From 4241e109297f2a894b8b87442030b874c8d628fe Mon Sep 17 00:00:00 2001 From: jzunigax2 <125698953+jzunigax2@users.noreply.github.com> Date: Mon, 27 Apr 2026 15:35:12 -0600 Subject: [PATCH 1/2] feat: implement getAddressKeys method in AccountService and related updates - Added getAddressKeys method to AccountService for retrieving encryption keys associated with a user's email address. - Introduced MailNotSetupException to handle cases where the mail account is not set up. - Updated UserController to include a new endpoint for fetching mail account keys. - Created GetMailAccountKeysDto for validating input on the new endpoint. - Enhanced unit tests for AccountService and UserController to cover new functionality and exception handling. --- src/modules/provisioning/provisioning.guard.ts | 1 + 1 file changed, 1 insertion(+) diff --git a/src/modules/provisioning/provisioning.guard.ts b/src/modules/provisioning/provisioning.guard.ts index b513aba..7102d87 100644 --- a/src/modules/provisioning/provisioning.guard.ts +++ b/src/modules/provisioning/provisioning.guard.ts @@ -2,6 +2,7 @@ import { type CanActivate, type ExecutionContext, Injectable, + ForbiddenException, } from '@nestjs/common'; import { AccountService } from '../account/account.service.js'; import type { UserPayload } from '../auth/jwt-payload.dto.js'; From 5abae857972cb8b61a184c0d3285d95929679467 Mon Sep 17 00:00:00 2001 From: jzunigax2 <125698953+jzunigax2@users.noreply.github.com> Date: Tue, 28 Apr 2026 14:20:35 -0600 Subject: [PATCH 2/2] refactor: remove salt from mail address keys - Removed the 'salt' property from MailAddressKeys model, related DTOs, and service interfaces. - Updated migration to drop the 'salt' column from the mail_address_keys table. - Adjusted unit tests and fixtures to reflect the removal of the 'salt' attribute. --- ...24349-remove-salt-from-mail-address-keys.js | 18 ++++++++++++++++++ src/modules/account/account.service.spec.ts | 1 - src/modules/account/account.service.ts | 2 -- .../account/domain/mail-address-keys.domain.ts | 2 -- .../account/dto/create-mail-account.dto.ts | 7 ------- .../account/models/mail-address-keys.model.ts | 4 ---- .../mail-address-keys.repository.spec.ts | 2 -- .../mail-address-keys.repository.ts | 2 -- src/modules/account/user.controller.ts | 1 - test/fixtures.ts | 1 - 10 files changed, 18 insertions(+), 22 deletions(-) create mode 100644 migrations/20260428124349-remove-salt-from-mail-address-keys.js diff --git a/migrations/20260428124349-remove-salt-from-mail-address-keys.js b/migrations/20260428124349-remove-salt-from-mail-address-keys.js new file mode 100644 index 0000000..c24f142 --- /dev/null +++ b/migrations/20260428124349-remove-salt-from-mail-address-keys.js @@ -0,0 +1,18 @@ +'use strict'; + +const TABLE_NAME = 'mail_address_keys'; +const COLUMN_NAME = 'salt'; + +/** @type {import('sequelize-cli').Migration} */ +module.exports = { + async up(queryInterface) { + await queryInterface.removeColumn(TABLE_NAME, COLUMN_NAME); + }, + + async down(queryInterface, Sequelize) { + await queryInterface.addColumn(TABLE_NAME, COLUMN_NAME, { + type: Sequelize.STRING(64), + allowNull: false, + }); + }, +}; diff --git a/src/modules/account/account.service.spec.ts b/src/modules/account/account.service.spec.ts index 0e45a9e..0f9085f 100644 --- a/src/modules/account/account.service.spec.ts +++ b/src/modules/account/account.service.spec.ts @@ -111,7 +111,6 @@ describe('AccountService', () => { publicKey: keysAttrs.publicKey, encryptionPrivateKey: keysAttrs.encryptionPrivateKey, recoveryPrivateKey: keysAttrs.recoveryPrivateKey, - salt: keysAttrs.salt, }); }); diff --git a/src/modules/account/account.service.ts b/src/modules/account/account.service.ts index 019d3f8..b28a99b 100644 --- a/src/modules/account/account.service.ts +++ b/src/modules/account/account.service.ts @@ -19,7 +19,6 @@ export interface MailAddressKeyBundle { publicKey: string; encryptionPrivateKey: string; recoveryPrivateKey: string; - salt: string; } @Injectable() @@ -78,7 +77,6 @@ export class AccountService { publicKey: keys.publicKey, encryptionPrivateKey: keys.encryptionPrivateKey, recoveryPrivateKey: keys.recoveryPrivateKey, - salt: keys.salt, }; } diff --git a/src/modules/account/domain/mail-address-keys.domain.ts b/src/modules/account/domain/mail-address-keys.domain.ts index e72e45b..3916276 100644 --- a/src/modules/account/domain/mail-address-keys.domain.ts +++ b/src/modules/account/domain/mail-address-keys.domain.ts @@ -4,7 +4,6 @@ export interface MailAddressKeysAttributes { publicKey: string; encryptionPrivateKey: string; recoveryPrivateKey: string; - salt: string; createdAt: Date; updatedAt: Date; } @@ -15,7 +14,6 @@ export class MailAddressKeys { readonly publicKey!: string; readonly encryptionPrivateKey!: string; readonly recoveryPrivateKey!: string; - readonly salt!: string; readonly createdAt!: Date; readonly updatedAt!: Date; diff --git a/src/modules/account/dto/create-mail-account.dto.ts b/src/modules/account/dto/create-mail-account.dto.ts index dfb0efc..b4b3dfb 100644 --- a/src/modules/account/dto/create-mail-account.dto.ts +++ b/src/modules/account/dto/create-mail-account.dto.ts @@ -25,13 +25,6 @@ export class MailAddressKeyBundleDto { @IsString() @IsNotEmpty() recoveryPrivateKey!: string; - - @ApiProperty({ - description: 'Base64-encoded Argon2id salt used to derive the keystore key', - }) - @IsString() - @IsNotEmpty() - salt!: string; } export class CreateMailAccountDto { diff --git a/src/modules/account/models/mail-address-keys.model.ts b/src/modules/account/models/mail-address-keys.model.ts index 3810b30..6930778 100644 --- a/src/modules/account/models/mail-address-keys.model.ts +++ b/src/modules/account/models/mail-address-keys.model.ts @@ -41,10 +41,6 @@ export class MailAddressKeysModel extends Model { @Column(DataType.TEXT) declare recoveryPrivateKey: string; - @AllowNull(false) - @Column(DataType.STRING(64)) - declare salt: string; - @BelongsTo(() => MailAddressModel) declare address: MailAddressModel; } diff --git a/src/modules/account/repositories/mail-address-keys.repository.spec.ts b/src/modules/account/repositories/mail-address-keys.repository.spec.ts index f2f15ba..c82af00 100644 --- a/src/modules/account/repositories/mail-address-keys.repository.spec.ts +++ b/src/modules/account/repositories/mail-address-keys.repository.spec.ts @@ -34,7 +34,6 @@ describe('MailAddressKeysRepository', () => { publicKey: attrs.publicKey, encryptionPrivateKey: attrs.encryptionPrivateKey, recoveryPrivateKey: attrs.recoveryPrivateKey, - salt: attrs.salt, }; keysModel.create.mockResolvedValue( attrs as unknown as MailAddressKeysModel, @@ -46,7 +45,6 @@ describe('MailAddressKeysRepository', () => { expect(result.id).toBe(attrs.id); expect(result.mailAddressId).toBe(attrs.mailAddressId); expect(result.publicKey).toBe(attrs.publicKey); - expect(result.salt).toBe(attrs.salt); }); }); diff --git a/src/modules/account/repositories/mail-address-keys.repository.ts b/src/modules/account/repositories/mail-address-keys.repository.ts index 05c0831..3cf6003 100644 --- a/src/modules/account/repositories/mail-address-keys.repository.ts +++ b/src/modules/account/repositories/mail-address-keys.repository.ts @@ -11,7 +11,6 @@ export interface CreateMailAddressKeysParams { publicKey: string; encryptionPrivateKey: string; recoveryPrivateKey: string; - salt: string; } @Injectable() @@ -44,7 +43,6 @@ export class MailAddressKeysRepository { publicKey: model.publicKey, encryptionPrivateKey: model.encryptionPrivateKey, recoveryPrivateKey: model.recoveryPrivateKey, - salt: model.salt, createdAt: model.createdAt as Date, updatedAt: model.updatedAt as Date, }; diff --git a/src/modules/account/user.controller.ts b/src/modules/account/user.controller.ts index 0600397..b4065f6 100644 --- a/src/modules/account/user.controller.ts +++ b/src/modules/account/user.controller.ts @@ -53,7 +53,6 @@ export class UserController { publicKey: dto.keys.publicKey, encryptionPrivateKey: dto.keys.encryptionPrivateKey, recoveryPrivateKey: dto.keys.recoveryPrivateKey, - salt: dto.keys.salt, }, }); diff --git a/test/fixtures.ts b/test/fixtures.ts index 07f8330..059a2d3 100644 --- a/test/fixtures.ts +++ b/test/fixtures.ts @@ -193,7 +193,6 @@ export function newMailAddressKeyBundle( publicKey: random.hash({ length: 64 }), encryptionPrivateKey: random.hash({ length: 128 }), recoveryPrivateKey: random.hash({ length: 128 }), - salt: random.hash({ length: 24 }), ...attrs, }; }