Skip to content

Commit d4f89cd

Browse files
committed
Add password encryption migration
Issue: documentacao-e-tarefas/desenvolvimento_e_infra#1073 Signed-off-by: Thiago Brasil <thiago@lepidus.com.br>
1 parent 31612a8 commit d4f89cd

2 files changed

Lines changed: 87 additions & 0 deletions

File tree

Lines changed: 81 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,81 @@
1+
<?php
2+
3+
namespace APP\plugins\generic\thoth\classes\migrations;
4+
5+
use Illuminate\Database\Migrations\Migration;
6+
use Illuminate\Support\Facades\DB;
7+
use APP\plugins\generic\thoth\classes\encryption\DataEncryption;
8+
9+
class PasswordEncryptionMigration extends Migration
10+
{
11+
public function up(): void
12+
{
13+
$encrypter = new DataEncryption();
14+
if (!$encrypter->secretConfigExists()) {
15+
return;
16+
}
17+
18+
DB::table('plugin_settings')
19+
->where('plugin_name', 'thothplugin')
20+
->where('setting_name', 'password')
21+
->get(['context_id', 'setting_value'])
22+
->each(function ($row) use ($encrypter) {
23+
if (empty($row->setting_value) || $encrypter->textIsEncrypted($row->setting_value)) {
24+
return;
25+
}
26+
27+
if ($this->isJWT($row->setting_value)) {
28+
$decodedPayload = $this->decodeJWT($row->setting_value);
29+
if ($decodedPayload !== null) {
30+
$row->setting_value = json_decode($decodedPayload);
31+
}
32+
}
33+
34+
$encryptedValue = $encrypter->encryptString($row->setting_value);
35+
DB::table('plugin_settings')
36+
->where('plugin_name', 'thothplugin')
37+
->where('context_id', $row->context_id)
38+
->where('setting_name', 'password')
39+
->update(['setting_value' => $encryptedValue]);
40+
});
41+
}
42+
43+
public function base64URLDecode($data)
44+
{
45+
$remainder = strlen($data) % 4;
46+
if ($remainder) {
47+
$padlen = 4 - $remainder;
48+
$data .= str_repeat('=', $padlen);
49+
}
50+
$data = strtr($data, '-_', '+/');
51+
return base64_decode($data);
52+
}
53+
54+
public function isJWT(string $token): bool
55+
{
56+
$parts = explode('.', $token);
57+
if (count($parts) !== 3) {
58+
return false;
59+
}
60+
61+
foreach ($parts as $part) {
62+
if (!preg_match('/^[A-Za-z0-9\-_]+$/', $part)) {
63+
return false;
64+
}
65+
}
66+
67+
[$header, $payload, $signature] = $parts;
68+
if ($this->base64URLDecode($header) === false || $this->base64URLDecode($payload) === false) {
69+
return false;
70+
}
71+
72+
return true;
73+
}
74+
75+
public function decodeJWT($string): ?string
76+
{
77+
list($header, $payload, $signature) = explode('.', $string);
78+
$decodedPayload = $this->base64URLDecode($payload);
79+
return $decodedPayload ? $decodedPayload : null;
80+
}
81+
}

upgrade.xml

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,6 @@
1+
<?xml version="1.0" encoding="UTF-8"?>
2+
<!DOCTYPE install SYSTEM "../../../lib/pkp/dtd/install.dtd">
3+
4+
<install version="0.2.7.0">
5+
<migration class="APP\plugins\generic\thoth\classes\migrations\PasswordEncryptionMigration" />
6+
</install>

0 commit comments

Comments
 (0)