-
-
Notifications
You must be signed in to change notification settings - Fork 721
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat: email will be stored hashed now for all users (#8720)
Adding email_hash column to users table. We will update all existing users to have hashed email. All new users will also get the hash. We are fine to use md5, because we just need uniqueness. We have emails in events table stored anyways, so it is not sensitive.
- Loading branch information
Showing
3 changed files
with
49 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,18 @@ | ||
| exports.up = (db, cb) => { | ||
| db.runSql(` | ||
| ALTER TABLE users | ||
| ADD COLUMN IF NOT EXISTS email_hash VARCHAR(32); | ||
| UPDATE users | ||
| SET email_hash = md5(email::text); | ||
| `, cb); | ||
|
|
||
| }; | ||
|
|
||
| exports.down = (db, cb) => { | ||
| db.runSql(` | ||
| ALTER TABLE users | ||
| DROP COLUMN IF EXISTS email_hash; | ||
| `, cb); | ||
| }; | ||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -18,6 +18,7 @@ import { randomId } from '../../../../lib/util/random-id'; | |
| import { omitKeys } from '../../../../lib/util/omit-keys'; | ||
| import type { ISessionStore } from '../../../../lib/types/stores/session-store'; | ||
| import type { IUnleashStores } from '../../../../lib/types'; | ||
| import { createHash } from 'crypto'; | ||
|
|
||
| let stores: IUnleashStores; | ||
| let db: ITestDb; | ||
|
|
@@ -405,3 +406,25 @@ test('Anonymises name, username and email fields if anonymiseEventLog flag is se | |
| expect(body.users[0].name).toEqual('[email protected]'); | ||
| expect(body.users[0].username).toEqual(''); // Not set, so anonymise should return the empty string. | ||
| }); | ||
|
|
||
| test('creates user with email md5 hash', async () => { | ||
| await app.request | ||
| .post('/api/admin/user-admin') | ||
| .send({ | ||
| email: `[email protected]`, | ||
| name: `Some Name Hash`, | ||
| rootRole: editorRole.id, | ||
| }) | ||
| .set('Content-Type', 'application/json'); | ||
|
|
||
| const user = await db | ||
| .rawDatabase('users') | ||
| .where({ email: '[email protected]' }) | ||
| .first(['email_hash']); | ||
|
|
||
| const expectedHash = createHash('md5') | ||
| .update('[email protected]') | ||
| .digest('hex'); | ||
|
|
||
| expect(user.email_hash).toBe(expectedHash); | ||
| }); | ||