Merge pull request #938 from credebl/fix/encrypt-clientId-clientSecret

fix: encrypt clientId and client secret
credebl · Aug 26, 2024 · d03e5a9 · d03e5a9
2 parents 553743f + 976c920
commit d03e5a9
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 15 deletions.
diff --git a/apps/user/src/user.service.ts b/apps/user/src/user.service.ts
@@ -112,30 +112,28 @@ export class UserService {
 
       const verifyCode = uuidv4();
       let sendVerificationMail: boolean;
-
-      const decryptClientId = await this.commonService.decryptPassword(clientId);
-      const decryptClientSecret = await this.commonService.decryptPassword(clientSecret);
 
       try {
-        const token = await this.clientRegistrationService.getManagementToken(decryptClientId, decryptClientSecret);
-        const getClientData = await this.clientRegistrationService.getClientRedirectUrl(decryptClientId, token);
+
+        const token = await this.clientRegistrationService.getManagementToken(clientId, clientSecret);
+        const getClientData = await this.clientRegistrationService.getClientRedirectUrl(clientId, token);
 
         const [redirectUrl] = getClientData[0]?.redirectUris || [];
 
         if (!redirectUrl) {
           throw new NotFoundException(ResponseMessages.user.error.redirectUrlNotFound);
         }
 
-        sendVerificationMail = await this.sendEmailForVerification(email, verifyCode, redirectUrl, decryptClientId, brandLogoUrl, platformName);
+        sendVerificationMail = await this.sendEmailForVerification(email, verifyCode, redirectUrl, clientId, brandLogoUrl, platformName);
       } catch (error) {
         throw new InternalServerErrorException(ResponseMessages.user.error.emailSend);
       }
 
       if (sendVerificationMail) {
         const uniqueUsername = await this.createUsername(email, verifyCode);
         userEmailVerification.username = uniqueUsername;
-        userEmailVerification.clientId = decryptClientId;
-        userEmailVerification.clientSecret = decryptClientSecret;
+        userEmailVerification.clientId = clientId;
+        userEmailVerification.clientSecret = clientSecret;
         const resUser = await this.userRepository.createUser(userEmailVerification, verifyCode);
         return resUser;
       } 

diff --git a/libs/client-registration/src/client-registration.service.ts b/libs/client-registration/src/client-registration.service.ts
@@ -184,8 +184,11 @@ export class ClientRegistrationService {
         throw new BadRequestException(`Client ID and client secret are missing`);
       } 
 
-      payload.client_id = clientId;
-      payload.client_secret = clientSecret;
+      const decryptClientId = await this.commonService.decryptPassword(clientId);
+      const decryptClientSecret = await this.commonService.decryptPassword(clientSecret);
+
+      payload.client_id = decryptClientId;
+      payload.client_secret = decryptClientSecret;
       const mgmtTokenResponse = await this.getToken(payload);
       return mgmtTokenResponse.access_token;
     } catch (error) {
@@ -756,8 +759,11 @@ export class ClientRegistrationService {
         throw new BadRequestException(`Client ID and client secret are missing`);
       } 
 
-      payload.client_id = clientId;
-      payload.client_secret = clientSecret;
+      const decryptClientId = await this.commonService.decryptPassword(clientId);
+      const decryptClientSecret = await this.commonService.decryptPassword(clientSecret);
+
+      payload.client_id = decryptClientId;
+      payload.client_secret = decryptClientSecret;
       payload.username = email;
       payload.password = password;
 
@@ -801,8 +807,11 @@ export class ClientRegistrationService {
         throw new BadRequestException(`Client ID and client secret are missing`);
       } 
 
-      payload.client_id = clientId;
-      payload.client_secret = clientSecret;
+      const decryptClientId = await this.commonService.decryptPassword(clientId);
+      const decryptClientSecret = await this.commonService.decryptPassword(clientSecret);
+
+      payload.client_id = decryptClientId;
+      payload.client_secret = decryptClientSecret;
 
       payload.grant_type = 'refresh_token';
       payload.refresh_token = refreshToken;
@@ -891,8 +900,9 @@ export class ClientRegistrationService {
 
     const realmName = process.env.KEYCLOAK_REALM;
 
+    const decryptClientId = await this.commonService.decryptPassword(clientId);
     const redirectUrls = await this.commonService.httpGet(
-      await this.keycloakUrlService.GetClientURL(realmName, clientId),
+      await this.keycloakUrlService.GetClientURL(realmName, decryptClientId),
       this.getAuthHeader(token)
     );