]> source.dussan.org Git - redmine.git/commitdiff
Fixed: Error when reading ciphered text from the database without cipher key configur...
authorJean-Philippe Lang <jp_lang@yahoo.fr>
Fri, 11 Nov 2011 14:04:33 +0000 (14:04 +0000)
committerJean-Philippe Lang <jp_lang@yahoo.fr>
Fri, 11 Nov 2011 14:04:33 +0000 (14:04 +0000)
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@7780 e93f8b46-1217-0410-a6f0-8f06a7374b81

lib/redmine/ciphering.rb
test/unit/lib/redmine/ciphering_test.rb

index 2fb2dca860daf8ec031eb8b04e519439553d8676..b07d9fa097989fa6ffb0985636c9b83b71bc67ac 100644 (file)
@@ -39,6 +39,10 @@ module Redmine
 
       def decrypt_text(text)
         if text && match = text.match(/\Aaes-256-cbc:(.+)\Z/)
+          if cipher_key.blank?
+            logger.error "Attempt to decrypt a ciphered text with no cipher key configured in config/configuration.yml" if logger
+            return text
+          end
           text = match[1]
           c = OpenSSL::Cipher::Cipher.new("aes-256-cbc")
           e, iv = text.split("--").map {|s| Base64.decode64(s)}
@@ -56,6 +60,10 @@ module Redmine
         key = Redmine::Configuration['database_cipher_key'].to_s
         key.blank? ? nil : Digest::SHA256.hexdigest(key)
       end
+      
+      def logger
+        RAILS_DEFAULT_LOGGER
+      end
     end
 
     module ClassMethods
index be4206f5f5afaac508d511c669d6b93827eced70..6c0e0e36809d1581843e1971db56b9c619417ebf 100644 (file)
@@ -53,6 +53,20 @@ class Redmine::CipheringTest < ActiveSupport::TestCase
       assert_equal 'clear', r.password
     end
   end
+  
+  def test_ciphered_password_with_no_cipher_key_configured_should_be_returned_ciphered
+    Redmine::Configuration.with 'database_cipher_key' => 'secret' do
+      r = Repository::Subversion.generate!(:password => 'clear')
+    end
+
+    Redmine::Configuration.with 'database_cipher_key' => '' do
+      r = Repository.first(:order => 'id DESC')
+      # password can not be deciphered
+      assert_nothing_raised do
+        assert r.password.match(/\Aaes-256-cbc:.+\Z/)
+      end
+    end
+  end
 
   def test_encrypt_all
     Repository.delete_all