diff --git a/database/factories/DbSourceFactory.php b/database/factories/DbSourceFactory.php index ac4ebe6cc..de9db69ad 100644 --- a/database/factories/DbSourceFactory.php +++ b/database/factories/DbSourceFactory.php @@ -22,7 +22,7 @@ $factory->define(\ProcessMaker\Model\DbSource::class, function(Faker $faker) { /** * @todo WHY figure out there's a magic value to the encryption here */ - 'DBS_PASSWORD' => \G::encrypt( $faker->password, $dbName) . "_2NnV3ujj3w", + 'DBS_PASSWORD' => \G::encrypt( $faker->password, $dbName, false, false) . "_2NnV3ujj3w", 'DBS_PORT' => $faker->numberBetween(1000, 9000), 'DBS_ENCODE' => 'utf8', // @todo Perhaps grab this from our definitions in DbConnections 'DBS_CONNECTION_TYPE' => 'NORMAL', // @todo Determine what this value means diff --git a/gulliver/system/class.g.php b/gulliver/system/class.g.php index 658466d62..cb7d4e3f3 100644 --- a/gulliver/system/class.g.php +++ b/gulliver/system/class.g.php @@ -379,12 +379,12 @@ class G * @param string $string * @param string $key * @param bool $urlSafe if it is used in url - * + * @param bool $verifyPipe * @return string */ - public static function encrypt($string, $key, $urlSafe = false) + public static function encrypt($string, $key, $urlSafe = false, $verifyPipe = true) { - if (strpos($string, '|', 0) !== false) { + if ($verifyPipe === true && strpos($string, '|', 0) !== false) { return $string; } $result = ''; diff --git a/gulliver/system/class.rbac.php b/gulliver/system/class.rbac.php index 02d0af81e..457ae5c3e 100644 --- a/gulliver/system/class.rbac.php +++ b/gulliver/system/class.rbac.php @@ -1762,6 +1762,7 @@ class RBAC $dataCase['AUTH_SOURCE_PASSWORD'] = G::encrypt( $dataCase['AUTH_SOURCE_PASSWORD'], $dataCase['AUTH_SOURCE_SERVER_NAME'] + ,false, false ) . "_2NnV3ujj3w"; $this->authSourcesObj->create($dataCase); } @@ -1780,6 +1781,7 @@ class RBAC $dataCase['AUTH_SOURCE_PASSWORD'] = G::encrypt( $dataCase['AUTH_SOURCE_PASSWORD'], $dataCase['AUTH_SOURCE_SERVER_NAME'] + , false, false ) . "_2NnV3ujj3w"; $this->authSourcesObj->update($dataCase); } diff --git a/tests/Feature/DBQueryTest.php b/tests/Feature/DBQueryTest.php index 00b15c367..a1bcc7d6e 100644 --- a/tests/Feature/DBQueryTest.php +++ b/tests/Feature/DBQueryTest.php @@ -63,7 +63,7 @@ class DBQueryTest extends TestCase 'DBS_PORT' => '3306', 'DBS_USERNAME' => config('database.connections.testexternal.username'), // Remember, we have to do some encryption here @see DbSourceFactory.php - 'DBS_PASSWORD' => \G::encrypt(env('DB_PASSWORD'), config('database.connections.testexternal.database')) . "_2NnV3ujj3w", + 'DBS_PASSWORD' => \G::encrypt(env('DB_PASSWORD'), config('database.connections.testexternal.database'), false, false) . "_2NnV3ujj3w", 'DBS_DATABASE_NAME' => config('database.connections.testexternal.database'), 'PRO_UID' => $process->PRO_UID ]); @@ -98,7 +98,7 @@ class DBQueryTest extends TestCase 'DBS_TYPE' => 'mssql', 'DBS_USERNAME' => env('MSSQL_USERNAME'), // Remember, we have to do some encryption here @see DbSourceFactory.php - 'DBS_PASSWORD' => \G::encrypt(env('MSSQL_PASSWORD'), env('MSSQL_DATABASE')) . "_2NnV3ujj3w", + 'DBS_PASSWORD' => \G::encrypt(env('MSSQL_PASSWORD'), env('MSSQL_DATABASE'), false, false) . "_2NnV3ujj3w", 'DBS_DATABASE_NAME' => env('MSSQL_DATABASE'), 'PRO_UID' => $process->PRO_UID ]); diff --git a/tests/unit/workflow/engine/classes/DbConnectionsTest.php b/tests/unit/workflow/engine/classes/DbConnectionsTest.php index d15fa07b1..eb8509038 100644 --- a/tests/unit/workflow/engine/classes/DbConnectionsTest.php +++ b/tests/unit/workflow/engine/classes/DbConnectionsTest.php @@ -38,7 +38,7 @@ class DbConnectionsTest extends TestCase 'DBS_SERVER' => env('DB_HOST'), 'DBS_DATABASE_NAME' => $dbName, 'DBS_USERNAME' => env('DB_USERNAME'), - 'DBS_PASSWORD' => G::encrypt(env('DB_PASSWORD'), $dbName) . "_2NnV3ujj3w", + 'DBS_PASSWORD' => G::encrypt(env('DB_PASSWORD'), $dbName, false, false) . "_2NnV3ujj3w", 'DBS_PORT' => '3306', ]); @@ -69,7 +69,7 @@ class DbConnectionsTest extends TestCase 'DBS_SERVER' => env('DB_HOST'), 'DBS_DATABASE_NAME' => $dbName, 'DBS_USERNAME' => env('DB_USERNAME'), - 'DBS_PASSWORD' => G::encrypt(env('DB_PASSWORD'), $dbName) . "_2NnV3ujj3w", + 'DBS_PASSWORD' => G::encrypt(env('DB_PASSWORD'), $dbName, false, false) . "_2NnV3ujj3w", 'DBS_PORT' => '3306', ]); @@ -97,7 +97,7 @@ class DbConnectionsTest extends TestCase 'DBS_SERVER' => env('DB_HOST'), 'DBS_DATABASE_NAME' => $dbName, 'DBS_USERNAME' => env('DB_USERNAME'), - 'DBS_PASSWORD' => G::encrypt(env('DB_PASSWORD'), $dbName) . "_2NnV3ujj3w", + 'DBS_PASSWORD' => G::encrypt(env('DB_PASSWORD'), $dbName, false, false) . "_2NnV3ujj3w", 'DBS_PORT' => '3306', ]); diff --git a/tests/unit/workflow/engine/classes/PmFunctions/ExecuteQueryTest.php b/tests/unit/workflow/engine/classes/PmFunctions/ExecuteQueryTest.php index 5bc7cccfb..cc839a6f2 100644 --- a/tests/unit/workflow/engine/classes/PmFunctions/ExecuteQueryTest.php +++ b/tests/unit/workflow/engine/classes/PmFunctions/ExecuteQueryTest.php @@ -230,7 +230,7 @@ class ExecuteQueryTest extends TestCase 'DBS_SERVER' => env('DB_HOST'), 'DBS_DATABASE_NAME' => $dbName, 'DBS_USERNAME' => env('DB_USERNAME'), - 'DBS_PASSWORD' => G::encrypt(env('DB_PASSWORD'), $dbName) . "_2NnV3ujj3w", + 'DBS_PASSWORD' => G::encrypt(env('DB_PASSWORD'), $dbName, false, false) . "_2NnV3ujj3w", 'DBS_PORT' => '3306', ]); @@ -259,7 +259,7 @@ class ExecuteQueryTest extends TestCase 'DBS_SERVER' => 'localhost', 'DBS_DATABASE_NAME' => $dbName, 'DBS_USERNAME' => env('DB_USERNAME'), - 'DBS_PASSWORD' => G::encrypt(env('DB_PASSWORD'), $dbName) . "_2NnV3ujj3w", + 'DBS_PASSWORD' => G::encrypt(env('DB_PASSWORD'), $dbName, false, false) . "_2NnV3ujj3w", 'DBS_PORT' => '1521', ]); diff --git a/tests/unit/workflow/engine/classes/model/AdditionalTablesTest.php b/tests/unit/workflow/engine/classes/model/AdditionalTablesTest.php index 49a80ccba..fed8a2ff3 100644 --- a/tests/unit/workflow/engine/classes/model/AdditionalTablesTest.php +++ b/tests/unit/workflow/engine/classes/model/AdditionalTablesTest.php @@ -141,7 +141,7 @@ class AdditionalTablesTest extends TestCase 'DBS_SERVER' => env('DB_HOST'), 'DBS_DATABASE_NAME' => env('DB_DATABASE'), 'DBS_USERNAME' => env('DB_USERNAME'), - 'DBS_PASSWORD' => G::encrypt(env('DB_PASSWORD'), env('DB_DATABASE')) . "_2NnV3ujj3w", + 'DBS_PASSWORD' => G::encrypt(env('DB_PASSWORD'), env('DB_DATABASE'), false, false) . "_2NnV3ujj3w", 'DBS_PORT' => '3306', 'DBS_CONNECTION_TYPE' => 'NORMAL' ]); @@ -159,7 +159,7 @@ class AdditionalTablesTest extends TestCase 'DBS_SERVER' => config('database.connections.testexternal.host'), 'DBS_DATABASE_NAME' => config('database.connections.testexternal.database'), 'DBS_USERNAME' => config('database.connections.testexternal.username'), - 'DBS_PASSWORD' => G::encrypt(config('database.connections.testexternal.password'), config('database.connections.testexternal.database')) . "_2NnV3ujj3w", + 'DBS_PASSWORD' => G::encrypt(config('database.connections.testexternal.password'), config('database.connections.testexternal.database'), false, false) . "_2NnV3ujj3w", 'DBS_PORT' => '3306', 'DBS_CONNECTION_TYPE' => 'NORMAL' ]); @@ -232,7 +232,7 @@ class AdditionalTablesTest extends TestCase 'DBS_SERVER' => env('DB_HOST'), 'DBS_DATABASE_NAME' => env('DB_DATABASE'), 'DBS_USERNAME' => env('DB_USERNAME'), - 'DBS_PASSWORD' => G::encrypt(env('DB_PASSWORD'), env('DB_DATABASE')) . "_2NnV3ujj3w", + 'DBS_PASSWORD' => G::encrypt(env('DB_PASSWORD'), env('DB_DATABASE'), false, false) . "_2NnV3ujj3w", 'DBS_PORT' => '3306', 'DBS_CONNECTION_TYPE' => 'NORMAL' ]); @@ -250,7 +250,7 @@ class AdditionalTablesTest extends TestCase 'DBS_SERVER' => config('database.connections.testexternal.host'), 'DBS_DATABASE_NAME' => config('database.connections.testexternal.database'), 'DBS_USERNAME' => config('database.connections.testexternal.username'), - 'DBS_PASSWORD' => G::encrypt(config('database.connections.testexternal.password'), config('database.connections.testexternal.database')) . "_2NnV3ujj3w", + 'DBS_PASSWORD' => G::encrypt(config('database.connections.testexternal.password'), config('database.connections.testexternal.database'), false, false) . "_2NnV3ujj3w", 'DBS_PORT' => '3306', 'DBS_CONNECTION_TYPE' => 'NORMAL' ]); diff --git a/workflow/engine/classes/DbConnections.php b/workflow/engine/classes/DbConnections.php index b716f9d94..1a659f1dc 100644 --- a/workflow/engine/classes/DbConnections.php +++ b/workflow/engine/classes/DbConnections.php @@ -480,7 +480,7 @@ class DbConnections if ($row[2] != '') { $aPass = explode('_', $row[2]); if (count($aPass) == 1) { - $passEncrypt = G::encrypt($row[2], $row[1]); + $passEncrypt = G::encrypt($row[2], $row[1], false, false); $passEncrypt .= "_2NnV3ujj3w"; $c2 = new Criteria('workflow'); $c2->add(DbSourcePeer::DBS_PASSWORD, $passEncrypt); diff --git a/workflow/engine/methods/dbConnections/dbConnectionsAjax.php b/workflow/engine/methods/dbConnections/dbConnectionsAjax.php index 3f6b043ae..1e0e290a6 100644 --- a/workflow/engine/methods/dbConnections/dbConnectionsAjax.php +++ b/workflow/engine/methods/dbConnections/dbConnectionsAjax.php @@ -1,36 +1,5 @@ . - * - * For more information, contact Colosa Inc, 2566 Le Jeune Rd., - * Coral Gables, FL, 33134, USA, or email info@colosa.com. - */ - -/* - * Data base connections routines for ajax request - * @Author Erik Amaru Ortiz - * @Last update May 20th, 2009 - * @Param var action from POST request - */ - - $filter = new InputFilter(); $_POST = $filter->xssFilterHard($_POST); @@ -139,45 +108,90 @@ switch ($action) { G::RenderPage( 'publish', 'raw' ); break; case 'saveEditConnection': - $oDBSource = new DbSource(); - $oContent = new Content(); - if (strpos( $_POST['server'], "\\" )) { + $dBSource = new DbSource(); + $content = new Content(); + if (strpos($_POST['server'], "\\")) { $_POST['port'] = 'none'; } - $flagTns = ($_POST["type"] == "oracle" && $_POST["connectionType"] == "TNS")? 1 : 0; + $flagTns = ($_POST["type"] == "oracle" && $_POST["connectionType"] == "TNS") ? 1 : 0; if ($flagTns == 0) { $_POST["connectionType"] = "NORMAL"; - $aData = array("DBS_UID" => $_POST["dbs_uid"], "PRO_UID" => $_SESSION["PROCESS"], "DBS_TYPE" => $_POST["type"], "DBS_SERVER" => $_POST["server"], "DBS_DATABASE_NAME" => $_POST["db_name"], "DBS_USERNAME" => $_POST["user"], "DBS_PASSWORD" => (($_POST["passwd"] == "none")? "" : G::encrypt($_POST["passwd"], $_POST["db_name"])) . "_2NnV3ujj3w", "DBS_PORT" => (($_POST["port"] == "none")? "" : $_POST["port"]), "DBS_ENCODE" => $_POST["enc"], "DBS_CONNECTION_TYPE" => $_POST["connectionType"], "DBS_TNS" => ""); + $data = [ + "DBS_UID" => $_POST["dbs_uid"], + "PRO_UID" => $_SESSION["PROCESS"], "DBS_TYPE" => $_POST["type"], + "DBS_SERVER" => $_POST["server"], + "DBS_DATABASE_NAME" => $_POST["db_name"], + "DBS_USERNAME" => $_POST["user"], + "DBS_PASSWORD" => (($_POST["passwd"] == "none") ? "" : G::encrypt($_POST["passwd"], $_POST["db_name"], false, false)) . "_2NnV3ujj3w", + "DBS_PORT" => (($_POST["port"] == "none") ? "" : $_POST["port"]), + "DBS_ENCODE" => $_POST["enc"], + "DBS_CONNECTION_TYPE" => $_POST["connectionType"], + "DBS_TNS" => "" + ]; } else { - $aData = array("DBS_UID" => $_POST["dbs_uid"], "PRO_UID" => $_SESSION["PROCESS"], "DBS_TYPE" => $_POST["type"], "DBS_SERVER" => "", "DBS_DATABASE_NAME" => "", "DBS_USERNAME" => $_POST["user"], "DBS_PASSWORD" => (($_POST["passwd"] == "none")? "" : G::encrypt($_POST["passwd"], $_POST["tns"])) . "_2NnV3ujj3w", "DBS_PORT" => "", "DBS_ENCODE" => "", "DBS_CONNECTION_TYPE" => $_POST["connectionType"], "DBS_TNS" => $_POST["tns"]); + $data = [ + "DBS_UID" => $_POST["dbs_uid"], + "PRO_UID" => $_SESSION["PROCESS"], + "DBS_TYPE" => $_POST["type"], + "DBS_SERVER" => "", + "DBS_DATABASE_NAME" => "", + "DBS_USERNAME" => $_POST["user"], + "DBS_PASSWORD" => (($_POST["passwd"] == "none") ? "" : G::encrypt($_POST["passwd"], $_POST["tns"], false, false)) . "_2NnV3ujj3w", + "DBS_PORT" => "", + "DBS_ENCODE" => "", + "DBS_CONNECTION_TYPE" => $_POST["connectionType"], + "DBS_TNS" => $_POST["tns"] + ]; } - $oDBSource->update( $aData ); - $oContent->addContent( 'DBS_DESCRIPTION', '', $_POST['dbs_uid'], SYS_LANG, $_POST['desc'] ); + $dBSource->update($data); + $content->addContent('DBS_DESCRIPTION', '', $_POST['dbs_uid'], SYS_LANG, $_POST['desc']); break; case 'saveConnection': - $oDBSource = new DbSource(); - $oContent = new Content(); - if (strpos( $_POST['server'], "\\" )) { + $dBSource = new DbSource(); + $content = new Content(); + if (strpos($_POST['server'], "\\")) { $_POST['port'] = 'none'; } - $flagTns = ($_POST["type"] == "oracle" && $_POST["connectionType"] == "TNS")? 1 : 0; + $flagTns = ($_POST["type"] == "oracle" && $_POST["connectionType"] == "TNS") ? 1 : 0; if ($flagTns == 0) { $_POST["connectionType"] = "NORMAL"; - $aData = array("PRO_UID" => $_SESSION["PROCESS"], "DBS_TYPE" => $_POST["type"], "DBS_SERVER" => $_POST["server"], "DBS_DATABASE_NAME" => $_POST["db_name"], "DBS_USERNAME" => $_POST["user"], "DBS_PASSWORD" => (($_POST["passwd"] == "none")? "" : G::encrypt($_POST["passwd"], $_POST["db_name"])) . "_2NnV3ujj3w", "DBS_PORT" => (($_POST["port"] == "none") ? "" : $_POST["port"]), "DBS_ENCODE" => $_POST["enc"], "DBS_CONNECTION_TYPE" => $_POST["connectionType"], "DBS_TNS" => ""); + $data = [ + "PRO_UID" => $_SESSION["PROCESS"], + "DBS_TYPE" => $_POST["type"], + "DBS_SERVER" => $_POST["server"], + "DBS_DATABASE_NAME" => $_POST["db_name"], + "DBS_USERNAME" => $_POST["user"], + "DBS_PASSWORD" => (($_POST["passwd"] == "none") ? "" : G::encrypt($_POST["passwd"], $_POST["db_name"], false, false)) . "_2NnV3ujj3w", + "DBS_PORT" => (($_POST["port"] == "none") ? "" : $_POST["port"]), + "DBS_ENCODE" => $_POST["enc"], + "DBS_CONNECTION_TYPE" => $_POST["connectionType"], + "DBS_TNS" => "" + ]; } else { - $aData = array("PRO_UID" => $_SESSION["PROCESS"], "DBS_TYPE" => $_POST["type"], "DBS_SERVER" => "", "DBS_DATABASE_NAME" => "", "DBS_USERNAME" => $_POST["user"], "DBS_PASSWORD" => (($_POST["passwd"] == "none")? "" : G::encrypt($_POST["passwd"], $_POST["tns"])) . "_2NnV3ujj3w", "DBS_PORT" => "", "DBS_ENCODE" => "", "DBS_CONNECTION_TYPE" => $_POST["connectionType"], "DBS_TNS" => $_POST["tns"]); + $data = [ + "PRO_UID" => $_SESSION["PROCESS"], + "DBS_TYPE" => $_POST["type"], + "DBS_SERVER" => "", + "DBS_DATABASE_NAME" => "", + "DBS_USERNAME" => $_POST["user"], + "DBS_PASSWORD" => (($_POST["passwd"] == "none") ? "" : G::encrypt($_POST["passwd"], $_POST["tns"], false, false)) . "_2NnV3ujj3w", + "DBS_PORT" => "", + "DBS_ENCODE" => "", + "DBS_CONNECTION_TYPE" => $_POST["connectionType"], + "DBS_TNS" => $_POST["tns"] + ]; } - $newid = $oDBSource->create( $aData ); + $newId = $dBSource->create($data); $sDelimiter = DBAdapter::getStringDelimiter(); - $oContent->addContent( 'DBS_DESCRIPTION', '', $newid, SYS_LANG, $_POST['desc'] ); + $content->addContent('DBS_DESCRIPTION', '', $newId, SYS_LANG, $_POST['desc']); break; case 'deleteDbConnection': $result = new stdclass(); diff --git a/workflow/engine/src/ProcessMaker/BusinessModel/DataBaseConnection.php b/workflow/engine/src/ProcessMaker/BusinessModel/DataBaseConnection.php index 7de7208af..a1001eeea 100644 --- a/workflow/engine/src/ProcessMaker/BusinessModel/DataBaseConnection.php +++ b/workflow/engine/src/ProcessMaker/BusinessModel/DataBaseConnection.php @@ -198,9 +198,9 @@ class DataBaseConnection $dataDBConnection['DBS_PASSWORD'] = ''; } else { if ($flagTns == 0) { - $pass = G::encrypt( $dataDBConnection["DBS_PASSWORD"], $dataDBConnection["DBS_DATABASE_NAME"]) . "_2NnV3ujj3w"; + $pass = G::encrypt( $dataDBConnection["DBS_PASSWORD"], $dataDBConnection["DBS_DATABASE_NAME"], false, false) . "_2NnV3ujj3w"; } else { - $pass = G::encrypt($dataDBConnection["DBS_PASSWORD"], $dataDBConnection["DBS_TNS"]) . "_2NnV3ujj3w"; + $pass = G::encrypt($dataDBConnection["DBS_PASSWORD"], $dataDBConnection["DBS_TNS"], false, false) . "_2NnV3ujj3w"; } $dataDBConnection['DBS_PASSWORD'] = $pass;