Save any ObfuscatedText as encrypted

inverse-inc · Oct 2, 2024 · 482f9f9 · 482f9f9
1 parent 6ff775a
commit 482f9f9
Show file tree

Hide file tree

Showing 3 changed files with 24 additions and 0 deletions.
diff --git a/html/pfappserver/lib/pfappserver/Form/Field/ObfuscatedText.pm b/html/pfappserver/lib/pfappserver/Form/Field/ObfuscatedText.pm
@@ -15,8 +15,11 @@ extends 'HTML::FormHandler::Field::Text';
 
 use pf::util;
 use namespace::autoclean;
+use pf::config::crypt;
 
 has '+type_attr'        => ( default => 'password' );
+has '+inflate_default_method'=> ( default => sub { \&inflate } );
+has '+deflate_value_method'=> ( default => sub { \&deflate } );
 
 sub BUILD {
     my ($self, @args) = @_;
@@ -42,6 +45,19 @@ sub element_attributes {
     return $attr;
 }
 
+
+sub deflate {
+    my ($self, $value ) = @_;
+    $value = pf::config::crypt::pf_encrypt($value);
+    return $value;
+}
+
+sub inflate {
+    my ($self, $value ) = @_;
+    $value = pf::config::crypt::pf_decrypt($value);
+    return $value;
+}
+
 =head1 COPYRIGHT
 
 Copyright (C) 2005-2024 Inverse inc.

diff --git a/lib/pf/config/crypt.pm b/lib/pf/config/crypt.pm
@@ -80,6 +80,10 @@ sub decode_tags {
 
 sub pf_encrypt {
     my ($text) = @_;
+    if (rindex($text, $PREFIX, 0) == 0) {
+        return $text;
+    }
+
     my $iv = random_bytes(12);
     my $ad = '';
     my ($ciphertext, $tag) = gcm_encrypt_authenticate('AES', $DERIVED_KEY, $iv, $ad, $text);
@@ -88,6 +92,9 @@ sub pf_encrypt {
 
 sub pf_decrypt {
     my ($data) = @_;
+    if (rindex($data, $PREFIX, 0) != 0) {
+        return $data;
+    }
     my $tags = decode_tags($data);
     return gcm_decrypt_verify('AES', $DERIVED_KEY, $tags->{iv}, $tags->{ad}, $tags->{data}, $tags->{tag});
 }

diff --git a/lib/pfconfig/cached.pm b/lib/pfconfig/cached.pm
@@ -39,6 +39,7 @@ use Sereal::Decoder qw(sereal_decode_with_object);
 use Time::HiRes qw(stat time);
 use pf::Sereal qw($DECODER);
 use pfconfig::config;
+use pf::config::crypt::object;
 use bytes;
 
 our $LAST_TOUCH_CACHE = 0;