Merged r7780 from trunk (#9552).

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/branches/1.2-stable@8118 e93f8b46-1217-0410-a6f0-8f06a7374b81
2011-12-07 21:56:49 +00:00 · 2011-12-07 21:56:49 +00:00 · 6d57380712
parent 00d1b230e0
commit 6d57380712
2 changed files with 23 additions and 1 deletions
--- a/lib/redmine/ciphering.rb
+++ b/lib/redmine/ciphering.rb
@ -39,6 +39,10 @@ module Redmine
      
      def decrypt_text(text)
        if text && match = text.match(/\Aaes-256-cbc:(.+)\Z/)
+          if cipher_key.blank?
+            logger.error "Attempt to decrypt a ciphered text with no cipher key configured in config/configuration.yml" if logger
+            return text
+          end
          text = match[1]
          c = OpenSSL::Cipher::Cipher.new("aes-256-cbc")
          e, iv = text.split("--").map {|s| Base64.decode64(s)}
@ -56,6 +60,10 @@ module Redmine
        key = Redmine::Configuration['database_cipher_key'].to_s
        key.blank? ? nil : Digest::SHA256.hexdigest(key)
      end
+      
+      def logger
+        RAILS_DEFAULT_LOGGER
+      end
    end
  
    module ClassMethods
--- a/test/unit/lib/redmine/ciphering_test.rb
+++ b/test/unit/lib/redmine/ciphering_test.rb
@ -61,7 +61,21 @@ class Redmine::CipheringTest < ActiveSupport::TestCase
      assert_equal 'clear', r.password
    end
  end
-  
+
+  def test_ciphered_password_with_no_cipher_key_configured_should_be_returned_ciphered
+    Redmine::Configuration.with 'database_cipher_key' => 'secret' do
+      r = Repository::Subversion.generate!(:password => 'clear')
+    end
+
+    Redmine::Configuration.with 'database_cipher_key' => '' do
+      r = Repository.first(:order => 'id DESC')
+      # password can not be deciphered
+      assert_nothing_raised do
+        assert r.password.match(/\Aaes-256-cbc:.+\Z/)
+      end
+    end
+  end
+
  def test_encrypt_all
    Repository.delete_all
    Redmine::Configuration.with 'database_cipher_key' => nil do