mirror/opensourcepos
1
0
Fork 0
mirror of https://github.com/opensourcepos/opensourcepos.git synced 2026-05-30 03:07:56 -04:00
Code Issues Packages Projects Releases Wiki Activity

fix: address CodeRabbit review comments for encryption key persistence

Browse Source 
- Always mirror encryption key to both .env and WRITEPATH (Docker safety)
- Guard array key access with isset() before reading in Encryption.php
- Fix encrypt_value() to not treat string '0' as empty
- Improve error logging for failed encryption attempts
This commit is contained in:
Ollama
2026-05-22 14:57:37 +02:00
parent 71c164ad18
commit bf5af2f2dc
3 changed files with 8 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
app/Config/Encryption.php
View File

@@ -147,6 +147,7 @@ class Encryption extends BaseConfig
$data = json_decode($content, true);
if (
!is_array($data)
|| !isset($data['key'])
|| !is_string($data['key'])
|| strlen($data['key']) < 64
) {

2
app/Controllers/Config.php
View File

@@ -493,7 +493,7 @@ class Config extends Secure_Controller
if (!empty($passwordInput)) {
$password = encrypt_value($passwordInput);
if (empty($password)) {
log_message('error', 'SMTP password encryption failed');
log_message('error', 'SMTP password encryption failed - credentials not saved');
return $this->response->setJSON([
'success' => false,

16
app/Helpers/security_helper.php
View File

@@ -28,15 +28,11 @@ function check_encryption(): bool
config('Encryption')->key = $key;
// Try to persist the key - attempt multiple locations
$persisted = false;
// Attempt 1: ROOTPATH/.env (standard location)
$persisted = write_encryption_key_to_env($key, $old_key);
// Attempt 2: WRITEPATH/config/encryption.key (Docker/container fallback)
if (!$persisted) {
$persisted = write_encryption_key_to_writable($key, $old_key);
}
// Write both locations when possible. The writable copy is the durable one
// in containerized deployments where .env may be ephemeral.
$envPersisted = write_encryption_key_to_env($key, $old_key);
$writablePersisted = write_encryption_key_to_writable($key, $old_key);
$persisted = $envPersisted || $writablePersisted;
if ($persisted) {
log_message('info', 'Encryption key initialized successfully');
@@ -304,7 +300,7 @@ function decrypt_value(?string $encrypted_value, string $default = ''): string
*/
function encrypt_value(?string $value, bool $require = true): string
{
if (empty($value)) {
if ($value === null || $value === '') {
return '';
}