-
-
Notifications
You must be signed in to change notification settings - Fork 827
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Feature to Encrypt user email in database #2627
Closed
prayanshchh
wants to merge
50
commits into
PalisadoesFoundation:develop
from
prayanshchh:encrypt_email
Closed
Changes from 44 commits
Commits
Show all changes
50 commits
Select commit
Hold shift + click to select a range
f3af8ed
first
prayanshchh 7583235
email encryption
prayanshchh 3bcb124
conflicts
prayanshchh a895e95
Merge branch 'develop' into encrypt_email
prayanshchh cfcb403
added hashedEmails for faster lookups
prayanshchh 5259ac7
Merge branch 'develop' of https://github.com/PalisadoesFoundation/tal…
prayanshchh 908f567
Merge branch 'encrypt_email' of https://github.com/prayanshchh/prayan…
prayanshchh 333ddc1
using crypto for hashing emails
prayanshchh 8799953
tests for hashing and utility function
prayanshchh a0fba68
coderrabitai suggestion
prayanshchh 7ffee91
suggestions
prayanshchh 7dad60c
last_suggestion
prayanshchh 789069c
fixing tests
prayanshchh 483ac61
new suggestions
prayanshchh ae7120f
Resolved merge conflicts with upstream/develop
prayanshchh c3ed5c3
added Tsdoc comments for encryption file
prayanshchh 5b0c87d
Merge branch 'develop' into encrypt_email
prayanshchh 5dcf341
fixing linting errors
prayanshchh f0eed10
Merge branch 'encrypt_email' of https://github.com/prayanshchh/prayan…
prayanshchh b92fef9
fixing tests 2
prayanshchh 9abd2db
fixing import errors
prayanshchh 32ac7c4
eslint disable fix
prayanshchh 5a976c5
Merge branch 'develop' into encrypt_email
prayanshchh b1d22ae
eslint fix
prayanshchh 88d4c4d
commit 25
prayanshchh 07516b6
encryption edit
prayanshchh 6d4dab8
Merge branch 'develop' into encrypt_email
prayanshchh d513a7b
encryption regex
prayanshchh 8932b62
Merge branch 'encrypt_email' of https://github.com/prayanshchh/prayan…
prayanshchh 7bb92d6
eslint errors fix
prayanshchh 558488d
user.ts fix
prayanshchh a8ce670
setup.ts lint fix
prayanshchh 6104867
setup.ts import fix
prayanshchh 4d298c1
format fix
prayanshchh f45df1c
disable line
prayanshchh 476e9a3
format-changed-files
prayanshchh 0a2fcbd
hash_pepper setup
prayanshchh e68a298
hard code new env variables
prayanshchh 7e0242c
resolving failing tests
prayanshchh 9737ca1
final resolves
prayanshchh fa3a3ab
increasing code coverage
prayanshchh be77cba
lint error in code cov
prayanshchh 359d762
fix lint
prayanshchh cac3465
fix tests
prayanshchh 729aa2e
Merge branch 'develop' into encrypt_email
prayanshchh 3bbf4e0
test fix
prayanshchh fc0ad07
cleaner-error-handling
prayanshchh 9f3342b
Merge branch 'develop' into encrypt_email
prayanshchh 27916b7
unused vars
prayanshchh 12a7e58
Merge branch 'develop' into encrypt_email
prayanshchh File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -218,6 +218,9 @@ jobs: | |
LAST_RESORT_SUPERADMIN_EMAIL: "[email protected]" | ||
COLORIZE_LOGS: "true" | ||
LOG_LEVEL: "info" | ||
ENCRYPTION_KEY: 64730e71158b84687f01237d8f8128cc9cb7804d2d68c36823880456adad48c7 | ||
HASH_PEPPER: 56195a1bd9b062fc4a63afff383ec28bf1464706725ae744c9fe7fc459426074 | ||
|
||
# ACCESS_TOKEN_SECRET: ${{ secrets.ACCESS_TOKEN_SECRET }} | ||
# REFRESH_TOKEN_SECRET: ${{ secrets.REFRESH_TOKEN_SECRET }} | ||
|
||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -10,7 +10,8 @@ | |
"pluginCreationAllowed": true, | ||
"firstName": "Default", | ||
"lastName": "Admin", | ||
"email": "[email protected]", | ||
"email": "SAMPLE_IV:SAMPLE_SALT:SAMPLE_ENCRYPTED_EMAIL", | ||
"hashedEmail": "SAMPLE_HASHED_EMAIL_VALUE", | ||
"password": "$2a$12$bSYpay6TRMpTOaAmYPFXku4avwmqfFBtmgg39TabxmtFEiz4plFtW", | ||
"image": null, | ||
"createdAt": "2023-04-13T04:53:17.742Z", | ||
|
Oops, something went wrong.
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
💡 Codebase verification
Based on the evidence gathered, I can now generate the final response:
The hardcoded encryption keys in the workflow file pose a security risk. The codebase shows proper encryption key handling:
.env.sample
demonstrates proper configuration with emptyENCRYPTION_KEY
andHASH_PEPPER
variablessrc/utilities/encryption.ts
validates key formats and handles them securelyPlease make these changes:
🔗 Analysis chain
CRITICAL: Remove hardcoded cryptographic keys from workflow file
Exposing cryptographic keys in version control poses a severe security risk, even for test environments. These keys should be managed through GitHub secrets.
Please make the following changes:
TEST_ENCRYPTION_KEY
andTEST_HASH_PEPPER
with test-specific valuesConsider implementing a key rotation mechanism and documenting the process for generating and managing these cryptographic materials securely.
Let's verify if these keys are used elsewhere in the codebase:
🏁 Scripts executed
The following scripts were executed for the analysis:
Script:
Length of output: 238
Script:
Length of output: 114823
Script:
Length of output: 516
Script:
Length of output: 6330
🧰 Tools
🪛 Gitleaks
221-221: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.
(generic-api-key)