From e9f9927534d8a4be9145819fcb78a5d02de24e88 Mon Sep 17 00:00:00 2001 From: Jean-Philippe Lang Date: Fri, 11 Nov 2011 14:04:33 +0000 Subject: [PATCH] Fixed: Error when reading ciphered text from the database without cipher key configured (#9552). git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@7780 e93f8b46-1217-0410-a6f0-8f06a7374b81 --- lib/redmine/ciphering.rb | 8 ++++++++ test/unit/lib/redmine/ciphering_test.rb | 14 ++++++++++++++ 2 files changed, 22 insertions(+) diff --git a/lib/redmine/ciphering.rb b/lib/redmine/ciphering.rb index 2fb2dca86..b07d9fa09 100644 --- a/lib/redmine/ciphering.rb +++ b/lib/redmine/ciphering.rb @@ -39,6 +39,10 @@ module Redmine def decrypt_text(text) if text && match = text.match(/\Aaes-256-cbc:(.+)\Z/) + if cipher_key.blank? + logger.error "Attempt to decrypt a ciphered text with no cipher key configured in config/configuration.yml" if logger + return text + end text = match[1] c = OpenSSL::Cipher::Cipher.new("aes-256-cbc") e, iv = text.split("--").map {|s| Base64.decode64(s)} @@ -56,6 +60,10 @@ module Redmine key = Redmine::Configuration['database_cipher_key'].to_s key.blank? ? nil : Digest::SHA256.hexdigest(key) end + + def logger + RAILS_DEFAULT_LOGGER + end end module ClassMethods diff --git a/test/unit/lib/redmine/ciphering_test.rb b/test/unit/lib/redmine/ciphering_test.rb index be4206f5f..6c0e0e368 100644 --- a/test/unit/lib/redmine/ciphering_test.rb +++ b/test/unit/lib/redmine/ciphering_test.rb @@ -53,6 +53,20 @@ class Redmine::CipheringTest < ActiveSupport::TestCase assert_equal 'clear', r.password end end + + def test_ciphered_password_with_no_cipher_key_configured_should_be_returned_ciphered + Redmine::Configuration.with 'database_cipher_key' => 'secret' do + r = Repository::Subversion.generate!(:password => 'clear') + end + + Redmine::Configuration.with 'database_cipher_key' => '' do + r = Repository.first(:order => 'id DESC') + # password can not be deciphered + assert_nothing_raised do + assert r.password.match(/\Aaes-256-cbc:.+\Z/) + end + end + end def test_encrypt_all Repository.delete_all