Mercurial > hg > soundsoftware-site
comparison lib/redmine/ciphering.rb @ 909:cbb26bc654de redmine-1.3
Update to Redmine 1.3-stable branch (Redmine SVN rev 8964)
| author | Chris Cannam |
|---|---|
| date | Fri, 24 Feb 2012 19:09:32 +0000 |
| parents | 051f544170fe |
| children | 433d4f72a19b |
comparison
equal
deleted
inserted
replaced
| 908:c6c2cbd0afee | 909:cbb26bc654de |
|---|---|
| 15 # along with this program; if not, write to the Free Software | 15 # along with this program; if not, write to the Free Software |
| 16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. | 16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. |
| 17 | 17 |
| 18 module Redmine | 18 module Redmine |
| 19 module Ciphering | 19 module Ciphering |
| 20 def self.included(base) | 20 def self.included(base) |
| 21 base.extend ClassMethods | 21 base.extend ClassMethods |
| 22 end | 22 end |
| 23 | 23 |
| 24 class << self | 24 class << self |
| 25 def encrypt_text(text) | 25 def encrypt_text(text) |
| 26 if cipher_key.blank? | 26 if cipher_key.blank? || text.blank? |
| 27 text | 27 text |
| 28 else | 28 else |
| 29 c = OpenSSL::Cipher::Cipher.new("aes-256-cbc") | 29 c = OpenSSL::Cipher::Cipher.new("aes-256-cbc") |
| 30 iv = c.random_iv | 30 iv = c.random_iv |
| 31 c.encrypt | 31 c.encrypt |
| 34 e = c.update(text.to_s) | 34 e = c.update(text.to_s) |
| 35 e << c.final | 35 e << c.final |
| 36 "aes-256-cbc:" + [e, iv].map {|v| Base64.encode64(v).strip}.join('--') | 36 "aes-256-cbc:" + [e, iv].map {|v| Base64.encode64(v).strip}.join('--') |
| 37 end | 37 end |
| 38 end | 38 end |
| 39 | 39 |
| 40 def decrypt_text(text) | 40 def decrypt_text(text) |
| 41 if text && match = text.match(/\Aaes-256-cbc:(.+)\Z/) | 41 if text && match = text.match(/\Aaes-256-cbc:(.+)\Z/) |
| 42 if cipher_key.blank? | |
| 43 logger.error "Attempt to decrypt a ciphered text with no cipher key configured in config/configuration.yml" if logger | |
| 44 return text | |
| 45 end | |
| 42 text = match[1] | 46 text = match[1] |
| 43 c = OpenSSL::Cipher::Cipher.new("aes-256-cbc") | 47 c = OpenSSL::Cipher::Cipher.new("aes-256-cbc") |
| 44 e, iv = text.split("--").map {|s| Base64.decode64(s)} | 48 e, iv = text.split("--").map {|s| Base64.decode64(s)} |
| 45 c.decrypt | 49 c.decrypt |
| 46 c.key = cipher_key | 50 c.key = cipher_key |
| 49 d << c.final | 53 d << c.final |
| 50 else | 54 else |
| 51 text | 55 text |
| 52 end | 56 end |
| 53 end | 57 end |
| 54 | 58 |
| 55 def cipher_key | 59 def cipher_key |
| 56 key = Redmine::Configuration['database_cipher_key'].to_s | 60 key = Redmine::Configuration['database_cipher_key'].to_s |
| 57 key.blank? ? nil : Digest::SHA256.hexdigest(key) | 61 key.blank? ? nil : Digest::SHA256.hexdigest(key) |
| 58 end | 62 end |
| 63 | |
| 64 def logger | |
| 65 Rails.logger | |
| 66 end | |
| 59 end | 67 end |
| 60 | 68 |
| 61 module ClassMethods | 69 module ClassMethods |
| 62 def encrypt_all(attribute) | 70 def encrypt_all(attribute) |
| 63 transaction do | 71 transaction do |
| 64 all.each do |object| | 72 all.each do |object| |
| 65 clear = object.send(attribute) | 73 clear = object.send(attribute) |
| 66 object.send "#{attribute}=", clear | 74 object.send "#{attribute}=", clear |
| 67 raise(ActiveRecord::Rollback) unless object.save(false) | 75 raise(ActiveRecord::Rollback) unless object.save(false) |
| 68 end | 76 end |
| 69 end ? true : false | 77 end ? true : false |
| 70 end | 78 end |
| 71 | 79 |
| 72 def decrypt_all(attribute) | 80 def decrypt_all(attribute) |
| 73 transaction do | 81 transaction do |
| 74 all.each do |object| | 82 all.each do |object| |
| 75 clear = object.send(attribute) | 83 clear = object.send(attribute) |
| 76 object.write_attribute attribute, clear | 84 object.write_attribute attribute, clear |
| 77 raise(ActiveRecord::Rollback) unless object.save(false) | 85 raise(ActiveRecord::Rollback) unless object.save(false) |
| 78 end | 86 end |
| 79 end | 87 end |
| 80 end ? true : false | 88 end ? true : false |
| 81 end | 89 end |
| 82 | 90 |
| 83 private | 91 private |
| 84 | 92 |
| 85 # Returns the value of the given ciphered attribute | 93 # Returns the value of the given ciphered attribute |
| 86 def read_ciphered_attribute(attribute) | 94 def read_ciphered_attribute(attribute) |
| 87 Redmine::Ciphering.decrypt_text(read_attribute(attribute)) | 95 Redmine::Ciphering.decrypt_text(read_attribute(attribute)) |
| 88 end | 96 end |
| 89 | 97 |
| 90 # Sets the value of the given ciphered attribute | 98 # Sets the value of the given ciphered attribute |
| 91 def write_ciphered_attribute(attribute, value) | 99 def write_ciphered_attribute(attribute, value) |
| 92 write_attribute(attribute, Redmine::Ciphering.encrypt_text(value)) | 100 write_attribute(attribute, Redmine::Ciphering.encrypt_text(value)) |
| 93 end | 101 end |
| 94 end | 102 end |