git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4950 e93f8b46-1217-0410-a6f0-8f06a7374b81tags/1.2.0
@@ -16,6 +16,8 @@ | |||
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. | |||
class AuthSource < ActiveRecord::Base | |||
include Redmine::Ciphering | |||
has_many :users | |||
validates_presence_of :name | |||
@@ -31,6 +33,14 @@ class AuthSource < ActiveRecord::Base | |||
def auth_method_name | |||
"Abstract" | |||
end | |||
def account_password | |||
read_ciphered_attribute(:account_password) | |||
end | |||
def account_password=(arg) | |||
write_ciphered_attribute(:account_password, arg) | |||
end | |||
def allow_password_changes? | |||
self.class.allow_password_changes? |
@@ -20,8 +20,8 @@ require 'iconv' | |||
class AuthSourceLdap < AuthSource | |||
validates_presence_of :host, :port, :attr_login | |||
validates_length_of :name, :host, :account_password, :maximum => 60, :allow_nil => true | |||
validates_length_of :account, :base_dn, :maximum => 255, :allow_nil => true | |||
validates_length_of :name, :host, :maximum => 60, :allow_nil => true | |||
validates_length_of :account, :account_password, :base_dn, :maximum => 255, :allow_nil => true | |||
validates_length_of :attr_login, :attr_firstname, :attr_lastname, :attr_mail, :maximum => 30, :allow_nil => true | |||
validates_numericality_of :port, :only_integer => true | |||
@@ -16,6 +16,8 @@ | |||
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. | |||
class Repository < ActiveRecord::Base | |||
include Redmine::Ciphering | |||
belongs_to :project | |||
has_many :changesets, :order => "#{Changeset.table_name}.committed_on DESC, #{Changeset.table_name}.id DESC" | |||
has_many :changes, :through => :changesets | |||
@@ -24,6 +26,7 @@ class Repository < ActiveRecord::Base | |||
# has_many :changesets, :dependent => :destroy is too slow for big repositories | |||
before_destroy :clear_changesets | |||
validates_length_of :password, :maximum => 255, :allow_nil => true | |||
# Checks if the SCM is enabled when creating a repository | |||
validate_on_create { |r| r.errors.add(:type, :invalid) unless Setting.enabled_scm.include?(r.class.name.demodulize) } | |||
@@ -36,6 +39,14 @@ class Repository < ActiveRecord::Base | |||
def root_url=(arg) | |||
write_attribute(:root_url, arg ? arg.to_s.strip : nil) | |||
end | |||
def password | |||
read_ciphered_attribute(:password) | |||
end | |||
def password=(arg) | |||
write_ciphered_attribute(:password, arg) | |||
end | |||
def scm_adapter | |||
self.class.scm_adapter_class |
@@ -124,6 +124,20 @@ default: | |||
scm_bazaar_command: | |||
scm_darcs_command: | |||
# Key used to encrypt sensitive data in the database (SCM and LDAP passwords). | |||
# If you don't want to enable data encryption, just leave it blank. | |||
# WARNING: losing/changing this key will make encrypted data unreadable. | |||
# | |||
# If you want to encrypt existing passwords in your database: | |||
# * set the cipher key here in your configuration file | |||
# * encrypt data using 'rake db:encrypt RAILS_ENV=production' | |||
# | |||
# If you have encrypted data and want to change this key, you have to: | |||
# * decrypt data using 'rake db:decrypt RAILS_ENV=production' first | |||
# * change the cipher key here in your configuration file | |||
# * encrypt data using 'rake db:encrypt RAILS_ENV=production' | |||
database_cipher_key: | |||
# specific configuration options for production environment | |||
# that overrides the default ones | |||
production: |
@@ -0,0 +1,9 @@ | |||
class ChangeRepositoriesPasswordLimit < ActiveRecord::Migration | |||
def self.up | |||
change_column :repositories, :password, :string, :limit => nil, :default => '' | |||
end | |||
def self.down | |||
change_column :repositories, :password, :string, :limit => 60, :default => '' | |||
end | |||
end |
@@ -0,0 +1,9 @@ | |||
class ChangeAuthSourcesAccountPasswordLimit < ActiveRecord::Migration | |||
def self.up | |||
change_column :auth_sources, :account_password, :string, :limit => nil, :default => '' | |||
end | |||
def self.down | |||
change_column :auth_sources, :account_password, :string, :limit => 60, :default => '' | |||
end | |||
end |
@@ -0,0 +1,95 @@ | |||
# Redmine - project management software | |||
# Copyright (C) 2006-2011 Jean-Philippe Lang | |||
# | |||
# This program is free software; you can redistribute it and/or | |||
# modify it under the terms of the GNU General Public License | |||
# as published by the Free Software Foundation; either version 2 | |||
# of the License, or (at your option) any later version. | |||
# | |||
# This program is distributed in the hope that it will be useful, | |||
# but WITHOUT ANY WARRANTY; without even the implied warranty of | |||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |||
# GNU General Public License for more details. | |||
# | |||
# You should have received a copy of the GNU General Public License | |||
# along with this program; if not, write to the Free Software | |||
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. | |||
module Redmine | |||
module Ciphering | |||
def self.included(base) | |||
base.extend ClassMethods | |||
end | |||
class << self | |||
def encrypt_text(text) | |||
if cipher_key.blank? | |||
text | |||
else | |||
c = OpenSSL::Cipher::Cipher.new("aes-256-cbc") | |||
iv = c.random_iv | |||
c.encrypt | |||
c.key = cipher_key | |||
c.iv = iv | |||
e = c.update(text.to_s) | |||
e << c.final | |||
"aes-256-cbc:" + [e, iv].map {|v| Base64.encode64(v).strip}.join('--') | |||
end | |||
end | |||
def decrypt_text(text) | |||
if text && match = text.match(/\Aaes-256-cbc:(.+)\Z/) | |||
text = match[1] | |||
c = OpenSSL::Cipher::Cipher.new("aes-256-cbc") | |||
e, iv = text.split("--").map {|s| Base64.decode64(s)} | |||
c.decrypt | |||
c.key = cipher_key | |||
c.iv = iv | |||
d = c.update(e) | |||
d << c.final | |||
else | |||
text | |||
end | |||
end | |||
def cipher_key | |||
key = Redmine::Configuration['database_cipher_key'].to_s | |||
key.blank? ? nil : Digest::SHA256.hexdigest(key) | |||
end | |||
end | |||
module ClassMethods | |||
def encrypt_all(attribute) | |||
transaction do | |||
all.each do |object| | |||
clear = object.send(attribute) | |||
object.send "#{attribute}=", clear | |||
raise(ActiveRecord::Rollback) unless object.save(false) | |||
end | |||
end ? true : false | |||
end | |||
def decrypt_all(attribute) | |||
transaction do | |||
all.each do |object| | |||
clear = object.send(attribute) | |||
object.write_attribute attribute, clear | |||
raise(ActiveRecord::Rollback) unless object.save(false) | |||
end | |||
end | |||
end ? true : false | |||
end | |||
private | |||
# Returns the value of the given ciphered attribute | |||
def read_ciphered_attribute(attribute) | |||
Redmine::Ciphering.decrypt_text(read_attribute(attribute)) | |||
end | |||
# Sets the value of the given ciphered attribute | |||
def write_ciphered_attribute(attribute, value) | |||
write_attribute(attribute, Redmine::Ciphering.encrypt_text(value)) | |||
end | |||
end | |||
end |
@@ -0,0 +1,35 @@ | |||
# Redmine - project management software | |||
# Copyright (C) 2006-2011 Jean-Philippe Lang | |||
# | |||
# This program is free software; you can redistribute it and/or | |||
# modify it under the terms of the GNU General Public License | |||
# as published by the Free Software Foundation; either version 2 | |||
# of the License, or (at your option) any later version. | |||
# | |||
# This program is distributed in the hope that it will be useful, | |||
# but WITHOUT ANY WARRANTY; without even the implied warranty of | |||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |||
# GNU General Public License for more details. | |||
# | |||
# You should have received a copy of the GNU General Public License | |||
# along with this program; if not, write to the Free Software | |||
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. | |||
namespace :db do | |||
desc 'Encrypts SCM and LDAP passwords in the database.' | |||
task :encrypt => :environment do | |||
unless (Repository.encrypt_all(:password) && | |||
AuthSource.encrypt_all(:account_password)) | |||
raise "Some objects could not be saved after encryption, update was rollback'ed." | |||
end | |||
end | |||
desc 'Decrypts SCM and LDAP passwords in the database.' | |||
task :decrypt => :environment do | |||
unless (Repository.decrypt_all(:password) && | |||
AuthSource.decrypt_all(:account_password)) | |||
raise "Some objects could not be saved after decryption, update was rollback'ed." | |||
end | |||
end | |||
end |
@@ -0,0 +1,84 @@ | |||
# Redmine - project management software | |||
# Copyright (C) 2006-2011 Jean-Philippe Lang | |||
# | |||
# This program is free software; you can redistribute it and/or | |||
# modify it under the terms of the GNU General Public License | |||
# as published by the Free Software Foundation; either version 2 | |||
# of the License, or (at your option) any later version. | |||
# | |||
# This program is distributed in the hope that it will be useful, | |||
# but WITHOUT ANY WARRANTY; without even the implied warranty of | |||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |||
# GNU General Public License for more details. | |||
# | |||
# You should have received a copy of the GNU General Public License | |||
# along with this program; if not, write to the Free Software | |||
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. | |||
require File.expand_path('../../../../test_helper', __FILE__) | |||
class Redmine::CipheringTest < ActiveSupport::TestCase | |||
def test_password_should_be_encrypted | |||
Redmine::Configuration.with 'database_cipher_key' => 'secret' do | |||
r = Repository::Subversion.generate!(:password => 'foo') | |||
assert_equal 'foo', r.password | |||
assert r.read_attribute(:password).match(/\Aaes-256-cbc:.+\Z/) | |||
end | |||
end | |||
def test_password_should_be_clear_with_blank_key | |||
Redmine::Configuration.with 'database_cipher_key' => '' do | |||
r = Repository::Subversion.generate!(:password => 'foo') | |||
assert_equal 'foo', r.password | |||
assert_equal 'foo', r.read_attribute(:password) | |||
end | |||
end | |||
def test_password_should_be_clear_with_nil_key | |||
Redmine::Configuration.with 'database_cipher_key' => nil do | |||
r = Repository::Subversion.generate!(:password => 'foo') | |||
assert_equal 'foo', r.password | |||
assert_equal 'foo', r.read_attribute(:password) | |||
end | |||
end | |||
def test_unciphered_password_should_be_readable | |||
Redmine::Configuration.with 'database_cipher_key' => nil do | |||
r = Repository::Subversion.generate!(:password => 'clear') | |||
end | |||
Redmine::Configuration.with 'database_cipher_key' => 'secret' do | |||
r = Repository.first(:order => 'id DESC') | |||
assert_equal 'clear', r.password | |||
end | |||
end | |||
def test_encrypt_all | |||
Repository.delete_all | |||
Redmine::Configuration.with 'database_cipher_key' => nil do | |||
Repository::Subversion.generate!(:password => 'foo') | |||
Repository::Subversion.generate!(:password => 'bar') | |||
end | |||
Redmine::Configuration.with 'database_cipher_key' => 'secret' do | |||
assert Repository.encrypt_all(:password) | |||
r = Repository.first(:order => 'id DESC') | |||
assert_equal 'bar', r.password | |||
assert r.read_attribute(:password).match(/\Aaes-256-cbc:.+\Z/) | |||
end | |||
end | |||
def test_decrypt_all | |||
Repository.delete_all | |||
Redmine::Configuration.with 'database_cipher_key' => 'secret' do | |||
Repository::Subversion.generate!(:password => 'foo') | |||
Repository::Subversion.generate!(:password => 'bar') | |||
assert Repository.decrypt_all(:password) | |||
r = Repository.first(:order => 'id DESC') | |||
assert_equal 'bar', r.password | |||
assert_equal 'bar', r.read_attribute(:password) | |||
end | |||
end | |||
end |