Skip to content

Commit

Permalink
Merge pull request #801 from nextcloud/fix/jwtmanager/mark-private-ke…
Browse files Browse the repository at this point in the history
…y-sensitive
  • Loading branch information
provokateurin authored Oct 21, 2024
2 parents 289de9a + 0fa00de commit f19991a
Show file tree
Hide file tree
Showing 3 changed files with 40 additions and 2 deletions.
3 changes: 2 additions & 1 deletion appinfo/info.xml
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ It is also possible to add links only for a given language, device type or user
More information is available in the External sites documentation.]]></description>

<version>6.0.0</version>
<version>6.0.1</version>
<licence>agpl</licence>

<author>Joas Schilling</author>
Expand Down Expand Up @@ -44,6 +44,7 @@ More information is available in the External sites documentation.]]></descripti
<repair-steps>
<post-migration>
<step>OCA\External\Migration\CopyDefaultIcons</step>
<step>OCA\External\Migration\JWTTokenPrivateKeySensitive</step>
</post-migration>
<install>
<step>OCA\External\Migration\CopyDefaultIcons</step>
Expand Down
2 changes: 1 addition & 1 deletion lib/JWTManager.php
Original file line number Diff line number Diff line change
Expand Up @@ -105,7 +105,7 @@ protected function ensureTokenKeys(string $alg): void {
throw new \Exception('Unsupported algorithm ' . $alg);
}

$this->config->setValueString(Application::APP_ID, 'jwt_token_privkey_' . strtolower($alg), $secret);
$this->config->setValueString(Application::APP_ID, 'jwt_token_privkey_' . strtolower($alg), $secret, sensitive: true);
$this->config->setValueString(Application::APP_ID, 'jwt_token_pubkey_' . strtolower($alg), $public);
}

Expand Down
37 changes: 37 additions & 0 deletions lib/Migration/JWTTokenPrivateKeySensitive.php
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
<?php

declare(strict_types=1);

/**
* SPDX-FileCopyrightText: 2024 Nextcloud GmbH and Nextcloud contributors
* SPDX-License-Identifier: AGPL-3.0-or-later
*/

namespace OCA\External\Migration;

use OCA\External\AppInfo\Application;
use OCP\IAppConfig;
use OCP\Migration\IOutput;
use OCP\Migration\IRepairStep;

class JWTTokenPrivateKeySensitive implements IRepairStep {
public function __construct(
private IAppConfig $config,
) {
}

public function getName() {
return 'Mark JWT token private key as sensitive';
}

public function run(IOutput $output): void {
foreach ($this->config->getKeys(Application::APP_ID) as $key) {
if (!str_starts_with($key, 'jwt_token_privkey_')) {
continue;
}

$secret = $this->config->getValueString(Application::APP_ID, $key);
$this->config->setValueString(Application::APP_ID, $key, $secret, sensitive: true);
}
}
}

0 comments on commit f19991a

Please sign in to comment.