Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

discovery should save passwords encrypted #111

Open
Garfonso opened this issue May 2, 2020 · 5 comments
Open

discovery should save passwords encrypted #111

Garfonso opened this issue May 2, 2020 · 5 comments
Labels
enhancement fixed

Comments

@Garfonso
Copy link
Contributor

Garfonso commented May 2, 2020

Adapters can use discovery to ask user for a password (input of type "password"). It will be a password field in browser with typo-check by repeating entry in a second field (i.e. you can not see the typed password).

Currently the discovery adapter writes those passwords into the adapter configurations as plain text. It would be much preferably if it would support encryption. To be backward compatible this probably should only be an option at first (i.e. a property of 'input' like 'encrypt = true' -> will be stored encrypted).
Because the adapter can not detect if the password stored in its config is encrypted or not, this should be optional at first. There are quite some adapters using an input of type password:

  • landroid
  • loxone
  • lupusec
  • sql
  • tr-064
  • mydlink (not yet merged)
@pdbjjens
Copy link
Contributor

@Garfonso @Apollon77
I would like to add some additional requirement to this enhancement request which I would need for the implementation of a discovery module for the frontier-silicon community adapter.

A password should not only be encrypted in the discovery module via inputs: [passwordInput] as requested above but it should be also possible to set a password directly in the discovery module in the native object as a value in clear text and then be passed on to the adapter in encrypted form.

Background:
I'm working on a discovery module for the frontier-silicon community adapter.

https://github.com/iobroker-community-adapters/ioBroker.frontier_silicon/tree/master

https://github.com/pdbjjens/ioBroker.discovery/blob/master/lib/adapters/frontier_silicon.js

I have defined a password (PIN) in io-package.json
"protectedNative": [
"PIN"
],
"encryptedNative": [
"PIN"
],
"native": {
"PIN": "",
"IP": ""
},

and in jsonConfig.json,

            "PIN": {
                "type": "password",
                "repeat": false,
                "visible": true,
                "maxLength": 4,
                "sm": 12,
                "md": 6,
                "lg": 6,
                "label": "PIN code",
                "help": "PIN of your media player, default is 1234"
            },

which I would like to assign a default PIN to by the discovery module.

    instance = {
        _id: id,
        common: {
            name: 'frontier_silicon'
        },
        native: {
            IP: ip,
            PIN: '1234'
        },
        comment: {
            add: `Frontier UNDOK Device ${device._name} (${ip})`
        }

For the IP that is also defined, the preassignment works when the adapter starts,
but the PIN is defined as "encryptedNative" and "protectedNative" and if I pass the PIN in plain text as a string,
this string is apparently decrypted when the adapter starts and is therefore incorrect.

It would be perfect if the discovery adapter would support something like tools.encrypt:

    instance = {
        _id: id,
        common: {
            name: 'frontier_silicon'
        },
        native: {
            IP: ip,
            PIN: tools.encrypt('1234')
        },
        comment: {
            add: `Frontier UNDOK Device ${device._name} (${ip})`
        }

@pdbjjens pdbjjens mentioned this issue Aug 26, 2023
Merged
GermanBluefox added a commit that referenced this issue Sep 4, 2023
@GermanBluefox
Try to implement #111
1f1cb0d 
Legacy encryption via encryptWithLegacy
@GermanBluefox
Copy link
Contributor

You can use encryptedNativeLegacy to write old encrypted passwords and encryptedNative to encrypt with new method

GermanBluefox added a commit that referenced this issue Sep 4, 2023
@GermanBluefox
Try to implement #111
1808e22 
Legacy encryption via encryptWithLegacy
@pdbjjens
Copy link
Contributor

pdbjjens commented Sep 5, 2023

@GermanBluefox
I am sorry to say that I do not quite understand how to use this in a detector module.
Should it be like this to hand the PIN to the adapter encrypted:

instance = {
    _id: id,
    common: {
        name: 'frontier_silicon'
    },
   encryptedNative: {
       PIN: '1234'
   },
    native: {
        IP: ip
    },
    comment: {
        add: `Frontier UNDOK Device ${device._name} (${ip})`
    }

@pdbjjens
Copy link
Contributor

@Garfonso @GermanBluefox
Since I found that my code above does not do the job, can you point me to an example which shows how to use encryption in a detector module?

@pdbjjens
Copy link
Contributor

@Apollon77 @GermanBluefox @Garfonso
Can you show me how to use encryptedNativeLegacy to write old encrypted passwords and encryptedNative to encrypt with new method from within a detector module? I still could not figure out the syntax how to encrypt a PIN within a detector module based on your fix from Sep 4 (See the problem description above in my post from Aug.25)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement fixed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@Garfonso @GermanBluefox @Apollon77 @pdbjjens