From 26eac80d49f63f16d4206e3b6218b41108a5c421 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Iv=C3=A1n=20Ovejero?= Date: Fri, 24 Dec 2021 16:12:18 +0100 Subject: [PATCH] :zap: Parse single-line private key for Google service account (#2132) * :zap: Parse single-line private key * :pencil2: Update description and placeholder * :zap: Some improvements Co-authored-by: Jan Oberhauser Co-authored-by: Jan Oberhauser --- .../credentials/GoogleApi.credentials.ts | 6 ++--- .../nodes/Google/Books/GenericFunctions.ts | 19 ++++++++++++---- .../nodes/Google/Docs/GenericFunctions.ts | 14 +++++++++--- .../nodes/Google/Drive/GenericFunctions.ts | 14 +++++++++--- .../nodes/Google/Gmail/GenericFunctions.ts | 15 +++++++++---- .../nodes/Google/Sheet/GenericFunctions.ts | 15 +++++++++---- .../nodes/Google/Sheet/GoogleSheets.node.ts | 3 ++- .../nodes/Google/Slides/GenericFunctions.ts | 22 +++++++++++++++---- .../Google/Translate/GenericFunctions.ts | 14 +++++++++--- 9 files changed, 93 insertions(+), 29 deletions(-) diff --git a/packages/nodes-base/credentials/GoogleApi.credentials.ts b/packages/nodes-base/credentials/GoogleApi.credentials.ts index f64704b722..bf177281b9 100644 --- a/packages/nodes-base/credentials/GoogleApi.credentials.ts +++ b/packages/nodes-base/credentials/GoogleApi.credentials.ts @@ -17,18 +17,18 @@ export class GoogleApi implements ICredentialType { default: '', description: 'The Google Service account similar to user-808@project.iam.gserviceaccount.com.', required: true, - }, { displayName: 'Private Key', name: 'privateKey', type: 'string', default: '', - description: 'Use the multiline editor. Make sure there are exactly 3 lines.
-----BEGIN PRIVATE KEY-----
KEY IN A SINGLE LINE
-----END PRIVATE KEY-----', + placeholder: '-----BEGIN PRIVATE KEY-----\nXIYEvQIBADANBg<...>0IhA7TMoGYPQc=\n-----END PRIVATE KEY-----\n', + description: 'Enter the private key located in the JSON file downloaded from Google Cloud Console', required: true, }, { - displayName: ' Impersonate a User', + displayName: 'Impersonate a User', name: 'inpersonate', type: 'boolean', default: false, diff --git a/packages/nodes-base/nodes/Google/Books/GenericFunctions.ts b/packages/nodes-base/nodes/Google/Books/GenericFunctions.ts index c3ed803d3f..a387aa71c3 100644 --- a/packages/nodes-base/nodes/Google/Books/GenericFunctions.ts +++ b/packages/nodes-base/nodes/Google/Books/GenericFunctions.ts @@ -16,6 +16,13 @@ import * as moment from 'moment-timezone'; import * as jwt from 'jsonwebtoken'; +interface IGoogleAuthCredentials { + delegatedEmail?: string; + email: string; + inpersonate: boolean; + privateKey: string; +} + export async function googleApiRequest(this: IExecuteFunctions | IExecuteSingleFunctions | ILoadOptionsFunctions, method: string, resource: string, body: any = {}, qs: IDataObject = {}, uri?: string, headers: IDataObject = {}): Promise { // tslint:disable-line:no-any const authenticationMethod = this.getNodeParameter('authentication', 0, 'serviceAccount') as string; const options: OptionsWithUri = { @@ -37,13 +44,16 @@ export async function googleApiRequest(this: IExecuteFunctions | IExecuteSingleF } if (authenticationMethod === 'serviceAccount') { - const credentials = await this.getCredentials('googleApi'); + const credentials = await this.getCredentials('googleApi') as { + email: string; + privateKey: string; + }; if (credentials === undefined) { throw new NodeOperationError(this.getNode(), 'No credentials got returned!'); } - const { access_token } = await getAccessToken.call(this, credentials as IDataObject); + const { access_token } = await getAccessToken.call(this, credentials as unknown as IGoogleAuthCredentials); options.headers!.Authorization = `Bearer ${access_token}`; //@ts-ignore @@ -78,7 +88,7 @@ export async function googleApiRequestAllItems(this: IExecuteFunctions | ILoadOp return returnData; } -function getAccessToken(this: IExecuteFunctions | IExecuteSingleFunctions | ILoadOptionsFunctions, credentials: IDataObject): Promise { +function getAccessToken(this: IExecuteFunctions | IExecuteSingleFunctions | ILoadOptionsFunctions, credentials: IGoogleAuthCredentials): Promise { //https://developers.google.com/identity/protocols/oauth2/service-account#httprest const scopes = [ @@ -87,7 +97,8 @@ function getAccessToken(this: IExecuteFunctions | IExecuteSingleFunctions | ILoa const now = moment().unix(); - const privateKey = (credentials.privateKey as string).replace(/\\n/g, '\n'); + credentials.email = credentials.email.trim(); + const privateKey = (credentials.privateKey as string).replace(/\\n/g, '\n').trim(); const signature = jwt.sign( { diff --git a/packages/nodes-base/nodes/Google/Docs/GenericFunctions.ts b/packages/nodes-base/nodes/Google/Docs/GenericFunctions.ts index 7e64e27946..0a49079e92 100644 --- a/packages/nodes-base/nodes/Google/Docs/GenericFunctions.ts +++ b/packages/nodes-base/nodes/Google/Docs/GenericFunctions.ts @@ -17,6 +17,13 @@ import * as moment from 'moment-timezone'; import * as jwt from 'jsonwebtoken'; +interface IGoogleAuthCredentials { + delegatedEmail?: string; + email: string; + inpersonate: boolean; + privateKey: string; +} + export async function googleApiRequest( this: IExecuteFunctions | ILoadOptionsFunctions, method: string, @@ -50,7 +57,7 @@ export async function googleApiRequest( throw new NodeOperationError(this.getNode(), 'No credentials got returned!'); } - const { access_token } = await getAccessToken.call(this, credentials as IDataObject); + const { access_token } = await getAccessToken.call(this, credentials as unknown as IGoogleAuthCredentials); options.headers!.Authorization = `Bearer ${access_token}`; return await this.helpers.request!(options); @@ -84,7 +91,7 @@ export async function googleApiRequestAllItems(this: IExecuteFunctions | ILoadOp return returnData; } -function getAccessToken(this: IExecuteFunctions | ILoadOptionsFunctions, credentials: IDataObject): Promise { +function getAccessToken(this: IExecuteFunctions | ILoadOptionsFunctions, credentials: IGoogleAuthCredentials): Promise { //https://developers.google.com/identity/protocols/oauth2/service-account#httprest const scopes = [ @@ -95,7 +102,8 @@ function getAccessToken(this: IExecuteFunctions | ILoadOptionsFunctions, credent const now = moment().unix(); - const privateKey = (credentials.privateKey as string).replace(/\\n/g, '\n'); + credentials.email = credentials.email.trim(); + const privateKey = (credentials.privateKey as string).replace(/\\n/g, '\n').trim(); const signature = jwt.sign( { diff --git a/packages/nodes-base/nodes/Google/Drive/GenericFunctions.ts b/packages/nodes-base/nodes/Google/Drive/GenericFunctions.ts index d762a5f075..73a86434d8 100644 --- a/packages/nodes-base/nodes/Google/Drive/GenericFunctions.ts +++ b/packages/nodes-base/nodes/Google/Drive/GenericFunctions.ts @@ -19,6 +19,13 @@ import * as moment from 'moment-timezone'; import * as jwt from 'jsonwebtoken'; +interface IGoogleAuthCredentials { + delegatedEmail?: string; + email: string; + inpersonate: boolean; + privateKey: string; +} + export async function googleApiRequest(this: IExecuteFunctions | IExecuteSingleFunctions | ILoadOptionsFunctions | IPollFunctions, method: string, resource: string, body: any = {}, qs: IDataObject = {}, uri?: string, option: IDataObject = {}): Promise { // tslint:disable-line:no-any const authenticationMethod = this.getNodeParameter('authentication', 0, 'serviceAccount') as string; @@ -47,7 +54,7 @@ export async function googleApiRequest(this: IExecuteFunctions | IExecuteSingleF throw new NodeOperationError(this.getNode(), 'No credentials got returned!'); } - const { access_token } = await getAccessToken.call(this, credentials as IDataObject); + const { access_token } = await getAccessToken.call(this, credentials as unknown as IGoogleAuthCredentials); options.headers!.Authorization = `Bearer ${access_token}`; return await this.helpers.request!(options); @@ -83,7 +90,7 @@ export async function googleApiRequestAllItems(this: IExecuteFunctions | ILoadOp return returnData; } -function getAccessToken(this: IExecuteFunctions | IExecuteSingleFunctions | ILoadOptionsFunctions | IPollFunctions, credentials: IDataObject): Promise { +function getAccessToken(this: IExecuteFunctions | IExecuteSingleFunctions | ILoadOptionsFunctions | IPollFunctions, credentials: IGoogleAuthCredentials): Promise { //https://developers.google.com/identity/protocols/oauth2/service-account#httprest const scopes = [ @@ -94,7 +101,8 @@ function getAccessToken(this: IExecuteFunctions | IExecuteSingleFunctions | ILoa const now = moment().unix(); - const privateKey = (credentials.privateKey as string).replace(/\\n/g, '\n'); + credentials.email = credentials.email.trim(); + const privateKey = (credentials.privateKey as string).replace(/\\n/g, '\n').trim(); const signature = jwt.sign( { diff --git a/packages/nodes-base/nodes/Google/Gmail/GenericFunctions.ts b/packages/nodes-base/nodes/Google/Gmail/GenericFunctions.ts index 353cbf5f95..cce89cc47a 100644 --- a/packages/nodes-base/nodes/Google/Gmail/GenericFunctions.ts +++ b/packages/nodes-base/nodes/Google/Gmail/GenericFunctions.ts @@ -3,7 +3,6 @@ import { } from 'request'; import { - ParsedMail, simpleParser, } from 'mailparser'; @@ -29,6 +28,13 @@ import * as moment from 'moment-timezone'; import * as jwt from 'jsonwebtoken'; +interface IGoogleAuthCredentials { + delegatedEmail?: string; + email: string; + inpersonate: boolean; + privateKey: string; +} + const mailComposer = require('nodemailer/lib/mail-composer'); export async function googleApiRequest(this: IExecuteFunctions | IExecuteSingleFunctions | ILoadOptionsFunctions, method: string, @@ -63,7 +69,7 @@ export async function googleApiRequest(this: IExecuteFunctions | IExecuteSingleF throw new NodeOperationError(this.getNode(), 'No credentials got returned!'); } - const { access_token } = await getAccessToken.call(this, credentials as IDataObject); + const { access_token } = await getAccessToken.call(this, credentials as unknown as IGoogleAuthCredentials); options.headers!.Authorization = `Bearer ${access_token}`; //@ts-ignore @@ -202,7 +208,7 @@ export function extractEmail(s: string) { return data.substring(0, data.length - 1); } -function getAccessToken(this: IExecuteFunctions | IExecuteSingleFunctions | ILoadOptionsFunctions, credentials: IDataObject): Promise { +function getAccessToken(this: IExecuteFunctions | IExecuteSingleFunctions | ILoadOptionsFunctions, credentials: IGoogleAuthCredentials): Promise { //https://developers.google.com/identity/protocols/oauth2/service-account#httprest const scopes = [ @@ -216,7 +222,8 @@ function getAccessToken(this: IExecuteFunctions | IExecuteSingleFunctions | ILoa const now = moment().unix(); - const privateKey = (credentials.privateKey as string).replace(/\\n/g, '\n'); + credentials.email = credentials.email.trim(); + const privateKey = (credentials.privateKey as string).replace(/\\n/g, '\n').trim(); const signature = jwt.sign( { diff --git a/packages/nodes-base/nodes/Google/Sheet/GenericFunctions.ts b/packages/nodes-base/nodes/Google/Sheet/GenericFunctions.ts index 96d8a6530e..81aa75a506 100644 --- a/packages/nodes-base/nodes/Google/Sheet/GenericFunctions.ts +++ b/packages/nodes-base/nodes/Google/Sheet/GenericFunctions.ts @@ -9,7 +9,6 @@ import { } from 'n8n-core'; import { - ICredentialDataDecryptedObject, ICredentialTestFunctions, IDataObject, NodeApiError, NodeOperationError, } from 'n8n-workflow'; @@ -18,6 +17,13 @@ import * as moment from 'moment-timezone'; import * as jwt from 'jsonwebtoken'; +export interface IGoogleAuthCredentials { + delegatedEmail?: string; + email: string; + inpersonate: boolean; + privateKey: string; +} + export async function googleApiRequest(this: IExecuteFunctions | IExecuteSingleFunctions | ILoadOptionsFunctions, method: string, resource: string, body: any = {}, qs: IDataObject = {}, uri?: string, headers: IDataObject = {}): Promise { // tslint:disable-line:no-any const authenticationMethod = this.getNodeParameter('authentication', 0, 'serviceAccount') as string; const options: OptionsWithUri = { @@ -45,7 +51,7 @@ export async function googleApiRequest(this: IExecuteFunctions | IExecuteSingleF throw new NodeOperationError(this.getNode(), 'No credentials got returned!'); } - const { access_token } = await getAccessToken.call(this, credentials as ICredentialDataDecryptedObject); + const { access_token } = await getAccessToken.call(this, credentials as unknown as IGoogleAuthCredentials); options.headers!.Authorization = `Bearer ${access_token}`; //@ts-ignore @@ -82,7 +88,7 @@ export async function googleApiRequestAllItems(this: IExecuteFunctions | ILoadOp return returnData; } -export function getAccessToken(this: IExecuteFunctions | IExecuteSingleFunctions | ILoadOptionsFunctions | ICredentialTestFunctions, credentials: ICredentialDataDecryptedObject): Promise { +export function getAccessToken(this: IExecuteFunctions | IExecuteSingleFunctions | ILoadOptionsFunctions | ICredentialTestFunctions, credentials: IGoogleAuthCredentials): Promise { //https://developers.google.com/identity/protocols/oauth2/service-account#httprest const scopes = [ @@ -93,7 +99,8 @@ export function getAccessToken(this: IExecuteFunctions | IExecuteSingleFunctions const now = moment().unix(); - const privateKey = (credentials.privateKey as string).replace(/\\n/g, '\n'); + credentials.email = credentials.email.trim(); + const privateKey = (credentials.privateKey as string).replace(/\\n/g, '\n').trim(); const signature = jwt.sign( { diff --git a/packages/nodes-base/nodes/Google/Sheet/GoogleSheets.node.ts b/packages/nodes-base/nodes/Google/Sheet/GoogleSheets.node.ts index bdb211c02c..ce2c80b5cc 100644 --- a/packages/nodes-base/nodes/Google/Sheet/GoogleSheets.node.ts +++ b/packages/nodes-base/nodes/Google/Sheet/GoogleSheets.node.ts @@ -29,6 +29,7 @@ import { getAccessToken, googleApiRequest, hexToRgb, + IGoogleAuthCredentials, } from './GenericFunctions'; export class GoogleSheets implements INodeType { @@ -1018,7 +1019,7 @@ export class GoogleSheets implements INodeType { credentialTest: { async googleApiCredentialTest(this: ICredentialTestFunctions, credential: ICredentialsDecrypted): Promise { try { - const tokenRequest = await getAccessToken.call(this, credential.data!); + const tokenRequest = await getAccessToken.call(this, credential.data! as unknown as IGoogleAuthCredentials); if (!tokenRequest.access_token) { return { status: 'Error', diff --git a/packages/nodes-base/nodes/Google/Slides/GenericFunctions.ts b/packages/nodes-base/nodes/Google/Slides/GenericFunctions.ts index 71f9505685..629d8c8c12 100644 --- a/packages/nodes-base/nodes/Google/Slides/GenericFunctions.ts +++ b/packages/nodes-base/nodes/Google/Slides/GenericFunctions.ts @@ -11,12 +11,20 @@ import { ICredentialDataDecryptedObject, IDataObject, NodeApiError, + NodeOperationError, } from 'n8n-workflow'; import * as moment from 'moment-timezone'; import * as jwt from 'jsonwebtoken'; +interface IGoogleAuthCredentials { + delegatedEmail?: string; + email: string; + inpersonate: boolean; + privateKey: string; +} + export async function googleApiRequest( this: IExecuteFunctions | ILoadOptionsFunctions, method: string, @@ -46,8 +54,13 @@ export async function googleApiRequest( try { if (authenticationMethod === 'serviceAccount') { - const credentials = await this.getCredentials('googleApi') as { access_token: string, email: string, privateKey: string }; - const { access_token } = await getAccessToken.call(this, credentials); + const credentials = await this.getCredentials('googleApi'); + + if (credentials === undefined) { + throw new NodeOperationError(this.getNode(), 'No credentials got returned!'); + } + + const { access_token } = await getAccessToken.call(this, credentials as unknown as IGoogleAuthCredentials); options.headers.Authorization = `Bearer ${access_token}`; return await this.helpers.request!(options); @@ -65,7 +78,7 @@ export async function googleApiRequest( function getAccessToken( this: IExecuteFunctions | ILoadOptionsFunctions, - credentials: ICredentialDataDecryptedObject, + credentials: IGoogleAuthCredentials, ) { // https://developers.google.com/identity/protocols/oauth2/service-account#httprest @@ -76,7 +89,8 @@ function getAccessToken( const now = moment().unix(); - const privateKey = (credentials.privateKey as string).replace(/\\n/g, '\n'); + credentials.email = credentials.email.trim(); + const privateKey = (credentials.privateKey as string).replace(/\\n/g, '\n').trim(); const signature = jwt.sign( { diff --git a/packages/nodes-base/nodes/Google/Translate/GenericFunctions.ts b/packages/nodes-base/nodes/Google/Translate/GenericFunctions.ts index 5bc3b98310..50ab4c153c 100644 --- a/packages/nodes-base/nodes/Google/Translate/GenericFunctions.ts +++ b/packages/nodes-base/nodes/Google/Translate/GenericFunctions.ts @@ -16,6 +16,13 @@ import * as moment from 'moment-timezone'; import * as jwt from 'jsonwebtoken'; +interface IGoogleAuthCredentials { + delegatedEmail?: string; + email: string; + inpersonate: boolean; + privateKey: string; +} + export async function googleApiRequest(this: IExecuteFunctions | IExecuteSingleFunctions | ILoadOptionsFunctions, method: string, resource: string, body: any = {}, qs: IDataObject = {}, uri?: string, headers: IDataObject = {}): Promise { // tslint:disable-line:no-any const authenticationMethod = this.getNodeParameter('authentication', 0, 'serviceAccount') as string; const options: OptionsWithUri = { @@ -43,7 +50,7 @@ export async function googleApiRequest(this: IExecuteFunctions | IExecuteSingleF throw new NodeOperationError(this.getNode(), 'No credentials got returned!'); } - const { access_token } = await getAccessToken.call(this, credentials as IDataObject); + const { access_token } = await getAccessToken.call(this, credentials as unknown as IGoogleAuthCredentials); options.headers!.Authorization = `Bearer ${access_token}`; //@ts-ignore @@ -76,7 +83,7 @@ export async function googleApiRequestAllItems(this: IExecuteFunctions | ILoadOp return returnData; } -function getAccessToken(this: IExecuteFunctions | IExecuteSingleFunctions | ILoadOptionsFunctions, credentials: IDataObject): Promise { +function getAccessToken(this: IExecuteFunctions | IExecuteSingleFunctions | ILoadOptionsFunctions, credentials: IGoogleAuthCredentials): Promise { //https://developers.google.com/identity/protocols/oauth2/service-account#httprest const scopes = [ @@ -86,7 +93,8 @@ function getAccessToken(this: IExecuteFunctions | IExecuteSingleFunctions | ILoa const now = moment().unix(); - const privateKey = (credentials.privateKey as string).replace(/\\n/g, '\n'); + credentials.email = credentials.email.trim(); + const privateKey = (credentials.privateKey as string).replace(/\\n/g, '\n').trim(); const signature = jwt.sign( {