create encryption keys from password during app import & restore

2020-05-12 15:49:43 -07:00
parent 1df94fd84d
commit ea8a3d798e
3 changed files with 24 additions and 11 deletions
@@ -1540,6 +1540,11 @@ function importApp(app, data, auditSource, callback) {
    testBackupConfig(function (error) {
        if (error) return callback(error);

+        if (backupConfig && 'password' in backupConfig) {
+            backupConfig.encryption = backups.generateEncryptionKeysSync(backupConfig.password);
+            delete backupConfig.password;
+        }
+
        const restoreConfig = { backupId, backupFormat, backupConfig };

        const task = {
@@ -140,6 +140,19 @@ function testConfig(backupConfig, callback) {
    api(backupConfig.provider).testConfig(backupConfig, callback);
 }

+// this skips password check since that policy is only at creation time
+function testProviderConfig(backupConfig, callback) {
+    assert.strictEqual(typeof backupConfig, 'object');
+    assert.strictEqual(typeof callback, 'function');
+
+    var func = api(backupConfig.provider);
+    if (!func) return callback(new BoxError(BoxError.BAD_FIELD, 'unknown storage provider', { field: 'provider' }));
+
+    if (backupConfig.format !== 'tgz' && backupConfig.format !== 'rsync') return callback(new BoxError(BoxError.BAD_FIELD, 'unknown format', { field: 'format' }));
+
+    api(backupConfig.provider).testConfig(backupConfig, callback);
+}
+
 function generateEncryptionKeysSync(password) {
    assert.strictEqual(typeof password, 'string');

@@ -152,16 +165,6 @@ function generateEncryptionKeysSync(password) {
    };
 }

-function testProviderConfig(backupConfig, callback) {
-    assert.strictEqual(typeof backupConfig, 'object');
-    assert.strictEqual(typeof callback, 'function');
-
-    var func = api(backupConfig.provider);
-    if (!func) return callback(new BoxError(BoxError.BAD_FIELD, 'unknown storage provider', { field: 'provider' }));
-
-    api(backupConfig.provider).testConfig(backupConfig, callback);
-}
-
 function getByStatePaged(state, page, perPage, callback) {
    assert.strictEqual(typeof state, 'string');
    assert(typeof page === 'number' && page > 0);
@@ -206,9 +206,14 @@ function restore(backupConfig, backupId, version, sysinfoConfig, auditSource, ca
        if (error) return done(error);
        if (activated) return done(new BoxError(BoxError.CONFLICT, 'Already activated. Restore with a fresh Cloudron installation.'));

-        backups.testConfig(backupConfig, function (error) {
+        backups.testProviderConfig(backupConfig, function (error) {
            if (error) return done(error);

+            if ('password' in backupConfig) {
+                backupConfig.encryption = backups.generateEncryptionKeysSync(backupConfig.password);
+                delete backupConfig.password;
+            }
+
            sysinfo.testConfig(sysinfoConfig, function (error) {
                if (error) return done(error);