Skip to content

Commit

Permalink
fix(JWTManager): Mark private key as sensitive
Browse files Browse the repository at this point in the history
Signed-off-by: provokateurin <kate@provokateurin.de>

[skip ci]
  • Loading branch information
provokateurin authored and backportbot[bot] committed Oct 21, 2024
1 parent 27a506c commit cc086ac
Show file tree
Hide file tree
Showing 3 changed files with 39 additions and 1 deletion.
1 change: 1 addition & 0 deletions appinfo/info.xml
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,7 @@ More information is available in the External sites documentation.]]></descripti
<repair-steps>
<post-migration>
<step>OCA\External\Migration\CopyDefaultIcons</step>
<step>OCA\External\Migration\JWTTokenPrivateKeySensitive</step>
</post-migration>
<install>
<step>OCA\External\Migration\CopyDefaultIcons</step>
Expand Down
2 changes: 1 addition & 1 deletion lib/JWTManager.php
Original file line number Diff line number Diff line change
Expand Up @@ -105,7 +105,7 @@ protected function ensureTokenKeys(string $alg): void {
throw new \Exception('Unsupported algorithm ' . $alg);
}

$this->config->setValueString(Application::APP_ID, 'jwt_token_privkey_' . strtolower($alg), $secret);
$this->config->setValueString(Application::APP_ID, 'jwt_token_privkey_' . strtolower($alg), $secret, sensitive: true);
$this->config->setValueString(Application::APP_ID, 'jwt_token_pubkey_' . strtolower($alg), $public);
}

Expand Down
37 changes: 37 additions & 0 deletions lib/Migration/JWTTokenPrivateKeySensitive.php
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
<?php

declare(strict_types=1);

/**
* SPDX-FileCopyrightText: 2024 Nextcloud GmbH and Nextcloud contributors
* SPDX-License-Identifier: AGPL-3.0-or-later
*/

namespace OCA\External\Migration;

use OCA\External\AppInfo\Application;
use OCP\IAppConfig;
use OCP\Migration\IOutput;
use OCP\Migration\IRepairStep;

class JWTTokenPrivateKeySensitive implements IRepairStep {
public function __construct(
private IAppConfig $config,
) {
}

public function getName() {
return 'Mark JWT token private key as sensitive';
}

public function run(IOutput $output): void {
foreach ($this->config->getKeys(Application::APP_ID) as $key) {
if (!str_starts_with($key, 'jwt_token_privkey_')) {
continue;
}

$secret = $this->config->getValueString(Application::APP_ID, $key);
$this->config->setValueString(Application::APP_ID, $key, $secret, sensitive: true);
}
}
}

0 comments on commit cc086ac

Please sign in to comment.