From 2f01390c5f7cace288487e975e4e81d57b22c34f Mon Sep 17 00:00:00 2001 From: nuxsmin Date: Fri, 17 Feb 2017 13:12:41 +0100 Subject: [PATCH] * [ADD] New encryption schema by using Defuse/php-encryption library. WARNING: work in progress --- inc/SP/Account/Account.class.php | 5 +- inc/SP/Account/AccountCrypt.php | 13 +- inc/SP/Account/AccountHistoryCrypt.php | 18 ++- inc/SP/Api/SyspassApi.class.php | 5 +- inc/SP/Controller/AccountController.class.php | 7 +- .../ConfigActionController.class.php | 8 +- .../Controller/ItemShowController.class.php | 7 +- inc/SP/Controller/LoginController.class.php | 1 - inc/SP/Core/Init.class.php | 141 +++++++++--------- inc/SP/Core/SessionUtil.class.php | 4 +- inc/SP/Core/Upgrade.class.php | 30 +++- inc/SP/Core/Upgrade/Crypt.class.php | 14 +- inc/SP/Import/ImportBase.class.php | 5 +- inc/SP/Import/SyspassImport.class.php | 5 +- .../Mgmt/CustomFields/CustomField.class.php | 15 +- .../CustomFields/CustomFieldsUtil.class.php | 13 +- .../Mgmt/PublicLinks/PublicLinkBase.class.php | 9 +- inc/SP/Mgmt/Users/UserPass.class.php | 17 +-- 18 files changed, 181 insertions(+), 136 deletions(-) diff --git a/inc/SP/Account/Account.class.php b/inc/SP/Account/Account.class.php index 714ca089..a52c4ac2 100644 --- a/inc/SP/Account/Account.class.php +++ b/inc/SP/Account/Account.class.php @@ -24,6 +24,7 @@ namespace SP\Account; +use SP\Core\Crypt\Crypt; use SP\Core\OldCrypt; use SP\Core\Exceptions\SPException; use SP\Core\Session; @@ -303,9 +304,9 @@ class Account extends AccountBase implements AccountInterface */ protected function setPasswordEncrypted($masterPass = null) { - $securedKey = Crypt\Crypt::makeSecuredKey($masterPass); + $securedKey = Crypt::makeSecuredKey($masterPass); - $this->accountData->setAccountPass(Crypt\Crypt::encrypt($this->accountData->getAccountPass(), $securedKey)); + $this->accountData->setAccountPass(Crypt::encrypt($this->accountData->getAccountPass(), $securedKey)); $this->accountData->setAccountIV($securedKey); } diff --git a/inc/SP/Account/AccountCrypt.php b/inc/SP/Account/AccountCrypt.php index 1594665c..34c2a2a5 100644 --- a/inc/SP/Account/AccountCrypt.php +++ b/inc/SP/Account/AccountCrypt.php @@ -24,6 +24,7 @@ namespace SP\Account; +use SP\Core\Crypt\Crypt; use SP\Core\OldCrypt; use SP\Core\Exceptions\SPException; use SP\Core\Session; @@ -100,9 +101,9 @@ class AccountCrypt $decryptedPass = OldCrypt::getDecrypt($account->account_pass, $account->account_IV, $currentMasterPass); - $securedKey = Crypt\Crypt::makeSecuredKey($currentMasterPass); + $securedKey = Crypt::makeSecuredKey($currentMasterPass); - $AccountData->setAccountPass(Crypt\Crypt::encrypt($decryptedPass, $securedKey)); + $AccountData->setAccountPass(Crypt::encrypt($decryptedPass, $securedKey)); $AccountData->setAccountIV($securedKey); try { @@ -176,11 +177,11 @@ class AccountCrypt $LogMessage->addDetails(__('IV de encriptación incorrecto', false), sprintf('%s (%d)', $account->account_name, $account->account_id)); } - $currentSecuredKey = Crypt\Crypt::unlockSecuredKey($account->account_IV, $currentMasterPass); - $decryptedPass = Crypt\Crypt::decrypt($account->account_pass, $currentSecuredKey); + $currentSecuredKey = Crypt::unlockSecuredKey($account->account_IV, $currentMasterPass); + $decryptedPass = Crypt::decrypt($account->account_pass, $currentSecuredKey); - $newSecuredKey = Crypt\Crypt::makeSecuredKey($newMasterPass); - $AccountData->setAccountPass(Crypt\Crypt::encrypt($decryptedPass, $newSecuredKey)); + $newSecuredKey = Crypt::makeSecuredKey($newMasterPass); + $AccountData->setAccountPass(Crypt::encrypt($decryptedPass, $newSecuredKey)); $AccountData->setAccountIV($newSecuredKey); try { diff --git a/inc/SP/Account/AccountHistoryCrypt.php b/inc/SP/Account/AccountHistoryCrypt.php index 3b816d78..4e11b986 100644 --- a/inc/SP/Account/AccountHistoryCrypt.php +++ b/inc/SP/Account/AccountHistoryCrypt.php @@ -25,6 +25,8 @@ namespace SP\Account; use SP\Config\ConfigDB; +use SP\Core\Crypt\Crypt; +use SP\Core\Crypt\Hash; use SP\Core\OldCrypt; use SP\Core\Exceptions\SPException; use SP\Log\Email; @@ -83,7 +85,7 @@ class AccountHistoryCrypt $AccountDataBase->id = 0; $AccountDataBase->pass = ''; $AccountDataBase->iv = ''; - $AccountDataBase->hash = Crypt\Hash::hashKey($currentMasterPass); + $AccountDataBase->hash = Hash::hashKey($currentMasterPass); foreach ($accountsPass as $account) { $AccountData = clone $AccountDataBase; @@ -107,9 +109,9 @@ class AccountHistoryCrypt $decryptedPass = OldCrypt::getDecrypt($account->acchistory_pass, $account->acchistory_IV, $currentMasterPass); - $securedKey = Crypt\Crypt::makeSecuredKey($currentMasterPass); + $securedKey = Crypt::makeSecuredKey($currentMasterPass); - $AccountData->pass = Crypt\Crypt::encrypt($decryptedPass, $securedKey); + $AccountData->pass = Crypt::encrypt($decryptedPass, $securedKey); $AccountData->iv = $securedKey; try { @@ -184,7 +186,7 @@ class AccountHistoryCrypt $AccountDataBase->id = 0; $AccountDataBase->pass = ''; $AccountDataBase->iv = ''; - $AccountDataBase->hash = Crypt\Hash::hashKey($newMasterPass); + $AccountDataBase->hash = Hash::hashKey($newMasterPass); foreach ($accountsPass as $account) { $AccountData = clone $AccountDataBase; @@ -206,11 +208,11 @@ class AccountHistoryCrypt $LogMessage->addDetails(__('IV de encriptación incorrecto', false), sprintf('%s (%d)', $account->acchistory_name, $account->acchistory_id)); } - $currentSecuredKey = Crypt\Crypt::unlockSecuredKey($account->acchistory_IV, $currentMasterPass); - $decryptedPass = Crypt\Crypt::decrypt($account->acchistory_pass, $currentSecuredKey); + $currentSecuredKey = Crypt::unlockSecuredKey($account->acchistory_IV, $currentMasterPass); + $decryptedPass = Crypt::decrypt($account->acchistory_pass, $currentSecuredKey); - $newSecuredKey = Crypt\Crypt::makeSecuredKey($newMasterPass); - $AccountData->acchistory_pass = Crypt\Crypt::encrypt($decryptedPass, $newSecuredKey); + $newSecuredKey = Crypt::makeSecuredKey($newMasterPass); + $AccountData->acchistory_pass = Crypt::encrypt($decryptedPass, $newSecuredKey); $AccountData->acchistory_IV = $newSecuredKey; try { diff --git a/inc/SP/Api/SyspassApi.class.php b/inc/SP/Api/SyspassApi.class.php index 15535de8..50424aa9 100644 --- a/inc/SP/Api/SyspassApi.class.php +++ b/inc/SP/Api/SyspassApi.class.php @@ -31,6 +31,7 @@ use SP\Account\AccountUtil; use SP\Core\Acl; use SP\Core\ActionsInterface; use SP\Core\Backup; +use SP\Core\Crypt\Crypt; use SP\Core\OldCrypt; use SP\Core\Exceptions\SPException; use SP\DataModel\AccountExtData; @@ -84,11 +85,11 @@ class SyspassApi extends ApiBase $LogMessage->addDetails(__('Origen', false), 'API'); $this->Log->writeLog(); - $securedKey = Crypt\Crypt::unlockSecuredKey($AccountData->getAccountIV(), $this->mPass); + $securedKey = Crypt::unlockSecuredKey($AccountData->getAccountIV(), $this->mPass); $ret = [ 'itemId' => $accountId, - 'pass' => Crypt\Crypt::decrypt($AccountData->getAccountPass(), $securedKey) + 'pass' => Crypt::decrypt($AccountData->getAccountPass(), $securedKey) ]; if ($this->getParam('details', false, 0)) { diff --git a/inc/SP/Controller/AccountController.class.php b/inc/SP/Controller/AccountController.class.php index d8f00b17..463d0a68 100644 --- a/inc/SP/Controller/AccountController.class.php +++ b/inc/SP/Controller/AccountController.class.php @@ -34,6 +34,7 @@ use SP\Account\UserAccounts; use SP\Config\Config; use SP\Core\Acl; use SP\Core\ActionsInterface; +use SP\Core\Crypt\Crypt; use SP\Core\OldCrypt; use SP\Core\Exceptions\SPException; use SP\Core\Init; @@ -150,11 +151,11 @@ class AccountController extends ControllerBase implements ActionsInterface $AccountPassData = $this->Account->getAccountPassData(); // Obtener la llave de la clave maestra - $securedKey = Crypt\Crypt::unlockSecuredKey($PublicLinkData->getPassIV(), Config::getConfig()->getPasswordSalt() . $PublicLinkData->getLinkHash()); + $securedKey = Crypt::unlockSecuredKey($PublicLinkData->getPassIV(), Config::getConfig()->getPasswordSalt() . $PublicLinkData->getLinkHash()); // Desencriptar la clave de la cuenta - $accountSecuredKey = Crypt\Crypt::unlockSecuredKey($AccountPassData->getAccountIV(), Crypt\Crypt::decrypt($PublicLinkData->getPass(), $securedKey)); - $accountPass = Crypt\Crypt::decrypt($AccountPassData->getAccountPass(), $accountSecuredKey); + $accountSecuredKey = Crypt::unlockSecuredKey($AccountPassData->getAccountIV(), Crypt::decrypt($PublicLinkData->getPass(), $securedKey)); + $accountPass = Crypt::decrypt($AccountPassData->getAccountPass(), $accountSecuredKey); $this->view->assign('useImage', Config::getConfig()->isPublinksImageEnabled() || Config::getConfig()->isAccountPassToImage()); diff --git a/inc/SP/Controller/ConfigActionController.class.php b/inc/SP/Controller/ConfigActionController.class.php index 9e7b52ae..6a9c4b00 100644 --- a/inc/SP/Controller/ConfigActionController.class.php +++ b/inc/SP/Controller/ConfigActionController.class.php @@ -24,25 +24,21 @@ namespace SP\Controller; -use SP\Account\Account; use SP\Account\AccountCrypt; -use SP\Account\AccountHistory; use SP\Account\AccountHistoryCrypt; use SP\Config\Config; use SP\Config\ConfigDB; use SP\Core\ActionsInterface; use SP\Core\Backup; -use SP\Core\OldCrypt; use SP\Core\Crypt\Hash; +use SP\Core\Crypt\Session as CryptSession; use SP\Core\CryptMasterPass; use SP\Core\Exceptions\SPException; use SP\Core\Init; use SP\Core\Messages\LogMessage; use SP\Core\Messages\NoticeMessage; use SP\Core\Session; -use SP\Core\SessionUtil; use SP\Core\XmlExport; -use SP\Html\Html; use SP\Http\Request; use SP\Import\Import; use SP\Import\ImportParams; @@ -590,7 +586,7 @@ class ConfigActionController implements ItemControllerInterface $this->LogMessage->setAction(__('Actualizar Clave Maestra', false)); - if (ConfigDB::setValue('masterPwd', Hash::hashKey(Crypt\Session::getSessionKey()))) { + if (ConfigDB::setValue('masterPwd', Hash::hashKey(CryptSession::getSessionKey()))) { $this->LogMessage->addDescription(__('Hash de clave maestra actualizado', false)); $this->JsonResponse->setStatus(0); diff --git a/inc/SP/Controller/ItemShowController.class.php b/inc/SP/Controller/ItemShowController.class.php index 8f4ec64c..7f348fd4 100644 --- a/inc/SP/Controller/ItemShowController.class.php +++ b/inc/SP/Controller/ItemShowController.class.php @@ -31,7 +31,8 @@ use SP\Account\AccountAcl; use SP\Account\AccountHistory; use SP\Api\ApiTokensUtil; use SP\Core\ActionsInterface; -use SP\Core\OldCrypt; +use SP\Core\Crypt\Crypt; +use SP\Core\Crypt\Session as CryptSession; use SP\Core\Exceptions\ItemException; use SP\Core\Plugin\PluginUtil; use SP\Core\Session; @@ -513,8 +514,8 @@ class ItemShowController extends ControllerBase implements ActionsInterface, Ite throw new ItemException(__('Clave maestra actualizada', false) . '
' . __('Reinicie la sesión para cambiarla', false)); } - $securedKey = Crypt\Crypt::unlockSecuredKey($AccountData->getAccountIV(), Crypt\Session::getSessionKey()); - $accountClearPass = Crypt\Crypt::decrypt($AccountData->getAccountPass(), $securedKey); + $securedKey = Crypt::unlockSecuredKey($AccountData->getAccountIV(), CryptSession::getSessionKey()); + $accountClearPass = Crypt::decrypt($AccountData->getAccountPass(), $securedKey); if (!$isHistory) { $Account->incrementDecryptCounter(); diff --git a/inc/SP/Controller/LoginController.class.php b/inc/SP/Controller/LoginController.class.php index 53a1788f..dc1030be 100644 --- a/inc/SP/Controller/LoginController.class.php +++ b/inc/SP/Controller/LoginController.class.php @@ -30,7 +30,6 @@ use SP\Auth\AuthUtil; use SP\Auth\Browser\BrowserAuthData; use SP\Auth\Database\DatabaseAuthData; use SP\Auth\Ldap\LdapAuthData; -use SP\Core\Crypt\Crypt; use SP\Core\Crypt\Session as CryptSession; use SP\Core\CryptMasterPass; use SP\Core\DiFactory; diff --git a/inc/SP/Core/Init.class.php b/inc/SP/Core/Init.class.php index 585330f0..e43cb661 100644 --- a/inc/SP/Core/Init.class.php +++ b/inc/SP/Core/Init.class.php @@ -40,6 +40,7 @@ use SP\Storage\DBUtil; use SP\Util\Checks; use SP\Util\Json; use SP\Util\Util; +use SP\Core\Crypt\Session as CryptSession; defined('APP_ROOT') || die(); @@ -143,7 +144,7 @@ class Init Language::setLanguage(true); DiFactory::getTheme()->initTheme(true); - if (self::isLoggedIn()){ + if (self::isLoggedIn()) { // Recargar los permisos del perfil de usuario Session::setUserProfile(Profile::getItem()->getById(Session::getUserData()->getUserProfileId())); // Reset de los datos de ACL de cuentas @@ -165,8 +166,8 @@ class Init // Comprobar si es cierre de sesión self::checkLogout(); - // Comprobar la versión y actualizarla - self::checkDbVersion(); + // Comprobar si es necesario actualizar componentes + self::checkUpgrade(); // Inicializar la sesión self::initSession(); @@ -305,8 +306,8 @@ class Init * Devuelve un error utilizando la plantilla de error o en formato JSON * * @param string $message con la descripción del error - * @param string $hint opcional, con una ayuda sobre el error - * @param bool $headers + * @param string $hint opcional, con una ayuda sobre el error + * @param bool $headers * @throws \SP\Core\Exceptions\SPException */ public static function initError($message, $hint = '', $headers = false) @@ -495,6 +496,16 @@ class Init } } + /** + * Comprobar si el usuario está logado. + * + * @returns bool + */ + public static function isLoggedIn() + { + return (DiFactory::getDBStorage()->getDbStatus() === 0 && Session::getUserData()->getUserLogin()); + } + /** * Comprueba que la aplicación esté instalada * Esta función comprueba si la aplicación está instalada. Si no lo está, redirige al instalador. @@ -555,16 +566,6 @@ class Init return false; } - /** - * Comprobar si el usuario está logado. - * - * @returns bool - */ - public static function isLoggedIn() - { - return (DiFactory::getDBStorage()->getDbStatus() === 0 && Session::getUserData()->getUserLogin()); - } - /** * Comprobar si es necesario cerrar la sesión */ @@ -613,62 +614,17 @@ class Init } /** - * Comrpueba y actualiza la versión de la aplicación. - * - * @throws \SP\Core\Exceptions\SPException + * Comprobar si es necesario actualizar componentes */ - private static function checkDbVersion() + private static function checkUpgrade() { - if (self::$SUBURI !== '/index.php' || Request::analyze('logout', 0) === 1) { + if (self::$SUBURI !== '/index.php') { return; } - $update = false; - $databaseVersion = (int)str_replace('.', '', ConfigDB::getValue('version')); $appVersion = (int)implode(Util::getVersion(true)); - if ($databaseVersion < $appVersion - && Request::analyze('nodbupgrade', 0) === 0 - && Upgrade::needDBUpgrade($databaseVersion) - ) { - if (!self::checkMaintenanceMode(true)) { - $upgradeKey = Config::getConfig()->getUpgradeKey(); - - if (empty($upgradeKey)) { - Config::getConfig()->setUpgradeKey(sha1(uniqid(mt_rand(), true))); - Config::getConfig()->setMaintenance(true); - Config::saveConfig(null, false); - } - - self::initError(__('La aplicación necesita actualizarse'), sprintf(__('Si es un administrador pulse en el enlace: %s'), '' . __('Actualizar') . '')); - } else { - $action = Request::analyze('a'); - $hash = Request::analyze('h'); - $confirm = Request::analyze('chkConfirm', false, false, true); - - if ($confirm === true - && $action === 'upgrade' - && $hash === Config::getConfig()->getUpgradeKey() - ) { - try { - $update = Upgrade::doUpgrade($databaseVersion); - - ConfigDB::setValue('version', $appVersion); - Config::getConfig()->setMaintenance(false); - Config::getConfig()->setUpgradeKey(''); - Config::saveConfig(); - } catch (SPException $e) { - $hint = $e->getHint() . '

' . __('Acceder') . '

'; - self::initError($e->getMessage(), $hint); - } - } else { - $controller = new MainController(); - $controller->getUpgrade(); - } - } - } - - if ($update === true) { + if (self::checkDbVersion($appVersion)) { $Log = new Log(); $LogMessage = $Log->getLogMessage(); $LogMessage->setAction(__('Actualización', false)); @@ -683,6 +639,55 @@ class Init } } + /** + * Comrpueba y actualiza la versión de la aplicación. + * + * @param $appVersion + * @return bool + */ + private static function checkDbVersion($appVersion) + { + $databaseVersion = (int)str_replace('.', '', ConfigDB::getValue('version')); + + if ($databaseVersion < $appVersion + && Request::analyze('nodbupgrade', 0) === 0 + && Upgrade::needDBUpgrade($databaseVersion) + ) { + if (!self::checkMaintenanceMode(true)) { + Upgrade::setUpgradeKey('db'); + } else { + $action = Request::analyze('a'); + $hash = Request::analyze('h'); + $confirm = Request::analyze('chkConfirm', false, false, true); + + if ($confirm === true + && $action === 'upgrade' + && $hash === Config::getConfig()->getUpgradeKey() + ) { + try { + Upgrade::doUpgrade($databaseVersion); + + ConfigDB::setValue('version', $appVersion); + + Config::getConfig()->setMaintenance(false); + Config::getConfig()->setUpgradeKey(''); + Config::saveConfig(); + + return true; + } catch (SPException $e) { + $hint = $e->getHint() . '

' . __('Acceder') . '

'; + self::initError($e->getMessage(), $hint); + } + } else { + $controller = new MainController(); + $controller->getUpgrade(); + } + } + } + + return false; + } + /** * Inicialiar la sesión de usuario * @@ -711,13 +716,15 @@ class Init if (Session::getSidStartTime() === 0) { Session::setSidStartTime(time()); Session::setStartActivity(time()); - } else if (Session::getUserData()->getUserId() > 0 && time() - Session::getSidStartTime() > $sessionLifeTime / 2) { - $sessionMPass = Crypt\Session::getSessionKey(); + } else if (Session::getUserData()->getUserId() > 0 + && time() - Session::getSidStartTime() > $sessionLifeTime / 2 + ) { + $sessionMPass = CryptSession::getSessionKey(); session_regenerate_id(true); // Regenerar la clave maestra - Crypt\Session::saveSessionKey($sessionMPass); + CryptSession::saveSessionKey($sessionMPass); Session::setSidStartTime(time()); // Recargar los permisos del perfil de usuario diff --git a/inc/SP/Core/SessionUtil.class.php b/inc/SP/Core/SessionUtil.class.php index 05f97c7b..a71debf8 100644 --- a/inc/SP/Core/SessionUtil.class.php +++ b/inc/SP/Core/SessionUtil.class.php @@ -27,7 +27,7 @@ namespace SP\Core; use SP\Config\Config; use SP\DataModel\UserData; use SP\Mgmt\Profiles\Profile; -use SP\Core\Crypt\Session as SessionCrypt; +use SP\Core\Crypt\Session as CryptSession; defined('APP_ROOT') || die(); @@ -70,7 +70,7 @@ class SessionUtil */ public static function getSessionMPass() { - return SessionCrypt::getSessionKey(); + return CryptSession::getSessionKey(); } /** diff --git a/inc/SP/Core/Upgrade.class.php b/inc/SP/Core/Upgrade.class.php index 2879fb7b..c0c24683 100644 --- a/inc/SP/Core/Upgrade.class.php +++ b/inc/SP/Core/Upgrade.class.php @@ -28,6 +28,7 @@ namespace SP\Core; use SP\Config\Config; use SP\Config\ConfigData; use SP\Core\Exceptions\SPException; +use SP\Core\Upgrade\Crypt; use SP\Core\Upgrade\Group; use SP\Core\Upgrade\Profile; use SP\Core\Upgrade\User; @@ -42,6 +43,7 @@ use SP\Mgmt\Users\UserMigrate; use SP\Mgmt\Users\UserPreferencesUtil; use SP\Storage\DB; use SP\Storage\QueryData; +use SP\Util\Util; defined('APP_ROOT') || die(); @@ -52,7 +54,7 @@ class Upgrade { private static $dbUpgrade = [110, 1121, 1122, 1123, 11213, 11219, 11220, 12001, 12002, 1316011001, 1316020501, 1316100601, 20017011302, 20017011701, 20017012901]; private static $cfgUpgrade = [1124, 1316020501, 20017011202]; - private static $auxUpgrade = [12001, 12002, 20017010901, 20017011202]; + private static $auxUpgrade = [12001, 12002, 20017010901, 20017011202, 20017021601]; /** * Inicia el proceso de actualización de la BBDD. @@ -70,7 +72,7 @@ class Upgrade foreach (self::$dbUpgrade as $upgradeVersion) { if ($version < $upgradeVersion) { - if (self::auxPreUpgrades($upgradeVersion) === false) { + if (self::auxPreDbUpgrade($upgradeVersion) === false) { DB::rollbackTransaction(); throw new SPException(SPException::SP_CRITICAL, @@ -108,7 +110,7 @@ class Upgrade * @param $version * @return bool */ - private static function auxPreUpgrades($version) + private static function auxPreDbUpgrade($version) { switch ($version) { case 1316011001: @@ -219,6 +221,10 @@ class Upgrade return CustomFieldsUtil::migrateCustomFields() && UserPreferencesUtil::migrate(); case 20017011202: return UserPreferencesUtil::migrate(); + case 20017021601: + $masterPass = Request::analyze('mpass'); + + return !empty($masterPass) && Crypt::migrateHash($masterPass) && Crypt::migrate($masterPass); } return true; @@ -398,4 +404,22 @@ class Upgrade 'setWikiSearchUrl' => ['wikisearchurl', 'wiki_searchurl'] ]; } + + /** + * Establecer la key de actualización + * + * @param string $type Tipo de actualización + */ + public static function setUpgradeKey($type) + { + $upgradeKey = Config::getConfig()->getUpgradeKey(); + + if (empty($upgradeKey)) { + Config::getConfig()->setUpgradeKey(Util::generateRandomBytes(64)); + Config::getConfig()->setMaintenance(true); + Config::saveConfig(null, false); + } + + Init::initError(__('La aplicación necesita actualizarse'), sprintf(__('Si es un administrador pulse en el enlace: %s'), '' . __('Actualizar') . '')); + } } \ No newline at end of file diff --git a/inc/SP/Core/Upgrade/Crypt.class.php b/inc/SP/Core/Upgrade/Crypt.class.php index 3141ad21..e4b77f4d 100644 --- a/inc/SP/Core/Upgrade/Crypt.class.php +++ b/inc/SP/Core/Upgrade/Crypt.class.php @@ -33,6 +33,7 @@ use SP\Core\Crypt\Hash; use SP\Core\Exceptions\SPException; use SP\Log\Log; use SP\Mgmt\CustomFields\CustomFieldsUtil; +use SP\Storage\DB; /** * Class Crypt @@ -50,11 +51,19 @@ class Crypt public static function migrate(&$masterPass) { try { + DB::beginTransaction(); + self::migrateAccounts($masterPass); self::migrateCustomFields($masterPass); + + DB::endTransaction(); } catch (CryptoException $e) { + DB::rollbackTransaction(); + return false; } catch (SPException $e) { + DB::rollbackTransaction(); + return false; } @@ -115,13 +124,14 @@ class Crypt return true; } - // Hash de clave maestra anterior a 2.0.0.17013101 + // Hash de clave maestra anterior a 2.0.0.17013101 + // Hash de clave maestra anterior a 2.0.0.17021601 } elseif (hash_equals(crypt($masterPass, substr($configHashMPass, 0, 72)), substr($configHashMPass, 72)) || hash_equals(crypt($masterPass, substr($configHashMPass, 0, 30)), substr($configHashMPass, 30)) ) { ConfigDB::setValue('masterPwd', Hash::hashKey($masterPass)); - Log::writeNewLog(__('Aviso', false), __('Se ha regenerado el HASH de clave maestra. No es necesaria ninguna acción.', false), Log::NOTICE); + return true; } diff --git a/inc/SP/Import/ImportBase.class.php b/inc/SP/Import/ImportBase.class.php index 1627e3a7..1ebc7804 100644 --- a/inc/SP/Import/ImportBase.class.php +++ b/inc/SP/Import/ImportBase.class.php @@ -25,6 +25,7 @@ namespace SP\Import; use SP\Account\Account; +use SP\Core\Crypt\Crypt; use SP\Core\OldCrypt; use SP\Core\Exceptions\SPException; use SP\Core\Messages\LogMessage; @@ -126,8 +127,8 @@ abstract class ImportBase implements ImportInterface } if ($this->ImportParams->getImportMasterPwd() !== '') { - $securedKey = Crypt\Crypt::unlockSecuredKey($AccountData->getAccountIV(), $this->ImportParams->getImportMasterPwd()); - $pass = Crypt\Crypt::decrypt($AccountData->getAccountPass(), $securedKey); + $securedKey = Crypt::unlockSecuredKey($AccountData->getAccountIV(), $this->ImportParams->getImportMasterPwd()); + $pass = Crypt::decrypt($AccountData->getAccountPass(), $securedKey); // TODO: importar con encriptación anterior // $pass = Crypt::getDecrypt($AccountData->getAccountPass(), $AccountData->getAccountIV(), $this->ImportParams->getImportMasterPwd()); diff --git a/inc/SP/Import/SyspassImport.class.php b/inc/SP/Import/SyspassImport.class.php index 21e1b246..654347f6 100644 --- a/inc/SP/Import/SyspassImport.class.php +++ b/inc/SP/Import/SyspassImport.class.php @@ -24,6 +24,7 @@ namespace SP\Import; +use SP\Core\Crypt\Crypt; use SP\Core\OldCrypt; use SP\Core\Crypt\Hash; use SP\Core\Exceptions\SPException; @@ -117,8 +118,8 @@ class SyspassImport extends ImportBase if ($iv = base64_decode($node->getAttribute('iv'))) { $xmlDecrypted = OldCrypt::getDecrypt($data, $iv, $this->ImportParams->getImportPwd()); } else { - $securedKey = Crypt\Crypt::unlockSecuredKey($node->getAttribute('key'), $this->ImportParams->getImportPwd()); - $xmlDecrypted = Crypt\Crypt::decrypt($data, $securedKey); + $securedKey = Crypt::unlockSecuredKey($node->getAttribute('key'), $this->ImportParams->getImportPwd()); + $xmlDecrypted = Crypt::decrypt($data, $securedKey); } $newXmlData = new \DOMDocument(); diff --git a/inc/SP/Mgmt/CustomFields/CustomField.class.php b/inc/SP/Mgmt/CustomFields/CustomField.class.php index 5a56c19a..f138f5eb 100644 --- a/inc/SP/Mgmt/CustomFields/CustomField.class.php +++ b/inc/SP/Mgmt/CustomFields/CustomField.class.php @@ -26,7 +26,8 @@ namespace SP\Mgmt\CustomFields; defined('APP_ROOT') || die(); -use SP\Core\OldCrypt; +use SP\Core\Crypt\Crypt; +use SP\Core\Crypt\Session as CryptSession; use SP\DataModel\CustomFieldData; use SP\DataModel\CustomFieldDefData; use SP\Mgmt\ItemInterface; @@ -79,7 +80,7 @@ class CustomField extends CustomFieldBase implements ItemInterface return $this->delete($this->itemData->getId()); } - $securedKey = Crypt\Crypt::makeSecuredKey(Crypt\Session::getSessionKey()); + $securedKey = Crypt::makeSecuredKey(CryptSession::getSessionKey()); $query = /** @lang SQL */ 'UPDATE customFieldsData SET @@ -91,7 +92,7 @@ class CustomField extends CustomFieldBase implements ItemInterface $Data = new QueryData(); $Data->setQuery($query); - $Data->addParam(Crypt\Crypt::encrypt($this->itemData->getValue(), $securedKey)); + $Data->addParam(Crypt::encrypt($this->itemData->getValue(), $securedKey)); $Data->addParam($securedKey); $Data->addParam($this->itemData->getModule()); $Data->addParam($this->itemData->getId()); @@ -136,7 +137,7 @@ class CustomField extends CustomFieldBase implements ItemInterface return true; } - $securedKey = Crypt\Crypt::makeSecuredKey(Crypt\Session::getSessionKey()); + $securedKey = Crypt::makeSecuredKey(CryptSession::getSessionKey()); $query = /** @lang SQL */ 'INSERT INTO customFieldsData SET @@ -151,7 +152,7 @@ class CustomField extends CustomFieldBase implements ItemInterface $Data->addParam($this->itemData->getId()); $Data->addParam($this->itemData->getModule()); $Data->addParam($this->itemData->getDefinitionId()); - $Data->addParam(Crypt\Crypt::encrypt($this->itemData->getValue(), $securedKey)); + $Data->addParam(Crypt::encrypt($this->itemData->getValue(), $securedKey)); $Data->addParam($securedKey); return DB::getQuery($Data); @@ -248,9 +249,9 @@ class CustomField extends CustomFieldBase implements ItemInterface protected function unencryptData(CustomFieldData $CustomFieldData) { if ($CustomFieldData->getCustomfielddataData() !== '') { - $securedKey = Crypt\Crypt::unlockSecuredKey($CustomFieldData->getCustomfielddataIv(), Crypt\Session::getSessionKey()); + $securedKey = Crypt::unlockSecuredKey($CustomFieldData->getCustomfielddataIv(), CryptSession::getSessionKey()); - return $this->formatValue(Crypt\Crypt::decrypt($CustomFieldData->getCustomfielddataData(), $securedKey)); + return $this->formatValue(Crypt::decrypt($CustomFieldData->getCustomfielddataData(), $securedKey)); } return ''; diff --git a/inc/SP/Mgmt/CustomFields/CustomFieldsUtil.class.php b/inc/SP/Mgmt/CustomFields/CustomFieldsUtil.class.php index 22e2ccab..12421bda 100644 --- a/inc/SP/Mgmt/CustomFields/CustomFieldsUtil.class.php +++ b/inc/SP/Mgmt/CustomFields/CustomFieldsUtil.class.php @@ -26,6 +26,7 @@ namespace SP\Mgmt\CustomFields; defined('APP_ROOT') || die(); +use SP\Core\Crypt\Crypt; use SP\Core\OldCrypt; use SP\Core\Exceptions\SPException; use SP\DataModel\CustomFieldData; @@ -92,10 +93,10 @@ class CustomFieldsUtil $success = []; foreach ($queryRes as $CustomField) { - $currentSecuredKey = Crypt\Crypt::unlockSecuredKey($CustomField->getCustomfielddataIv(), $currentMasterPass); - $fieldData = Crypt\Crypt::decrypt($CustomField->getCustomfielddataData(), $currentSecuredKey); + $currentSecuredKey = Crypt::unlockSecuredKey($CustomField->getCustomfielddataIv(), $currentMasterPass); + $fieldData = Crypt::decrypt($CustomField->getCustomfielddataData(), $currentSecuredKey); - $securedKey = Crypt\Crypt::makeSecuredKey($newMasterPassword); + $securedKey = Crypt::makeSecuredKey($newMasterPassword); $query = /** @lang SQL */ 'UPDATE customFieldsData SET @@ -105,7 +106,7 @@ class CustomFieldsUtil $Data = new QueryData(); $Data->setQuery($query); - $Data->addParam(Crypt\Crypt::encrypt($fieldData, $securedKey)); + $Data->addParam(Crypt::encrypt($fieldData, $securedKey)); $Data->addParam($securedKey); $Data->addParam($CustomField->getCustomfielddataId()); @@ -162,7 +163,7 @@ class CustomFieldsUtil $success = []; foreach ($queryRes as $CustomField) { - $securedKey = Crypt\Crypt::makeSecuredKey($currentMasterPass); + $securedKey = Crypt::makeSecuredKey($currentMasterPass); $fieldData = OldCrypt::getDecrypt($CustomField->getCustomfielddataData(), $CustomField->getCustomfielddataIv(), $currentMasterPass); $query = /** @lang SQL */ @@ -173,7 +174,7 @@ class CustomFieldsUtil $Data = new QueryData(); $Data->setQuery($query); - $Data->addParam(Crypt\Crypt::encrypt($fieldData, $securedKey)); + $Data->addParam(Crypt::encrypt($fieldData, $securedKey)); $Data->addParam($securedKey); $Data->addParam($CustomField->getCustomfielddataId()); diff --git a/inc/SP/Mgmt/PublicLinks/PublicLinkBase.class.php b/inc/SP/Mgmt/PublicLinks/PublicLinkBase.class.php index 5b9b6793..eae81843 100644 --- a/inc/SP/Mgmt/PublicLinks/PublicLinkBase.class.php +++ b/inc/SP/Mgmt/PublicLinks/PublicLinkBase.class.php @@ -27,13 +27,12 @@ namespace SP\Mgmt\PublicLinks; defined('APP_ROOT') || die(); use SP\Config\Config; -use SP\Core\OldCrypt; +use SP\Core\Crypt\Crypt; +use SP\Core\Crypt\Session as CryptSession; use SP\Core\Exceptions\SPException; -use SP\Core\SessionUtil; use SP\DataModel\PublicLinkData; use SP\Mgmt\ItemBase; use SP\DataModel\PublicLinkBaseData; -use SP\Util\Util; /** * Class PublicLinks para la gestión de enlaces públicos @@ -77,9 +76,9 @@ abstract class PublicLinkBase extends ItemBase */ protected final function createLinkPass() { - $securedKey = Crypt\Crypt::makeSecuredKey(Config::getConfig()->getPasswordSalt() . $this->createLinkHash()); + $securedKey = Crypt::makeSecuredKey(Config::getConfig()->getPasswordSalt() . $this->createLinkHash()); - $this->itemData->setPass(Crypt\Crypt::encrypt(Crypt\Session::getSessionKey(), $securedKey)); + $this->itemData->setPass(Crypt::encrypt(CryptSession::getSessionKey(), $securedKey)); $this->itemData->setPassIV($securedKey); } diff --git a/inc/SP/Mgmt/Users/UserPass.class.php b/inc/SP/Mgmt/Users/UserPass.class.php index e7612490..be2c66c1 100644 --- a/inc/SP/Mgmt/Users/UserPass.class.php +++ b/inc/SP/Mgmt/Users/UserPass.class.php @@ -27,15 +27,14 @@ namespace SP\Mgmt\Users; defined('APP_ROOT') || die(); use SP\Config\ConfigDB; -use SP\Core\OldCrypt; +use SP\Core\Crypt\Crypt; use SP\Core\Crypt\Hash; -use SP\Core\Exceptions\SPException; -use SP\Core\SessionUtil; use SP\DataModel\UserPassData; use SP\Log\Email; use SP\Log\Log; use SP\Storage\DB; use SP\Storage\QueryData; +use SP\Core\Crypt\Session as CryptSession; /** * Class UserPass para la gestión de las claves de un usuario @@ -190,7 +189,7 @@ class UserPass extends UserBase } elseif (Hash::checkHashKey($userMPass, $configHashMPass)) { $this->clearUserMPass = $userMPass; - Crypt\Session::saveSessionKey($userMPass); + CryptSession::saveSessionKey($userMPass); return true; } @@ -226,9 +225,9 @@ class UserPass extends UserBase $this->itemData->setUserMPass($queryRes->user_mPass); $this->itemData->setUserMIV($queryRes->user_mIV); - $securedKey = Crypt\Crypt::unlockSecuredKey($queryRes->user_mIV, $this->getCypherPass($cypher)); + $securedKey = Crypt::unlockSecuredKey($queryRes->user_mIV, $this->getCypherPass($cypher)); - return Crypt\Crypt::decrypt($queryRes->user_mPass, $securedKey); + return Crypt::decrypt($queryRes->user_mPass, $securedKey); } /** @@ -241,7 +240,7 @@ class UserPass extends UserBase { $pass = $cypher === null ? $this->itemData->getUserPass() : $cypher; - return Crypt\Crypt::makeSecuredKey($pass . $this->itemData->getUserLogin()); + return Crypt::makeSecuredKey($pass . $this->itemData->getUserLogin()); } /** @@ -291,8 +290,8 @@ class UserPass extends UserBase if (Hash::checkHashKey($masterPwd, $configHashMPass) || \SP\Core\Upgrade\Crypt::migrateHash($masterPwd) ) { - $securedKey = Crypt\Crypt::makeSecuredKey($this->getCypherPass()); - $cryptMPass = Crypt\Crypt::encrypt($masterPwd, $securedKey); + $securedKey = Crypt::makeSecuredKey($this->getCypherPass()); + $cryptMPass = Crypt::encrypt($masterPwd, $securedKey); if (!empty($cryptMPass)) { $query = /** @lang SQL */