mirror of
https://github.com/snipe/snipe-it.git
synced 2025-01-11 22:07:29 -08:00
FIXED upgrade Recrypt not working with changed cipher (#4245)
* FIX legacy cipher change * FIX Recrypt Custom fields column names * FIX ReCrypt Clean un-needed code
This commit is contained in:
parent
ed4aa7dec2
commit
a4eeff01f0
|
@ -48,6 +48,7 @@ class RecryptFromMcrypt extends Command
|
||||||
// If not, we can try to use the current APP_KEY if looks like it's old
|
// If not, we can try to use the current APP_KEY if looks like it's old
|
||||||
$legacy_key = env('LEGACY_APP_KEY');
|
$legacy_key = env('LEGACY_APP_KEY');
|
||||||
$key_parts = explode(':', $legacy_key);
|
$key_parts = explode(':', $legacy_key);
|
||||||
|
$legacy_cipher = env('LEGACY_CIPHER');
|
||||||
$errors = array();
|
$errors = array();
|
||||||
|
|
||||||
if (!$legacy_key) {
|
if (!$legacy_key) {
|
||||||
|
@ -60,6 +61,7 @@ class RecryptFromMcrypt extends Command
|
||||||
if (strlen($legacy_key) == 32) {
|
if (strlen($legacy_key) == 32) {
|
||||||
$legacy_length_check = true;
|
$legacy_length_check = true;
|
||||||
} elseif (array_key_exists('1', $key_parts) && (strlen($key_parts[1])==44)) {
|
} elseif (array_key_exists('1', $key_parts) && (strlen($key_parts[1])==44)) {
|
||||||
|
$legacy_key = base64_decode($key_parts[1],true);
|
||||||
$legacy_length_check = true;
|
$legacy_length_check = true;
|
||||||
} else {
|
} else {
|
||||||
$legacy_length_check = false;
|
$legacy_length_check = false;
|
||||||
|
@ -91,13 +93,17 @@ class RecryptFromMcrypt extends Command
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
if($legacy_cipher){
|
||||||
|
$mcrypter = new McryptEncrypter($legacy_key,$legacy_cipher);
|
||||||
|
}else{
|
||||||
$mcrypter = new McryptEncrypter($legacy_key);
|
$mcrypter = new McryptEncrypter($legacy_key);
|
||||||
|
}
|
||||||
$settings = Setting::getSettings();
|
$settings = Setting::getSettings();
|
||||||
|
|
||||||
if ($settings->ldap_password=='') {
|
if ($settings->ldap_password=='') {
|
||||||
$this->comment('INFO: No LDAP password found. Skipping... ');
|
$this->comment('INFO: No LDAP password found. Skipping... ');
|
||||||
}
|
}
|
||||||
|
/** @var CustomField[] $custom_fields */
|
||||||
$custom_fields = CustomField::where('field_encrypted','=', 1)->get();
|
$custom_fields = CustomField::where('field_encrypted','=', 1)->get();
|
||||||
$this->comment('INFO: Retrieving encrypted custom fields...');
|
$this->comment('INFO: Retrieving encrypted custom fields...');
|
||||||
|
|
||||||
|
@ -110,32 +116,22 @@ class RecryptFromMcrypt extends Command
|
||||||
|
|
||||||
|
|
||||||
// Get all assets with a value in any of the fields that were encrypted
|
// Get all assets with a value in any of the fields that were encrypted
|
||||||
|
/** @var Asset[] $assets */
|
||||||
$assets = $query->get();
|
$assets = $query->get();
|
||||||
|
|
||||||
$bar = $this->output->createProgressBar(count($assets));
|
$bar = $this->output->createProgressBar(count($assets));
|
||||||
|
|
||||||
foreach ($custom_fields as $encrypted_field) {
|
|
||||||
|
|
||||||
// Try to decrypt the payload using the legacy app key
|
|
||||||
try {
|
|
||||||
$decrypted_field = $mcrypter->decrypt($encrypted_field);
|
|
||||||
$this->comment($decrypted_field);
|
|
||||||
} catch (\Exception $e) {
|
|
||||||
$errors[] = ' - ERROR: Could not decrypt field ['.$encrypted_field->name.']: '.$e->getMessage();
|
|
||||||
}
|
|
||||||
$bar->advance();
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
foreach ($assets as $asset) {
|
foreach ($assets as $asset) {
|
||||||
foreach ($custom_fields as $encrypted_field) {
|
foreach ($custom_fields as $encrypted_field) {
|
||||||
|
$columnName = $encrypted_field->db_column;
|
||||||
|
|
||||||
// Make sure the value isn't null
|
// Make sure the value isn't null
|
||||||
if ($asset->{$encrypted_field}!='') {
|
if ($asset->{$columnName}!='') {
|
||||||
// Try to decrypt the payload using the legacy app key
|
// Try to decrypt the payload using the legacy app key
|
||||||
try {
|
try {
|
||||||
$decrypted_field = $mcrypter->decrypt($asset->{$encrypted_field});
|
$decrypted_field = $mcrypter->decrypt($asset->{$columnName});
|
||||||
$asset->{$encrypted_field} = \Crypt::encrypt($decrypted_field);
|
$asset->{$columnName} = \Crypt::encrypt($decrypted_field);
|
||||||
$this->comment($decrypted_field);
|
$this->comment($decrypted_field);
|
||||||
} catch (\Exception $e) {
|
} catch (\Exception $e) {
|
||||||
$errors[] = ' - ERROR: Could not decrypt field ['.$encrypted_field->name.']: '.$e->getMessage();
|
$errors[] = ' - ERROR: Could not decrypt field ['.$encrypted_field->name.']: '.$e->getMessage();
|
||||||
|
|
Loading…
Reference in a new issue