Merge pull request #3498 from sammachin/sammachin_credentials

Error on invalid encrypted credentials
pull/3547/head
Nick O'Leary 2022-04-21 10:59:43 +01:00 committed by GitHub
commit 3a26c5cd65
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 28 additions and 4 deletions

View File

@ -239,7 +239,15 @@ var api = module.exports = {
throw error;
}
} else {
credentialCache = credentials;
if (encryptionEnabled) {
// Our config expects the credentials to be encrypted but the encrypted object is not found
log.warn(log._("nodes.credentials.encryptedNotFound"))
credentialCache = credentials;
} else {
// credentialSecret is set to False
log.warn(log._("nodes.credentials.unencrypted"))
credentialCache = credentials;
}
}
if (clearInvalidFlag) {
// TODO: this delves too deep into Project structure

View File

@ -104,7 +104,9 @@
"error":"Error loading credentials: __message__",
"error-saving":"Error saving credentials: __message__",
"not-registered": "Credential type '__type__' is not registered",
"system-key-warning": "\n\n---------------------------------------------------------------------\nYour flow credentials file is encrypted using a system-generated key.\n\nIf the system-generated key is lost for any reason, your credentials\nfile will not be recoverable, you will have to delete it and re-enter\nyour credentials.\n\nYou should set your own key using the 'credentialSecret' option in\nyour settings file. Node-RED will then re-encrypt your credentials\nfile using your chosen key the next time you deploy a change.\n---------------------------------------------------------------------\n"
"system-key-warning": "\n\n---------------------------------------------------------------------\nYour flow credentials file is encrypted using a system-generated key.\n\nIf the system-generated key is lost for any reason, your credentials\nfile will not be recoverable, you will have to delete it and re-enter\nyour credentials.\n\nYou should set your own key using the 'credentialSecret' option in\nyour settings file. Node-RED will then re-encrypt your credentials\nfile using your chosen key the next time you deploy a change.\n---------------------------------------------------------------------\n",
"unencrypted" : "Using unencrypted credentials",
"encryptedNotFound" : "Encrypted credentials not found"
},
"flows": {
"safe-mode": "Flows stopped in safe mode. Deploy to start.",

View File

@ -379,7 +379,6 @@ describe('red/runtime/nodes/credentials', function() {
credentials.export().then(function(result) {
result.should.have.a.property("$");
settings.should.not.have.a.property("_credentialSecret");
// reset everything - but with _credentialSecret still set
credentials.init(runtime);
// load the freshly encrypted version
@ -445,6 +444,21 @@ describe('red/runtime/nodes/credentials', function() {
});
});
it('handles bad credentials object - resets credentials', function(done) {
settings = {
credentialSecret: "e3a36f47f005bf2aaa51ce3fc6fcaafd79da8d03f2b1a9281f8fb0a285e6255a"
};
// {"node":{user1:"abc",password1:"123"}}
var cryptedFlows = {"BADKEY":"5b89d8209b5158a3c313675561b1a5b5phN1gDBe81Zv98KqS/hVDmc9EKvaKqRIvcyXYvBlFNzzzJtvN7qfw06i"};
credentials.init(runtime);
credentials.load(cryptedFlows).then(function() {
done();
}).catch(function(err) {
err.should.have.property('code','credentials_load_failed');
done();
});
});
it('handles unavailable settings - leaves creds unencrypted', function(done) {
var runtime = {
log: log,

View File

@ -63,7 +63,7 @@ describe("red/nodes/index", function() {
var runtime = {
settings: settings,
storage: storage,
log: {debug:function() {}, warn:function() {}},
log: {debug:function() {}, warn:function() {}, _: function() {}},
events: new EventEmitter()
};