Encrypted Current User in browser

package.json

@@ -31,6 +31,7 @@
   "dependencies": {
     "@babel/runtime": "7.7.4",
     "@babel/runtime-corejs3": "7.7.4",
+    "crypto-js": "^3.1.9-1",
     "uuid": "3.3.3",
     "ws": "7.2.0",
     "xmlhttprequest": "1.8.0"

src/CoreManager.js

@@ -175,13 +175,15 @@ const config: Config & { [key: string]: mixed } = {
   SERVER_AUTH_TYPE: null,
   SERVER_AUTH_TOKEN: null,
   LIVEQUERY_SERVER_URL: null,
+  ENCRYPTED_KEY: null,
   VERSION: 'js' + require('../package.json').version,
   APPLICATION_ID: null,
   JAVASCRIPT_KEY: null,
   MASTER_KEY: null,
   USE_MASTER_KEY: false,
   PERFORM_USER_REWRITE: true,
-  FORCE_REVOCABLE_SESSION: false
+  FORCE_REVOCABLE_SESSION: false,
+  ENCRYPTED_USER: false
 };
 
 function requireMethods(name: string, methods: Array<string>, controller: any) {

src/Parse.js

@@ -169,6 +169,34 @@ Object.defineProperty(Parse, 'liveQueryServerURL', {
     CoreManager.set('LIVEQUERY_SERVER_URL', value);
   }
 });
+
+/**
+ * @member Parse.encryptedUser
+ * @type boolean
+ * @static
+ */
+Object.defineProperty(Parse, 'encryptedUser', {
+  get() {
+    return CoreManager.get('ENCRYPTED_USER');
+  },
+  set(value) {
+    CoreManager.set('ENCRYPTED_USER', value);
+  }
+});
+
+/**
+ * @member Parse.encryptedKey
+ * @type string
+ * @static
+ */
+Object.defineProperty(Parse, 'encryptedKey', {
+  get() {
+    return CoreManager.get('ENCRYPTED_KEY');
+  },
+  set(value) {
+    CoreManager.set('ENCRYPTED_KEY', value);
+  }
+});
 /* End setters */
 
 Parse.ACL = require('./ParseACL').default;
@@ -255,6 +283,25 @@ Parse.dumpLocalDatastore = function() {
     return Parse.LocalDatastore._getAllContents();
   }
 }
+
+/**
+ * Enable the current user encryption.
+ * This must be called before login any user.
+ *
+ * @static
+ */
+Parse.enableEncryptedUser = function() {
+  Parse.encryptedUser = true;
+}
+/**
+ * Flag that indicates whether Encrypted User is enabled.
+ *
+ * @static
+ */
+Parse.isEncryptedUserEnabled = function() {
+  return Parse.encryptedUser;
+}
+
 CoreManager.setInstallationController(InstallationController);
 CoreManager.setRESTController(RESTController);
 

src/ParseUser.js

@@ -22,6 +22,11 @@ import type { RequestOptions, FullOptions } from './RESTController';
 
 export type AuthData = ?{ [key: string]: mixed };
 
+let CryptoJS = null;
+if (process.env.PARSE_BUILD === 'browser') {
+  CryptoJS = require('crypto-js');
+}
+
 const CURRENT_USER_KEY = 'currentUser';
 let canUseCurrentUser = !CoreManager.get('IS_NODE');
 let currentUserCacheMatchesDisk = false;
@@ -873,7 +878,10 @@ const DefaultController = {
 
     json.className = user.constructor.name === ParseUser.name ? '_User' : user.constructor.name;
     return Storage.setItemAsync(
-      path, JSON.stringify(json)
+      path,
+      (!CoreManager.get('ENCRYPTED_USER') && process.env.PARSE_BUILD !== 'browser')
+        ? JSON.stringify(json)
+        : CryptoJS.AES.encrypt(JSON.stringify(json), CoreManager.get('ENCRYPTED_KEY'))
     ).then(() => {
       return user;
     });
@@ -918,6 +926,9 @@ const DefaultController = {
       currentUserCache = null;
       return null;
     }
+    if (CoreManager.get('ENCRYPTED_USER') && process.env.PARSE_BUILD === 'browser') {
+      userData = CryptoJS.AES.decrypt(userData.toString(), CoreManager.get('ENCRYPTED_KEY')).toString(CryptoJS.enc.Utf8);
+    }
     userData = JSON.parse(userData);
     if (!userData.className) {
       userData.className = '_User';
@@ -954,6 +965,9 @@ const DefaultController = {
         currentUserCache = null;
         return Promise.resolve(null);
       }
+      if (CoreManager.get('ENCRYPTED_USER') && process.env.PARSE_BUILD === 'browser') {
+        userData = CryptoJS.AES.decrypt(userData.toString(), CoreManager.get('ENCRYPTED_KEY')).toString(CryptoJS.enc.Utf8)
+      }
       userData = JSON.parse(userData);
       if (!userData.className) {
         userData.className = '_User';

src/__tests__/Cloud-test.js

@@ -11,6 +11,7 @@ jest.dontMock('../Cloud');
 jest.dontMock('../CoreManager');
 jest.dontMock('../decode');
 jest.dontMock('../encode');
+jest.dontMock('crypto-js');
 
 const Cloud = require('../Cloud');
 const CoreManager = require('../CoreManager');

src/__tests__/Hooks-test.js

@@ -11,6 +11,7 @@ jest.dontMock('../ParseHooks');
 jest.dontMock('../CoreManager');
 jest.dontMock('../decode');
 jest.dontMock('../encode');
+jest.dontMock('crypto-js');
 
 const Hooks = require('../ParseHooks');
 const CoreManager = require('../CoreManager');

src/__tests__/LiveQueryClient-test.js

@@ -34,6 +34,7 @@ jest.dontMock('../ParseACL');
 jest.dontMock('../ParseQuery');
 jest.dontMock('../LiveQuerySubscription');
 jest.dontMock('../LocalDatastore');
+jest.dontMock('crypto-js');
 
 jest.useFakeTimers();
 

src/__tests__/ObjectStateMutations-test.js

@@ -15,6 +15,7 @@ jest.dontMock('../ParseGeoPoint');
 jest.dontMock('../ParseOp');
 jest.dontMock('../ParseRelation');
 jest.dontMock('../TaskQueue');
+jest.dontMock('crypto-js');
 
 const mockObject = function(className) {
   this.className = className;

src/__tests__/Parse-test.js

@@ -10,6 +10,7 @@
 jest.dontMock('../CoreManager');
 jest.dontMock('../Parse');
 jest.dontMock('../LocalDatastore');
+jest.dontMock('crypto-js');
 
 const CoreManager = require('../CoreManager');
 const Parse = require('../Parse');
@@ -109,4 +110,18 @@ describe('Parse module', () => {
     LDS = await Parse.dumpLocalDatastore();
     expect(LDS).toEqual({ key: 'value' });
   });
+
+  it('can enable encrypter CurrentUser', () => {
+    jest.spyOn(console, 'log').mockImplementationOnce(() => {});
+    Parse.encryptedUser = false;
+    Parse.enableEncryptedUser();
+    expect(Parse.encryptedUser).toBe(true);
+    expect(Parse.isEncryptedUserEnabled()).toBe(true);
+  });
+
+  it('can set an encrypt token as String', () => {
+    Parse.encryptedKey = 'My Super secret key';
+    expect(CoreManager.get('ENCRYPTED_KEY')).toBe('My Super secret key');
+    expect(Parse.encryptedKey).toBe('My Super secret key');
+  });
 });

src/__tests__/ParseACL-test.js

@@ -8,6 +8,7 @@
  */
 
 jest.dontMock('../ParseACL');
+jest.dontMock('crypto-js');
 
 const mockRole = function(name) {
   this.name = name;

src/__tests__/ParseConfig-test.js

@@ -18,6 +18,7 @@ jest.dontMock('../ParseGeoPoint');
 jest.dontMock('../RESTController');
 jest.dontMock('../Storage');
 jest.dontMock('../StorageController.default');
+jest.dontMock('crypto-js');
 
 const CoreManager = require('../CoreManager');
 const ParseConfig = require('../ParseConfig').default;

src/__tests__/ParseLiveQuery-test.js

@@ -16,6 +16,7 @@ jest.dontMock('../ParseObject');
 jest.dontMock('../ParseQuery');
 jest.dontMock('../EventEmitter');
 jest.dontMock('../promiseUtils');
+jest.dontMock('crypto-js');
 
 // Forces the loading
 const LiveQuery = require('../ParseLiveQuery').default;

src/__tests__/ParseObject-test.js

@@ -31,6 +31,7 @@ jest.dontMock('../UniqueInstanceStateController');
 jest.dontMock('../unsavedChildren');
 jest.dontMock('../ParseACL');
 jest.dontMock('../LocalDatastore');
+jest.dontMock('crypto-js');
 
 jest.mock('uuid/v4', () => {
   let value = 0;

src/__tests__/ParseOp-test.js

@@ -11,6 +11,7 @@ jest.dontMock('../arrayContainsObject');
 jest.dontMock('../encode');
 jest.dontMock('../ParseOp');
 jest.dontMock('../unique');
+jest.dontMock('crypto-js');
 
 let localCount = 0;
 const mockObject = function(className, id) {

src/__tests__/ParseQuery-test.js

@@ -20,6 +20,7 @@ jest.dontMock('../ObjectStateMutations');
 jest.dontMock('../LocalDatastore');
 jest.dontMock('../OfflineQuery');
 jest.dontMock('../LiveQuerySubscription');
+jest.dontMock('crypto-js');
 
 jest.mock('uuid/v4', () => {
   let value = 0;

src/__tests__/ParseRelation-test.js

@@ -11,6 +11,7 @@ jest.dontMock('../encode');
 jest.dontMock('../ParseRelation');
 jest.dontMock('../ParseOp');
 jest.dontMock('../unique');
+jest.dontMock('crypto-js');
 
 const mockStore = {};
 const mockObject = function(className) {

src/__tests__/ParseRole-test.js

@@ -16,6 +16,7 @@ jest.dontMock('../ParseOp');
 jest.dontMock('../ParseRole');
 jest.dontMock('../SingleInstanceStateController');
 jest.dontMock('../UniqueInstanceStateController');
+jest.dontMock('crypto-js');
 
 const ParseACL = require('../ParseACL').default;
 const ParseError = require('../ParseError').default;

src/__tests__/ParseUser-test.js

@@ -26,6 +26,7 @@ jest.dontMock('../StorageController.default');
 jest.dontMock('../TaskQueue');
 jest.dontMock('../unique');
 jest.dontMock('../UniqueInstanceStateController');
+jest.dontMock('crypto-js');
 
 jest.mock('uuid/v4', () => {
   let value = 0;
@@ -1009,4 +1010,26 @@ describe('ParseUser', () => {
     const authProvider = user.linkWith.mock.calls[0][0];
     expect(authProvider).toBe('testProvider');
   });
+
+  it('can get the current user even encrypted', async () => {
+    CoreManager.set('ENCRYPTED_USER', true);
+    CoreManager.set('ENCRYPTED_KEY', 'secret');
+    let u = new ParseUser();
+    expect(u.isCurrent()).toBe(false);
+    expect(u.className).toBe('_User');
+    expect(u instanceof ParseObject).toBe(true);
+
+    u = new ParseUser({
+      username: 'andrew',
+      password: 'secret'
+    });
+    expect(u.get('username')).toBe('andrew');
+    expect(u.get('password')).toBe('secret');
+
+    expect(function() {
+      new ParseUser({
+        $$$: 'invalid'
+      });
+    }).toThrow('Can\'t create an invalid Parse User');
+  });
 });

src/__tests__/SingleInstanceStateController-test.js

@@ -15,6 +15,7 @@ jest.dontMock('../ParseGeoPoint');
 jest.dontMock('../ParseOp');
 jest.dontMock('../SingleInstanceStateController');
 jest.dontMock('../TaskQueue');
+jest.dontMock('crypto-js');
 
 const mockObject = function() {};
 mockObject.registerSubclass = function() {};

src/__tests__/UniqueInstanceStateController-test.js

@@ -16,6 +16,7 @@ jest.dontMock('../ParseOp');
 jest.dontMock('../UniqueInstanceStateController');
 jest.dontMock('../TaskQueue');
 jest.dontMock('../promiseUtils');
+jest.dontMock('crypto-js');
 jest.useFakeTimers();
 
 const mockObject = function(className) {

src/__tests__/canBeSerialized-test.js

@@ -8,6 +8,7 @@
  */
 
 jest.dontMock('../canBeSerialized');
+jest.dontMock('crypto-js');
 
 function mockObject(id, attributes) {
   this.id = id;

src/__tests__/decode-test.js

@@ -10,6 +10,7 @@
 jest.dontMock('../decode');
 jest.dontMock('../ParseFile');
 jest.dontMock('../ParseGeoPoint');
+jest.dontMock('crypto-js');
 
 const decode = require('../decode').default;
 

src/__tests__/encode-test.js

@@ -11,6 +11,7 @@ jest.dontMock('../encode');
 jest.dontMock('../ParseACL');
 jest.dontMock('../ParseFile');
 jest.dontMock('../ParseGeoPoint');
+jest.dontMock('crypto-js');
 
 const mockObject = function(className) {
   this.className = className;

src/__tests__/unsavedChildren-test.js

@@ -9,6 +9,7 @@
 
 jest.dontMock('../ParseFile');
 jest.dontMock('../unsavedChildren');
+jest.dontMock('crypto-js');
 
 function mockObject({ className, localId, id, attributes, dirty }) {
   this.className = className;