { settings = { credentialSecret: "e3a36f47f005bf2aaa51ce3fc6fcaafd79da8d03f2b1a9281f8fb0a285e6255a" }; // {"node":{user1:"abc",password1:"123"}} - var cryptedFlows = {"FOO":"5b89d8209b5158a3c313675561b1a5b5phN1gDBe81Zv98KqS/hVDmc9EKvaKqRIvcyXYvBlFNzzzJtvN7qfw06i"}; + var cryptedFlows = {"BADKEY":"5b89d8209b5158a3c313675561b1a5b5phN1gDBe81Zv98KqS/hVDmc9EKvaKqRIvcyXYvBlFNzzzJtvN7qfw06i"}; credentials.init(runtime); credentials.load(cryptedFlows).then(function() { done(); From 97dd1d0f4f47c7bfffc8290a86fc96b8b39c53c2 Mon Sep 17 00:00:00 2001 From: Sam Machin Date: Tue, 22 Mar 2022 07:34:18 +0000 Subject: [PATCH 05/10] typo --- .../node_modules/@node-red/runtime/locales/en-US/runtime.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/node_modules/@node-red/runtime/locales/en-US/runtime.json b/packages/node_modules/@node-red/runtime/locales/en-US/runtime.json index 0704e2bdc..e72858e18 100644 --- a/packages/node_modules/@node-red/runtime/locales/en-US/runtime.json +++ b/packages/node_modules/@node-red/runtime/locales/en-US/runtime.json @@ -106,7 +106,7 @@ "not-registered": "Credential type '__type__' is not registered", "system-key-warning": "\n\n---------------------------------------------------------------------\nYour flow credentials file is encrypted using a system-generated key.\n\nIf the system-generated key is lost for any reason, your credentials\nfile will not be recoverable, you will have to delete it and re-enter\nyour credentials.\n\nYou should set your own key using the 'credentialSecret' option in\nyour settings file. Node-RED will then re-encrypt your credentials\nfile using your chosen key the next time you deploy a change.\n---------------------------------------------------------------------\n", "unencrypted" : "Using unecrypted credentials", - "encryptednotfound" : "Encrypted crededntials not found" + "encryptednotfound" : "Encrypted credentials not found" }, "flows": { "safe-mode": "Flows stopped in safe mode. Deploy to start.", From 855d799b21bf895219f084098a52e0575a3fbfd9 Mon Sep 17 00:00:00 2001 From: Sam Machin Date: Tue, 22 Mar 2022 21:18:11 +0000 Subject: [PATCH 06/10] Update credentials.js --- .../node_modules/@node-red/runtime/lib/nodes/credentials.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/node_modules/@node-red/runtime/lib/nodes/credentials.js b/packages/node_modules/@node-red/runtime/lib/nodes/credentials.js index eaf5833c5..a45e07fcf 100644 --- a/packages/node_modules/@node-red/runtime/lib/nodes/credentials.js +++ b/packages/node_modules/@node-red/runtime/lib/nodes/credentials.js @@ -241,11 +241,11 @@ var api = module.exports = { } else { if (encryptionEnabled) { // Our config expects the credentials to be encrypted but the encrypted object is not found - log.warn(log._("nodes.credentials.encryptednotfound",{message:err.toString()})) + log.warn(log._("nodes.credentials.encryptednotfound")) credentialCache = credentials; } else { // credentialSecret is set to False - log.warn(log._("nodes.credentials.unencrypted",{message:err.toString()})) + log.warn(log._("nodes.credentials.unencrypted")) credentialCache = credentials; } } From c2aae6ddf619e65d7d2f1055d0d8731eeccee64f Mon Sep 17 00:00:00 2001 From: Sam Machin Date: Thu, 24 Mar 2022 08:37:35 +0000 Subject: [PATCH 07/10] Update packages/node_modules/@node-red/runtime/locales/en-US/runtime.json Co-authored-by: Nick O'Leary --- .../node_modules/@node-red/runtime/locales/en-US/runtime.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/node_modules/@node-red/runtime/locales/en-US/runtime.json b/packages/node_modules/@node-red/runtime/locales/en-US/runtime.json index e72858e18..08c18ed73 100644 --- a/packages/node_modules/@node-red/runtime/locales/en-US/runtime.json +++ b/packages/node_modules/@node-red/runtime/locales/en-US/runtime.json @@ -105,7 +105,7 @@ "error-saving":"Error saving credentials: __message__", "not-registered": "Credential type '__type__' is not registered", "system-key-warning": "\n\n---------------------------------------------------------------------\nYour flow credentials file is encrypted using a system-generated key.\n\nIf the system-generated key is lost for any reason, your credentials\nfile will not be recoverable, you will have to delete it and re-enter\nyour credentials.\n\nYou should set your own key using the 'credentialSecret' option in\nyour settings file. Node-RED will then re-encrypt your credentials\nfile using your chosen key the next time you deploy a change.\n---------------------------------------------------------------------\n", - "unencrypted" : "Using unecrypted credentials", + "unencrypted" : "Using unencrypted credentials", "encryptednotfound" : "Encrypted credentials not found" }, "flows": { From a1f5cabbba46f335fed320b0b896e5fc6678c4be Mon Sep 17 00:00:00 2001 From: Sam Machin Date: Thu, 24 Mar 2022 08:37:46 +0000 Subject: [PATCH 08/10] Update packages/node_modules/@node-red/runtime/locales/en-US/runtime.json Co-authored-by: Nick O'Leary --- .../node_modules/@node-red/runtime/locales/en-US/runtime.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/node_modules/@node-red/runtime/locales/en-US/runtime.json b/packages/node_modules/@node-red/runtime/locales/en-US/runtime.json index 08c18ed73..cb2e08aab 100644 --- a/packages/node_modules/@node-red/runtime/locales/en-US/runtime.json +++ b/packages/node_modules/@node-red/runtime/locales/en-US/runtime.json @@ -106,7 +106,7 @@ "not-registered": "Credential type '__type__' is not registered", "system-key-warning": "\n\n---------------------------------------------------------------------\nYour flow credentials file is encrypted using a system-generated key.\n\nIf the system-generated key is lost for any reason, your credentials\nfile will not be recoverable, you will have to delete it and re-enter\nyour credentials.\n\nYou should set your own key using the 'credentialSecret' option in\nyour settings file. Node-RED will then re-encrypt your credentials\nfile using your chosen key the next time you deploy a change.\n---------------------------------------------------------------------\n", "unencrypted" : "Using unencrypted credentials", - "encryptednotfound" : "Encrypted credentials not found" + "encryptedNotFound" : "Encrypted credentials not found" }, "flows": { "safe-mode": "Flows stopped in safe mode. Deploy to start.", From b7b604aed49ba66a2d50afb705b49ad60cc8801f Mon Sep 17 00:00:00 2001 From: Sam Machin Date: Thu, 24 Mar 2022 08:37:51 +0000 Subject: [PATCH 09/10] Update packages/node_modules/@node-red/runtime/lib/nodes/credentials.js Co-authored-by: Nick O'Leary --- .../node_modules/@node-red/runtime/lib/nodes/credentials.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/node_modules/@node-red/runtime/lib/nodes/credentials.js b/packages/node_modules/@node-red/runtime/lib/nodes/credentials.js index a45e07fcf..0432e01fb 100644 --- a/packages/node_modules/@node-red/runtime/lib/nodes/credentials.js +++ b/packages/node_modules/@node-red/runtime/lib/nodes/credentials.js @@ -241,7 +241,7 @@ var api = module.exports = { } else { if (encryptionEnabled) { // Our config expects the credentials to be encrypted but the encrypted object is not found - log.warn(log._("nodes.credentials.encryptednotfound")) + log.warn(log._("nodes.credentials.encryptedNotFound")) credentialCache = credentials; } else { // credentialSecret is set to False From 50718495da915cf684d47c7b5d872163dbbb262d Mon Sep 17 00:00:00 2001 From: Sam Machin Date: Thu, 24 Mar 2022 08:39:31 +0000 Subject: [PATCH 10/10] fix test mock --- test/unit/@node-red/runtime/lib/nodes/index_spec.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/unit/@node-red/runtime/lib/nodes/index_spec.js b/test/unit/@node-red/runtime/lib/nodes/index_spec.js index d6017db45..4bd08682e 100644 --- a/test/unit/@node-red/runtime/lib/nodes/index_spec.js +++ b/test/unit/@node-red/runtime/lib/nodes/index_spec.js @@ -63,7 +63,7 @@ describe("red/nodes/index", function() { var runtime = { settings: settings, storage: storage, - log: {debug:function() {}, warn:function() {}}, + log: {debug:function() {}, warn:function() {}, _: function() {}}, events: new EventEmitter() };