diff --git a/lib/redmine/ciphering.rb b/lib/redmine/ciphering.rb index 2fb2dca86..b07d9fa09 100644 --- a/lib/redmine/ciphering.rb +++ b/lib/redmine/ciphering.rb @@ -39,6 +39,10 @@ module Redmine def decrypt_text(text) if text && match = text.match(/\Aaes-256-cbc:(.+)\Z/) + if cipher_key.blank? + logger.error "Attempt to decrypt a ciphered text with no cipher key configured in config/configuration.yml" if logger + return text + end text = match[1] c = OpenSSL::Cipher::Cipher.new("aes-256-cbc") e, iv = text.split("--").map {|s| Base64.decode64(s)} @@ -56,6 +60,10 @@ module Redmine key = Redmine::Configuration['database_cipher_key'].to_s key.blank? ? nil : Digest::SHA256.hexdigest(key) end + + def logger + RAILS_DEFAULT_LOGGER + end end module ClassMethods diff --git a/test/unit/lib/redmine/ciphering_test.rb b/test/unit/lib/redmine/ciphering_test.rb index be4206f5f..6c0e0e368 100644 --- a/test/unit/lib/redmine/ciphering_test.rb +++ b/test/unit/lib/redmine/ciphering_test.rb @@ -53,6 +53,20 @@ class Redmine::CipheringTest < ActiveSupport::TestCase assert_equal 'clear', r.password end end + + def test_ciphered_password_with_no_cipher_key_configured_should_be_returned_ciphered + Redmine::Configuration.with 'database_cipher_key' => 'secret' do + r = Repository::Subversion.generate!(:password => 'clear') + end + + Redmine::Configuration.with 'database_cipher_key' => '' do + r = Repository.first(:order => 'id DESC') + # password can not be deciphered + assert_nothing_raised do + assert r.password.match(/\Aaes-256-cbc:.+\Z/) + end + end + end def test_encrypt_all Repository.delete_all