diff options
| author | Andrew Dolgov <fox@fakecake.org> | 2025-04-08 10:54:24 +0000 |
|---|---|---|
| committer | Andrew Dolgov <fox@fakecake.org> | 2025-04-08 10:54:24 +0000 |
| commit | 008c518d5d8e60c0168cd107dbfd1f23f9c4a701 (patch) | |
| tree | 8f3d8afbbf73ae7d59791a3347a557c194f691d0 /classes/RSSUtils.php | |
| parent | bb2c4b380165731c3f8abf0596fffb2a0953265b (diff) | |
| parent | 17b4e98249462a1feb71586d10cd5293d9487ab8 (diff) | |
Merge branch 'session-encryption' into 'master'
add optional encryption for stored session data using Sodium library
See merge request tt-rss/tt-rss!117
Diffstat (limited to 'classes/RSSUtils.php')
| -rw-r--r-- | classes/RSSUtils.php | 24 |
1 files changed, 20 insertions, 4 deletions
diff --git a/classes/RSSUtils.php b/classes/RSSUtils.php index ee58416e3..f6a81d00f 100644 --- a/classes/RSSUtils.php +++ b/classes/RSSUtils.php @@ -331,6 +331,8 @@ class RSSUtils { $pluginhost->load((string)$user_plugins, PluginHost::KIND_USER, $feed->owner_uid); //$pluginhost->load_data(); + $feed_auth_pass_plaintext = Feeds::decrypt_feed_pass($feed->auth_pass); + $basic_info = []; $pluginhost->run_hooks_callback(PluginHost::HOOK_FEED_BASIC_INFO, function ($result) use (&$basic_info) { @@ -338,13 +340,13 @@ class RSSUtils { $basic_info = $result; return true; } - }, $basic_info, $feed->feed_url, $feed->owner_uid, $feed_id, $feed->auth_login, $feed->auth_pass); + }, $basic_info, $feed->feed_url, $feed->owner_uid, $feed_id, $feed->auth_login, $feed_auth_pass_plaintext); if (!$basic_info) { $feed_data = UrlHelper::fetch([ 'url' => $feed->feed_url, 'login' => $feed->auth_login, - 'pass' => $feed->auth_pass, + 'pass' => $feed_auth_pass_plaintext, 'timeout' => Config::get(Config::FEED_FETCH_TIMEOUT), ]); @@ -458,12 +460,26 @@ class RSSUtils { $hff_owner_uid = $feed_obj->owner_uid; $hff_feed_url = $feed_obj->feed_url; + $feed_auth_pass_plaintext = Feeds::decrypt_feed_pass($feed_obj->auth_pass); + + // transparently encrypt plaintext password if possible + if ($feed_obj->auth_pass && $feed_auth_pass_plaintext === $feed_obj->auth_pass) { + $key = Config::get(Config::ENCRYPTION_KEY); + + if ($key) { + Debug::log("encrypting stored plaintext feed password...", Debug::LOG_VERBOSE); + + $feed_obj->auth_pass = base64_encode(serialize(Crypt::encrypt_string($feed_auth_pass_plaintext))); + $feed_obj->save(); + } + } + $pluginhost->chain_hooks_callback(PluginHost::HOOK_FETCH_FEED, function ($result, $plugin) use (&$feed_data, $start_ts) { $feed_data = $result; Debug::log(sprintf("=== %.4f (sec) %s", microtime(true) - $start_ts, get_class($plugin)), Debug::LOG_VERBOSE); }, - $feed_data, $hff_feed_url, $hff_owner_uid, $feed, $last_article_timestamp, $feed_obj->auth_login, $feed_obj->auth_pass); + $feed_data, $hff_feed_url, $hff_owner_uid, $feed, $last_article_timestamp, $feed_obj->auth_login, $feed_auth_pass_plaintext); if ($feed_data) { Debug::log("feed data has been modified by a plugin.", Debug::LOG_VERBOSE); @@ -510,7 +526,7 @@ class RSSUtils { $feed_data = UrlHelper::fetch([ "url" => $feed_obj->feed_url, "login" => $feed_obj->auth_login, - "pass" => $feed_obj->auth_pass, + "pass" => $feed_auth_pass_plaintext, "timeout" => $no_cache ? Config::get(Config::FEED_FETCH_NO_CACHE_TIMEOUT) : Config::get(Config::FEED_FETCH_TIMEOUT), "last_modified" => $force_refetch ? "" : $feed_obj->last_modified ]); |