mir/vinyldns
2
0
Fork 0
mirror of https://github.com/VinylDNS/vinyldns synced 2025-08-22 10:10:12 +00:00
Code Issues Releases Wiki Activity
vinyldns/modules/portal/app/controllers/UserAccountAccessor.scala
Paul Cleary 2e172a94bc
Fix authentication error in the portal (#220) 
The root cause for the authentication error is that the portal
was not decrypting the user secret key before signing requests.

This is solved via the following:

1. Update VinylDNS controller to decrypt user secret when needed
1. Make sure that the `encrypt-user-secrets` feature flag is `on`
in the API reference.conf.  This was why in testing locally we
did not hit the same issue that we saw in the development environment.
Because the flag was false, test users secrets were not encrypted.

* `portal application.conf` - set the crypto to match the API
* `Dependencies.scala` - eliminate some duplication of dependencies
* `api reference.conf` - set the encrypt-user-secrets flag to true
* `TestApplicationData.scala` - modify the mock play app to have a
CryptoAlgebra binding
* `VinylDNS` - add secret decryption in getUserCreds and processCSV
* `VinylDNSModule` - add binding for CryptoAlgebra for dependency
injection.
2018-09-19 10:47:51 -04:00

57 lines
1.8 KiB
Scala
Raw Blame History

/*
* Copyright 2018 Comcast Cable Communications Management, LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package controllers
import cats.effect.IO
import javax.inject.{Inject, Singleton}
import org.joda.time.DateTime
import vinyldns.core.domain.membership.{User, UserChange, UserChangeRepository, UserRepository}
@Singleton
class UserAccountAccessor @Inject()(users: UserRepository, changes: UserChangeRepository) {
/**
* Lookup a user in the store. Using identifier as the user id and/or name
*
* @param identifier
* @return Success(Some(user account)) on success, Success(None) if the user does not exist and Failure when there
* was an error.
*/
def get(identifier: String): IO[Option[User]] =
users
.getUser(identifier)
.flatMap {
case None => users.getUserByName(identifier)
case found => IO(found)
}
def create(user: User): IO[User] =
for {
_ <- users.save(user)
_ <- changes.save(UserChange.CreateUser(user, "system", DateTime.now))
} yield user
def update(user: User, oldUser: User): IO[User] =
for {
_ <- users.save(user)
_ <- changes.save(UserChange.UpdateUser(user, "system", DateTime.now, oldUser))
} yield user
def getUserByKey(key: String): IO[Option[User]] =
users.getUserByAccessKey(key)
}
Reference in New Issue View Git Blame Copy Permalink