Encrypting Current User and Local Storage (#695)

* Encrypting Current User and Local Storage * Update based in the js-sdk Pull requests #1036 * Encrypting Current User reminder * secure-ls correction and typo fixed * Update _includes/js/users.md drafting Co-Authored-By: Tom Fox <13188249+TomWFox@users.noreply.github.com> * Update _includes/js/users.md drafting Co-Authored-By: Tom Fox <13188249+TomWFox@users.noreply.github.com> * Update _includes/js/users.md drafting Co-Authored-By: Tom Fox <13188249+TomWFox@users.noreply.github.com> * Update _includes/js/users.md drafting Co-Authored-By: Tom Fox <13188249+TomWFox@users.noreply.github.com> * Update _includes/js/users.md drafting Co-Authored-By: Tom Fox <13188249+TomWFox@users.noreply.github.com> Co-authored-by: Tom Fox <13188249+TomWFox@users.noreply.github.com>
parse-community · Dec 24, 2019 · 7819c45 · 7819c45
1 parent f8045bd
commit 7819c45
Show file tree

Hide file tree

Showing 5 changed files with 443 additions and 397 deletions.
diff --git a/Gemfile.lock b/Gemfile.lock
@@ -24,10 +24,12 @@ GEM
     ethon (0.11.0)
       ffi (>= 1.3.0)
     eventmachine (1.2.7)
+    eventmachine (1.2.7-x64-mingw32)
     execjs (2.7.0)
     faraday (0.15.4)
       multipart-post (>= 1.2, < 3)
     ffi (1.9.25)
+    ffi (1.9.25-x64-mingw32)
     forwardable-extended (2.6.0)
     gemoji (3.0.0)
     github-pages (193)
@@ -207,6 +209,8 @@ GEM
     multipart-post (2.0.0)
     nokogiri (1.8.5)
       mini_portile2 (~> 2.3.0)
+    nokogiri (1.8.5-x64-mingw32)
+      mini_portile2 (~> 2.3.0)
     octokit (4.13.0)
       sawyer (~> 0.8.0, >= 0.5.3)
     pathutil (0.16.2)
@@ -240,6 +244,7 @@ GEM
 
 PLATFORMS
   ruby
+  x64-mingw32
 
 DEPENDENCIES
   github-pages

diff --git a/_includes/js/local-datastore.md b/_includes/js/local-datastore.md
@@ -4,6 +4,29 @@ The Parse JS SDK (Version 2.2.0+) provides a local datastore which can be used t
 
 There are a couple of side effects of enabling the local datastore that you should be aware of. When enabled, there will only be one instance of any given `Parse.Object`. For example, imagine you have an instance of the `"GameScore"` class with an `objectId` of `"xWMyZ4YEGZ"`, and then you issue a `Parse.Query` for all instances of `"GameScore"` with that `objectId`. The result will be the same instance of the object you already have in memory.
 
+Also if you don't want to show the data in the local storage you can use [secure-ls](https://github.com/softvar/secure-ls) to Encrypt it.
+
+```javascript
+import SecureLS from 'secure-ls';
+const ls = new SecureLS({ isCompression: false });
+
+Parse.enableLocalDatastore();
+Parse.setLocalDatastoreController({
+  fromPinWithName: name => ls.get(name),
+  pinWithName: (name, objects) => ls.set(name, JSON.stringify(objects)),
+  unPinWithName: name => ls.remove(name),
+  getAllContents: () => {
+    let data = {};
+    ls.getAllKeys().forEach((key) => {
+      const value = ls.get(key).data;
+      data[key] = value.includes('{') ? JSON.parse(value) : value;
+    })
+    return data;
+  },
+  clear: () => ls.removeAll()
+});
+```
+
 ## Pinning
 
 You can store a `Parse.Object` in the local datastore by pinning it. Pinning a `Parse.Object` is recursive, just like saving, so any objects that are pointed to by the one you are pinning will also be pinned. When an object is pinned, every time you update it by fetching or saving new data, the copy in the local datastore will be updated automatically. You don't need to worry about it at all.

diff --git a/_includes/js/users.md b/_includes/js/users.md
@@ -136,6 +136,22 @@ The `Parse.User` obtained from `Parse.User.current()` will always be authenticat
 
 If you need to check if a `Parse.User` is authenticated, you can invoke the `authenticated` method. You do not need to check `authenticated` with `Parse.User` objects that are obtained via an authenticated method.
 
+## Encrypting Current User
+
+Often you may want to be more careful with user information stored in the browser, if this is the case you can encrypt the current user object:
+
+```javascript
+
+Parse.enableEncryptedUser();
+Parse.secret = 'my Secrey Key';
+
+```
+*   It's important to remember that this function will not work if `Parse.secret` is not set.
+*   Also note that this only works in the browser.
+
+Now the record in Local Storage looks like a random string and only can be read using `Parse.User.current()`
+You can check if this feature is enabled with the function `Parse.isEncryptedUserEnabled()`.
+
 ## Security For Other Objects
 
 The same security model that applies to the `Parse.User` can be applied to other objects. For any object, you can specify which users are allowed to read the object, and which users are allowed to modify an object. To support this type of security, each object has an [access control list](http://en.wikipedia.org/wiki/Access_control_list), implemented by the `Parse.ACL` class.