extern/2FAuth
1
0
Fork 0
mirror of https://github.com/Bubka/2FAuth.git synced 2024-11-09 01:44:59 +01:00
Code Issues Packages Projects Releases Wiki Activity

Move DB protection logic to a dedicated class

Browse Source
This commit is contained in:
Bubka 2020-11-05 22:46:25 +01:00
parent 38fba9e44e
commit 6712613a20
2 changed files with 116 additions and 94 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

113
app/Classes/DbProtection.php Normal file
View File

@ -0,0 +1,113 @@
<?php
namespace App\Classes;
use Throwable;
use Exception;
use App\TwoFAccount;
use Illuminate\Support\Facades\DB;
use Illuminate\Support\Facades\Crypt;
class DbProtection
{
/**
* Encrypt 2FA sensitive data
* @return boolean
*/
public static function enable() : bool
{
// All existing records have to be encrypted without exception.
// This means that if any of the encryption failed we have to rollback
// all records to their original value.
$EncryptFailed = false;
$twofaccounts = DB::table('twofaccounts')->get();
$twofaccounts->each(function ($item, $key) use(&$EncryptFailed) {
try {
$item->uri = Crypt::encryptString($item->uri);
$item->account = Crypt::encryptString($item->account);
}
catch (Exception $e) {
$EncryptFailed = true;
return false;
}
});
if( $EncryptFailed ) {
return false;
}
return self::tryUpdate($twofaccounts);
}
/**
* Decrypt 2FA sensitive data
* @return boolean
*/
public static function disable() : bool
{
// All existing records have to be decrypted without exception.
// This means that if any of the encryption failed we have to rollback
// all records to their original value.
$DecryptFailed = false;
$EncryptedTwofaccounts = DB::table('twofaccounts')->get();
$EncryptedTwofaccounts->each(function ($item, $key) use(&$DecryptFailed) {
try {
$item->uri = Crypt::decryptString($item->uri);
$item->account = Crypt::decryptString($item->account);
}
catch (Exception $e) {
$DecryptFailed = true;
return false;
}
});
if( $DecryptFailed ) {
return false;
}
return DbProtection::tryUpdate($EncryptedTwofaccounts);
}
/**
* Try to update all records of the collection
* @param Illuminate\Database\Eloquent\Collection $twofaccounts
* @return boolean
*/
private static function tryUpdate(\Illuminate\Support\Collection $twofaccounts) : bool
{
// The whole collection has its sensible data encrypted/decrypted, now we update the db
// using a transaction to ensure rollback if an exception is thrown
DB::beginTransaction();
try {
$twofaccounts->each(function ($item, $key) {
DB::table('twofaccounts')
->where('id', $item->id)
->update([
'uri' => $item->uri,
'account' => $item->account
]);
});
DB::commit();
}
// @codeCoverageIgnoreStart
// Dont now how to fake that :(
catch (Throwable $e) {
DB::rollBack();
return false;
}
// @codeCoverageIgnoreEnd
return true;
}
}

97
app/Http/Controllers/Settings/OptionController.php
View File

@ -2,15 +2,10 @@
namespace App\Http\Controllers\Settings;
use Throwable;
use App\TwoFAccount;
use App\Classes\Options;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\DB;
use App\Classes\DbProtection;
use App\Http\Controllers\Controller;
use Illuminate\Support\Facades\Crypt;
use Illuminate\Contracts\Encryption\EncryptException;
use Illuminate\Contracts\Encryption\DecryptException;
class OptionController extends Controller
{
@ -42,14 +37,14 @@ public function store(Request $request)
if( $request->useEncryption && !Options::get('useEncryption') ) {
// user enabled the encryption
if( !$this->encryptAccounts() ) {
if( !DbProtection::enable() ) {
return response()->json(['message' => __('errors.error_during_encryption'), 'settings' => Options::get()], 422);
}
}
else if( !$request->useEncryption && Options::get('useEncryption') ) {
// user disabled the encryption
if( !$this->decryptAccounts() ) {
if( !DbProtection::disable() ) {
return response()->json(['message' => __('errors.error_during_decryption'), 'settings' => Options::get()], 422);
}
}
@ -60,90 +55,4 @@ public function store(Request $request)
return response()->json(['message' => __('settings.forms.setting_saved'), 'settings' => Options::get()], 200);
}
/**
* Encrypt 2FA sensitive data
* @return boolean
*/
private function encryptAccounts() : bool
{
// All existing records have to be encrypted without exception.
// This means that if any of the encryption failed we have to rollback
// all records to their original value.
$twofaccounts = TwoFAccount::all();
$twofaccounts->each(function ($item, $key) {
try {
$item->uri = Crypt::encryptString($item->uri);
$item->account = Crypt::encryptString($item->account);
}
catch (EncryptException $e) {
return false;
}
});
return $this->tryUpdate($twofaccounts);
}
/**
* Decrypt 2FA sensitive data
* @return boolean
*/
private function decryptAccounts() : bool
{
// All existing records have to be decrypted without exception.
// This means that if any of the encryption failed we have to rollback
// all records to their original value.
$twofaccounts = TwoFAccount::all();
$twofaccounts->each(function ($item, $key) {
try {
$item->uri = Crypt::decryptString($item->uri);
$item->account = Crypt::decryptString($item->account);
}
catch (DecryptException $e) {
return false;
}
});
return $this->tryUpdate($twofaccounts);
}
/**
* Try to update all records of the collection
* @param Illuminate\Database\Eloquent\Collection $twofaccounts
* @return boolean
*/
private function tryUpdate(\Illuminate\Database\Eloquent\Collection $twofaccounts) : bool
{
// The whole collection has its sensible data encrypted/decrypted, now we update the db
// using a transaction to ensure rollback if an exception is thrown
DB::beginTransaction();
try {
$twofaccounts->each(function ($item, $key) {
DB::table('twofaccounts')
->where('id', $item->id)
->update([
'uri' => $item->uri,
'account' => $item->account
]);
});
DB::commit();
}
catch (Throwable $e) {
DB::rollBack();
return false;
}
return true;
}
}