View Issue Details

IDProjectCategoryView StatusLast Update
0000336Adventure PHP FrameworkCode-Verbesserung // Code improvementpublic2018-08-25 14:42
ReporterChristianAchatzAssigned ToChristianAchatz 
PrioritynormalSeverityfeatureReproducibilityN/A
Status resolvedResolutionfixed 
Product Version3.4 
Target Version4.0Fixed in Version4.0 
Summary0000336: Migrate mcrypt to OpenSSL to allow upgrade to PHP7.2
DescriptionPHP 7.2 does no longer support mcrypt. For this reason, encryption should be migrated to OpenSSL.
TagsNo tags attached.
Codereferenz: ([Datei]:[Zeile])
Namespacemodules

Activities

ChristianAchatz

2018-08-12 13:45

administrator   ~0000826

As per discussion, we'll implementierung two options:

- PHP 7.1: OpenSSL
- PHP 7.2 LibSodium

ChristianAchatz

2018-08-12 19:19

administrator   ~0000827

Implemented OpenSSL support as first step.

Migration is required to be conducted as two step manual task since both library changes as well as encryption algorithm (reason: 3DES/CBC is no longer recommended).

Migration:
- Load and decrypt all users
- Save all users w/ unencrypted values
- Update APF
- Load all users and save w/ encrypted values

Example:
********
Step 1:
******

/ Define fields to decrypt values during loading
UserFieldEncryptionProvider::$encryptedFieldNames = [...];

/* @var $umgt UmgtManager */
$umgt = DIServiceManager::getServiceObject(
      'APF\modules\usermanagement\biz',
      'UmgtManager',
      $context,
      $language
);

// Load all users and (implicitly) decrypt values.
/* @var $users UmgtUser[] */
$users = $umgt->getORMapper()->loadObjectList('User');

// Save all users w/ unencrypted values
UserFieldEncryptionProvider::$encryptedFieldNames = null;

foreach ($users as $user) {
   $umgt->getORMapper()->saveObject($user);
}

Step 2:
******
/ Load all fields w/o decryption
UserFieldEncryptionProvider::$encryptedFieldNames = null;

/* @var $umgt UmgtManager */
$umgt = DIServiceManager::getServiceObject(
      'APF\modules\usermanagement\biz',
      'UmgtManager',
      $context,
      $language
);

// Load all users
/* @var $users UmgtUser[] */
$users = $umgt->getORMapper()->loadObjectList('User');

// Save all users w/ encrypted values
UserFieldEncryptionProvider::$encryptedFieldNames = [...];

foreach ($users as $user) {
   $umgt->getORMapper()->saveObject($user);
}

Related Changesets

Import 2018-08-25 14:21:19: master 04ece240

2018-08-12 19:22:02

Christian Achatz

Details Diff
ID#336: migrated mcrypt to openssl module for user attribute encryption in UMGT.

IMPORTANT: This is a breaking change! Manual migration is required:

- Load and decrypt all users
- Save all users w/ unencrypted values
- Update APF
- Load all users and save w/ encrypted values

For details, please see migration documentation.
Affected Issues
0000336
mod - modules/usermanagement/biz/provider/UserFieldEncryptionProvider.php Diff File
add - tests/suites/modules/usermanagement/biz/provider/UserFieldEncryptionProviderTest.php Diff File

Issue History

Date Modified Username Field Change
2018-06-30 19:46 ChristianAchatz New Issue
2018-06-30 19:46 ChristianAchatz Status new => assigned
2018-06-30 19:46 ChristianAchatz Assigned To => ChristianAchatz
2018-08-12 13:45 ChristianAchatz Note Added: 0000826
2018-08-12 19:19 ChristianAchatz Note Added: 0000827
2018-08-12 19:36 ChristianAchatz Status assigned => resolved
2018-08-12 19:36 ChristianAchatz Resolution open => fixed
2018-08-12 19:36 ChristianAchatz Fixed in Version => 4.0
2018-08-25 14:42 ChristianAchatz Changeset attached => Import 2018-08-25 14:21:19 master 04ece240