diogo/symfony
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

bug #34820 [FrameworkBundle][SodiumVault] Create secrets directory only when it is used (fancyweb)

Browse Source 
This PR was merged into the 4.4 branch.

Discussion
----------

[FrameworkBundle][SodiumVault] Create secrets directory only when it is used

| Q             | A
| ------------- | ---
| Branch?       | 4.4
| Bug fix?      | no
| New feature?  | no
| Deprecations? | no
| Tickets       | -
| License       | MIT
| Doc PR        | -

FWB `secrets` is enabled by default. After upgrading an app to 4.4, a directory is created (and checked on every request) even if I don't use this feature. Can't we just disable it by default btw?

Commits
-------

c86157040a [FrameworkBundle][SodiumVault] Create secrets directory only when needed
This commit is contained in:
Fabien Potencier 2019-12-05 06:57:28 +01:00
commit c3b5ec5139
1 changed files with 13 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
src/Symfony/Bundle/FrameworkBundle/Secrets/SodiumVault.php
View File

@ -25,6 +25,7 @@ class SodiumVault extends AbstractVault implements EnvVarLoaderInterface
private $encryptionKey;
private $decryptionKey;
private $pathPrefix;
private $secretsDir;
/**
* @param string|object|null $decryptionKey A string or a stringable object that defines the private key to use to decrypt the vault
@ -36,12 +37,9 @@ class SodiumVault extends AbstractVault implements EnvVarLoaderInterface
throw new \TypeError(sprintf('Decryption key should be a string or an object that implements the __toString() method, %s given.', \gettype($decryptionKey)));
}
if (!is_dir($secretsDir) && !@mkdir($secretsDir, 0777, true) && !is_dir($secretsDir)) {
throw new \RuntimeException(sprintf('Unable to create the secrets directory (%s)', $secretsDir));
}
$this->pathPrefix = rtrim(strtr($secretsDir, '/', \DIRECTORY_SEPARATOR), \DIRECTORY_SEPARATOR).\DIRECTORY_SEPARATOR.basename($secretsDir).'.';
$this->decryptionKey = $decryptionKey;
$this->secretsDir = $secretsDir;
}
public function generateKeys(bool $override = false): bool
@ -203,9 +201,20 @@ class SodiumVault extends AbstractVault implements EnvVarLoaderInterface
$data = str_replace('%', '\x', rawurlencode($data));
$data = sprintf("<?php // %s on %s\n\nreturn \"%s\";\n", $name, date('r'), $data);
$this->createSecretsDir();
if (false === file_put_contents($this->pathPrefix.$file.'.php', $data, LOCK_EX)) {
$e = error_get_last();
throw new \ErrorException($e['message'] ?? 'Failed to write secrets data.', 0, $e['type'] ?? E_USER_WARNING);
}
}
private function createSecretsDir(): void
{
if ($this->secretsDir && !is_dir($this->secretsDir) && !@mkdir($this->secretsDir, 0777, true) && !is_dir($this->secretsDir)) {
throw new \RuntimeException(sprintf('Unable to create the secrets directory (%s)', $this->secretsDir));
}
$this->secretsDir = null;
}
}