netbird/management/server/activity/sqlite/crypt_test.go

package sqlite

import (
	"testing"
)

func TestGenerateKey(t *testing.T) {
	testData := "exampl@netbird.io"
	key, err := GenerateKey()
	if err != nil {
		t.Fatalf("failed to generate key: %s", err)
	}
	ee, err := NewFieldEncrypt(key)
	if err != nil {
		t.Fatalf("failed to init email encryption: %s", err)
	}

	encrypted, err := ee.Encrypt(testData)
	if err != nil {
		t.Fatalf("failed to encrypt data: %s", err)
	}

	if encrypted == "" {
		t.Fatalf("invalid encrypted text")
	}

	decrypted, err := ee.Decrypt(encrypted)
	if err != nil {
		t.Fatalf("failed to decrypt data: %s", err)
	}

	if decrypted != testData {
		t.Fatalf("decrypted data is not match with test data: %s, %s", testData, decrypted)
	}
}

func TestGenerateKeyLegacy(t *testing.T) {
	testData := "exampl@netbird.io"
	key, err := GenerateKey()
	if err != nil {
		t.Fatalf("failed to generate key: %s", err)
	}
	ee, err := NewFieldEncrypt(key)
	if err != nil {
		t.Fatalf("failed to init email encryption: %s", err)
	}

	encrypted := ee.LegacyEncrypt(testData)
	if encrypted == "" {
		t.Fatalf("invalid encrypted text")
	}

	decrypted, err := ee.LegacyDecrypt(encrypted)
	if err != nil {
		t.Fatalf("failed to decrypt data: %s", err)
	}

	if decrypted != testData {
		t.Fatalf("decrypted data is not match with test data: %s, %s", testData, decrypted)
	}
}

func TestCorruptKey(t *testing.T) {
	testData := "exampl@netbird.io"
	key, err := GenerateKey()
	if err != nil {
		t.Fatalf("failed to generate key: %s", err)
	}
	ee, err := NewFieldEncrypt(key)
	if err != nil {
		t.Fatalf("failed to init email encryption: %s", err)
	}

	encrypted, err := ee.Encrypt(testData)
	if err != nil {
		t.Fatalf("failed to encrypt data: %s", err)
	}

	if encrypted == "" {
		t.Fatalf("invalid encrypted text")
	}

	newKey, err := GenerateKey()
	if err != nil {
		t.Fatalf("failed to generate key: %s", err)
	}

	ee, err = NewFieldEncrypt(newKey)
	if err != nil {
		t.Fatalf("failed to init email encryption: %s", err)
	}

	res, _ := ee.Decrypt(encrypted)
	if res == testData {
		t.Fatalf("incorrect decryption, the result is: %s", res)
	}
}
Handle user delete (#1113) Implement user deletion across all IDP-ss. Expires all user peers when the user is deleted. Users are permanently removed from a local store, but in IDP, we remove Netbird attributes for the user untilUserDeleteFromIDPEnabled setting is not enabled. To test, an admin user should remove any additional users. Until the UI incorporates this feature, use a curl DELETE request targeting the /users/<USER_ID> management endpoint. Note that this request only removes user attributes and doesn't trigger a delete from the IDP. To enable user removal from the IdP, set UserDeleteFromIDPEnabled to true in account settings. Until we have a UI for this, make this change directly in the store file. Store the deleted email addresses in encrypted in activity store. 2023-09-19 18:08:40 +02:00			`package sqlite`

			`import (`
			`"testing"`
			`)`

			`func TestGenerateKey(t *testing.T) {`
			`testData := "exampl@netbird.io"`
			`key, err := GenerateKey()`
			`if err != nil {`
			`t.Fatalf("failed to generate key: %s", err)`
			`}`
Fix/user deletion (#1157) Extend the deleted user info with the username - Because initially, we did not store the user name in the activity db Sometimes, we can not provide the user name in the API response. Fix service user deletion - In case of service user deletion, do not invoke the IdP delete function - Prevent self deletion 2023-09-23 10:47:49 +02:00			`ee, err := NewFieldEncrypt(key)`
Handle user delete (#1113) Implement user deletion across all IDP-ss. Expires all user peers when the user is deleted. Users are permanently removed from a local store, but in IDP, we remove Netbird attributes for the user untilUserDeleteFromIDPEnabled setting is not enabled. To test, an admin user should remove any additional users. Until the UI incorporates this feature, use a curl DELETE request targeting the /users/<USER_ID> management endpoint. Note that this request only removes user attributes and doesn't trigger a delete from the IDP. To enable user removal from the IdP, set UserDeleteFromIDPEnabled to true in account settings. Until we have a UI for this, make this change directly in the store file. Store the deleted email addresses in encrypted in activity store. 2023-09-19 18:08:40 +02:00			`if err != nil {`
			`t.Fatalf("failed to init email encryption: %s", err)`
			`}`

[management] Add GCM encryption and migrate legacy encrypted events (#2569) * Add AES-GCM encryption Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * migrate legacy encrypted data to AES-GCM encryption Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Refactor and use transaction when migrating data Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Add events migration tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix lint Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * skip migrating record on error Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Preallocate capacity for nonce to avoid allocations in Seal Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> --------- Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> 2024-09-11 19:09:57 +02:00			`encrypted, err := ee.Encrypt(testData)`
			`if err != nil {`
			`t.Fatalf("failed to encrypt data: %s", err)`
			`}`

Handle user delete (#1113) Implement user deletion across all IDP-ss. Expires all user peers when the user is deleted. Users are permanently removed from a local store, but in IDP, we remove Netbird attributes for the user untilUserDeleteFromIDPEnabled setting is not enabled. To test, an admin user should remove any additional users. Until the UI incorporates this feature, use a curl DELETE request targeting the /users/<USER_ID> management endpoint. Note that this request only removes user attributes and doesn't trigger a delete from the IDP. To enable user removal from the IdP, set UserDeleteFromIDPEnabled to true in account settings. Until we have a UI for this, make this change directly in the store file. Store the deleted email addresses in encrypted in activity store. 2023-09-19 18:08:40 +02:00			`if encrypted == "" {`
			`t.Fatalf("invalid encrypted text")`
			`}`

			`decrypted, err := ee.Decrypt(encrypted)`
			`if err != nil {`
			`t.Fatalf("failed to decrypt data: %s", err)`
			`}`

			`if decrypted != testData {`
			`t.Fatalf("decrypted data is not match with test data: %s, %s", testData, decrypted)`
			`}`
			`}`

[management] Add GCM encryption and migrate legacy encrypted events (#2569) * Add AES-GCM encryption Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * migrate legacy encrypted data to AES-GCM encryption Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Refactor and use transaction when migrating data Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Add events migration tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix lint Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * skip migrating record on error Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Preallocate capacity for nonce to avoid allocations in Seal Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> --------- Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> 2024-09-11 19:09:57 +02:00			`func TestGenerateKeyLegacy(t *testing.T) {`
			`testData := "exampl@netbird.io"`
			`key, err := GenerateKey()`
			`if err != nil {`
			`t.Fatalf("failed to generate key: %s", err)`
			`}`
			`ee, err := NewFieldEncrypt(key)`
			`if err != nil {`
			`t.Fatalf("failed to init email encryption: %s", err)`
			`}`

			`encrypted := ee.LegacyEncrypt(testData)`
			`if encrypted == "" {`
			`t.Fatalf("invalid encrypted text")`
			`}`

			`decrypted, err := ee.LegacyDecrypt(encrypted)`
			`if err != nil {`
			`t.Fatalf("failed to decrypt data: %s", err)`
			`}`

			`if decrypted != testData {`
			`t.Fatalf("decrypted data is not match with test data: %s, %s", testData, decrypted)`
			`}`
			`}`

Handle user delete (#1113) Implement user deletion across all IDP-ss. Expires all user peers when the user is deleted. Users are permanently removed from a local store, but in IDP, we remove Netbird attributes for the user untilUserDeleteFromIDPEnabled setting is not enabled. To test, an admin user should remove any additional users. Until the UI incorporates this feature, use a curl DELETE request targeting the /users/<USER_ID> management endpoint. Note that this request only removes user attributes and doesn't trigger a delete from the IDP. To enable user removal from the IdP, set UserDeleteFromIDPEnabled to true in account settings. Until we have a UI for this, make this change directly in the store file. Store the deleted email addresses in encrypted in activity store. 2023-09-19 18:08:40 +02:00			`func TestCorruptKey(t *testing.T) {`
			`testData := "exampl@netbird.io"`
			`key, err := GenerateKey()`
			`if err != nil {`
			`t.Fatalf("failed to generate key: %s", err)`
			`}`
Fix/user deletion (#1157) Extend the deleted user info with the username - Because initially, we did not store the user name in the activity db Sometimes, we can not provide the user name in the API response. Fix service user deletion - In case of service user deletion, do not invoke the IdP delete function - Prevent self deletion 2023-09-23 10:47:49 +02:00			`ee, err := NewFieldEncrypt(key)`
Handle user delete (#1113) Implement user deletion across all IDP-ss. Expires all user peers when the user is deleted. Users are permanently removed from a local store, but in IDP, we remove Netbird attributes for the user untilUserDeleteFromIDPEnabled setting is not enabled. To test, an admin user should remove any additional users. Until the UI incorporates this feature, use a curl DELETE request targeting the /users/<USER_ID> management endpoint. Note that this request only removes user attributes and doesn't trigger a delete from the IDP. To enable user removal from the IdP, set UserDeleteFromIDPEnabled to true in account settings. Until we have a UI for this, make this change directly in the store file. Store the deleted email addresses in encrypted in activity store. 2023-09-19 18:08:40 +02:00			`if err != nil {`
			`t.Fatalf("failed to init email encryption: %s", err)`
			`}`

[management] Add GCM encryption and migrate legacy encrypted events (#2569) * Add AES-GCM encryption Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * migrate legacy encrypted data to AES-GCM encryption Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Refactor and use transaction when migrating data Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Add events migration tests Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix lint Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * skip migrating record on error Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * Preallocate capacity for nonce to avoid allocations in Seal Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> --------- Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> 2024-09-11 19:09:57 +02:00			`encrypted, err := ee.Encrypt(testData)`
			`if err != nil {`
			`t.Fatalf("failed to encrypt data: %s", err)`
			`}`

Handle user delete (#1113) Implement user deletion across all IDP-ss. Expires all user peers when the user is deleted. Users are permanently removed from a local store, but in IDP, we remove Netbird attributes for the user untilUserDeleteFromIDPEnabled setting is not enabled. To test, an admin user should remove any additional users. Until the UI incorporates this feature, use a curl DELETE request targeting the /users/<USER_ID> management endpoint. Note that this request only removes user attributes and doesn't trigger a delete from the IDP. To enable user removal from the IdP, set UserDeleteFromIDPEnabled to true in account settings. Until we have a UI for this, make this change directly in the store file. Store the deleted email addresses in encrypted in activity store. 2023-09-19 18:08:40 +02:00			`if encrypted == "" {`
			`t.Fatalf("invalid encrypted text")`
			`}`

			`newKey, err := GenerateKey()`
			`if err != nil {`
			`t.Fatalf("failed to generate key: %s", err)`
			`}`

Fix/user deletion (#1157) Extend the deleted user info with the username - Because initially, we did not store the user name in the activity db Sometimes, we can not provide the user name in the API response. Fix service user deletion - In case of service user deletion, do not invoke the IdP delete function - Prevent self deletion 2023-09-23 10:47:49 +02:00			`ee, err = NewFieldEncrypt(newKey)`
Handle user delete (#1113) Implement user deletion across all IDP-ss. Expires all user peers when the user is deleted. Users are permanently removed from a local store, but in IDP, we remove Netbird attributes for the user untilUserDeleteFromIDPEnabled setting is not enabled. To test, an admin user should remove any additional users. Until the UI incorporates this feature, use a curl DELETE request targeting the /users/<USER_ID> management endpoint. Note that this request only removes user attributes and doesn't trigger a delete from the IDP. To enable user removal from the IdP, set UserDeleteFromIDPEnabled to true in account settings. Until we have a UI for this, make this change directly in the store file. Store the deleted email addresses in encrypted in activity store. 2023-09-19 18:08:40 +02:00			`if err != nil {`
			`t.Fatalf("failed to init email encryption: %s", err)`
			`}`

Fix/user deletion (#1157) Extend the deleted user info with the username - Because initially, we did not store the user name in the activity db Sometimes, we can not provide the user name in the API response. Fix service user deletion - In case of service user deletion, do not invoke the IdP delete function - Prevent self deletion 2023-09-23 10:47:49 +02:00			`res, _ := ee.Decrypt(encrypted)`
			`if res == testData {`
Handle user delete (#1113) Implement user deletion across all IDP-ss. Expires all user peers when the user is deleted. Users are permanently removed from a local store, but in IDP, we remove Netbird attributes for the user untilUserDeleteFromIDPEnabled setting is not enabled. To test, an admin user should remove any additional users. Until the UI incorporates this feature, use a curl DELETE request targeting the /users/<USER_ID> management endpoint. Note that this request only removes user attributes and doesn't trigger a delete from the IDP. To enable user removal from the IdP, set UserDeleteFromIDPEnabled to true in account settings. Until we have a UI for this, make this change directly in the store file. Store the deleted email addresses in encrypted in activity store. 2023-09-19 18:08:40 +02:00			`t.Fatalf("incorrect decryption, the result is: %s", res)`
			`}`
			`}`