-
-
Notifications
You must be signed in to change notification settings - Fork 32
/
Copy pathsecureFiles.spec.js
325 lines (312 loc) · 15.9 KB
/
secureFiles.spec.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
'use strict';
const FileSystemAdapter = require('../index.js');
const fs = require('fs');
const path = require('path');
describe('File encryption tests', () => {
const directory = 'sub1/sub2';
afterEach(function() {
const filePath = path.join('files', directory);
const fileNames = fs.readdirSync(filePath);
fileNames.filter(fileName => fileName.indexOf('.') === 0);
fileNames.forEach(fileName => {
fs.unlinkSync(path.join(filePath, fileName));
})
});
it('should create file location based on config', async function () {
const fsAdapter = new FileSystemAdapter();
const config = {mount: '/parse', applicationId: 'yolo'}
const location = fsAdapter.getFileLocation(config, 'hello.txt')
expect(location).toBe('/parse/files/yolo/hello.txt');
}, 5000)
it("should save encrypted file in default directory", async function() {
const adapter = new FileSystemAdapter({
encryptionKey: '89E4AFF1-DFE4-4603-9574-BFA16BB446FD'
});
const filename = 'file2.txt';
const filePath = 'files/' + filename;
await adapter.createFile(filename, "hello world", 'text/utf8');
const result = await adapter.getFileData(filename);
expect(result instanceof Buffer).toBe(true);
expect(result.toString('utf-8')).toEqual("hello world");
const data = fs.readFileSync(filePath);
expect(data.toString('utf-8')).not.toEqual("hello world");
}, 5000);
it("should save encrypted file in specified directory", async function() {
const adapter = new FileSystemAdapter({
filesSubDirectory: directory,
encryptionKey: '89E4AFF1-DFE4-4603-9574-BFA16BB446FD'
});
const filename = 'file2.txt';
const filePath = 'files/' + directory + '/' + filename;
await adapter.createFile(filename, "hello world", 'text/utf8');
const result = await adapter.getFileData(filename);
expect(result instanceof Buffer).toBe(true);
expect(result.toString('utf-8')).toEqual("hello world");
const data = fs.readFileSync(filePath);
expect(data.toString('utf-8')).not.toEqual("hello world");
}, 5000);
it("should save encrypted file in specified directory when directory starts with /", async function() {
const adapter = new FileSystemAdapter({
filesSubDirectory: '/sub1/sub2',
encryptionKey: '89E4AFF1-DFE4-4603-9574-BFA16BB446FD'
});
const filename = 'file2.txt';
const filePath = 'files/' + directory + '/' + filename;
await adapter.createFile(filename, "hello world", 'text/utf8');
const result = await adapter.getFileData(filename);
expect(result instanceof Buffer).toBe(true);
expect(result.toString('utf-8')).toEqual("hello world");
const data = fs.readFileSync(filePath);
expect(data.toString('utf-8')).not.toEqual("hello world");
}, 5000);
it("should rotate key of all unencrypted files to encrypted files", async function() {
const unEncryptedAdapter = new FileSystemAdapter({
filesSubDirectory: directory
});
const encryptedAdapter = new FileSystemAdapter({
filesSubDirectory: directory,
encryptionKey: '89E4AFF1-DFE4-4603-9574-BFA16BB446FD'
});
const fileName1 = 'file1.txt';
const data1 = "hello world";
const fileName2 = 'file2.txt';
const data2 = "hello new world";
const filePath1 = 'files/' + directory + '/' + fileName1;
const filePath2 = 'files/' + directory + '/' + fileName2;
// Store unecrypted files
await unEncryptedAdapter.createFile(fileName1, data1, 'text/utf8');
let result = await unEncryptedAdapter.getFileData(fileName1);
expect(result instanceof Buffer).toBe(true);
expect(result.toString('utf-8')).toEqual(data1);
const unEncryptedData1 = fs.readFileSync(filePath1);
await unEncryptedAdapter.createFile(fileName2, data2, 'text/utf8');
result = await unEncryptedAdapter.getFileData(fileName2);
expect(result instanceof Buffer).toBe(true);
expect(result.toString('utf-8')).toEqual(data2);
const unEncryptedData2 = fs.readFileSync(filePath2);
// Check if encrypted adapter can read data and make sure it's not the same as unEncrypted adapter
const {rotated, notRotated} = await encryptedAdapter.rotateEncryptionKey();
expect(rotated.length).toEqual(2);
expect(rotated.filter(function(value){ return value === fileName1;}).length).toEqual(1);
expect(rotated.filter(function(value){ return value === fileName2;}).length).toEqual(1);
expect(notRotated.length).toEqual(0);
result = await encryptedAdapter.getFileData(fileName1);
expect(result instanceof Buffer).toBe(true);
expect(result.toString('utf-8')).toEqual(data1);
const encryptedData1 = fs.readFileSync(filePath1);
expect(encryptedData1.toString('utf-8')).not.toEqual(unEncryptedData1);
result = await encryptedAdapter.getFileData(fileName2);
expect(result instanceof Buffer).toBe(true);
expect(result.toString('utf-8')).toEqual(data2);
const encryptedData2 = fs.readFileSync(filePath2);
expect(encryptedData2.toString('utf-8')).not.toEqual(unEncryptedData2);
}, 5000);
it("should rotate key of all old encrypted files to files encrypted with a new key", async function() {
const oldEncryptionKey = 'oldKeyThatILoved';
const oldEncryptedAdapter = new FileSystemAdapter({
filesSubDirectory: directory,
encryptionKey: oldEncryptionKey
});
const encryptedAdapter = new FileSystemAdapter({
filesSubDirectory: directory,
encryptionKey: 'newKeyThatILove'
});
const fileName1 = 'file1.txt';
const data1 = "hello world";
const fileName2 = 'file2.txt';
const data2 = "hello new world";
const filePath1 = 'files/' + directory + '/' + fileName1;
const filePath2 = 'files/' + directory + '/' + fileName2;
// Store original encrypted files
await oldEncryptedAdapter.createFile(fileName1, data1, 'text/utf8');
let result = await oldEncryptedAdapter.getFileData(fileName1);
expect(result instanceof Buffer).toBe(true);
expect(result.toString('utf-8')).toEqual(data1);
const oldEncryptedData1 = fs.readFileSync(filePath1);
await oldEncryptedAdapter.createFile(fileName2, data2, 'text/utf8');
result = await oldEncryptedAdapter.getFileData(fileName2);
expect(result instanceof Buffer).toBe(true);
expect(result.toString('utf-8')).toEqual(data2);
const oldEncryptedData2 = fs.readFileSync(filePath2);
// Check if encrypted adapter can read data and make sure it's not the same as unEncrypted adapter
const {rotated, notRotated} = await encryptedAdapter.rotateEncryptionKey({oldKey: oldEncryptionKey});
expect(rotated.length).toEqual(2);
expect(rotated.filter(function(value){ return value === fileName1;}).length).toEqual(1);
expect(rotated.filter(function(value){ return value === fileName2;}).length).toEqual(1);
expect(notRotated.length).toEqual(0);
const result2 = await encryptedAdapter.getFileData(fileName1);
expect(result2 instanceof Buffer).toBe(true);
expect(result2.toString('utf-8')).toEqual(data1);
const encryptedData1 = fs.readFileSync(filePath1);
expect(encryptedData1.toString('utf-8')).not.toEqual(oldEncryptedData1);
result = await encryptedAdapter.getFileData(fileName2);
expect(result instanceof Buffer).toBe(true);
expect(result.toString('utf-8')).toEqual(data2);
const encryptedData2 = fs.readFileSync(filePath2);
expect(encryptedData2.toString('utf-8')).not.toEqual(oldEncryptedData2);
}, 5000);
it("should rotate key of all old encrypted files to unencrypted files", async function() {
const oldEncryptionKey = 'oldKeyThatILoved';
const oldEncryptedAdapter = new FileSystemAdapter({
filesSubDirectory: directory,
encryptionKey: oldEncryptionKey
});
const unEncryptedAdapter = new FileSystemAdapter({
filesSubDirectory: directory
});
const fileName1 = 'file1.txt';
const data1 = "hello world";
const fileName2 = 'file2.txt';
const data2 = "hello new world";
const filePath1 = 'files/' + directory + '/' + fileName1;
const filePath2 = 'files/' + directory + '/' + fileName2;
// Store original encrypted files
await oldEncryptedAdapter.createFile(fileName1, data1, 'text/utf8');
let result = await oldEncryptedAdapter.getFileData(fileName1);
expect(result instanceof Buffer).toBe(true);
expect(result.toString('utf-8')).toEqual(data1);
const oldEncryptedData1 = fs.readFileSync(filePath1);
await oldEncryptedAdapter.createFile(fileName2, data2, 'text/utf8');
result = await oldEncryptedAdapter.getFileData(fileName2);
expect(result instanceof Buffer).toBe(true);
expect(result.toString('utf-8')).toEqual(data2);
const oldEncryptedData2 = fs.readFileSync(filePath2);
// Check if unEncrypted adapter can read data and make sure it's not the same as oldEncrypted adapter
const {rotated, notRotated} = await unEncryptedAdapter.rotateEncryptionKey({oldKey: oldEncryptionKey});
expect(rotated.length).toEqual(2);
expect(rotated.filter(function(value){ return value === fileName1;}).length).toEqual(1);
expect(rotated.filter(function(value){ return value === fileName2;}).length).toEqual(1);
expect(notRotated.length).toEqual(0);
const result2 = await unEncryptedAdapter.getFileData(fileName1);
expect(result2 instanceof Buffer).toBe(true);
expect(result2.toString('utf-8')).toEqual(data1);
const encryptedData1 = fs.readFileSync(filePath1);
expect(encryptedData1.toString('utf-8')).not.toEqual(oldEncryptedData1);
result = await unEncryptedAdapter.getFileData(fileName2);
expect(result instanceof Buffer).toBe(true);
expect(result.toString('utf-8')).toEqual(data2);
const encryptedData2 = fs.readFileSync(filePath2);
expect(encryptedData2.toString('utf-8')).not.toEqual(oldEncryptedData2);
}, 5000);
it("should only encrypt specified fileNames with the new key", async function() {
const oldEncryptionKey = 'oldKeyThatILoved';
const oldEncryptedAdapter = new FileSystemAdapter({
filesSubDirectory: directory,
encryptionKey: oldEncryptionKey
});
const encryptedAdapter = new FileSystemAdapter({
filesSubDirectory: directory,
encryptionKey: 'newKeyThatILove'
});
const unEncryptedAdapter = new FileSystemAdapter({
filesSubDirectory: directory
});
const fileName1 = 'file1.txt';
const data1 = "hello world";
const fileName2 = 'file2.txt';
const data2 = "hello new world";
const filePath1 = 'files/' + directory + '/' + fileName1;
const filePath2 = 'files/' + directory + '/' + fileName2;
// Store original encrypted files
await oldEncryptedAdapter.createFile(fileName1, data1, 'text/utf8');
let result = await oldEncryptedAdapter.getFileData(fileName1);
expect(result instanceof Buffer).toBe(true);
expect(result.toString('utf-8')).toEqual(data1);
const oldEncryptedData1 = fs.readFileSync(filePath1);
await oldEncryptedAdapter.createFile(fileName2, data2, 'text/utf8');
result = await oldEncryptedAdapter.getFileData(fileName2);
expect(result instanceof Buffer).toBe(true);
expect(result.toString('utf-8')).toEqual(data2);
const oldEncryptedData2 = fs.readFileSync(filePath2);
// Inject unecrypted file to see if causes an issue
const fileName3 = 'file3.txt';
const data3 = "hello past world";
await unEncryptedAdapter.createFile(fileName3, data3, 'text/utf8');
// Check if encrypted adapter can read data and make sure it's not the same as unEncrypted adapter
const {rotated, notRotated} = await encryptedAdapter.rotateEncryptionKey({oldKey: oldEncryptionKey, fileNames: [fileName1,fileName2]});
expect(rotated.length).toEqual(2);
expect(rotated.filter(function(value){ return value === fileName1;}).length).toEqual(1);
expect(rotated.filter(function(value){ return value === fileName2;}).length).toEqual(1);
expect(notRotated.length).toEqual(0);
expect(rotated.filter(function(value){ return value === fileName3;}).length).toEqual(0);
const result2 = await encryptedAdapter.getFileData(fileName1);
expect(result2 instanceof Buffer).toBe(true);
expect(result2.toString('utf-8')).toEqual(data1);
const encryptedData1 = fs.readFileSync(filePath1);
expect(encryptedData1.toString('utf-8')).not.toEqual(oldEncryptedData1);
result = await encryptedAdapter.getFileData(fileName2);
expect(result instanceof Buffer).toBe(true);
expect(result.toString('utf-8')).toEqual(data2);
const encryptedData2 = fs.readFileSync(filePath2);
expect(encryptedData2.toString('utf-8')).not.toEqual(oldEncryptedData2);
}, 5000);
it("should return fileNames of those it can't encrypt with the new key", async function() {
const oldEncryptionKey = 'oldKeyThatILoved';
const oldEncryptedAdapter = new FileSystemAdapter({
filesSubDirectory: directory,
encryptionKey: oldEncryptionKey
});
const encryptedAdapter = new FileSystemAdapter({
filesSubDirectory: directory,
encryptionKey: 'newKeyThatILove'
});
const unEncryptedAdapter = new FileSystemAdapter({
filesSubDirectory: directory
});
const fileName1 = 'file1.txt';
const data1 = "hello world";
const fileName2 = 'file2.txt';
const data2 = "hello new world";
const filePath1 = 'files/' + directory + '/' + fileName1;
const filePath2 = 'files/' + directory + '/' + fileName2;
// Store original encrypted files
await oldEncryptedAdapter.createFile(fileName1, data1, 'text/utf8');
let result = await oldEncryptedAdapter.getFileData(fileName1);
expect(result instanceof Buffer).toBe(true);
expect(result.toString('utf-8')).toEqual(data1);
const oldEncryptedData1 = fs.readFileSync(filePath1);
await oldEncryptedAdapter.createFile(fileName2, data2, 'text/utf8');
result = await oldEncryptedAdapter.getFileData(fileName2);
expect(result instanceof Buffer).toBe(true);
expect(result.toString('utf-8')).toEqual(data2);
const oldEncryptedData2 = fs.readFileSync(filePath2);
// Inject unecrypted file to cause an issue
const fileName3 = 'file3.txt';
const data3 = "hello past world";
await unEncryptedAdapter.createFile(fileName3, data3, 'text/utf8');
result = await unEncryptedAdapter.getFileData(fileName3);
expect(result instanceof Buffer).toBe(true);
expect(result.toString('utf-8')).toEqual(data3);
// Check if encrypted adapter can read data and make sure it's not the same as unEncrypted adapter
const {rotated, notRotated} = await encryptedAdapter.rotateEncryptionKey({oldKey: oldEncryptionKey});
expect(rotated.length).toEqual(2);
expect(rotated.filter(function(value){ return value === fileName1;}).length).toEqual(1);
expect(rotated.filter(function(value){ return value === fileName2;}).length).toEqual(1);
expect(notRotated.length).toEqual(1);
expect(notRotated.filter(function(value){ return value === fileName3;}).length).toEqual(1);
const result2 = await encryptedAdapter.getFileData(fileName1);
expect(result2 instanceof Buffer).toBe(true);
expect(result2.toString('utf-8')).toEqual(data1);
const encryptedData1 = fs.readFileSync(filePath1);
expect(encryptedData1.toString('utf-8')).not.toEqual(oldEncryptedData1);
result = await encryptedAdapter.getFileData(fileName2);
expect(result instanceof Buffer).toBe(true);
expect(result.toString('utf-8')).toEqual(data2);
const encryptedData2 = fs.readFileSync(filePath2);
expect(encryptedData2.toString('utf-8')).not.toEqual(oldEncryptedData2);
}, 5000);
it('should handle blobs on creation', async function() {
const adapter = new FileSystemAdapter({
encryptionKey: '89E4AFF1-DFE4-4603-9574-BFA16BB446FD'
});
const filename = 'file2.txt';
const filePath = 'files/' + filename;
const data = new Blob(['hello world']);
await adapter.createFile(filename, data);
const result = await adapter.getFileData(filename);
expect(result instanceof Buffer).toBe(true);
expect(result.toString('utf-8')).toEqual('hello world');
const fileData = fs.readFileSync(filePath);
expect(fileData.toString('utf-8')).not.toEqual('hello world');
}, 5000);
})