better password handling, each topology process has an own password safe process now.

zookzook · zookzook · commit e5ea4d4e5df4 · 2020-01-08T11:06:06.000+01:00
diff --git a/README.md b/README.md
@@ -1,5 +1,6 @@
 # An alternative Mongodb driver for Elixir
 [![Build Status](https://travis-ci.org/zookzook/elixir-mongodb-driver.svg?branch=master)](https://travis-ci.org/zookzook/elixir-mongodb-driver)
+[![Coverage Status](https://coveralls.io/repos/github/zookzook/elixir-mongodb-driver/badge.svg?branch=master)](https://coveralls.io/github/zookzook/elixir-mongodb-driver?branch=master)
 [![Hex.pm](https://img.shields.io/hexpm/v/mongodb_driver.svg)](https://hex.pm/packages/mongodb_driver)
 [![Hex.pm](https://img.shields.io/hexpm/dt/mongodb_driver.svg)](https://hex.pm/packages/mongodb_driver)
 [![Hex.pm](https://img.shields.io/hexpm/dw/mongodb_driver.svg)](https://hex.pm/packages/mongodb_driver)
diff --git a/lib/mongo/app.ex b/lib/mongo/app.ex
@@ -7,7 +7,6 @@ defmodule Mongo.App do
     children = [
       worker(Mongo.IdServer, []),
       worker(Mongo.PBKDF2Cache, []),
-      worker(Mongo.PasswordSafe, []),
       worker(:gen_event, [local: Mongo.Events])
     ]
 
diff --git a/lib/mongo/auth.ex b/lib/mongo/auth.ex
@@ -31,13 +31,14 @@ defmodule Mongo.Auth do
 
   defp setup(opts) do
     username = opts[:username]
-    password = PasswordSafe.get_pasword()
+    pw_safe  = opts[:pw_safe]
+    password = PasswordSafe.get_pasword(pw_safe)
     auth     = opts[:auth] || []
 
     auth =
       Enum.map(auth, fn opts ->
         username = opts[:username]
-        password = PasswordSafe.get_pasword()
+        password = PasswordSafe.get_pasword(pw_safe)
         {username, password}
       end)
 
diff --git a/lib/mongo/password_safe.ex b/lib/mongo/password_safe.ex
@@ -1,34 +1,53 @@
 defmodule Mongo.PasswordSafe do
   @moduledoc """
   The password safe stores the password while parsing the url and/or the options to avoid it from logging while the sasl logger is activated.
+
+  The password is encrypted before storing in the GenServer's state. It will be encrypted before returning. This should help, that the password
+  is not stored as plain text in the memory.
   """
 
   @me __MODULE__
 
   use GenServer
 
-  def start_link(_ \\ nil) do
-    GenServer.start_link(__MODULE__, [], name: @me)
+  def new() do
+    GenServer.start_link(@me, [])
   end
 
-  def set_password(password) do
-    GenServer.cast(@me, {:set, password})
+  def set_password(pid, password) do
+    GenServer.cast(pid, {:set, password})
   end
 
-  def get_pasword() do
-    GenServer.call(@me, :get)
+  def get_pasword(nil), do: nil
+  def get_pasword(pid) do
+    GenServer.call(pid, :get)
   end
 
   def init([]) do
-    {:ok, nil}
+    {:ok, %{key: generate_key(), pw: nil}}
+  end
+
+  def handle_cast({:set, password}, %{key: key} = data) do
+    {:noreply, %{data | pw: (password |> encrypt(key))}}
+  end
+
+  def handle_call(:get, _from, %{key: key, pw: password} = data) do
+    {:reply, password |> decrypt(key), data}
+  end
+
+  defp encrypt(plaintext, key) do
+    iv         = :crypto.strong_rand_bytes(16) # create random Initialisation Vector
+    ciphertext = :crypto.crypto_one_time(:aes_256_ctr, key, iv, plaintext, true)
+    iv <> ciphertext # "return" iv & ciphertext
   end
 
-  def handle_cast({:set, password}, data) do
-    {:noreply, password}
+  defp decrypt(ciphertext, key) do
+    <<iv::binary-16, ciphertext::binary>> = ciphertext
+    :crypto.crypto_one_time(:aes_256_ctr, key, iv, ciphertext, false)
   end
 
-  def handle_call(:get, _from, password) do
-    {:reply, password, password}
+  defp generate_key() do
+    :crypto.strong_rand_bytes(32)
   end
 
 end
diff --git a/lib/mongo/topology.ex b/lib/mongo/topology.ex
@@ -121,6 +121,10 @@ defmodule Mongo.Topology do
   end
 
   def terminate(_reason, state) do
+    case state.opts[:pw_safe] do
+       nil -> nil
+       pid -> GenServer.stop(pid)
+    end
     Enum.each(state.connection_pools, fn {_address, pid} -> GenServer.stop(pid) end)
     Enum.each(state.monitors, fn {_address, pid} -> GenServer.stop(pid) end)
     :ok = Mongo.Events.notify(%TopologyClosedEvent{
diff --git a/lib/mongo/url_parser.ex b/lib/mongo/url_parser.ex
@@ -164,8 +164,13 @@ defmodule Mongo.UrlParser do
     case Keyword.get(opts, :password) do
       nil -> opts
       value ->
-        with :ok <- Mongo.PasswordSafe.set_password(value) do
-          Keyword.put(opts, :password, "*****")
+
+      ## start GenServer and put id
+        with {:ok, pid} <- Mongo.PasswordSafe.new(),
+          :ok <- Mongo.PasswordSafe.set_password(pid, value) do
+          opts
+          |> Keyword.put(:password, "*****")
+          |> Keyword.put(:pw_safe, pid)
         end
     end
   end
diff --git a/test/mongo/password_safe_test.exs b/test/mongo/password_safe_test.exs
@@ -5,18 +5,26 @@ defmodule Mongo.PasswordSafeTest do
   alias Mongo.UrlParser
   alias Mongo.PasswordSafe
 
+  test "encrypted password" do
+
+    pw = "my-secret-password"
+    {:ok, pid} = PasswordSafe.new()
+    PasswordSafe.set_password(pid, pw)
+    %{key: _key, pw: enc_pw} = :sys.get_state(pid)
+    assert enc_pw != pw
+    assert pw == PasswordSafe.get_pasword(pid)
+
+  end
+
   #
   # When the sasl logger is activated like  `--logger-sasl-reports true` then the supervisor reports all parameters when it starts a process. So, the password should not
   # used in the options
   #
-  describe "parse_url and hide the password in options" do
-    test "encoded password" do
+  test "encoded password" do
       url = "mongodb://myDBReader:D1fficultP%40ssw0rd@mongodb0.example.com:27017/admin"
       opts = UrlParser.parse_url([url: url])
-
       assert "*****" == Keyword.get(opts, :password)
-      assert "D1fficultP@ssw0rd" == PasswordSafe.get_pasword()
+      assert "D1fficultP@ssw0rd" == PasswordSafe.get_pasword(Keyword.get(opts, :pw_safe))
     end
-  end
 
 end
diff --git a/test/mongo/url_parser_test.exs b/test/mongo/url_parser_test.exs
@@ -13,7 +13,7 @@ defmodule Mongo.UrlParserTest do
       url =
         "mongodb://user:password@seed1.domain.com:27017,seed2.domain.com:27017,seed3.domain.com:27017/db_name?ssl=true&replicaSet=set-name&authSource=admin&maxPoolSize=5"
 
-      assert UrlParser.parse_url(url: url) == [
+      assert UrlParser.parse_url(url: url) |> Keyword.drop([:pw_safe]) == [
                password: "*****",
                username: "user",
                database: "db_name",
@@ -47,7 +47,7 @@ defmodule Mongo.UrlParserTest do
     end
 
     test "url srv with user" do
-      assert UrlParser.parse_url(url: "mongodb+srv://user:password@test5.test.build.10gen.cc") ==
+      assert UrlParser.parse_url(url: "mongodb+srv://user:password@test5.test.build.10gen.cc") |> Keyword.drop([:pw_safe]) ==
                [
                  password: "*****",
                  username: "user",

Original file line number	Diff line number	Diff line change
`@@ -7,7 +7,6 @@ defmodule Mongo.App do`
`7`	`7`	`children = [`
`8`	`8`	`worker(Mongo.IdServer, []),`
`9`	`9`	`worker(Mongo.PBKDF2Cache, []),`
`10`		`- worker(Mongo.PasswordSafe, []),`
`11`	`10`	`worker(:gen_event, [local: Mongo.Events])`
`12`	`11`	`]`
`13`	`12`