diogo/symfony
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

bug #34275 [FrameworkBundle] allow using secrets when the sodium ext is missing (nicolas-grekas)

Browse Source 
This PR was merged into the 4.4 branch.

Discussion
----------

[FrameworkBundle] allow using secrets when the sodium ext is missing

| Q             | A
| ------------- | ---
| Branch?       | 4.4
| Bug fix?      | yes
| New feature?  | no
| Deprecations? | no
| Tickets       | -
| License       | MIT
| Doc PR        | -

When all secrets are defined as env vars, there is no need for the sodium vault, yet it chokes on instantiation currently.

Commits
-------

326284ae95 [FrameworkBundle] allow using secrets when the sodium ext is missing
This commit is contained in:
Nicolas Grekas 2019-11-07 13:04:15 +01:00
commit 9a2043769e
1 changed files with 12 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
src/Symfony/Bundle/FrameworkBundle/Secrets/SodiumVault.php
View File

@ -30,10 +30,6 @@ class SodiumVault extends AbstractVault
*/
public function __construct(string $secretsDir, $decryptionKey = null)
{
if (!\function_exists('sodium_crypto_box_seal')) {
throw new \LogicException('The "sodium" PHP extension is required to deal with secrets. Alternatively, try running "composer require paragonie/sodium_compat" if you cannot enable the extension."');
}
if (null !== $decryptionKey && !\is_string($decryptionKey) && !(\is_object($decryptionKey) && method_exists($decryptionKey, '__toString'))) {
throw new \TypeError(sprintf('Decryption key should be a string or an object that implements the __toString() method, %s given.', \gettype($decryptionKey)));
}
@ -107,16 +103,22 @@ class SodiumVault extends AbstractVault
return null;
}
if (!\function_exists('sodium_crypto_box_seal')) {
$this->lastMessage = sprintf('Secret "%s" cannot be revealed as the "sodium" PHP extension missing. Try running "composer require paragonie/sodium_compat" if you cannot enable the extension."', $name);
return null;
}
$this->loadKeys();
if ('' === $this->decryptionKey) {
$this->lastMessage = sprintf('Secrets cannot be revealed as no decryption key was found in "%s".', $this->getPrettyPath(\dirname($this->pathPrefix).\DIRECTORY_SEPARATOR));
$this->lastMessage = sprintf('Secret "%s" cannot be revealed as no decryption key was found in "%s".', $name, $this->getPrettyPath(\dirname($this->pathPrefix).\DIRECTORY_SEPARATOR));
return null;
}
if (false === $value = sodium_crypto_box_seal_open(include $file, $this->decryptionKey)) {
$this->lastMessage = sprintf('Secrets cannot be revealed as the wrong decryption key was provided for "%s".', $this->getPrettyPath(\dirname($this->pathPrefix).\DIRECTORY_SEPARATOR));
$this->lastMessage = sprintf('Secret "%s" cannot be revealed as the wrong decryption key was provided for "%s".', $name, $this->getPrettyPath(\dirname($this->pathPrefix).\DIRECTORY_SEPARATOR));
return null;
}
@ -167,6 +169,10 @@ class SodiumVault extends AbstractVault
private function loadKeys(): void
{
if (!\function_exists('sodium_crypto_box_seal')) {
throw new \LogicException('The "sodium" PHP extension is required to deal with secrets. Alternatively, try running "composer require paragonie/sodium_compat" if you cannot enable the extension."');
}
if (null !== $this->encryptionKey || '' !== $this->decryptionKey = (string) $this->decryptionKey) {
return;
}