pkp#9895 added app key check and add in upgrade process

touhidurabir · May 3, 2024 · 635822e · 635822e
1 parent 122bc15
commit 635822e
Show file tree

Hide file tree

Showing 5 changed files with 62 additions and 4 deletions.
diff --git a/classes/cliTool/UpgradeTool.php b/classes/cliTool/UpgradeTool.php
@@ -20,6 +20,7 @@
 
 use APP\core\Application;
 use APP\install\Upgrade;
+use PKP\core\PKPAppKey;
 use PKP\site\VersionCheck;
 
 Application::upgrade();
@@ -75,6 +76,7 @@ public function execute()
     public function check()
     {
         $this->checkVersion(VersionCheck::getLatestVersion());
+        $this->checkForAppKey();
     }
 
     /**
@@ -209,6 +211,21 @@ public function checkVersion($versionInfo, $displayInfo = false)
         return $compare1;
     }
 
+    /**
+     * Check the existence of `app_key` variable in config file and print warning message if not found
+     */
+    public function checkForAppKey(): void
+    {
+        // if the app key variable `app_key` set in the config, nothing to do
+        if (PKPAppKey::hasKeyVariable()) {
+            return;
+        }
+
+        printf("\n\e[;43mWARNING: It is noticed that there is not `app_key` variable defined in the `general` section of the config file which is necessary to cookie and other encryption purpose.\nWe suggest add the following line in the `general` section of config file.\e[0m\n\n");
+
+        printf("\e[;44mapp_key = \e[0m\n");
+    }
+
     /**
      * Prompt user for yes/no input (default no).
      *

diff --git a/classes/core/Dispatcher.php b/classes/core/Dispatcher.php
@@ -185,9 +185,15 @@ public function initSession(): void
         (new \Illuminate\Pipeline\Pipeline(PKPContainer::getInstance()))
             ->send($illuminateRequest)
             ->through(
-                \PKP\middleware\PKPEncryptCookies::class,
-                \Illuminate\Session\Middleware\StartSession::class,
-                \PKP\middleware\PKPAuthenticateSession::class,
+                app()->has('encrypter')
+                    ? [
+                        \PKP\middleware\PKPEncryptCookies::class,
+                        \Illuminate\Session\Middleware\StartSession::class,
+                        \PKP\middleware\PKPAuthenticateSession::class,
+                    ] : [
+                        \Illuminate\Session\Middleware\StartSession::class,
+                        \PKP\middleware\PKPAuthenticateSession::class,
+                    ]
             )
             ->via('handle')
             ->then(function (\Illuminate\Http\Request $request) {

diff --git a/classes/core/PKPEncryptionServiceProvider.php b/classes/core/PKPEncryptionServiceProvider.php
@@ -30,6 +30,11 @@ protected function registerEncrypter()
             return;
         }
 
+        // if no app key set, the encrypter can not be registered
+        if (!PKPAppKey::hasKey()) {
+            return;
+        }
+
         parent::registerEncrypter();
     }
 }
diff --git a/classes/core/PKPSessionGuard.php b/classes/core/PKPSessionGuard.php
@@ -223,7 +223,7 @@ public function updateSessionCookieToResponse(Session $session = null): void
         // update response header cookie values in formar [name=value]
         $response->headers->set('cookie', $headerCookies);
 
-        if ($config['cookie_encryption']) {
+        if ($config['cookie_encryption'] && app()->has('encrypter')) {
             $pkpEncryptCookies = app()->make(\PKP\middleware\PKPEncryptCookies::class); /** @var \PKP\middleware\PKPEncryptCookies $pkpEncryptCookies */
             $pkpEncryptCookies->encrypt($response);
         }

diff --git a/classes/install/Installer.php b/classes/install/Installer.php
@@ -24,6 +24,7 @@
 use PKP\cache\CacheManager;
 use PKP\config\Config;
 use PKP\core\Core;
+use PKP\core\PKPAppKey;
 use PKP\core\PKPApplication;
 use PKP\core\PKPContainer;
 use PKP\db\DAORegistry;
@@ -41,6 +42,7 @@
 use PKP\site\VersionDAO;
 use PKP\xml\PKPXMLParser;
 use PKP\xml\XMLNode;
+use Throwable;
 
 class Installer
 {
@@ -1008,6 +1010,34 @@ public function checkPhpVersion()
         $this->setError(self::INSTALLER_ERROR_GENERAL, 'installer.unsupportedPhpError');
         return false;
     }
+
+    /**
+     * Add the app key if not already set
+     *
+     * @return bool Success/failure
+     */
+    public function addAppKey()
+    {
+        // if APP KEY already exists, nothing to do
+        if (PKPAppKey::hasKey()) {
+            return true;
+        }
+
+        // will set an error if app key variable not set
+        // but will not halt the process
+        if (!PKPAppKey::hasKeyVariable()) {
+            error_log("No key variable named `app_key` defined in the `general` section of config file. Please update the config file's general section and add line `app_key = `");
+            return true;
+        }
+
+        try {
+            PKPAppKey::writeToConfig(PKPAppKey::generate());
+        } catch (Throwable $exception) {
+            error_log($exception->getMessage());
+        } finally {
+            return true;
+        }
+    }
 }
 
 if (!PKP_STRICT_MODE) {