Merge branch 'master' into stable

puzzle · Jul 17, 2023 · 7cc721f · 7cc721f
2 parents 9fb1d07 + 160ee49
commit 7cc721f
Show file tree

Hide file tree

Showing 35 changed files with 1,234 additions and 235 deletions.
diff --git a/Gemfile.lock b/Gemfile.lock
@@ -1,47 +1,47 @@
 GEM
   remote: http://rubygems.org/
   specs:
-    actioncable (7.0.4.3)
-      actionpack (= 7.0.4.3)
-      activesupport (= 7.0.4.3)
+    actioncable (7.0.6)
+      actionpack (= 7.0.6)
+      activesupport (= 7.0.6)
       nio4r (~> 2.0)
       websocket-driver (>= 0.6.1)
-    actionmailbox (7.0.4.3)
-      actionpack (= 7.0.4.3)
-      activejob (= 7.0.4.3)
-      activerecord (= 7.0.4.3)
-      activestorage (= 7.0.4.3)
-      activesupport (= 7.0.4.3)
+    actionmailbox (7.0.6)
+      actionpack (= 7.0.6)
+      activejob (= 7.0.6)
+      activerecord (= 7.0.6)
+      activestorage (= 7.0.6)
+      activesupport (= 7.0.6)
       mail (>= 2.7.1)
       net-imap
       net-pop
       net-smtp
-    actionmailer (7.0.4.3)
-      actionpack (= 7.0.4.3)
-      actionview (= 7.0.4.3)
-      activejob (= 7.0.4.3)
-      activesupport (= 7.0.4.3)
+    actionmailer (7.0.6)
+      actionpack (= 7.0.6)
+      actionview (= 7.0.6)
+      activejob (= 7.0.6)
+      activesupport (= 7.0.6)
       mail (~> 2.5, >= 2.5.4)
       net-imap
       net-pop
       net-smtp
       rails-dom-testing (~> 2.0)
-    actionpack (7.0.4.3)
-      actionview (= 7.0.4.3)
-      activesupport (= 7.0.4.3)
-      rack (~> 2.0, >= 2.2.0)
+    actionpack (7.0.6)
+      actionview (= 7.0.6)
+      activesupport (= 7.0.6)
+      rack (~> 2.0, >= 2.2.4)
       rack-test (>= 0.6.3)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.0, >= 1.2.0)
-    actiontext (7.0.4.3)
-      actionpack (= 7.0.4.3)
-      activerecord (= 7.0.4.3)
-      activestorage (= 7.0.4.3)
-      activesupport (= 7.0.4.3)
+    actiontext (7.0.6)
+      actionpack (= 7.0.6)
+      activerecord (= 7.0.6)
+      activestorage (= 7.0.6)
+      activesupport (= 7.0.6)
       globalid (>= 0.6.0)
       nokogiri (>= 1.8.5)
-    actionview (7.0.4.3)
-      activesupport (= 7.0.4.3)
+    actionview (7.0.6)
+      activesupport (= 7.0.6)
       builder (~> 3.1)
       erubi (~> 1.4)
       rails-dom-testing (~> 2.0)
@@ -51,22 +51,22 @@ GEM
       activemodel (>= 4.1, < 7.1)
       case_transform (>= 0.2)
       jsonapi-renderer (>= 0.1.1.beta1, < 0.3)
-    activejob (7.0.4.3)
-      activesupport (= 7.0.4.3)
+    activejob (7.0.6)
+      activesupport (= 7.0.6)
       globalid (>= 0.3.6)
-    activemodel (7.0.4.3)
-      activesupport (= 7.0.4.3)
-    activerecord (7.0.4.3)
-      activemodel (= 7.0.4.3)
-      activesupport (= 7.0.4.3)
-    activestorage (7.0.4.3)
-      actionpack (= 7.0.4.3)
-      activejob (= 7.0.4.3)
-      activerecord (= 7.0.4.3)
-      activesupport (= 7.0.4.3)
+    activemodel (7.0.6)
+      activesupport (= 7.0.6)
+    activerecord (7.0.6)
+      activemodel (= 7.0.6)
+      activesupport (= 7.0.6)
+    activestorage (7.0.6)
+      actionpack (= 7.0.6)
+      activejob (= 7.0.6)
+      activerecord (= 7.0.6)
+      activesupport (= 7.0.6)
       marcel (~> 1.0)
       mini_mime (>= 1.1.0)
-    activesupport (7.0.4.3)
+    activesupport (7.0.6)
       concurrent-ruby (~> 1.0, >= 1.0.2)
       i18n (>= 1.6, < 2)
       minitest (>= 5.1)
@@ -137,7 +137,7 @@ GEM
     hashdiff (1.0.1)
     hirb (0.7.3)
     httpclient (2.8.3)
-    i18n (1.13.0)
+    i18n (1.14.1)
       concurrent-ruby (~> 1.0)
     json-jwt (1.15.3)
       activesupport (>= 4.2)
@@ -147,9 +147,9 @@ GEM
     jsonapi-renderer (0.2.2)
     launchy (2.5.2)
       addressable (~> 2.8)
-    loofah (2.20.0)
+    loofah (2.21.3)
       crass (~> 1.0.2)
-      nokogiri (>= 1.5.9)
+      nokogiri (>= 1.12.0)
     mail (2.8.1)
       mini_mime (>= 0.1.1)
       net-imap
@@ -160,11 +160,11 @@ GEM
     maxmind-db (1.1.1)
     method_source (1.0.0)
     mini_mime (1.1.2)
-    minitest (5.18.0)
+    minitest (5.18.1)
     mocha (2.0.2)
       ruby2_keywords (>= 0.0.5)
     mysql2 (0.5.5)
-    net-imap (0.3.4)
+    net-imap (0.3.6)
       date
       net-protocol
     net-ldap (0.18.0)
@@ -175,11 +175,11 @@ GEM
     net-smtp (0.3.3)
       net-protocol
     nio4r (2.5.9)
-    nokogiri (1.14.3-arm64-darwin)
+    nokogiri (1.15.3-arm64-darwin)
       racc (~> 1.4)
-    nokogiri (1.14.3-x86_64-darwin)
+    nokogiri (1.15.3-x86_64-darwin)
       racc (~> 1.4)
-    nokogiri (1.14.3-x86_64-linux)
+    nokogiri (1.15.3-x86_64-linux)
       racc (~> 1.4)
     openid_connect (1.4.2)
       activemodel
@@ -212,50 +212,52 @@ GEM
       nio4r (~> 2.0)
     pundit (2.3.0)
       activesupport (>= 3.0.0)
-    racc (1.6.2)
+    racc (1.7.1)
     rack (2.2.7)
     rack-oauth2 (1.21.3)
       activesupport
       attr_required
       httpclient
       json-jwt (>= 1.11.0)
       rack (>= 2.1.0)
-    rack-test (1.1.0)
-      rack (>= 1.0, < 3)
-    rails (7.0.4.3)
-      actioncable (= 7.0.4.3)
-      actionmailbox (= 7.0.4.3)
-      actionmailer (= 7.0.4.3)
-      actionpack (= 7.0.4.3)
-      actiontext (= 7.0.4.3)
-      actionview (= 7.0.4.3)
-      activejob (= 7.0.4.3)
-      activemodel (= 7.0.4.3)
-      activerecord (= 7.0.4.3)
-      activestorage (= 7.0.4.3)
-      activesupport (= 7.0.4.3)
+    rack-test (2.1.0)
+      rack (>= 1.3)
+    rails (7.0.6)
+      actioncable (= 7.0.6)
+      actionmailbox (= 7.0.6)
+      actionmailer (= 7.0.6)
+      actionpack (= 7.0.6)
+      actiontext (= 7.0.6)
+      actionview (= 7.0.6)
+      activejob (= 7.0.6)
+      activemodel (= 7.0.6)
+      activerecord (= 7.0.6)
+      activestorage (= 7.0.6)
+      activesupport (= 7.0.6)
       bundler (>= 1.15.0)
-      railties (= 7.0.4.3)
+      railties (= 7.0.6)
     rails-controller-testing (1.0.5)
       actionpack (>= 5.0.1.rc1)
       actionview (>= 5.0.1.rc1)
       activesupport (>= 5.0.1.rc1)
-    rails-dom-testing (2.0.3)
-      activesupport (>= 4.2.0)
+    rails-dom-testing (2.1.1)
+      activesupport (>= 5.0.0)
+      minitest
       nokogiri (>= 1.6)
     rails-erd (1.7.2)
       activerecord (>= 4.2)
       activesupport (>= 4.2)
       choice (~> 0.2.0)
       ruby-graphviz (~> 1.2)
-    rails-html-sanitizer (1.5.0)
-      loofah (~> 2.19, >= 2.19.1)
+    rails-html-sanitizer (1.6.0)
+      loofah (~> 2.21)
+      nokogiri (~> 1.14)
     rails-i18n (7.0.6)
       i18n (>= 0.7, < 2)
       railties (>= 6.0.0, < 8)
-    railties (7.0.4.3)
-      actionpack (= 7.0.4.3)
-      activesupport (= 7.0.4.3)
+    railties (7.0.6)
+      actionpack (= 7.0.6)
+      activesupport (= 7.0.6)
       method_source
       rake (>= 12.2)
       thor (~> 1.0)
@@ -328,9 +330,9 @@ GEM
       attr_required (>= 0.0.5)
       httpclient (>= 2.4)
     temple (0.10.0)
-    thor (1.2.1)
+    thor (1.2.2)
     tilt (2.1.0)
-    timeout (0.3.2)
+    timeout (0.4.0)
     tzinfo (2.0.6)
       concurrent-ruby (~> 1.0)
     unaccent (0.4.0)

diff --git a/VERSION b/VERSION
@@ -1 +1 @@
-5.0
+5.1
diff --git a/app/controllers/api/encryptables_controller.rb b/app/controllers/api/encryptables_controller.rb
@@ -110,6 +110,7 @@ def query_param
   end
 
   def encryptable_move_handler
+    entry.sender_id = nil
     EncryptableMoveHandler.new(entry, session[:private_key], current_user)
   end
 

diff --git a/app/controllers/api/encryptables_transfer_controller.rb b/app/controllers/api/encryptables_transfer_controller.rb
@@ -5,23 +5,35 @@ class Api::EncryptablesTransferController < ApiController
   self.permitted_attrs = [:name, :description, :receiver_id, :file]
 
   def create
-    prepare_encryptable_file
+    if params[:file].present?
+      prepare_encryptable_file
+    else
+      prepare_encryptable_credential
+    end
     authorize entry
-    transfer_file
+    transfer_encryptable
 
     render json: messages
   end
 
   private
 
-  def transfer_file
+  def transfer_encryptable
     @encryptable = EncryptableTransfer.new.transfer(
       entry, User::Human.find(receiver_id), current_user
     )
 
     add_info('flashes.encryptable_transfer.file.transferred')
   end
 
+  def prepare_encryptable_credential
+    shared_encryptable = current_user.encryptables.find(params['encryptable_id'])
+
+    shared_encryptable.decrypt(decrypted_team_password(shared_encryptable.team))
+
+    instance_variable_set(:"@#{ivar_name}", shared_encryptable.dup)
+  end
+
   def prepare_encryptable_file
     filename = params[:file].original_filename
 
@@ -41,7 +53,7 @@ def new_file(inbox_folder_receiver, description, name)
   end
 
   def model_class
-    Encryptable::File
+    params[:file].present? ? Encryptable::File : Encryptable::Credentials
   end
 
   def model_params

diff --git a/app/models/encryptable.rb b/app/models/encryptable.rb
@@ -61,6 +61,10 @@ def inbox_folder_present?
     Folder.find(folder_id)&.name == 'inbox' if folder_id
   end
 
+  def decrypt_transferred(private_key)
+    decrypt(plaintext_transfer_password(private_key))
+  end
+
   def plaintext_transfer_password(private_key)
     Crypto::Rsa.decrypt(Base64.decode64(encrypted_transfer_password), private_key)
   end
@@ -74,9 +78,11 @@ def used_encrypted_data_attrs
   def encrypt_attr(attr, team_password)
     cleartext_value = send(:"cleartext_#{attr}")
 
-    encrypted_value =
-      cleartext_value.presence &&
-        Crypto::Symmetric::Aes256.encrypt(cleartext_value, team_password)
+    encrypted_value = if cleartext_value.presence
+                        Crypto::Symmetric::Aes256.encrypt(cleartext_value, team_password)
+                      end
+
+    return if transferred? && encrypted_value.blank?
 
     build_encrypted_data(attr, encrypted_value)
   end

diff --git a/app/models/encryptable/file.rb b/app/models/encryptable/file.rb
@@ -21,10 +21,6 @@ def encrypt(team_password)
     encrypt_attr(:file, team_password)
   end
 
-  def decrypt_transferred(private_key)
-    decrypt(plaintext_transfer_password(private_key))
-  end
-
   def team
     folder&.team || encryptable_credential.folder.team
   end

diff --git a/app/serializers/encryptable_serializer.rb b/app/serializers/encryptable_serializer.rb
@@ -20,7 +20,11 @@
 #  https://github.com/puzzle/cryptopus.
 
 class EncryptableSerializer < ApplicationSerializer
-  attributes :id, :name, :description
+  attributes :id, :name, :description, :sender_name
 
   belongs_to :folder
+
+  def sender_name
+    object.sender&.label
+  end
 end
diff --git a/app/utils/encryptable_transfer.rb b/app/utils/encryptable_transfer.rb
@@ -1,10 +1,13 @@
 # frozen_string_literal: true
 
 class EncryptableTransfer
+
   def transfer(encryptable, receiver, sender)
     transfer_password = new_transfer_password
     encryptable.encrypt(transfer_password)
 
+    encryptable.name = encryptable_destination_name(encryptable, receiver)
+
     encryptable.update!(
       folder: receiver.inbox_folder,
       sender_id: sender.id,
@@ -28,6 +31,13 @@ def receive(encryptable, private_key, personal_team_password)
 
   private
 
+  def encryptable_destination_name(encryptable, receiver)
+    existing_names = receiver.inbox_folder.encryptables.pluck(:name)
+    is_file = encryptable.is_a?(Encryptable::File)
+
+    transfered_name(encryptable.name, existing_names, is_file).destination_name
+  end
+
   def encrypted_transfer_password(password, receiver)
     Crypto::Rsa.encrypt(
       password,
@@ -39,4 +49,8 @@ def new_transfer_password
     Crypto::Symmetric::Aes256.random_key
   end
 
+  def transfered_name(name, existing_names, is_file)
+    EncryptableTransferedName.new(name, existing_names, is_file)
+  end
+
 end