mirror of
https://github.com/firefly-iii/firefly-iii.git
synced 2025-02-25 18:45:27 -06:00
Disable the encryption of uploads, in line with other efforts not to encrypt local data.
This commit is contained in:
James Cole
parent
6b86a35ffb
commit
af2f085aa7
@ -148,7 +148,7 @@ class DecryptDatabase extends Command
|
||||
private function tryDecrypt($value)
|
||||
{
|
||||
try {
|
||||
$value = Crypt::decrypt($value);
|
||||
$value = Crypt::decrypt($value); // verified
|
||||
} catch (DecryptException $e) {
|
||||
if ('The MAC is invalid.' === $e->getMessage()) {
|
||||
throw new FireflyException($e->getMessage()); // @codeCoverageIgnore
|
||||
|
||||
@ -30,6 +30,7 @@ use FireflyIII\Models\Attachment;
|
||||
use Illuminate\Console\Command;
|
||||
use Illuminate\Contracts\Encryption\DecryptException;
|
||||
use Illuminate\Contracts\Filesystem\FileNotFoundException;
|
||||
use Log;
|
||||
use Storage;
|
||||
|
||||
/**
|
||||
@ -51,7 +52,7 @@ class ScanAttachments extends Command
|
||||
*
|
||||
* @var string
|
||||
*/
|
||||
protected $signature = 'firefly:scan-attachments';
|
||||
protected $signature = 'firefly-iii:scan-attachments';
|
||||
|
||||
/**
|
||||
* Execute the console command.
|
||||
@ -62,21 +63,22 @@ class ScanAttachments extends Command
|
||||
$disk = Storage::disk('upload');
|
||||
/** @var Attachment $attachment */
|
||||
foreach ($attachments as $attachment) {
|
||||
$fileName = $attachment->fileName();
|
||||
$fileName = $attachment->fileName();
|
||||
$decryptedContent = '';
|
||||
try {
|
||||
$content = $disk->get($fileName);
|
||||
$encryptedContent = $disk->get($fileName);
|
||||
} catch (FileNotFoundException $e) {
|
||||
$this->error(sprintf('Could not find data for attachment #%d: %s', $attachment->id, $e->getMessage()));
|
||||
continue;
|
||||
}
|
||||
try {
|
||||
$decrypted = Crypt::decrypt($content);
|
||||
$decryptedContent = Crypt::decrypt($encryptedContent); // verified
|
||||
} catch (DecryptException $e) {
|
||||
$this->error(sprintf('Could not decrypt data of attachment #%d: %s', $attachment->id, $e->getMessage()));
|
||||
continue;
|
||||
Log::error(sprintf('Could not decrypt data of attachment #%d: %s', $attachment->id, $e->getMessage()));
|
||||
$decryptedContent = $encryptedContent;
|
||||
}
|
||||
$tempFileName = tempnam(sys_get_temp_dir(), 'FireflyIII');
|
||||
file_put_contents($tempFileName, $decrypted);
|
||||
file_put_contents($tempFileName, $decryptedContent);
|
||||
$md5 = md5_file($tempFileName);
|
||||
$mime = mime_content_type($tempFileName);
|
||||
$attachment->md5 = $md5;
|
||||
|
||||
@ -84,15 +84,20 @@ class AttachmentHelper implements AttachmentHelperInterface
|
||||
*/
|
||||
public function getAttachmentContent(Attachment $attachment): string
|
||||
{
|
||||
|
||||
$encryptedData = '';
|
||||
try {
|
||||
$content = Crypt::decrypt($this->uploadDisk->get(sprintf('at-%d.data', $attachment->id)));
|
||||
$encryptedData = $this->uploadDisk->get(sprintf('at-%d.data', $attachment->id));
|
||||
} catch (FileNotFoundException $e) {
|
||||
Log::error($e->getMessage());
|
||||
}
|
||||
try {
|
||||
$unencryptedData = Crypt::decrypt($encryptedData); // verified
|
||||
} catch (DecryptException|FileNotFoundException $e) {
|
||||
Log::error(sprintf('Could not decrypt data of attachment #%d: %s', $attachment->id, $e->getMessage()));
|
||||
$content = '';
|
||||
$unencryptedData = $encryptedData;
|
||||
}
|
||||
|
||||
return $content;
|
||||
return $unencryptedData;
|
||||
}
|
||||
|
||||
/**
|
||||
@ -167,9 +172,8 @@ class AttachmentHelper implements AttachmentHelperInterface
|
||||
|
||||
return false;
|
||||
}
|
||||
// is allowed? Save the file!
|
||||
$encrypted = Crypt::encrypt($content);
|
||||
$this->uploadDisk->put($attachment->fileName(), $encrypted);
|
||||
// is allowed? Save the file, without encryption.
|
||||
$this->uploadDisk->put($attachment->fileName(), $content);
|
||||
|
||||
// update attachment.
|
||||
$attachment->md5 = md5_file($path);
|
||||
@ -275,12 +279,10 @@ class AttachmentHelper implements AttachmentHelperInterface
|
||||
}
|
||||
|
||||
$content = $fileObject->fread($file->getSize());
|
||||
$encrypted = Crypt::encrypt($content);
|
||||
Log::debug(sprintf('Full file length is %d and upload size is %d.', strlen($content), $file->getSize()));
|
||||
Log::debug(sprintf('Encrypted content is %d', strlen($encrypted)));
|
||||
|
||||
// store it:
|
||||
$this->uploadDisk->put($attachment->fileName(), $encrypted);
|
||||
$this->uploadDisk->put($attachment->fileName(), $content);
|
||||
$attachment->uploaded = true; // update attachment
|
||||
$attachment->save();
|
||||
$this->attachments->push($attachment);
|
||||
|
||||
@ -30,6 +30,7 @@ use FireflyIII\Helpers\Attachments\AttachmentHelperInterface;
|
||||
use FireflyIII\Models\Attachment;
|
||||
use FireflyIII\Models\Note;
|
||||
use FireflyIII\User;
|
||||
use Illuminate\Contracts\Encryption\DecryptException;
|
||||
use Illuminate\Contracts\Filesystem\FileNotFoundException;
|
||||
use Illuminate\Support\Collection;
|
||||
use Illuminate\Support\Facades\Storage;
|
||||
@ -105,25 +106,27 @@ class AttachmentRepository implements AttachmentRepositoryInterface
|
||||
public function getContent(Attachment $attachment): string
|
||||
{
|
||||
// create a disk.
|
||||
$disk = Storage::disk('upload');
|
||||
$file = $attachment->fileName();
|
||||
$content = '';
|
||||
$disk = Storage::disk('upload');
|
||||
$file = $attachment->fileName();
|
||||
$unencryptedContent = '';
|
||||
|
||||
if ($disk->exists($file)) {
|
||||
$encryptedContent = '';
|
||||
try {
|
||||
$content = Crypt::decrypt($disk->get($file));
|
||||
$encryptedContent = $disk->get($file);
|
||||
} catch (FileNotFoundException $e) {
|
||||
Log::debug(sprintf('File not found: %e', $e->getMessage()));
|
||||
$content = false;
|
||||
Log::error($e->getMessage());
|
||||
}
|
||||
|
||||
try {
|
||||
$unencryptedContent = Crypt::decrypt($encryptedContent); // verified
|
||||
} catch (DecryptException $e) {
|
||||
Log::debug(sprintf('Could not decrypt: %e', $e->getMessage()));
|
||||
$unencryptedContent = $encryptedContent;
|
||||
}
|
||||
}
|
||||
if (\is_bool($content)) {
|
||||
Log::error(sprintf('Attachment #%d may be corrupted: the content could not be decrypted.', $attachment->id));
|
||||
|
||||
return '';
|
||||
}
|
||||
|
||||
return $content;
|
||||
return $unencryptedContent;
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@ -243,10 +243,10 @@ class ImportJobRepository implements ImportJobRepositoryInterface
|
||||
{
|
||||
// this will overwrite all transactions currently in the job.
|
||||
$disk = Storage::disk('upload');
|
||||
$filename = sprintf('%s-%s.crypt.json', $job->created_at->format('Ymd'), $job->key);
|
||||
$filename = sprintf('%s-%s.json', $job->created_at->format('Ymd'), $job->key);
|
||||
$array = [];
|
||||
if ($disk->exists($filename)) {
|
||||
$json = Crypt::decrypt($disk->get($filename));
|
||||
$json = $disk->get($filename);
|
||||
$array = json_decode($json, true);
|
||||
}
|
||||
if (false === $array) {
|
||||
@ -329,8 +329,8 @@ class ImportJobRepository implements ImportJobRepositoryInterface
|
||||
{
|
||||
// this will overwrite all transactions currently in the job.
|
||||
$disk = Storage::disk('upload');
|
||||
$filename = sprintf('%s-%s.crypt.json', $job->created_at->format('Ymd'), $job->key);
|
||||
$json = Crypt::encrypt(json_encode($transactions));
|
||||
$filename = sprintf('%s-%s.json', $job->created_at->format('Ymd'), $job->key);
|
||||
$json = json_encode($transactions);
|
||||
|
||||
// set count for easy access
|
||||
$array = ['count' => count($transactions)];
|
||||
@ -389,9 +389,8 @@ class ImportJobRepository implements ImportJobRepositoryInterface
|
||||
$attachment->size = strlen($content);
|
||||
$attachment->uploaded = false;
|
||||
$attachment->save();
|
||||
$encrypted = Crypt::encrypt($content);
|
||||
|
||||
$this->uploadDisk->put($attachment->fileName(), $encrypted);
|
||||
$this->uploadDisk->put($attachment->fileName(), $content);
|
||||
$attachment->uploaded = true; // update attachment
|
||||
$attachment->save();
|
||||
|
||||
@ -446,8 +445,7 @@ class ImportJobRepository implements ImportJobRepositoryInterface
|
||||
}
|
||||
|
||||
$content = $fileObject->fread($file->getSize());
|
||||
$encrypted = Crypt::encrypt($content);
|
||||
$this->uploadDisk->put($attachment->fileName(), $encrypted);
|
||||
$this->uploadDisk->put($attachment->fileName(), $content);
|
||||
$attachment->uploaded = true; // update attachment
|
||||
$attachment->save();
|
||||
|
||||
|
||||
@ -343,7 +343,7 @@ class Amount
|
||||
private function tryDecrypt(string $value): string
|
||||
{
|
||||
try {
|
||||
$value = Crypt::decrypt($value);
|
||||
$value = Crypt::decrypt($value); // verified
|
||||
} catch (DecryptException $e) {
|
||||
Log::debug(sprintf('Could not decrypt "%s". %s', $value, $e->getMessage()));
|
||||
}
|
||||
|
||||
@ -50,7 +50,7 @@ class FinTS
|
||||
$config['fints_port'],
|
||||
$config['fints_bank_code'],
|
||||
$config['fints_username'],
|
||||
Crypt::decrypt($config['fints_password'])
|
||||
Crypt::decrypt($config['fints_password']) // verified
|
||||
);
|
||||
}
|
||||
|
||||
|
||||
@ -57,7 +57,7 @@ class NewFinTSJobHandler implements FinTSConfigurationInterface
|
||||
$config['fints_port'] = (int)($data['fints_port'] ?? '');
|
||||
$config['fints_bank_code'] = (string)($data['fints_bank_code'] ?? '');
|
||||
$config['fints_username'] = (string)($data['fints_username'] ?? '');
|
||||
$config['fints_password'] = (string)(Crypt::encrypt($data['fints_password']) ?? '');
|
||||
$config['fints_password'] = (string)(Crypt::encrypt($data['fints_password']) ?? ''); // verified
|
||||
$config['apply-rules'] = 1 === (int)$data['apply_rules'];
|
||||
|
||||
// sanitize FinTS URL.
|
||||
|
||||
Loading…
Reference in New Issue
Block a user