Skip to content

BC-11659 Encrypt oauth-refreshToken before storing in db#6382

Open
dyedwiper wants to merge 15 commits into
mainfrom
bc-11659-refresh-token
Open

BC-11659 Encrypt oauth-refreshToken before storing in db#6382
dyedwiper wants to merge 15 commits into
mainfrom
bc-11659-refresh-token

Conversation

@dyedwiper

Copy link
Copy Markdown
Contributor

Description

Links to Tickets or other pull requests

BC-11659

Changes

Approval for review

  • DEV: If api was changed - generate-client:server was executed in vue frontend and changes were tested and put in a PR with the same branch name.
  • QA: In addition to review, the code has been manually tested (if manual testing is possible)
  • All points were discussed with the ticket creator, support-team or product owner. The code upholds all quality guidelines from the PR-template.

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR implements encryption-at-rest for OAuth refresh tokens stored in the server database, by integrating the existing infra encryption service into the OAuth session-token persistence flow.

Changes:

  • Encrypt OauthSessionToken.refreshToken before persisting via OauthSessionTokenService.save.
  • Decrypt refreshToken when loading the latest token via findLatestByUserId.
  • Update test factories/domain object to support the new encrypted storage behavior (including a setter on the domain object).

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 3 comments.

File Description
apps/server/src/modules/oauth/testing/oauth-session-token-entity.factory.ts Generates encrypted refresh tokens for entity-based tests.
apps/server/src/modules/oauth/service/oauth-session-token.service.ts Encrypts on save and decrypts on read using DefaultEncryptionService.
apps/server/src/modules/oauth/service/oauth-session-token.service.spec.ts Adds an encryption service mock provider to the unit-test module.
apps/server/src/modules/oauth/domain/do/oauth-session-token.ts Adds a refreshToken setter to allow service-layer mutation.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread apps/server/src/modules/oauth/service/oauth-session-token.service.ts Outdated

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 6 out of 6 changed files in this pull request and generated 5 comments.

Comment thread apps/server/src/migrations/mikro-orm/Migration20260708143036.ts
Comment thread apps/server/src/migrations/mikro-orm/Migration20260708143036.ts
Comment thread apps/server/src/migrations/mikro-orm/Migration20260708143036.ts
Comment thread apps/server/src/migrations/mikro-orm/Migration20260708143036.ts
dyedwiper and others added 4 commits July 9, 2026 10:51
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 6 out of 6 changed files in this pull request and generated 2 comments.

Comment thread apps/server/src/migrations/mikro-orm/Migration20260708143036.ts Outdated
Comment thread apps/server/src/migrations/mikro-orm/Migration20260708143036.ts
dyedwiper and others added 2 commits July 9, 2026 11:38
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 6 out of 6 changed files in this pull request and generated 3 comments.

Comment thread apps/server/src/modules/oauth/service/oauth-session-token.service.ts Outdated
Comment thread apps/server/src/migrations/mikro-orm/Migration20260708143036.ts

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 6 out of 6 changed files in this pull request and generated 1 comment.

Comment thread apps/server/src/migrations/mikro-orm/Migration20260708143036.ts
@sonarqubecloud

sonarqubecloud Bot commented Jul 9, 2026

Copy link
Copy Markdown

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Development

Successfully merging this pull request may close these issues.

2 participants