WEBVTT

00:02.410 --> 00:08.050
So let's try out our encryption library, and the first thing I'm going to do is fix a typo in encryption,

00:08.050 --> 00:11.540
not go down here, I misspelled Decrypt.

00:11.560 --> 00:12.620
So let's fix that.

00:13.660 --> 00:14.950
That just makes me feel better.

00:15.140 --> 00:16.870
OK, so that's fixed.

00:17.290 --> 00:23.380
Now, back in handlers go right now, we're just passing the email that we received right here.

00:23.890 --> 00:30.730
And what I'm going to do is get rid of that and come up here and just assign that to a variable called

00:30.730 --> 00:31.210
email.

00:32.980 --> 00:34.090
OK, so we have that.

00:35.200 --> 00:41.110
Now, we still want to verify the signature and we still want to make sure it's not expired, but down

00:41.110 --> 00:46.630
here, after we check the expiration of the link, let's actually encrypt it.

00:46.750 --> 00:51.320
So we'll create a variable called Encrypt Tor, which may not be a word, but I'm going with it.

00:52.210 --> 00:59.050
That's a sign the value of from the encryption package we just made got encryption and we populate its

00:59.050 --> 01:05.830
key with cost to a slice of bytes, which it has to be configured.

01:05.830 --> 01:07.460
Not secret key.

01:09.300 --> 01:12.810
OK, that gives us a variable we can use to encrypt our email.

01:13.480 --> 01:23.740
So let's create a variable called encrypted email, encrypted email and potentially an error are assigned

01:23.740 --> 01:27.880
the value of encrypt or don't encrypt.

01:27.880 --> 01:31.590
And we hand it email and we check for an error.

01:32.560 --> 01:34.860
So we'll do the same thing I've been doing right along.

01:34.870 --> 01:36.890
And again, you can do whatever you wish.

01:36.960 --> 01:40.600
At this point, so we'll say encryption failed

01:47.520 --> 01:51.460
and once that's actually encrypted, that's what we're going to pass to reform.

01:53.200 --> 01:56.260
And that will display an encrypted version of the email.

01:56.350 --> 02:00.430
And nobody will be able to guess the correct encryption encryption algorithm if they want to change

02:00.430 --> 02:00.990
the emails.

02:01.000 --> 02:02.380
So that solves that problem.

02:02.860 --> 02:03.640
And, of course.

02:05.270 --> 02:09.920
We need to fix this, too, if error is not equal to no, I was sloppy.

02:11.480 --> 02:13.680
So let's stop now on the back end.

02:13.700 --> 02:19.940
We need to go to Handler's Dash API, don't go, which is right here.

02:20.600 --> 02:24.710
And we want to find the reset password function, which is right about here.

02:25.910 --> 02:29.710
After we read the JSON and before we look up the user, we have to decrypt that email.

02:29.810 --> 02:35.810
So we'll just go back over and use our encrypted package so we'll create a variable called encrypted.

02:37.250 --> 02:46.790
And that's a sign the value of from our encryption package dot encryption and it's key is a sign the

02:46.790 --> 02:48.620
value of a slice of bytes.

02:49.580 --> 02:52.940
And we want app dot, config, dot secret key.

02:54.620 --> 02:58.070
And then we use that variable to decrypt what we received in the payload.

02:58.670 --> 03:06.440
So real email and potentially error are a sign the value of encrypt or decrypt.

03:06.590 --> 03:11.390
And we hand it payload the email and we check for an error.

03:11.600 --> 03:13.250
If error is not equal to nil,

03:17.060 --> 03:19.160
then I'll just do the same thing I've been doing right along.

03:19.160 --> 03:23.000
So I'll copy this stuff and paste it in here.

03:24.260 --> 03:29.240
And at this point, we're not going to get the user by payload email because that's encrypted.

03:29.420 --> 03:30.860
Instead, we use the decrypted value.

03:36.490 --> 03:42.430
And we shouldn't have to do anything else, so let's try writing this, so make stop, make start.

03:47.010 --> 03:51.110
Let's go over to our Web browser and we'll start the whole process right from the beginning.

03:51.120 --> 03:53.190
So I'll open this up and go to mail traffic

03:59.130 --> 04:00.720
and go to my inbox.

04:04.920 --> 04:07.950
It's empty and let's go to login.

04:09.120 --> 04:10.170
Forgot my password.

04:10.980 --> 04:13.680
Let's put in an example.

04:14.670 --> 04:15.450
Dot com.

04:17.040 --> 04:17.970
Send the link.

04:18.780 --> 04:19.700
Go to mantrap.

04:20.040 --> 04:20.820
There it is.

04:21.680 --> 04:22.710
Let's click on this.

04:24.930 --> 04:28.340
And now let's give you the source and see what's in that payload variable.

04:30.120 --> 04:31.920
So all the way down to the JavaScript.

04:33.550 --> 04:40.030
And there's an encrypted version of our email right there, and I would not be able to guess what to

04:40.040 --> 04:42.430
use to make that point to somebody else's email.

04:42.520 --> 04:43.630
Now let's make sure it works.

04:44.830 --> 04:51.580
So my password, I will change it to password three password three reset password.

04:52.880 --> 05:00.130
I should take me to the login screen and I'll put in admin at example, dot com and password three,

05:00.650 --> 05:04.070
and if I typed that right, I should get it and I do.

05:04.490 --> 05:05.600
So that works really well.

05:06.170 --> 05:10.820
And the nice thing about this, of course, is we have that encryption functionality available to us

05:10.820 --> 05:11.670
anywhere we need it.

05:11.690 --> 05:17.030
So if I want to store encrypted values in the database for really sense of sensitive information, I

05:17.030 --> 05:20.530
can use those two functions to encrypt and decrypt at will.

05:20.870 --> 05:23.510
And that makes things ever so much simpler.

05:24.080 --> 05:25.240
All right, let's move on.