No encryption of user email addresses in the database

[palisadoes]

Describe the bug

1. User email addresses are not encrypted in the database
2. This means a bad actor could SPAM Talawa users if they got access to the database

To Reproduce

1. Dump the database
2. View unencrypted email data in the User table

Expected behavior

A solution where:

1. Email addresses are:
   1. encrypted for storage in the database
   2. decrypted for retrieval from the database
2. The encryption key is not stored in the database
3. Uses a random salt in addition to the encryption key
4. The encryption key is configured with setup.ts
   1. If a value is found, then the default for changing the value must be No
   2. If a value is not found, then the encryption key must be randomly generated
5. Uses a strong encryption algorithm
6. The User email address data in the sample_data/users.json file must be updated with the encrypted addresses during the data importation process.
7. The encryption / decryption key(s) are not stored in the:
   1. code base
   2. database

Actual behavior

1. Email addresses are not encrypted

Screenshots

• N/A

Additional details

1. This is the first of many issues to encrypt PII stored in the database
2. All tests must pass and be valid
3. No other functionality must be affected

Potential internship candidates

Please read this if you are planning to apply for a Palisadoes Foundation internship

• Student Internship Programs talawa#359

[Anubhav-2003]

Respected sir, I can work in this issue, I am comfortable with our graphql schema, after the last two issues got merged. Thank You.

[AVtheking]

I would like to work on this issue

[devsargam]

Can I work on this?

[Anubhav-2003]

@palisadoes Respected sir,

I wanted to clarify one question. Do you want a single encryption key, with a email specific random salt for every user email. Or a user specific unique encryption key, just like the user specific salt for each email. The latter option would involve creating an in-house KMS for handling the keys.

Thank You.

[palisadoes]

1. A single encryption key, encrypting the field using a random salt.
2. Here is an example that could be used.
   • https://gist.github.com/AndiDittrich/4629e7db04819244e843
3. Use a long key, the token generation methodology used in the setup.ts file could be used
4. Research other implementations as possible candidates and use them if better. The PR reviewers will ask about the rationale for your approach.

[Anubhav-2003]

@palisadoes Ok sir, Thank You.

[Anubhav-2003]

@palisadoes Respected sir,

There was a recent revert of a PR in the API that was causing error related to user signup. I had started my feature branch before the revert. So i had to merge the latest upstream to my feature branch. But as a result a lot of files were changed.

One thing I noticed is that for every file changed, eslint throws multiple linting errors that are already present in the code base. At the moment around a hundred linting errors are showing while I try to commit my changes. How can I disable those errors. Otherwise I am unable to commit. Every new line of code I write is passed through linting checks, but the errors shown are for hundreds of lines of code already present.

Thank You.

[palisadoes]

Please ask the talawa-api slack channel for assistance.

[Anubhav-2003]

@palisadoes Respected sir,

The issue is almost done. But I am using an opensource key management service by HashIcorp, for an in-house secret management. As storing the encryption key as plaintext in the .env file is not secure, and industry standard. But this would require all future users of Talawa-api to install 'Vault' from 'HashICorp' , into their local systems and configure it before they can start contributing. Also when pushed to the main repo, the actual cloud instance that runs the API in production must also be updated with the latest software.

Should I proceed with this major addition of software. Or store the key in the .env file only. I feel that if we make the migration, then all current secrets in the .env file could be migrated to the service as well for better security.

Thank You.

[palisadoes]

At this time use the .env file for the simplicity of implementation.

[Anubhav-2003]

@palisadoes ok sir. Thank You.

[github-actions]

This issue did not get any activity in the past 10 days and will be closed in 180 days if no update occurs. Please check if the develop branch has fixed it and report again or close the issue.

[Anubhav-2003]

This issue is active. I have already raised a PR, it is awaited approval. Thank you.

[github-actions]

This issue did not get any activity in the past 10 days and will be closed in 180 days if no update occurs. Please check if the develop branch has fixed it and report again or close the issue.

[Anubhav-2003]

I have already raised PR for this issue, but due to the merge of my recent PR #1896 and a few others there has been drastic changes in the setup. I will be updating the PR as soon as the new implementations are done. Thank You.

[github-actions]

This issue did not get any activity in the past 10 days and will be closed in 180 days if no update occurs. Please check if the develop branch has fixed it and report again or close the issue.

[jyotiv737]

@Anubhav-2003 Are you working on this?

[Anubhav-2003]

@Anubhav-2003 Are you working on this?

Actually, I have already raised a PR for this, the feature is completely implemented, but due to recent pull request merges. Some tests are failing. Thank you.

[Suyash878]

According to this error, we must switch to eslint.config.js from .eslintrc.json, and moreover .eslintignore is no longer supported either. This could be a potential issue in my opinion.
If there's something that needs to be done on my end, I would like to know.

[palisadoes]

According to this error, we must switch to eslint.config.js from .eslintrc.json, and moreover .eslintignore is no longer supported either. This could be a potential issue in my opinion. If there's something that needs to be done on my end, I would like to know.

Please open an issue to fix this for both Admin and the API

[github-actions]

This issue did not get any activity in the past 10 days and will be closed in 180 days if no update occurs. Please check if the develop branch has fixed it and report again or close the issue.

[AnshulKahar2729]

Suyash are you working on this.

[Suyash878]

Yes, I am working on this.

[github-actions]

This issue did not get any activity in the past 10 days and will be closed in 180 days if no update occurs. Please check if the develop branch has fixed it and report again or close the issue.

[palisadoes]

unassigning, inactivity

[prayanshchh]

can u assign me this issue?

[prayanshchh]

Steps to encrypt the email

1. Create Encryption Key in setup.ts and store it in env using crypto package
2. Generate random salt again using crypto
3. Encrypt email using AES-256-GCM algorithim
4. Decrypt email

is this all i need to do (except writing tests)

[prayanshchh]

I am using the previous PR as reference, if there was some changes needed in the previous PR do tell me..will be opening a PR in a week.

[github-actions]

This issue did not get any activity in the past 10 days and will be closed in 180 days if no update occurs. Please check if the develop branch has fixed it and report again or close the issue.

[PurnenduMIshra129th]

can i work on this issue? i would love to work on this issue

[prayanshchh]

can i work on this issue? i would love to work on this issue

working on it

[github-actions]

This issue did not get any activity in the past 10 days and will be closed in 180 days if no update occurs. Please check if the develop branch has fixed it and report again or close the issue.

[bandhan-majumder]

hey @prayanshchh. Are you working on this issue?

[prayanshchh]

I was but as the migration to postgres is not fully completed for the api, hence I will resume my work when postgres branch reaches the appropriate state

there is a open pr

[palisadoes]

I'm going to close this. We can reopen it when the Postgres merge is complete