From 635822ebd78a07261023a100eb7cb6264da22e38 Mon Sep 17 00:00:00 2001 From: Touhidur Rahman Date: Fri, 3 May 2024 19:37:56 +0600 Subject: [PATCH] pkp/pkp-lib#9895 added app key check and add in upgrade process --- classes/cliTool/UpgradeTool.php | 17 +++++++++++ classes/core/Dispatcher.php | 12 ++++++-- classes/core/PKPEncryptionServiceProvider.php | 5 ++++ classes/core/PKPSessionGuard.php | 2 +- classes/install/Installer.php | 30 +++++++++++++++++++ 5 files changed, 62 insertions(+), 4 deletions(-) diff --git a/classes/cliTool/UpgradeTool.php b/classes/cliTool/UpgradeTool.php index 207d9fdb392..f3251ecdb5b 100644 --- a/classes/cliTool/UpgradeTool.php +++ b/classes/cliTool/UpgradeTool.php @@ -20,6 +20,7 @@ use APP\core\Application; use APP\install\Upgrade; +use PKP\core\PKPAppKey; use PKP\site\VersionCheck; Application::upgrade(); @@ -75,6 +76,7 @@ public function execute() public function check() { $this->checkVersion(VersionCheck::getLatestVersion()); + $this->checkForAppKey(); } /** @@ -209,6 +211,21 @@ public function checkVersion($versionInfo, $displayInfo = false) return $compare1; } + /** + * Check the existence of `app_key` variable in config file and print warning message if not found + */ + public function checkForAppKey(): void + { + // if the app key variable `app_key` set in the config, nothing to do + if (PKPAppKey::hasKeyVariable()) { + return; + } + + printf("\n\e[;43mWARNING: It is noticed that there is not `app_key` variable defined in the `general` section of the config file which is necessary to cookie and other encryption purpose.\nWe suggest add the following line in the `general` section of config file.\e[0m\n\n"); + + printf("\e[;44mapp_key = \e[0m\n"); + } + /** * Prompt user for yes/no input (default no). * diff --git a/classes/core/Dispatcher.php b/classes/core/Dispatcher.php index bd75f322114..399ff3798a5 100644 --- a/classes/core/Dispatcher.php +++ b/classes/core/Dispatcher.php @@ -185,9 +185,15 @@ public function initSession(): void (new \Illuminate\Pipeline\Pipeline(PKPContainer::getInstance())) ->send($illuminateRequest) ->through( - \PKP\middleware\PKPEncryptCookies::class, - \Illuminate\Session\Middleware\StartSession::class, - \PKP\middleware\PKPAuthenticateSession::class, + app()->has('encrypter') + ? [ + \PKP\middleware\PKPEncryptCookies::class, + \Illuminate\Session\Middleware\StartSession::class, + \PKP\middleware\PKPAuthenticateSession::class, + ] : [ + \Illuminate\Session\Middleware\StartSession::class, + \PKP\middleware\PKPAuthenticateSession::class, + ] ) ->via('handle') ->then(function (\Illuminate\Http\Request $request) { diff --git a/classes/core/PKPEncryptionServiceProvider.php b/classes/core/PKPEncryptionServiceProvider.php index 5e1e7d37e1d..3604d4e06ad 100644 --- a/classes/core/PKPEncryptionServiceProvider.php +++ b/classes/core/PKPEncryptionServiceProvider.php @@ -30,6 +30,11 @@ protected function registerEncrypter() return; } + // if no app key set, the encrypter can not be registered + if (!PKPAppKey::hasKey()) { + return; + } + parent::registerEncrypter(); } } diff --git a/classes/core/PKPSessionGuard.php b/classes/core/PKPSessionGuard.php index f5d92d69926..192419350a1 100644 --- a/classes/core/PKPSessionGuard.php +++ b/classes/core/PKPSessionGuard.php @@ -223,7 +223,7 @@ public function updateSessionCookieToResponse(Session $session = null): void // update response header cookie values in formar [name=value] $response->headers->set('cookie', $headerCookies); - if ($config['cookie_encryption']) { + if ($config['cookie_encryption'] && app()->has('encrypter')) { $pkpEncryptCookies = app()->make(\PKP\middleware\PKPEncryptCookies::class); /** @var \PKP\middleware\PKPEncryptCookies $pkpEncryptCookies */ $pkpEncryptCookies->encrypt($response); } diff --git a/classes/install/Installer.php b/classes/install/Installer.php index 24793938f5a..a8303d2b37c 100644 --- a/classes/install/Installer.php +++ b/classes/install/Installer.php @@ -24,6 +24,7 @@ use PKP\cache\CacheManager; use PKP\config\Config; use PKP\core\Core; +use PKP\core\PKPAppKey; use PKP\core\PKPApplication; use PKP\core\PKPContainer; use PKP\db\DAORegistry; @@ -41,6 +42,7 @@ use PKP\site\VersionDAO; use PKP\xml\PKPXMLParser; use PKP\xml\XMLNode; +use Throwable; class Installer { @@ -1008,6 +1010,34 @@ public function checkPhpVersion() $this->setError(self::INSTALLER_ERROR_GENERAL, 'installer.unsupportedPhpError'); return false; } + + /** + * Add the app key if not already set + * + * @return bool Success/failure + */ + public function addAppKey() + { + // if APP KEY already exists, nothing to do + if (PKPAppKey::hasKey()) { + return true; + } + + // will set an error if app key variable not set + // but will not halt the process + if (!PKPAppKey::hasKeyVariable()) { + error_log("No key variable named `app_key` defined in the `general` section of config file. Please update the config file's general section and add line `app_key = `"); + return true; + } + + try { + PKPAppKey::writeToConfig(PKPAppKey::generate()); + } catch (Throwable $exception) { + error_log($exception->getMessage()); + } finally { + return true; + } + } } if (!PKP_STRICT_MODE) {