Merge pull request #1577 from bigomics/devel-two-cookies

ESCRI11 · web-flow · commit 5c41991edf23 · 2025-10-07T18:24:58.000+02:00
fix: different encryption key for email and cookie
diff --git a/components/modules/AuthenticationModule.R b/components/modules/AuthenticationModule.R
@@ -950,7 +950,7 @@ LoginCodeAuthenticationModule <- function(id,
     if (!is.null(query_email) & !is.null(decrypted_cookie)) {
       if (opt$ENCRYPTED_EMAIL) {
         query_email_nonce <- shiny::isolate(shiny::getQueryString()$email_nonce)
-        query_email <- decrypt_cookie(query_email, query_email_nonce)
+        query_email <- decrypt_cookie(query_email, query_email_nonce, key_file = "cookie.txt")
         if (is.null(query_email)) {
           query_email <- ""
         }
@@ -1106,7 +1106,7 @@ LoginCodeAuthenticationModule <- function(id,
       query_email <- shiny::getQueryString()$email
       if (opt$ENCRYPTED_EMAIL) {
         query_email_nonce <- shiny::getQueryString()$email_nonce
-        query_email <- decrypt_cookie(query_email, query_email_nonce)
+        query_email <- decrypt_cookie(query_email, query_email_nonce, key_file = "cookie.txt")
       }
       query_email
     })
diff --git a/components/modules/CookiesModule.R b/components/modules/CookiesModule.R
@@ -14,8 +14,8 @@ extract_cookie_value <- function(session, cookie_name) {
 }
 
 # Decrypt cookie
-decrypt_cookie <- function(cookie, nonce) {
-  key_base64 <- readLines(file.path(OPG, "etc/keys/cookie.txt"))[1]
+decrypt_cookie <- function(cookie, nonce, key_file = "cookie.txt") {
+  key_base64 <- readLines(file.path(OPG, "etc/keys", key_file))[1]
   email_nonce_raw <- tryCatch(
     {
       sodium::hex2bin(nonce)
@@ -54,7 +54,7 @@ get_and_decrypt_cookie <- function(session) {
   cookie <- extract_cookie_value(session, "persistentOPG")
   nonce <- extract_cookie_value(session, "persistentOPG_nonce")
   if (!is.null(cookie) & !is.null(nonce)) {
-    decrypted_cookie <- decrypt_cookie(cookie, nonce)
+    decrypted_cookie <- decrypt_cookie(cookie, nonce, key_file = "cookie2.txt")
     return(decrypted_cookie)
   } else {
     return(NULL)
@@ -63,7 +63,7 @@ get_and_decrypt_cookie <- function(session) {
 
 # Save encrypted session cookie
 save_session_cookie <- function(session, cred) {
-  key_base64 <- readLines(paste0(OPG, "/etc/keys/cookie.txt"))[1]
+  key_base64 <- readLines(paste0(OPG, "/etc/keys/cookie2.txt"))[1]
   passkey <- sodium::sha256(charToRaw(key_base64))
   plaintext <- isolate(cred$email)
   plaintext.raw <- serialize(plaintext, NULL)
diff --git a/etc/keys/cookie2.txt b/etc/keys/cookie2.txt
@@ -0,0 +1 @@
+++E+d7OhM1UueAPOhAYEukRXIzAQvD+gkN8uWwNN+EiY=

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+++E+d7OhM1UueAPOhAYEukRXIzAQvD+gkN8uWwNN+EiY=`