From 748611f2f6404a097c73dd181b158ac41c18a70d Mon Sep 17 00:00:00 2001 From: Jonathan Druart Date: Wed, 7 Jun 2023 09:30:15 +0200 Subject: [PATCH] Bug 33934: Add more detail to 'No encryption_key in koha-conf.xml' If encryption_key is not set in $KOHA_CONF we are raising an exception. This key was only needed for a couple of feature, but now we are using Koha::Encryption from the update DB process, and so the upgrade fails with no more info than 'No encryption_key in koha-conf.xml'. We need to provide more detail in this error. Additionally we reject "__ENCRYPTION_KEY__", in case people will simple copy/paste that Test plan: Apply the patch Edit $KOHA_CONf, remove the encryption_key entry (or blank) restart_all Go to the about page and enable 2FA => warning on the about page, and 500 server-side are displaying more info about how to generate the missing entry Edit $KOHA_CONF and set the value to __ENCRYPTION_KEY__ restart_all => Same messages Edit $KOHA_CONF and set a correct value restart_all => No error, everything is working correctly Signed-off-by: David Nind Signed-off-by: Martin Renvoize Signed-off-by: Tomas Cohen Arazi (cherry picked from commit d7288411f00e3afd2a0284193ce7742545d88266) Signed-off-by: Matt Blenkinsop --- Koha/Encryption.pm | 10 ++++++---- about.pl | 3 ++- 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/Koha/Encryption.pm b/Koha/Encryption.pm index 8dbeddf1b7..faa7dbb3f8 100644 --- a/Koha/Encryption.pm +++ b/Koha/Encryption.pm @@ -54,12 +54,14 @@ It's based on Crypt::CBC sub new { my ( $class ) = @_; - my $key = C4::Context->config('encryption_key'); - if( !$key ) { - Koha::Exceptions::MissingParameter->throw('No encryption_key in koha-conf.xml'); + my $encryption_key = C4::Context->config('encryption_key'); + if ( !$encryption_key || $encryption_key eq '__ENCRYPTION_KEY__') { + Koha::Exceptions::MissingParameter->throw( + q{No encryption_key in koha-conf.xml. Please generate a key. We recommend one of at least 32 bytes. (You might use 'pwgen 32' to do so.)} + ); } return $class->SUPER::new( - -key => $key, + -key => $encryption_key, -cipher => 'Cipher::AES' ); } diff --git a/about.pl b/about.pl index 1ea72954e9..151f69f449 100755 --- a/about.pl +++ b/about.pl @@ -280,7 +280,8 @@ if ( ! C4::Context->config('tmp_path') ) { } } -if( ! C4::Context->config('encryption_key') ) { +my $encryption_key = C4::Context->config('encryption_key'); +if ( !$encryption_key || $encryption_key eq '__ENCRYPTION_KEY__') { push @xml_config_warnings, { error => 'encryption_key_missing' }; } -- 2.39.2