Add libsodium shim, and mark the sodium extension as 'optional'

Trying to handle some composer.lock conflicts, as savely as possible.
2024-09-19 23:37:38 -07:00 · 2023-01-31 16:39:46 -08:00 · 2023-01-31 16:39:46 -08:00 · 3a2b54fd47
parent df64e0e291
commit 3a2b54fd47
3 changed files with 95 additions and 3 deletions
--- a/composer.json
+++ b/composer.json
@ -61,12 +61,13 @@
    "nunomaduro/collision": "^5.4",
    "onelogin/php-saml": "^3.4",
    "paragonie/constant_time_encoding": "^2.3",
-    "symfony/polyfill-mbstring": "^1.22",
+    "paragonie/sodium_compat": "^1.19",
    "phpdocumentor/reflection-docblock": "^5.1",
    "phpspec/prophecy": "^1.10",
    "pragmarx/google2fa-laravel": "^1.3",
    "rollbar/rollbar-laravel": "^7.0",
    "spatie/laravel-backup": "^6.16",
+    "symfony/polyfill-mbstring": "^1.22",
    "tecnickcom/tc-lib-barcode": "^1.15",
    "unicodeveloper/laravel-password": "^1.0",
    "watson/validating": "^6.1"
--- a/composer.lock
+++ b/composer.lock
@ -4,7 +4,6 @@
        "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
        "This file is @generated automatically"
    ],
-    "content-hash": "9bd2bbbd4b08d23336364da3d3a4561a",
    "packages": [
        {
            "name": "alek13/slack",
@ -6299,6 +6298,92 @@
            },
            "time": "2020-10-15T08:29:30+00:00"
        },
+        {
+            "name": "paragonie/sodium_compat",
+            "version": "v1.19.0",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/paragonie/sodium_compat.git",
+                "reference": "cb15e403ecbe6a6cc515f855c310eb6b1872a933"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/paragonie/sodium_compat/zipball/cb15e403ecbe6a6cc515f855c310eb6b1872a933",
+                "reference": "cb15e403ecbe6a6cc515f855c310eb6b1872a933",
+                "shasum": ""
+            },
+            "require": {
+                "paragonie/random_compat": ">=1",
+                "php": "^5.2.4|^5.3|^5.4|^5.5|^5.6|^7|^8"
+            },
+            "require-dev": {
+                "phpunit/phpunit": "^3|^4|^5|^6|^7|^8|^9"
+            },
+            "suggest": {
+                "ext-libsodium": "PHP < 7.0: Better performance, password hashing (Argon2i), secure memory management (memzero), and better security.",
+                "ext-sodium": "PHP >= 7.0: Better performance, password hashing (Argon2i), secure memory management (memzero), and better security."
+            },
+            "type": "library",
+            "autoload": {
+                "files": [
+                    "autoload.php"
+                ]
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "ISC"
+            ],
+            "authors": [
+                {
+                    "name": "Paragon Initiative Enterprises",
+                    "email": "security@paragonie.com"
+                },
+                {
+                    "name": "Frank Denis",
+                    "email": "jedisct1@pureftpd.org"
+                }
+            ],
+            "description": "Pure PHP implementation of libsodium; uses the PHP extension if it exists",
+            "keywords": [
+                "Authentication",
+                "BLAKE2b",
+                "ChaCha20",
+                "ChaCha20-Poly1305",
+                "Chapoly",
+                "Curve25519",
+                "Ed25519",
+                "EdDSA",
+                "Edwards-curve Digital Signature Algorithm",
+                "Elliptic Curve Diffie-Hellman",
+                "Poly1305",
+                "Pure-PHP cryptography",
+                "RFC 7748",
+                "RFC 8032",
+                "Salpoly",
+                "Salsa20",
+                "X25519",
+                "XChaCha20-Poly1305",
+                "XSalsa20-Poly1305",
+                "Xchacha20",
+                "Xsalsa20",
+                "aead",
+                "cryptography",
+                "ecdh",
+                "elliptic curve",
+                "elliptic curve cryptography",
+                "encryption",
+                "libsodium",
+                "php",
+                "public-key cryptography",
+                "secret-key cryptography",
+                "side-channel resistant"
+            ],
+            "support": {
+                "issues": "https://github.com/paragonie/sodium_compat/issues",
+                "source": "https://github.com/paragonie/sodium_compat/tree/v1.19.0"
+            },
+            "time": "2022-09-26T03:40:35+00:00"
+        },
        {
            "name": "phenx/php-font-lib",
            "version": "0.5.4",
--- a/upgrade.php
+++ b/upgrade.php
@ -176,6 +176,10 @@ $required_exts_array =
        'zip',
    ];

+$recommended_exts_array =
+    [
+        'sodium', //note that extensions need to be in BOTH the $required_exts_array and this one to be 'optional'
+    ];
 $ext_missing = '';
 $ext_installed = '';

@ -205,8 +209,10 @@ foreach ($required_exts_array as $required_ext) {
            }

        // If this isn't an either/or option, just add it to the string of errors conventionally
-        } else {
+        } elseif (!in_array($required_ext, $recommended_exts_array)){
            $ext_missing .=  '✘ MISSING PHP EXTENSION: '.$required_ext."\n";
+        } else {
+            $ext_installed .= '- '.$required_ext." is *NOT* installed, but is recommended...\n";
        }

    // The required extension string was found in the array of installed extensions - yay!