encrypt-totp-secret-key-with-rake-task.patch

Go MAEDA, 2020-08-30 15:59

Download (1.66 KB)

View differences:

config/configuration.yml.example
138 138
  # scm_stderr_log_file: /var/log/redmine_scm_stderr.log
139 139
  scm_stderr_log_file:
140 140

  
141
  # Key used to encrypt sensitive data in the database (SCM and LDAP passwords).
141
  # Key used to encrypt sensitive data in the database (SCM and LDAP passwords,
142
  # and TOTP (two-factor authentication) secret keys).
142 143
  # If you don't want to enable data encryption, just leave it blank.
143 144
  # WARNING: losing/changing this key will make encrypted data unreadable.
144 145
  #
lib/tasks/ciphering.rake
20 20
  desc 'Encrypts SCM and LDAP passwords in the database.'
21 21
  task :encrypt => :environment do
22 22
    unless (Repository.encrypt_all(:password) &&
23
      AuthSource.encrypt_all(:account_password))
23
      AuthSource.encrypt_all(:account_password) &&
24
      User.encrypt_all(:twofa_totp_key))
24 25
      raise "Some objects could not be saved after encryption, update was rolled back."
25 26
    end
26 27
  end
......
28 29
  desc 'Decrypts SCM and LDAP passwords in the database.'
29 30
  task :decrypt => :environment do
30 31
    unless (Repository.decrypt_all(:password) &&
31
      AuthSource.decrypt_all(:account_password))
32
      AuthSource.decrypt_all(:account_password) &&
33
      User.decrypt_all(:twofa_totp_key))
32 34
      raise "Some objects could not be saved after decryption, update was rolled back."
33 35
    end
34 36
  end