From f7280ea83e026b9f5dff55c2c9aa61a7c77e071f Mon Sep 17 00:00:00 2001 From: Ollama Date: Fri, 22 May 2026 01:28:35 +0200 Subject: [PATCH] Refactor all encryption/decryption to use helper functions Replaces direct encrypter calls with decrypt_value() and encrypt_value() helpers throughout the codebase for consistent error handling: - Config controller: SMTP, SMS, Mailchimp credential encryption - Email_lib: SMTP password decryption - Sms_lib: SMS password decryption - Mailchimp_lib: API key decryption - Customers controller: Mailchimp list ID decryption Removes nullable EncrypterInterface property from Config controller as encryption is now handled via helper functions. GitHub-Issue: #4554 --- app/Controllers/Config.php | 115 ++++++++++---------------------- app/Controllers/Customers.php | 8 +-- app/Libraries/Email_lib.php | 18 +---- app/Libraries/Mailchimp_lib.php | 20 ++---- app/Libraries/Sms_lib.php | 10 +-- 5 files changed, 45 insertions(+), 126 deletions(-) diff --git a/app/Controllers/Config.php b/app/Controllers/Config.php index 05df124a2..261f70a00 100644 --- a/app/Controllers/Config.php +++ b/app/Controllers/Config.php @@ -17,11 +17,9 @@ use App\Models\Enums\Rounding_mode; use App\Models\Stock_location; use App\Models\Tax; use CodeIgniter\Database\BaseConnection; -use CodeIgniter\Encryption\EncrypterInterface; use CodeIgniter\HTTP\ResponseInterface; use Config\Database; use Config\OSPOS; -use Config\Services; use DirectoryIterator; use NumberFormatter; use ReflectionException; @@ -30,7 +28,6 @@ class Config extends Secure_Controller { protected $helpers = ['security']; private BaseConnection $db; - private ?EncrypterInterface $encrypter = null; private Barcode_lib $barcode_lib; private Sale_lib $sale_lib; private Receiving_lib $receiving_lib; @@ -62,13 +59,6 @@ class Config extends Secure_Controller $this->tax = model(Tax::class); $this->config = config(OSPOS::class)->settings; $this->db = Database::connect(); - - helper('security'); - if (check_encryption()) { - $this->encrypter = Services::encrypter(); - } else { - log_message('error', 'Encryption key could not be initialized. Password encryption unavailable.'); - } } /** @@ -256,24 +246,11 @@ class Config extends Secure_Controller // Integrations Related fields $data['mailchimp'] = []; + $data['mailchimp']['api_key'] = decrypt_value($this->config['mailchimp_api_key'] ?? null); + $data['mailchimp']['list_id'] = decrypt_value($this->config['mailchimp_list_id'] ?? null); + if (check_encryption()) { - if ($this->encrypter === null) { - helper('security'); - $this->encrypter = Services::encrypter(); - } - - $data['mailchimp']['api_key'] = (isset($this->config['mailchimp_api_key']) && !empty($this->config['mailchimp_api_key'])) - ? $this->encrypter->decrypt($this->config['mailchimp_api_key']) - : ''; - - $data['mailchimp']['list_id'] = (isset($this->config['mailchimp_list_id']) && !empty($this->config['mailchimp_list_id'])) - ? $this->encrypter->decrypt($this->config['mailchimp_list_id']) - : ''; - remove_backup(); - } else { - $data['mailchimp']['api_key'] = ''; - $data['mailchimp']['list_id'] = ''; } $data['mailchimp']['lists'] = $this->_mailchimp(); @@ -514,20 +491,14 @@ class Config extends Secure_Controller $passwordInput = $this->request->getPost('smtp_pass'); if (!empty($passwordInput)) { - if ($this->encrypter !== null && check_encryption()) { - try { - $password = $this->encrypter->encrypt($passwordInput); - } catch (\Exception $e) { - log_message('error', 'SMTP password encryption failed: ' . $e->getMessage()); + $password = encrypt_value($passwordInput); + if (empty($password)) { + log_message('error', 'SMTP password encryption failed'); - return $this->response->setJSON([ - 'success' => false, - 'message' => lang('Config.encryption_failed'), - ]); - } - } else { - log_message('warning', 'SMTP password saved without encryption - encryption key unavailable'); - $password = $passwordInput; + return $this->response->setJSON([ + 'success' => false, + 'message' => lang('Config.encryption_failed'), + ]); } } @@ -574,20 +545,14 @@ class Config extends Secure_Controller $passwordInput = $this->request->getPost('msg_pwd'); if (!empty($passwordInput)) { - if ($this->encrypter !== null && check_encryption()) { - try { - $password = $this->encrypter->encrypt($passwordInput); - } catch (\Exception $e) { - log_message('error', 'SMS password encryption failed: ' . $e->getMessage()); + $password = encrypt_value($passwordInput); + if (empty($password)) { + log_message('error', 'SMS password encryption failed'); - return $this->response->setJSON([ - 'success' => false, - 'message' => lang('Config.encryption_failed'), - ]); - } - } else { - log_message('warning', 'SMS password saved without encryption - encryption key unavailable'); - $password = $passwordInput; + return $this->response->setJSON([ + 'success' => false, + 'message' => lang('Config.encryption_failed'), + ]); } } @@ -654,38 +619,30 @@ class Config extends Secure_Controller $api_key = ''; $list_id = ''; - if ($this->encrypter !== null && check_encryption()) { - $api_key_unencrypted = $this->request->getPost('mailchimp_api_key'); - if (!empty($api_key_unencrypted)) { - try { - $api_key = $this->encrypter->encrypt($api_key_unencrypted); - } catch (\Exception $e) { - log_message('error', 'Mailchimp API key encryption failed: ' . $e->getMessage()); + $api_key_input = $this->request->getPost('mailchimp_api_key'); + if (!empty($api_key_input)) { + $api_key = encrypt_value($api_key_input); + if (empty($api_key)) { + log_message('error', 'Mailchimp API key encryption failed'); - return $this->response->setJSON([ - 'success' => false, - 'message' => lang('Config.encryption_failed'), - ]); - } + return $this->response->setJSON([ + 'success' => false, + 'message' => lang('Config.encryption_failed'), + ]); } + } - $list_id_unencrypted = $this->request->getPost('mailchimp_list_id'); - if (!empty($list_id_unencrypted)) { - try { - $list_id = $this->encrypter->encrypt($list_id_unencrypted); - } catch (\Exception $e) { - log_message('error', 'Mailchimp list ID encryption failed: ' . $e->getMessage()); + $list_id_input = $this->request->getPost('mailchimp_list_id'); + if (!empty($list_id_input)) { + $list_id = encrypt_value($list_id_input); + if (empty($list_id)) { + log_message('error', 'Mailchimp list ID encryption failed'); - return $this->response->setJSON([ - 'success' => false, - 'message' => lang('Config.encryption_failed'), - ]); - } + return $this->response->setJSON([ + 'success' => false, + 'message' => lang('Config.encryption_failed'), + ]); } - } else { - $api_key = $this->request->getPost('mailchimp_api_key') ?: ''; - $list_id = $this->request->getPost('mailchimp_list_id') ?: ''; - log_message('warning', 'Mailchimp credentials saved without encryption - encryption key unavailable'); } $batch_save_data = ['mailchimp_api_key' => $api_key, 'mailchimp_list_id' => $list_id]; diff --git a/app/Controllers/Customers.php b/app/Controllers/Customers.php index b4adfb455..2540ca399 100644 --- a/app/Controllers/Customers.php +++ b/app/Controllers/Customers.php @@ -31,13 +31,7 @@ class Customers extends Persons $this->tax_code = model(Tax_code::class); $this->config = config(OSPOS::class)->settings; - $encrypter = Services::encrypter(); - - if (!empty($this->config['mailchimp_list_id'])) { - $this->_list_id = $encrypter->decrypt($this->config['mailchimp_list_id']); - } else { - $this->_list_id = ''; - } + $this->_list_id = decrypt_value($this->config['mailchimp_list_id'] ?? null); } /** diff --git a/app/Libraries/Email_lib.php b/app/Libraries/Email_lib.php index f98203178..fbf027e28 100644 --- a/app/Libraries/Email_lib.php +++ b/app/Libraries/Email_lib.php @@ -3,11 +3,7 @@ namespace app\Libraries; use CodeIgniter\Email\Email; -use CodeIgniter\Encryption\Encryption; -use CodeIgniter\Encryption\EncrypterInterface; -use CodeIgniter\Encryption\Exceptions\EncryptionException; use Config\OSPOS; -use Config\Services; /** @@ -26,19 +22,7 @@ class Email_lib $this->email = new Email(); $this->config = config(OSPOS::class)->settings; - $smtp_pass = $this->config['smtp_pass'] ?? ''; - - if (!empty($smtp_pass)) { - if (check_encryption()) { - try { - $encrypter = Services::encrypter(); - $smtp_pass = $encrypter->decrypt($smtp_pass); - } catch (EncryptionException $e) { - log_message('error', 'SMTP password decryption failed: ' . $e->getMessage()); - $smtp_pass = ''; - } - } - } + $smtp_pass = decrypt_value($this->config['smtp_pass'] ?? null); $email_config = [ 'mailType' => 'html', diff --git a/app/Libraries/Mailchimp_lib.php b/app/Libraries/Mailchimp_lib.php index a3b2b3937..a25a24122 100644 --- a/app/Libraries/Mailchimp_lib.php +++ b/app/Libraries/Mailchimp_lib.php @@ -2,9 +2,7 @@ namespace app\Libraries; -use CodeIgniter\Encryption\EncrypterInterface; use Config\OSPOS; -use Config\Services; /** * MailChimp API v3 REST client Connector @@ -14,8 +12,6 @@ use Config\Services; * Inspired by the work of: * - Rajitha Bandara: https://github.com/rajitha-bandara/ci-mailchimp-v3-rest-client * - Stefan Ashwell: https://github.com/stef686/codeigniter-mailchimp-api-v3 - * - * @property encrypterinterface encrypter */ class MailchimpConnector { @@ -40,23 +36,19 @@ class MailchimpConnector { $config = config(OSPOS::class)->settings; - $encrypter = Services::encrypter(); - - $mailchimp_api_key = (isset($this->config['mailchimp_api_key']) && !empty($this->config['mailchimp_api_key'])) - ? $this->config['mailchimp_api_key'] - : ''; + $mailchimp_api_key = $config['mailchimp_api_key'] ?? ''; if (!empty($mailchimp_api_key)) { $this->_api_key = empty($api_key) - ? $encrypter->decrypt($mailchimp_api_key) // TODO: Hungarian notation - : $api_key; // TODO: Hungarian notation + ? decrypt_value($mailchimp_api_key) + : $api_key; } - if (!empty($this->_api_key)) { // TODO: Hungarian notation + if (!empty($this->_api_key)) { // Replace with correct datacenter obtained from the last part of the api key - $strings = explode('-', $this->_api_key); // TODO: Hungarian notation + $strings = explode('-', $this->_api_key); if (is_array($strings) && !empty($strings[1])) { - $this->_api_endpoint = str_replace('', $strings[1], $this->_api_endpoint); // TODO: Hungarian notation + $this->_api_endpoint = str_replace('', $strings[1], $this->_api_endpoint); } } } diff --git a/app/Libraries/Sms_lib.php b/app/Libraries/Sms_lib.php index 9ba9eeff6..e856f88fb 100644 --- a/app/Libraries/Sms_lib.php +++ b/app/Libraries/Sms_lib.php @@ -2,10 +2,7 @@ namespace app\Libraries; -use CodeIgniter\Encryption\Encryption; -use CodeIgniter\Encryption\EncrypterInterface; use Config\OSPOS; -use Config\Services; /** @@ -24,12 +21,7 @@ class Sms_lib { $config = config(OSPOS::class)->settings; - $encrypter = Services::encrypter(); - - $password = $config['msg_pwd']; - if (!empty($password)) { - $password = $encrypter->decrypt($password); - } + $password = decrypt_value($config['msg_pwd'] ?? null); $username = $config['msg_uid']; $originator = $config['msg_src'];