git.koha-community.org Git - koha.git/commit

author	Tomas Cohen Arazi <tomascohen@theke.io>
	Thu, 26 Aug 2021 23:24:43 +0000 (20:24 -0300)
committer	Victor Grousset/tuxayo <victor@tuxayo.net>
	Mon, 20 Sep 2021 13:50:49 +0000 (15:50 +0200)
commit	756db146b0571e41fb59c3a3e59736e4cd6c55eb
tree	d09c261597d139ba5817cc8ac3281ce1abf75868	tree \| snapshot
parent	7291d381d52192782af78ae2da1374bde19922c1	commit \| diff

Bug 28772: Make Koha::ApiKey->store encrypt the secret

This patch refactors the Koha::ApiKey class so:
- It encrypts the generated secret
- Allows accessing the plain text secret only immediately after the key
  creation (this implies that it won't be accessible if the key is
  fetched from the DB).
- It implements an allow list for attributes, that are not read only.
  Changing any other of them will make ->store throw an exception.
- A method for validating plain text secrets against the encrypted one
  is added.
- A method for accessing the plain text secret is added. Returns undef
  if the object is not 'fresh'.

To test:
1. Apply this patch
2. Run:
   $ kshell
  k$ prove t/db_dependent/Koha/ApiKey.t
=> SUCCESS: Tests pass! Expected behavior is confirmed
3. Sign off :-D

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Wainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
(cherry picked from commit aebe7f2e3377755b601bd9f155e28416fb3475e9)
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>

Koha/ApiKey.pm		diff \| blob \| history
t/db_dependent/Koha/ApiKey.t	[new file with mode: 0755]	blob
t/db_dependent/Koha/ApiKeys.t	[deleted file]	blob \| history