From 67c466cb80cf0e1dcb81793caf222701ffac5b6a Mon Sep 17 00:00:00 2001
From: Ulrik Andersen <ulrik@shape.dk>
Date: Thu, 5 Dec 2024 14:01:51 +0100
Subject: [PATCH] In case we fail to decrypt auth info is omitted

This can happen if a different public key was used for encrypting username and/or password.
---
 .../projects/data/GitHubProjectDataSource.ts  | 26 ++++++++++++++-----
 1 file changed, 20 insertions(+), 6 deletions(-)

diff --git a/src/features/projects/data/GitHubProjectDataSource.ts b/src/features/projects/data/GitHubProjectDataSource.ts
index df97c6bb..943e99c0 100644
--- a/src/features/projects/data/GitHubProjectDataSource.ts
+++ b/src/features/projects/data/GitHubProjectDataSource.ts
@@ -8,7 +8,8 @@ import {
   ProjectConfigRemoteVersion,
   IGitHubRepositoryDataSource,
   GitHubRepository,
-  GitHubRepositoryRef
+  GitHubRepositoryRef,
+  ProjectConfigRemoteSpecification
 } from "../domain"
 import RemoteConfig from "../domain/RemoteConfig"
 import { IRemoteConfigEncoder } from "../domain/RemoteConfigEncoder"
@@ -178,11 +179,7 @@ export default class GitHubProjectDataSource implements IProjectDataSource {
       const specifications = remoteVersion.specifications.map(e => {
         const remoteConfig: RemoteConfig = {
           url: e.url,
-          auth: e.auth ? {
-            type: e.auth.type,
-            username: this.encryptionService.decrypt(e.auth.encryptedUsername),
-            password: this.encryptionService.decrypt(e.auth.encryptedPassword)
-          } : undefined
+          auth: this.tryDecryptAuth(e)
         };
 
         const encodedRemoteConfig = this.remoteConfigEncoder.encode(remoteConfig);
@@ -232,4 +229,21 @@ export default class GitHubProjectDataSource implements IProjectDataSource {
       .replace(/ /g, "-")
       .replace(/[^A-Za-z0-9-]/g, "")
   }
+
+  private tryDecryptAuth(projectConfigRemoteSpec: ProjectConfigRemoteSpecification): { type: string, username: string, password: string } | undefined {
+    if (!projectConfigRemoteSpec.auth) {
+      return undefined
+    }
+
+    try {
+      return {
+        type: projectConfigRemoteSpec.auth.type,
+        username: this.encryptionService.decrypt(projectConfigRemoteSpec.auth.encryptedUsername),
+        password: this.encryptionService.decrypt(projectConfigRemoteSpec.auth.encryptedPassword)
+      }
+    } catch (error) {
+      console.error(`Failed to decrypt remote specification auth for ${projectConfigRemoteSpec.url}. Perhaps a different public key was used?:`, error);
+      return undefined
+    }
+  }
 }