From 976c920c01d4d74bedfb54b50e365cf2a7979b03 Mon Sep 17 00:00:00 2001
From: KulkarniShashank <shashank.kulkarni@ayanworks.com>
Date: Mon, 26 Aug 2024 15:39:39 +0530
Subject: [PATCH] fix: encrypt clientId and client secret

Signed-off-by: KulkarniShashank <shashank.kulkarni@ayanworks.com>
---
 apps/user/src/user.service.ts                 | 14 +++++------
 .../src/client-registration.service.ts        | 24 +++++++++++++------
 2 files changed, 23 insertions(+), 15 deletions(-)

diff --git a/apps/user/src/user.service.ts b/apps/user/src/user.service.ts
index 832595b30..6e95c3ddf 100644
--- a/apps/user/src/user.service.ts
+++ b/apps/user/src/user.service.ts
@@ -112,13 +112,11 @@ export class UserService {
   
       const verifyCode = uuidv4();
       let sendVerificationMail: boolean;
-  
-      const decryptClientId = await this.commonService.decryptPassword(clientId);
-      const decryptClientSecret = await this.commonService.decryptPassword(clientSecret);
 
       try {
-        const token = await this.clientRegistrationService.getManagementToken(decryptClientId, decryptClientSecret);
-        const getClientData = await this.clientRegistrationService.getClientRedirectUrl(decryptClientId, token);
+
+        const token = await this.clientRegistrationService.getManagementToken(clientId, clientSecret);
+        const getClientData = await this.clientRegistrationService.getClientRedirectUrl(clientId, token);
 
         const [redirectUrl] = getClientData[0]?.redirectUris || [];
   
@@ -126,7 +124,7 @@ export class UserService {
           throw new NotFoundException(ResponseMessages.user.error.redirectUrlNotFound);
         }
   
-        sendVerificationMail = await this.sendEmailForVerification(email, verifyCode, redirectUrl, decryptClientId, brandLogoUrl, platformName);
+        sendVerificationMail = await this.sendEmailForVerification(email, verifyCode, redirectUrl, clientId, brandLogoUrl, platformName);
       } catch (error) {
         throw new InternalServerErrorException(ResponseMessages.user.error.emailSend);
       }
@@ -134,8 +132,8 @@ export class UserService {
       if (sendVerificationMail) {
         const uniqueUsername = await this.createUsername(email, verifyCode);
         userEmailVerification.username = uniqueUsername;
-        userEmailVerification.clientId = decryptClientId;
-        userEmailVerification.clientSecret = decryptClientSecret;
+        userEmailVerification.clientId = clientId;
+        userEmailVerification.clientSecret = clientSecret;
         const resUser = await this.userRepository.createUser(userEmailVerification, verifyCode);
         return resUser;
       } 
diff --git a/libs/client-registration/src/client-registration.service.ts b/libs/client-registration/src/client-registration.service.ts
index 3c03bd7a7..334c500fd 100644
--- a/libs/client-registration/src/client-registration.service.ts
+++ b/libs/client-registration/src/client-registration.service.ts
@@ -184,8 +184,11 @@ export class ClientRegistrationService {
         throw new BadRequestException(`Client ID and client secret are missing`);
       } 
 
-      payload.client_id = clientId;
-      payload.client_secret = clientSecret;
+      const decryptClientId = await this.commonService.decryptPassword(clientId);
+      const decryptClientSecret = await this.commonService.decryptPassword(clientSecret);
+
+      payload.client_id = decryptClientId;
+      payload.client_secret = decryptClientSecret;
       const mgmtTokenResponse = await this.getToken(payload);
       return mgmtTokenResponse.access_token;
     } catch (error) {
@@ -756,8 +759,11 @@ export class ClientRegistrationService {
         throw new BadRequestException(`Client ID and client secret are missing`);
       } 
       
-      payload.client_id = clientId;
-      payload.client_secret = clientSecret;
+      const decryptClientId = await this.commonService.decryptPassword(clientId);
+      const decryptClientSecret = await this.commonService.decryptPassword(clientSecret);
+
+      payload.client_id = decryptClientId;
+      payload.client_secret = decryptClientSecret;
       payload.username = email;
       payload.password = password;
 
@@ -801,8 +807,11 @@ export class ClientRegistrationService {
         throw new BadRequestException(`Client ID and client secret are missing`);
       } 
 
-      payload.client_id = clientId;
-      payload.client_secret = clientSecret;
+      const decryptClientId = await this.commonService.decryptPassword(clientId);
+      const decryptClientSecret = await this.commonService.decryptPassword(clientSecret);
+
+      payload.client_id = decryptClientId;
+      payload.client_secret = decryptClientSecret;
         
       payload.grant_type = 'refresh_token';
       payload.refresh_token = refreshToken;
@@ -891,8 +900,9 @@ export class ClientRegistrationService {
 
     const realmName = process.env.KEYCLOAK_REALM;
 
+    const decryptClientId = await this.commonService.decryptPassword(clientId);
     const redirectUrls = await this.commonService.httpGet(
-      await this.keycloakUrlService.GetClientURL(realmName, clientId),
+      await this.keycloakUrlService.GetClientURL(realmName, decryptClientId),
       this.getAuthHeader(token)
     );