eclipse-iofog · epankou · Dec 17, 2018 · Dec 17, 2018
diff --git a/src/controllers/user-controller.js b/src/controllers/user-controller.js
@@ -42,14 +42,11 @@ const userLoginEndPoint = async function (req) {
 
   await Validator.validate(user, Validator.schemas.login);
 
-  const encryptedPassword = AppHelper.encryptText(user.password, user.email);
   const credentials = {
     email: user.email,
-    password: encryptedPassword
+    password: user.password
   };
 
-  logger.info("Parameters:" + JSON.stringify(credentials));
-
   return await UserService.login(credentials, false);
 };
 
@@ -96,17 +93,7 @@ const updateUserPasswordEndPoint = async function (req, user) {
 
   await Validator.validate(passwordUpdates, Validator.schemas.updatePassword);
 
-  const encryptedOldPassword = AppHelper.encryptText(passwordUpdates.oldPassword, user.email);
-  const encryptedNewPassword = AppHelper.encryptText(passwordUpdates.newPassword, user.email);
-
-  const encryptedPasswordUpdates = {
-    oldPassword: encryptedOldPassword,
-    newPassword: encryptedNewPassword
-  };
-
-  logger.info("Parameters:" + JSON.stringify(encryptedPasswordUpdates));
-
-  return await UserService.updateUserPassword(encryptedPasswordUpdates, user, false);
+  return await UserService.updateUserPassword(passwordUpdates, user, false);
 };
 
 const resetUserPasswordEndPoint = async function (req) {

diff --git a/src/helpers/app-helper.js b/src/helpers/app-helper.js
@@ -21,19 +21,30 @@ const portscanner = require('portscanner');
 const format = require('string-format');
 
 const ALGORITHM = 'aes-256-ctr';
+const IV_LENGTH = 16;
+
 
 const Transaction = require('sequelize/lib/transaction');
 
 function encryptText(text, salt) {
-  const cipher = crypto.createCipher(ALGORITHM, salt);
+  const iv = crypto.randomBytes(IV_LENGTH);
+  const processedSalt = crypto.createHash('md5').update(salt).digest("hex");
+
+  const cipher = crypto.createCipheriv(ALGORITHM, processedSalt, iv);
   let crypted = cipher.update(text, 'utf8', 'hex');
   crypted += cipher.final('hex');
-  return crypted
+  return iv.toString('hex') + ':' + crypted.toString('hex');
 }
 
 function decryptText(text, salt) {
-  const decipher = crypto.createDecipher(ALGORITHM, salt);
-  let dec = decipher.update(text, 'hex', 'utf8');
+  const processedSalt = crypto.createHash('md5').update(salt).digest("hex");
+
+  const textParts = text.split(':');
+  const iv = new Buffer(textParts.shift(), 'hex');
+  let encryptedText = new Buffer(textParts.join(':'), 'hex');
+
+  const decipher = crypto.createDecipheriv(ALGORITHM, processedSalt, iv);
+  let dec = decipher.update(encryptedText, 'hex', 'utf8');
   dec += decipher.final('utf8');
   return dec
 }

diff --git a/src/services/connector-service.js b/src/services/connector-service.js
@@ -168,7 +168,7 @@ async function openPortsOnConnector(connector, isPublicAccess, transaction) {
   };
   if (!connector.devMode && connector.cert && connector.isSelfSignedCert === true) {
     const ca = fs.readFileSync(connector.cert);
-    options.ca = new Buffer(ca);
+    options.ca = new Buffer.from(ca);
   }
 
   const ports = await _makeRequest(connector, options, data);
@@ -205,7 +205,7 @@ async function closePortOnConnector(connector, ports, transaction) {
   };
   if (!connector.devMode && connector.cert && connector.isSelfSignedCert === true) {
     const ca = fs.readFileSync(connector.cert);
-    options.ca = new Buffer(ca);
+    options.ca = new Buffer.from(ca);
   }
 
 

diff --git a/src/services/user-service.js b/src/services/user-service.js
@@ -66,7 +66,9 @@ const login = async function (credentials, isCLI, transaction) {
     throw new Errors.InvalidCredentialsError();
   }
 
-  const validPassword = credentials.password === user.password || credentials.password === user.tempPassword;
+  const pass = AppHelper.decryptText(user.password, user.email);
+
+  const validPassword = credentials.password === pass || credentials.password === user.tempPassword;
   if (!validPassword) {
     throw new Errors.InvalidCredentialsError();
   }
@@ -174,14 +176,18 @@ const deleteUser = async function (user, isCLI, transaction) {
 };
 
 const updateUserPassword = async function (passwordUpdates, user, isCLI, transaction) {
-  if (user.password !== passwordUpdates.oldPassword && user.tempPassword !== passwordUpdates.oldPassword) {
+  const pass = AppHelper.decryptText(user.password, user.email);
+
+  if (pass !== passwordUpdates.oldPassword && user.tempPassword !== passwordUpdates.oldPassword) {
     throw new Errors.ValidationError(ErrorMessages.INVALID_OLD_PASSWORD);
   }
 
   const emailData = await _getEmailData();
   const transporter = await _userEmailSender(emailData);
 
-  await UserManager.updatePassword(user.id, passwordUpdates.newPassword, transaction);
+  const newPass = AppHelper.encryptText(passwordUpdates.newPassword, user.email);
+
+  await UserManager.updatePassword(user.id, newPass, transaction);
   await _notifyUserAboutPasswordChange(user, emailData, transporter);
 };
 

diff --git a/test/src/controllers/user-controller.test.js b/test/src/controllers/user-controller.test.js
@@ -113,14 +113,11 @@ describe('User Controller', () => {
       }
     }));
     def('response', () => Promise.resolve());
-    def('encryptedPassword', () => 'encryptedPassword');
     def('validatorResponse', () => Promise.resolve(true));
-    def('encryptTextResponse', () => $encryptedPassword);
     def('subject', () => $subject.userLoginEndPoint($req));
 
     beforeEach(() => {
       $sandbox.stub(Validator, 'validate').returns($validatorResponse);
-      $sandbox.stub(AppHelper, 'encryptText').returns($encryptTextResponse);
       $sandbox.stub(UserService, 'login').returns($response);
     });
 
@@ -141,43 +138,30 @@ describe('User Controller', () => {
     });
 
     context('when Validator#validate() succeeds', () => {
-      it('calls AppHelper#encryptText() with correct args', async () => {
+      it('calls UserService.login with correct args', async () => {
         await $subject;
-        expect(AppHelper.encryptText).to.have.been.calledWith($password, $email);
+        expect(UserService.login).to.have.been.calledWith({
+          email: $email,
+          password: $password
+        }, false)
       });
 
-      context('when AppHelper#encryptText() fails', () => {
-        it('fails', () => {
-          return expect($subject).to.eventually.equal(undefined);
-        });
-      });
+      context('when UserService#login fails', () => {
+        const error = 'Error!';
 
-      context('when AppHelper#encryptText() succeeds', () => {
-        it('calls UserService.login with correct args', async () => {
-          await $subject;
-          expect(UserService.login).to.have.been.calledWith({
-            email: $email,
-            password: $encryptedPassword
-          }, false)
-        });
-
-        context('when UserService#login fails', () => {
-          const error = 'Error!';
-
-          def('response', () => Promise.reject(error));
-
-          it(`fails with "${error}"`, () => {
-            return expect($subject).to.be.rejectedWith(error)
-          })
-        });
+        def('response', () => Promise.reject(error));
 
-        context('when UserService#login succeeds', () => {
-          it(`succeeds`, () => {
-            return expect($subject).to.eventually.equal(undefined)
-          })
+        it(`fails with "${error}"`, () => {
+          return expect($subject).to.be.rejectedWith(error)
         })
       });
 
+      context('when UserService#login succeeds', () => {
+        it(`succeeds`, () => {
+          return expect($subject).to.eventually.equal(undefined)
+        })
+      })
+
     });
   });
 
@@ -399,13 +383,10 @@ describe('User Controller', () => {
     }));
     def('response', () => Promise.resolve());
     def('validatorResponse', () => Promise.resolve(true));
-    def('encryptedPassword', () => 'encryptedPassword');
-    def('encryptTextResponse', () => $encryptedPassword);
     def('subject', () => $subject.updateUserPasswordEndPoint($req, $user));
 
     beforeEach(() => {
       $sandbox.stub(Validator, 'validate').returns($validatorResponse);
-      $sandbox.stub(AppHelper, 'encryptText').returns($encryptTextResponse);
       $sandbox.stub(UserService, 'updateUserPassword').returns($response);
     });
 
@@ -426,56 +407,29 @@ describe('User Controller', () => {
     });
 
     context('when Validator#validate() succeeds', () => {
-      it('calls AppHelper#encryptText() for old password with correct args', async () => {
+      it('calls UserService.updateUserPassword with correct args', async () => {
         await $subject;
-        expect(AppHelper.encryptText).to.have.been.calledWith($oldPassword, $user.email);
-      });
-
-      context('when AppHelper#encryptText() for old password fails', () => {
-        it('fails', () => {
-          return expect($subject).to.eventually.equal(undefined);
-        });
+        expect(UserService.updateUserPassword).to.have.been.calledWith({
+          oldPassword: $oldPassword,
+          newPassword: $newPassword
+        }, $user, false);
       });
 
-      context('when AppHelper#encryptText() for old password succeeds', () => {
-        it('calls AppHelper#encryptText() for new password with correct args', async () => {
-          await $subject;
-          expect(AppHelper.encryptText).to.have.been.calledWith($newPassword, $user.email);
-        });
-
-        context('when AppHelper#encryptText() for new password fails', () => {
-          it('fails', () => {
-            return expect($subject).to.eventually.equal(undefined);
-          });
-        });
+      context('when UserService#updateUserPassword fails', () => {
+        const error = 'Error!';
 
-        context('when AppHelper#encryptText() for new password succeeds', () => {
-          it('calls UserService.updateUserPassword with correct args', async () => {
-            await $subject;
-            expect(UserService.updateUserPassword).to.have.been.calledWith({
-              oldPassword: $encryptedPassword,
-              newPassword: $encryptedPassword
-            }, $user, false);
-          });
-
-          context('when UserService#updateUserPassword fails', () => {
-            const error = 'Error!';
-
-            def('response', () => Promise.reject(error));
-
-            it(`fails with "${error}"`, () => {
-              return expect($subject).to.be.rejectedWith(error)
-            })
-          });
-
-          context('when UserService#updateUserPassword succeeds', () => {
-            it(`succeeds`, () => {
-              return expect($subject).to.eventually.equal(undefined)
-            })
-          })
-        });
+        def('response', () => Promise.reject(error));
 
+        it(`fails with "${error}"`, () => {
+          return expect($subject).to.be.rejectedWith(error)
+        })
       });
+
+      context('when UserService#updateUserPassword succeeds', () => {
+        it(`succeeds`, () => {
+          return expect($subject).to.eventually.equal(undefined)
+        })
+      })
     });
   });