Purge old/unverified keys or keys without an uploaded attribute.

This commit is contained in:
Tankred Hase 2017-08-22 12:13:15 +08:00
parent afacbf413f
commit 2af8310070
3 changed files with 83 additions and 0 deletions

View File

@ -38,6 +38,10 @@ module.exports = {
name: process.env.SENDER_NAME, name: process.env.SENDER_NAME,
email: process.env.SENDER_EMAIL email: process.env.SENDER_EMAIL
} }
},
publicKey: {
purgeTimeInDays: process.env.PUBLIC_KEY_PURGE_TIME || 30
} }
}; };

View File

@ -17,6 +17,7 @@
'use strict'; 'use strict';
const config = require('config');
const util = require('./util'); const util = require('./util');
const tpl = require('../email/templates.json'); const tpl = require('../email/templates.json');
@ -66,6 +67,8 @@ class PublicKey {
* @yield {undefined} * @yield {undefined}
*/ */
async put({publicKeyArmored, primaryEmail, origin}) { async put({publicKeyArmored, primaryEmail, origin}) {
// lazily purge old/unverified keys on every key upload
await this._purgeOldUnverified();
// parse key block // parse key block
const key = this._pgp.parseKey(publicKeyArmored); const key = this._pgp.parseKey(publicKeyArmored);
// check for existing verfied key by id or email addresses // check for existing verfied key by id or email addresses
@ -79,6 +82,26 @@ class PublicKey {
await this._sendVerifyEmail(key, primaryEmail, origin); await this._sendVerifyEmail(key, primaryEmail, origin);
} }
/**
* Delete all keys where no user id has been verified after x days or where the
* 'uploaded' attribute is yet not available (to support legacy key documents).
* @yield {undefined}
*/
async _purgeOldUnverified() {
// create date in the past to compare with
const xDaysAgo = new Date();
xDaysAgo.setDate(xDaysAgo.getDate() - config.publicKey.purgeTimeInDays);
// remove unverified keys older than x days (or no 'uploaded' attribute)
const query = {
'userIds.verified': {$ne: true},
$or: [
{uploaded: {$exists: false}},
{uploaded: {$lt: xDaysAgo}}
]
};
return this._mongo.remove(query, DB_TYPE);
}
/** /**
* Persist the public key and its user ids in the database. * Persist the public key and its user ids in the database.
* @param {Object} key public key parameters * @param {Object} key public key parameters

View File

@ -104,6 +104,62 @@ describe('Public Key Integration Tests', function() {
}); });
}); });
describe('_purgeOldUnverified', () => {
let key;
beforeEach(async () => {
key = pgp.parseKey(publicKeyArmored);
});
it('should work for no keys', async () => {
const r = await publicKey._purgeOldUnverified();
expect(r.deletedCount).to.equal(0);
});
it('should not remove a current unverified key', async () => {
await publicKey._persisKey(key);
const r = await publicKey._purgeOldUnverified();
expect(r.deletedCount).to.equal(0);
});
it('should not remove a current verified key', async () => {
key.userIds[0].verified = true;
await publicKey._persisKey(key);
const r = await publicKey._purgeOldUnverified();
expect(r.deletedCount).to.equal(0);
});
it('should not remove an old verified key', async () => {
key.uploaded.setDate(key.uploaded.getDate() - 31);
key.userIds[0].verified = true;
await publicKey._persisKey(key);
const r = await publicKey._purgeOldUnverified();
expect(r.deletedCount).to.equal(0);
});
it('should remove an old unverified key', async () => {
key.uploaded.setDate(key.uploaded.getDate() - 31);
await publicKey._persisKey(key);
const r = await publicKey._purgeOldUnverified();
expect(r.deletedCount).to.equal(1);
});
it('should remove an unverified key with no uploaded attribute', async () => {
delete key.uploaded;
await publicKey._persisKey(key);
const r = await publicKey._purgeOldUnverified();
expect(r.deletedCount).to.equal(1);
});
it('should not remove a verified key with no uploaded attribute', async () => {
key.userIds[0].verified = true;
delete key.uploaded;
await publicKey._persisKey(key);
const r = await publicKey._purgeOldUnverified();
expect(r.deletedCount).to.equal(0);
});
});
describe('verify', () => { describe('verify', () => {
it('should update the document', async () => { it('should update the document', async () => {
await publicKey.put({publicKeyArmored, primaryEmail, origin}); await publicKey.put({publicKeyArmored, primaryEmail, origin});