matt
/
monacousa-portal
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Preserve masked credentials in admin config updates
Build And Push Image / docker (push) Successful in 2m54s Details 

Handle masked sensitive fields (passwords/secrets) in reCAPTCHA and SMTP
configuration endpoints. When the frontend sends masked values (bullets),
preserve existing credentials instead of overwriting them. This prevents
accidental credential loss when updating other configuration fields.

- Check for masked placeholder values ('••••••••••••••••')
- Preserve existing secretKey/password when masked
- Add logging to track credential update actions
This commit is contained in:
Matt 2025-08-09 16:41:33 +02:00
parent c4a0230f42
commit 97653b7307
2 changed files with 30 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
server/api/admin/recaptcha-config.post.ts
View File

@ -45,12 +45,25 @@ export default defineEventHandler(async (event) => {
}); });
} }
// Get existing configuration to preserve secretKey if not changed
const { getRecaptchaConfig, saveRecaptchaConfig } = await import('~/server/utils/admin-config');
const existingConfig = getRecaptchaConfig();
// Check if secretKey is the masked value
const isMaskedSecretKey = body.secretKey === '••••••••••••••••';
// Save reCAPTCHA configuration // Save reCAPTCHA configuration
const { saveRecaptchaConfig } = await import('~/server/utils/admin-config');
await saveRecaptchaConfig({ await saveRecaptchaConfig({
siteKey: body.siteKey.trim(), siteKey: body.siteKey.trim(),
secretKey: body.secretKey.trim() // If secretKey is masked bullets, preserve existing secretKey
// Otherwise, use the new secretKey
secretKey: isMaskedSecretKey
? (existingConfig.secretKey || '')
: body.secretKey.trim()
}, session.user.email); }, session.user.email);
console.log('[api/admin/recaptcha-config.post] Secret key action:',
isMaskedSecretKey ? 'preserved' : 'updated');
console.log('[api/admin/recaptcha-config.post] ✅ reCAPTCHA configuration saved successfully'); console.log('[api/admin/recaptcha-config.post] ✅ reCAPTCHA configuration saved successfully');

17
server/api/admin/smtp-config.post.ts
View File

@ -57,20 +57,33 @@ export default defineEventHandler(async (event) => {
}); });
} }
// Get existing configuration to preserve password if not changed
const { getSMTPConfig } = await import('~/server/utils/admin-config');
const existingConfig = getSMTPConfig();
// Check if password is the masked value
const isMaskedPassword = body.password === '••••••••••••••••';
// Prepare configuration object // Prepare configuration object
const smtpConfig = { const smtpConfig = {
host: body.host.trim(), host: body.host.trim(),
port: port, port: port,
secure: Boolean(body.secure), secure: Boolean(body.secure),
username: body.username?.trim() || '', username: body.username?.trim() || '',
password: body.password?.trim() || '', // If password is masked bullets, preserve existing password
// If password is empty, clear it
// Otherwise, use the new password
password: isMaskedPassword
? (existingConfig.password || '')
: (body.password?.trim() || ''),
fromAddress: body.fromAddress.trim(), fromAddress: body.fromAddress.trim(),
fromName: body.fromName.trim() fromName: body.fromName.trim()
}; };
console.log('[api/admin/smtp-config.post] Saving SMTP config:', { console.log('[api/admin/smtp-config.post] Saving SMTP config:', {
...smtpConfig, ...smtpConfig,
password: smtpConfig.password ? '••••••••••••••••' : '' password: smtpConfig.password ? '••••••••••••••••' : '',
passwordAction: isMaskedPassword ? 'preserved' : (body.password ? 'updated' : 'cleared')
}); });
// Save SMTP configuration // Save SMTP configuration