Actions
Defect #30171
closed
Decrypting LDAP and SCM passwords fail if the plaintext password is longer than 31 bytes
Start date:
Due date:
% Done:
0%
Estimated time:
Resolution:
Fixed
Affected version:
Description
This issue is originally reported to the community repository on GitHub by Nik Il.
https://github.com/redmine/redmine/pull/112/files
encode64 adds \n every 60 symbols, switch to strict_encode64 method, because .strip not working
Files
Related issues
Updated by Go MAEDA over 5 years ago
- Related to Feature #7411: Option to cipher LDAP ans SCM passwords stored in the database added
Updated by Go MAEDA over 5 years ago
- Subject changed from Passwords encryption does not work if the password is longer than 31 characters to Passwords encryption does not work if the password is longer than 31 bytes
Updated by Go MAEDA over 5 years ago
- Status changed from New to Confirmed
Confirmed the problem.
Index: test/unit/lib/redmine/ciphering_test.rb
===================================================================
--- test/unit/lib/redmine/ciphering_test.rb (revision 17702)
+++ test/unit/lib/redmine/ciphering_test.rb (working copy)
@@ -92,15 +92,16 @@
end
def test_decrypt_all
+ long_password = SecureRandom.alphanumeric(32)
Repository.delete_all
Redmine::Configuration.with 'database_cipher_key' => 'secret' do
Repository::Subversion.create!(:password => 'foo', :url => 'file:///tmp', :identifier => 'foo')
- Repository::Subversion.create!(:password => 'bar', :url => 'file:///tmp', :identifier => 'bar')
+ Repository::Subversion.create!(:password => long_password, :url => 'file:///tmp', :identifier => 'bar')
assert Repository.decrypt_all(:password)
r = Repository.order('id DESC').first
- assert_equal 'bar', r.password
- assert_equal 'bar', r.read_attribute(:password)
+ assert_equal long_password, r.password
+ assert_equal long_password, r.read_attribute(:password)
end
end
end
laphroaig:redmine-trunk maeda$ ruby test/unit/lib/redmine/ciphering_test.rb Run options: --seed 15544 # Running: .F Failure: Redmine::CipheringTest#test_decrypt_all [test/unit/lib/redmine/ciphering_test.rb:103]: --- expected +++ actual @@ -1,2 +1,2 @@ -# encoding: US-ASCII -"YW1zLuz0jcoHerKvHsApD9GVCrRMKXc8" +"aes-256-cbc:a99hBE62VjbiZNoexSoakctQIKCAO31BoSVOw5krfBF24VUoMBpzrsytazMl +tP+j--+TqRamucQbcZfeaeGIBLxA==" bin/rails test test/unit/lib/redmine/ciphering_test.rb:94 ...... Finished in 0.354780s, 22.5492 runs/s, 42.2797 assertions/s. 8 runs, 15 assertions, 1 failures, 0 errors, 0 skips
Updated by Federico Vera over 5 years ago
This issue also affected Vault Plugin and was fixed in Issue 43
Since Vault uses Redmine's encryption, perhaps it could help.
Regards
Updated by Go MAEDA over 5 years ago
- File test-for-30171.diff test-for-30171.diff added
Updated the test in order to catch the problem.
Updated by Go MAEDA over 5 years ago
- Subject changed from Passwords encryption does not work if the password is longer than 31 bytes to Decrypting LDAP and SCM passwords fail if the plaintext password is longer than 31 bytes
- Status changed from Confirmed to Resolved
- Resolution set to Fixed
Committed the patches.
Actions