Merge pull request #11559 from overleaf/jpa-access-token-encryptor-remove-v1

[access-token-encryptor] drop support for legacy v1 token scheme GitOrigin-RevId: 2d32453ad38119fa45cfd77463091f2c91dfe647
2024-11-21 20:47:08 -05:00 · 2023-02-02 12:00:47 +00:00 · 2023-02-02 12:00:47 +00:00 · 01aebbf69d
commit 01aebbf69d
parent e63b90d288
2 changed files with 10 additions and 36 deletions
--- a/libraries/access-token-encryptor/lib/js/AccessTokenEncryptor.js
+++ b/libraries/access-token-encryptor/lib/js/AccessTokenEncryptor.js
@ -3,9 +3,6 @@ const logger = require('@overleaf/logger')

 const ALGORITHM = 'aes-256-ctr'

-const keyFn = (password, salt, callback) =>
-  crypto.pbkdf2(password, salt, 10000, 64, 'sha1', callback)
-
 const keyFn32 = (password, salt, keyLength, callback) =>
  crypto.pbkdf2(password, salt, 10000, 32, 'sha1', callback)

@ -61,35 +58,10 @@ class AccessTokenEncryptor {
    if (!password || password.length < 16) {
      return callback(new Error('invalid password'))
    }
-
-    if (iv) {
-      this.decryptToJsonV2(password, salt, cipherText, iv, callback)
-    } else {
-      this.decryptToJsonV1(password, salt, cipherText, callback)
+    if (!iv) {
+      return callback(new Error('token scheme v1 is not supported anymore'))
    }
-  }

-  decryptToJsonV1(password, salt, cipherText, callback) {
-    keyFn(password, Buffer.from(salt, 'hex'), (err, key) => {
-      let json
-      if (err) {
-        logger.err({ err }, 'error getting Fn key')
-        return callback(err)
-      }
-      // eslint-disable-next-line n/no-deprecated-api
-      const decipher = crypto.createDecipher(ALGORITHM, key)
-      const dec =
-        decipher.update(cipherText, 'base64', 'utf8') + decipher.final('utf8')
-      try {
-        json = JSON.parse(dec)
-      } catch (e) {
-        return callback(new Error('error decrypting token'))
-      }
-      callback(null, json, true)
-    })
-  }
-
-  decryptToJsonV2(password, salt, cipherText, iv, callback) {
    keyFn32(password, Buffer.from(salt, 'hex'), 32, (err, key) => {
      let json
      if (err) {
--- a/libraries/access-token-encryptor/test/unit/js/AccessTokenEncryptorTests.js
+++ b/libraries/access-token-encryptor/test/unit/js/AccessTokenEncryptorTests.js
@ -72,18 +72,20 @@ describe('AccessTokenEncryptor', function () {
      })
    })

-    it('should decrypt an 2015 string to get the same object', function (done) {
+    it('should not be able to decrypt 2015 string', function (done) {
      this.encryptor.decryptToJson(this.encrypted2015, (err, decrypted) => {
-        expect(err).to.be.null
-        expect(decrypted).to.deep.equal(this.testObject)
+        expect(err).to.exist
+        expect(err.message).to.equal('token scheme v1 is not supported anymore')
+        expect(decrypted).to.not.exist
        done()
      })
    })

-    it('should decrypt an 2016 string to get the same object', function (done) {
+    it('should not be able to decrypt a 2016 string', function (done) {
      this.encryptor.decryptToJson(this.encrypted2016, (err, decrypted) => {
-        expect(err).to.be.null
-        expect(decrypted).to.deep.equal(this.testObject)
+        expect(err).to.exist
+        expect(err.message).to.equal('token scheme v1 is not supported anymore')
+        expect(decrypted).to.not.exist
        done()
      })
    })