Added encrypted credentials posting and deleting to the rest api.

Author: sebinside

src/main/scala/org/codeoverflow/chatoverflow/ui/web/rest/DTOs.scala

@@ -27,6 +27,10 @@ object DTOs {
   case class CredentialsDetails(found: Boolean, requiredCredentials: Map[String, String] = Map[String, String](),
                                 optionalCredentials: Map[String, String] = Map[String, String]())
 
+  case class CredentialsEntry(found: Boolean, key: String = "", value: String = "")
+
+  case class EncryptedKeyValuePair(key: String, value: String)
+
   case class PluginInstanceRef(instanceName: String, pluginName: String, pluginAuthor: String)
 
   case class ResultMessage(success: Boolean, message: String = "")
@@ -35,4 +39,6 @@ object DTOs {
 
   case class Password(password: String)
 
+  case class AuthKey(authKey: String)
+
 }

src/main/scala/org/codeoverflow/chatoverflow/ui/web/rest/connector/ConnectorController.scala

@@ -3,7 +3,7 @@ package org.codeoverflow.chatoverflow.ui.web.rest.connector
 import org.codeoverflow.chatoverflow.configuration.{Credentials, CryptoUtil}
 import org.codeoverflow.chatoverflow.connector.ConnectorRegistry
 import org.codeoverflow.chatoverflow.ui.web.JsonServlet
-import org.codeoverflow.chatoverflow.ui.web.rest.DTOs.{ConnectorDetails, ConnectorRef, CredentialsDetails, ResultMessage}
+import org.codeoverflow.chatoverflow.ui.web.rest.DTOs._
 import org.scalatra.swagger.Swagger
 
 import scala.collection.mutable
@@ -102,20 +102,135 @@ class ConnectorController(implicit val swagger: Swagger) extends JsonServlet wit
     }
   }
 
+  get("/:sourceIdentifier/:qualifiedConnectorType/credentials/:key", operation(getCredentialsEntry)) {
+    val key = params("key")
+
+    if (!chatOverflow.isLoaded) {
+      CredentialsEntry(found = false)
+    } else {
+      val connector = ConnectorRegistry.getConnector(params("sourceIdentifier"), params("qualifiedConnectorType"))
+
+      if (connector.isEmpty) {
+        CredentialsEntry(found = false)
+
+      } else if (!connector.get.areCredentialsSet) {
+        CredentialsEntry(found = false)
+
+      } else if (!connector.get.getCredentials.get.exists(key)) {
+        CredentialsEntry(found = false)
+
+      } else {
+        val plainValue = connector.get.getCredentials.get.getValue(key).get
+        val encryptedValue = encryptCredentialsValue(plainValue)
+
+        CredentialsEntry(found = true, key, encryptedValue)
+      }
+    }
+  }
+
+  post("/:sourceIdentifier/:qualifiedConnectorType/credentials/", operation(postCredentialsEntry)) {
+    parsedAs[EncryptedKeyValuePair] {
+      case EncryptedKeyValuePair(key, value) =>
+        if (!chatOverflow.isLoaded) {
+          ResultMessage(success = false, "Chat Overflow is not loaded.")
+
+        } else {
+          val connector = ConnectorRegistry.getConnector(params("sourceIdentifier"), params("qualifiedConnectorType"))
+
+          if (connector.isEmpty) {
+            ResultMessage(success = false, "Connector not found.")
+
+          } else if (!connector.get.areCredentialsSet) {
+            ResultMessage(success = false, "No credentials subobject found.")
+
+          } else if (connector.get.isRunning) {
+            // Should hot swapping be a thing?
+            ResultMessage(success = false, "Connector is running.")
+
+          } else if (!connector.get.getRequiredCredentialKeys.contains(key) &&
+            !connector.get.getOptionalCredentialKeys.contains(key)) {
+            // Note that its only possible to add values to required and optional keys
+            // Let's not dumb everything into the credentials object please
+            ResultMessage(success = false, "Key is not required/optional for this connector.")
+
+          } else {
+
+            val decryptedValue = decryptCredentialsValue(value)
+
+            if (decryptedValue.isEmpty) {
+              ResultMessage(success = false, "Value encrypted with wrong auth key.")
+
+            } else if (!connector.get.setCredentialsValue(key, decryptedValue.get)) {
+              ResultMessage(success = false, "Unable to set credentials value.")
+
+            } else {
+              chatOverflow.save()
+              ResultMessage(success = true)
+            }
+          }
+        }
+    }
+  }
+
+  delete("/:sourceIdentifier/:qualifiedConnectorType/credentials/:key", operation(deleteCredentialsEntry)) {
+    parsedAs[AuthKey] {
+      case AuthKey(authKey) =>
+        val key = params("key")
+        val frameworkAuthKey = chatOverflow.credentialsService.generateAuthKey()
+
+        if (authKey != frameworkAuthKey) {
+          ResultMessage(success = false, "Wrong auth key supplied.")
+        } else {
+
+          if (!chatOverflow.isLoaded) {
+            ResultMessage(success = false, "Chat Overflow is not loaded.")
+          } else {
+            val connector = ConnectorRegistry.getConnector(params("sourceIdentifier"), params("qualifiedConnectorType"))
+
+            if (connector.isEmpty) {
+              ResultMessage(success = false, "Connector not found.")
+
+            } else if (!connector.get.areCredentialsSet) {
+              ResultMessage(success = false, "No credentials subobject found.")
+
+            } else if (connector.get.isRunning) {
+              ResultMessage(success = false, "Connector is running.")
+
+            } else if (!connector.get.getCredentials.get.exists(key)) {
+              ResultMessage(success = false, "Credentials key not found.")
+
+            } else {
+              connector.get.getCredentials.get.removeValue(key)
+              chatOverflow.save()
+
+              ResultMessage(success = true)
+            }
+          }
+        }
+    }
+  }
+
   protected def getCredentialsMap(keys: List[String], credentials: Credentials): Map[String, String] = {
-    val authKey = chatOverflow.credentialsService.generateAuthKey()
     val credentialsMap = mutable.Map[String, String]()
 
     for (key <- keys) {
       if (credentials.exists(key)) {
         val plainValue = credentials.getValue(key).get
-        val encryptedValue = CryptoUtil.encryptSSLcompliant(authKey, plainValue)
-
-        credentialsMap += key -> encryptedValue
+        credentialsMap += key -> encryptCredentialsValue(plainValue)
       }
     }
 
     credentialsMap.toMap
   }
 
+  protected def encryptCredentialsValue(plainValue: String): String = {
+    val authKey = chatOverflow.credentialsService.generateAuthKey()
+    CryptoUtil.encryptSSLcompliant(authKey, plainValue)
+  }
+
+  protected def decryptCredentialsValue(cipherValue: String): Option[String] = {
+    val authKey = chatOverflow.credentialsService.generateAuthKey()
+    CryptoUtil.decryptSSLcompliant(authKey, cipherValue)
+  }
+
 }

src/main/scala/org/codeoverflow/chatoverflow/ui/web/rest/connector/ConnectorControllerDefinition.scala

@@ -1,7 +1,7 @@
 package org.codeoverflow.chatoverflow.ui.web.rest.connector
 
 import org.codeoverflow.chatoverflow.connector.ConnectorKey
-import org.codeoverflow.chatoverflow.ui.web.rest.DTOs.{ConnectorDetails, ConnectorRef, ResultMessage}
+import org.codeoverflow.chatoverflow.ui.web.rest.DTOs._
 import org.scalatra.swagger.SwaggerSupport
 import org.scalatra.swagger.SwaggerSupportSyntax.OperationBuilder
 
@@ -39,8 +39,32 @@ trait ConnectorControllerDefinition extends SwaggerSupport {
       parameter pathParam[String]("sourceIdentifier").description("The (connector unique) identifier of e.g. a account to connect to")
       parameter pathParam[String]("qualifiedConnectorType").description("The fully qualified type of the connector."))
 
+  val getCredentialsEntry: OperationBuilder =
+    (apiOperation[CredentialsEntry]("getCredentialsEntry")
+      summary "Shows a specific credentials entry of a specific connector."
+      description "Shows one credentials entry if existent. Note, that the user has to be logged in and the value is encrypted using the auth key. "
+      parameter pathParam[String]("sourceIdentifier").description("The (connector unique) identifier of e.g. a account to connect to")
+      parameter pathParam[String]("qualifiedConnectorType").description("The fully qualified type of the connector.")
+      parameter pathParam[String]("key").description("The key of the credentials entry."))
 
-  override protected def applicationDescription: String = "Handles platform connectors."
+  val postCredentialsEntry: OperationBuilder =
+    (apiOperation[ResultMessage]("postCredentialsEntry")
+      summary "Creates a new credentials entry."
+      description "Creates a new credentials entry with given parameters for a given connector. Note that only required & optional keys can be added."
+      parameter pathParam[String]("sourceIdentifier").description("The (connector unique) identifier of e.g. a account to connect to")
+      parameter pathParam[String]("qualifiedConnectorType").description("The fully qualified type of the connector.")
+      parameter bodyParam[EncryptedKeyValuePair]("body").description("Requires a key-value pair. The value must be encrypted using the auth key."))
 
+  val deleteCredentialsEntry: OperationBuilder =
+    (apiOperation[ResultMessage]("deleteCredentialsEntry")
+      summary "Deletes a specific credentials entry."
+      description "Deletes a specific credentials entry of a given connector, if possible."
+      parameter pathParam[String]("sourceIdentifier").description("The (connector unique) identifier of e.g. a account to connect to")
+      parameter pathParam[String]("qualifiedConnectorType").description("The fully qualified type of the connector.")
+      parameter pathParam[String]("key").description("The key of the credentials entry.")
+      parameter bodyParam[AuthKey]("body").description("Requires the client auth key since this is a sensible operation."))
+
+
+  override protected def applicationDescription: String = "Handles platform connectors."
 
 }