From bfb0d151ea2ba125e536a16b1873e143a67e9f64 Mon Sep 17 00:00:00 2001
From: Elias Schneider <login@eliasschneider.com>
Date: Thu, 8 Dec 2022 19:14:06 +0100
Subject: [PATCH] fix: obscure critical config variables

---
 backend/prisma/schema.prisma                  |  1 +
 backend/prisma/seed/config.seed.ts            |  5 +++--
 backend/src/config/dto/adminConfig.dto.ts     |  3 +++
 .../src/components/admin/AdminConfigTable.tsx | 19 +++++++++++--------
 .../components/admin/showCreateUserModal.tsx  |  5 +----
 .../admin/showUpdateConfigVariableModal.tsx   | 10 +++++++---
 .../components/admin/showUpdateUserModal.tsx  |  5 +----
 frontend/src/pages/account/index.tsx          |  5 +----
 frontend/src/types/config.type.ts             |  1 +
 9 files changed, 29 insertions(+), 25 deletions(-)

diff --git a/backend/prisma/schema.prisma b/backend/prisma/schema.prisma
index c2fb2e1..65e18a8 100644
--- a/backend/prisma/schema.prisma
+++ b/backend/prisma/schema.prisma
@@ -84,6 +84,7 @@ model Config {
   type        String
   value       String
   description String
+  obscured    Boolean @default(false)
   secret      Boolean @default(true)
   locked      Boolean @default(false)
 }
diff --git a/backend/prisma/seed/config.seed.ts b/backend/prisma/seed/config.seed.ts
index 2a71df8..1ea2e15 100644
--- a/backend/prisma/seed/config.seed.ts
+++ b/backend/prisma/seed/config.seed.ts
@@ -1,7 +1,7 @@
-import { PrismaClient } from "@prisma/client";
+import { Prisma, PrismaClient } from "@prisma/client";
 import * as crypto from "crypto";
 
-const configVariables = [
+const configVariables: Prisma.ConfigCreateInput[] = [
   {
     key: "SETUP_FINISHED",
     description: "Whether the setup has been finished",
@@ -83,6 +83,7 @@ const configVariables = [
     description: "Password of the SMTP server",
     type: "string",
     value: "",
+    obscured: true,
   },
 ];
 
diff --git a/backend/src/config/dto/adminConfig.dto.ts b/backend/src/config/dto/adminConfig.dto.ts
index ab32c19..c358bc6 100644
--- a/backend/src/config/dto/adminConfig.dto.ts
+++ b/backend/src/config/dto/adminConfig.dto.ts
@@ -11,6 +11,9 @@ export class AdminConfigDTO extends ConfigDTO {
   @Expose()
   description: string;
 
+  @Expose()
+  obscured: boolean;
+
   from(partial: Partial<AdminConfigDTO>) {
     return plainToClass(AdminConfigDTO, partial, {
       excludeExtraneousValues: true,
diff --git a/frontend/src/components/admin/AdminConfigTable.tsx b/frontend/src/components/admin/AdminConfigTable.tsx
index ac6a81c..3ff883e 100644
--- a/frontend/src/components/admin/AdminConfigTable.tsx
+++ b/frontend/src/components/admin/AdminConfigTable.tsx
@@ -54,17 +54,20 @@ const AdminConfigTable = () => {
       <tbody>
         {isLoading
           ? skeletonRows
-          : configVariables.map((element) => (
-              <tr key={element.key}>
+          : configVariables.map((configVariable) => (
+              <tr key={configVariable.key}>
                 <td style={{ maxWidth: "200px" }}>
-                  <Code>{element.key}</Code> {element.secret && <TbLock />}{" "}
-                  <br />
+                  <Code>{configVariable.key}</Code>{" "}
+                  {configVariable.secret && <TbLock />} <br />
                   <Text size="xs" color="dimmed">
-                    {element.description}
+                    {configVariable.description}
                   </Text>
                 </td>
-                <td>{element.value}</td>
-
+                <td>
+                  {configVariable.obscured
+                    ? "••••••••••••"
+                    : configVariable.value}
+                </td>
                 <td>
                   <Group position="right">
                     <ActionIcon
@@ -74,7 +77,7 @@ const AdminConfigTable = () => {
                       onClick={() =>
                         showUpdateConfigVariableModal(
                           modals,
-                          element,
+                          configVariable,
                           getConfigVariables
                         )
                       }
diff --git a/frontend/src/components/admin/showCreateUserModal.tsx b/frontend/src/components/admin/showCreateUserModal.tsx
index f7732fd..38a480c 100644
--- a/frontend/src/components/admin/showCreateUserModal.tsx
+++ b/frontend/src/components/admin/showCreateUserModal.tsx
@@ -62,10 +62,7 @@ const Body = ({
       >
         <Stack>
           <TextInput label="Username" {...form.getInputProps("username")} />
-          <TextInput
-            label="Email"
-            {...form.getInputProps("email")}
-          />
+          <TextInput label="Email" {...form.getInputProps("email")} />
           <PasswordInput
             label="New password"
             {...form.getInputProps("password")}
diff --git a/frontend/src/components/admin/showUpdateConfigVariableModal.tsx b/frontend/src/components/admin/showUpdateConfigVariableModal.tsx
index 561cf18..c1ef6cb 100644
--- a/frontend/src/components/admin/showUpdateConfigVariableModal.tsx
+++ b/frontend/src/components/admin/showUpdateConfigVariableModal.tsx
@@ -2,6 +2,7 @@ import {
   Button,
   Code,
   NumberInput,
+  PasswordInput,
   Select,
   Space,
   Stack,
@@ -53,9 +54,12 @@ const Body = ({
       <Text>
         Set <Code>{configVariable.key}</Code> to
       </Text>
-      {configVariable.type == "string" && (
-        <TextInput label="Value" {...form.getInputProps("stringValue")} />
-      )}
+      {configVariable.type == "string" &&
+        (configVariable.obscured ? (
+          <PasswordInput label="Value" {...form.getInputProps("stringValue")} />
+        ) : (
+          <TextInput label="Value" {...form.getInputProps("stringValue")} />
+        ))}
       {configVariable.type == "number" && (
         <NumberInput label="Value" {...form.getInputProps("numberValue")} />
       )}
diff --git a/frontend/src/components/admin/showUpdateUserModal.tsx b/frontend/src/components/admin/showUpdateUserModal.tsx
index 7bda6db..d87c84d 100644
--- a/frontend/src/components/admin/showUpdateUserModal.tsx
+++ b/frontend/src/components/admin/showUpdateUserModal.tsx
@@ -79,10 +79,7 @@ const Body = ({
             label="Username"
             {...accountForm.getInputProps("username")}
           />
-          <TextInput
-            label="Email"
-            {...accountForm.getInputProps("email")}
-          />
+          <TextInput label="Email" {...accountForm.getInputProps("email")} />
           <Switch
             mt="xs"
             labelPosition="left"
diff --git a/frontend/src/pages/account/index.tsx b/frontend/src/pages/account/index.tsx
index c0f8551..47c7ff4 100644
--- a/frontend/src/pages/account/index.tsx
+++ b/frontend/src/pages/account/index.tsx
@@ -80,10 +80,7 @@ const Account = () => {
               label="Username"
               {...accountForm.getInputProps("username")}
             />
-            <TextInput
-              label="Email"
-              {...accountForm.getInputProps("email")}
-            />
+            <TextInput label="Email" {...accountForm.getInputProps("email")} />
             <Group position="right">
               <Button type="submit">Save</Button>
             </Group>
diff --git a/frontend/src/types/config.type.ts b/frontend/src/types/config.type.ts
index 6704218..8f7d927 100644
--- a/frontend/src/types/config.type.ts
+++ b/frontend/src/types/config.type.ts
@@ -8,6 +8,7 @@ export type AdminConfig = Config & {
   updatedAt: Date;
   secret: boolean;
   description: string;
+  obscured: boolean;
 };
 
 export default Config;