From f300a7d3631c07618dd8a46b366288cc6680cd45 Mon Sep 17 00:00:00 2001 From: Marcel de Rooy Date: Fri, 22 Apr 2022 08:04:51 +0000 Subject: [PATCH] Bug 28998: (follow-up) Check missing encryption key in script and module Script prints a warning. Module raises an exception. Unit test added. Test plan: Run t/db_dependent/Koha/Encryption.t Run t/db_dependent/Koha/Auth/TwoFactorAuth.t Remove entry and check script. Signed-off-by: Marcel de Rooy Signed-off-by: Martin Renvoize Signed-off-by: Fridolin Somers --- Koha/Encryption.pm | 5 +++++ members/two_factor_auth.pl | 3 +++ t/db_dependent/Koha/Auth/TwoFactorAuth.t | 2 ++ t/db_dependent/Koha/Encryption.t | 9 +++++++-- 4 files changed, 17 insertions(+), 2 deletions(-) diff --git a/Koha/Encryption.pm b/Koha/Encryption.pm index aaa9125bca..15cd125dbe 100644 --- a/Koha/Encryption.pm +++ b/Koha/Encryption.pm @@ -21,6 +21,8 @@ use Modern::Perl; use base qw( Crypt::CBC ); +use Koha::Exceptions; + =head1 NAME Koha::Encryption - Koha class to encrypt or decrypt strings @@ -52,6 +54,9 @@ It's based on Crypt::CBC sub new { my ( $class ) = @_; my $key = C4::Context->config('encryption_key'); + if( !$key ) { + Koha::Exceptions::MissingParameter->throw('No encryption_key in koha-conf.xml'); + } return $class->SUPER::new( -key => $key, -cipher => 'Cipher::AES' diff --git a/members/two_factor_auth.pl b/members/two_factor_auth.pl index 1a8484982b..14040dc1ec 100755 --- a/members/two_factor_auth.pl +++ b/members/two_factor_auth.pl @@ -42,6 +42,9 @@ unless ( C4::Context->preference('TwoFactorAuthentication') ) { exit; } +output_and_exit( $cgi, $cookie, $template, 'Entry encryption_key is missing in koha-conf.xml' ) + if !C4::Context->config('encryption_key'); + my $logged_in_user = Koha::Patrons->find($loggedinuser); my $op = $cgi->param('op') // ''; diff --git a/t/db_dependent/Koha/Auth/TwoFactorAuth.t b/t/db_dependent/Koha/Auth/TwoFactorAuth.t index 051c41154c..7dd1a9d2d0 100755 --- a/t/db_dependent/Koha/Auth/TwoFactorAuth.t +++ b/t/db_dependent/Koha/Auth/TwoFactorAuth.t @@ -22,6 +22,7 @@ subtest 'new' => sub { $schema->storage->txn_begin; t::lib::Mocks::mock_preference('TwoFactorAuthentication', 1); + t::lib::Mocks::mock_config('encryption_key', 'bad_example'); # Trivial test: no patron, no object throws_ok { Koha::Auth::TwoFactorAuth->new; } @@ -63,6 +64,7 @@ subtest 'qr_code' => sub { $schema->storage->txn_begin; t::lib::Mocks::mock_preference('TwoFactorAuthentication', 1); + t::lib::Mocks::mock_config('encryption_key', 'bad_example'); my $patron = $builder->build_object({ class => 'Koha::Patrons' }); $patron->encode_secret('you2wont2guess2it'); # this is base32 btw $patron->auth_method('two-factor'); diff --git a/t/db_dependent/Koha/Encryption.t b/t/db_dependent/Koha/Encryption.t index 52373ffaf7..cc133c79c0 100755 --- a/t/db_dependent/Koha/Encryption.t +++ b/t/db_dependent/Koha/Encryption.t @@ -1,8 +1,9 @@ use Modern::Perl; -use Test::More tests => 1; -use Koha::Encryption; +use Test::More tests => 2; +use Test::Exception; use t::lib::Mocks; +use Koha::Encryption; t::lib::Mocks::mock_config('encryption_key', 'my secret passphrase'); @@ -11,3 +12,7 @@ my $string = 'a string to encrypt'; my $crypt = Koha::Encryption->new; my $encrypted_string = $crypt->encrypt_hex($string); is( $crypt->decrypt_hex($encrypted_string), $string, 'Decrypted to original text' ); + +# Check if exception raised when key is empty or missing +t::lib::Mocks::mock_config('encryption_key', ''); +throws_ok { $crypt = Koha::Encryption->new } 'Koha::Exceptions::MissingParameter', 'Exception raised'; -- 2.39.5