admin/n8n-enterprise-unlocked
1
0
Fork 0
mirror of https://github.com/Abdulazizzn/n8n-enterprise-unlocked.git synced 2025-12-20 19:32:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(core): Redact credentials (#13263)

Browse Source
This commit is contained in:
Tomi Turtiainen
2025-02-14 16:46:21 +02:00
committed by GitHub
parent d116f121e3
commit 052f17744d
7 changed files with 157 additions and 63 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
packages/cli/src/credentials/credentials.controller.ts
View File

@@ -130,7 +130,7 @@ export class CredentialsController {
}
const mergedCredentials = deepCopy(credentials);
const decryptedData = this.credentialsService.decrypt(storedCredential);
const decryptedData = this.credentialsService.decrypt(storedCredential, true);
// When a sharee (or project viewer) opens a credential, the fields and the
// credential data are missing so the payload will be empty
@@ -143,14 +143,14 @@ export class CredentialsController {
mergedCredentials,
);
if (mergedCredentials.data && storedCredential) {
if (mergedCredentials.data) {
mergedCredentials.data = this.credentialsService.unredact(
mergedCredentials.data,
decryptedData,
);
}
return await this.credentialsService.test(req.user, mergedCredentials);
return await this.credentialsService.test(req.user.id, mergedCredentials);
}
@Post('/')
@@ -176,18 +176,22 @@ export class CredentialsController {
@Patch('/:credentialId')
@ProjectScope('credential:update')
async updateCredentials(req: CredentialRequest.Update) {
const { credentialId } = req.params;
const {
body,
user,
params: { credentialId },
} = req;
const credential = await this.sharedCredentialsRepository.findCredentialForUser(
credentialId,
req.user,
user,
['credential:update'],
);
if (!credential) {
this.logger.info('Attempt to update credential blocked due to lack of permissions', {
credentialId,
userId: req.user.id,
userId: user.id,
});
throw new NotFoundError(
'Credential to be updated not found. You can only update credentials owned by you',
@@ -199,6 +203,8 @@ export class CredentialsController {
}
const decryptedData = this.credentialsService.decrypt(credential, true);
// We never want to allow users to change the oauthTokenData
delete body.data?.oauthTokenData;
const preparedCredentialData = await this.credentialsService.prepareUpdateData(
req.body,
decryptedData,