2019-10-19 09:37:35 +02:00
|
|
|
<?php
|
2020-06-30 19:05:35 +02:00
|
|
|
|
2019-10-19 09:37:35 +02:00
|
|
|
/**
|
|
|
|
|
* OAuthKeys.php
|
2020-06-30 19:05:35 +02:00
|
|
|
* Copyright (c) 2020 james@firefly-iii.org
|
2019-10-19 09:37:35 +02:00
|
|
|
*
|
|
|
|
|
* This file is part of Firefly III (https://github.com/firefly-iii).
|
|
|
|
|
*
|
|
|
|
|
* This program is free software: you can redistribute it and/or modify
|
|
|
|
|
* it under the terms of the GNU Affero General Public License as
|
|
|
|
|
* published by the Free Software Foundation, either version 3 of the
|
|
|
|
|
* License, or (at your option) any later version.
|
|
|
|
|
*
|
|
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
|
* GNU Affero General Public License for more details.
|
|
|
|
|
*
|
|
|
|
|
* You should have received a copy of the GNU Affero General Public License
|
|
|
|
|
* along with this program. If not, see <https://www.gnu.org/licenses/>.
|
|
|
|
|
*/
|
|
|
|
|
|
2020-06-30 19:05:35 +02:00
|
|
|
declare(strict_types=1);
|
|
|
|
|
|
2019-10-19 09:37:35 +02:00
|
|
|
namespace FireflyIII\Support\System;
|
|
|
|
|
|
2021-12-02 18:14:43 +01:00
|
|
|
use FireflyIII\Exceptions\FireflyException;
|
2025-10-08 06:31:47 +02:00
|
|
|
use FireflyIII\Support\Facades\FireflyConfig;
|
2021-12-21 16:35:28 +01:00
|
|
|
use Illuminate\Contracts\Encryption\DecryptException;
|
2025-05-24 17:15:46 +02:00
|
|
|
use Illuminate\Support\Facades\Artisan;
|
2025-02-23 12:47:04 +01:00
|
|
|
use Illuminate\Support\Facades\Crypt;
|
2026-01-17 16:02:59 +01:00
|
|
|
use Illuminate\Support\Facades\Log;
|
2023-05-29 13:56:55 +02:00
|
|
|
use Laravel\Passport\Console\KeysCommand;
|
2021-12-02 18:14:43 +01:00
|
|
|
use Psr\Container\ContainerExceptionInterface;
|
|
|
|
|
use Psr\Container\NotFoundExceptionInterface;
|
2025-10-05 12:57:58 +02:00
|
|
|
use Safe\Exceptions\FilesystemException;
|
2026-01-17 16:11:09 +01:00
|
|
|
|
2025-05-27 17:06:15 +02:00
|
|
|
use function Safe\file_get_contents;
|
|
|
|
|
use function Safe\file_put_contents;
|
|
|
|
|
|
2019-10-19 09:37:35 +02:00
|
|
|
/**
|
|
|
|
|
* Class OAuthKeys
|
|
|
|
|
*/
|
|
|
|
|
class OAuthKeys
|
|
|
|
|
{
|
2023-12-02 12:56:48 +01:00
|
|
|
private const string PRIVATE_KEY = 'oauth_private_key';
|
|
|
|
|
private const string PUBLIC_KEY = 'oauth_public_key';
|
2019-10-19 09:37:35 +02:00
|
|
|
|
2025-09-26 06:05:37 +02:00
|
|
|
public static function generateKeys(): void
|
2019-10-19 09:37:35 +02:00
|
|
|
{
|
2026-01-17 16:02:59 +01:00
|
|
|
Log::debug('Will now run generateKeys()');
|
2025-09-26 06:05:37 +02:00
|
|
|
Artisan::registerCommand(new KeysCommand());
|
|
|
|
|
Artisan::call('firefly-iii:laravel-passport-keys');
|
2026-01-17 16:02:59 +01:00
|
|
|
Log::debug('Done with generateKeys()');
|
2025-09-26 06:05:37 +02:00
|
|
|
}
|
2021-03-21 09:15:40 +01:00
|
|
|
|
2025-09-26 06:05:37 +02:00
|
|
|
public static function hasKeyFiles(): bool
|
|
|
|
|
{
|
2026-01-17 16:02:59 +01:00
|
|
|
Log::debug('hasKeyFiles()');
|
|
|
|
|
$private = storage_path('oauth-private.key');
|
|
|
|
|
$public = storage_path('oauth-public.key');
|
|
|
|
|
$privateExists = file_exists($private);
|
|
|
|
|
$publicExists = file_exists($public);
|
|
|
|
|
|
|
|
|
|
Log::debug(sprintf('Private key file at "%s" exists? %s', $private, var_export($privateExists, true)));
|
|
|
|
|
Log::debug(sprintf('Public key file at "%s" exists ? %s', $public, var_export($publicExists, true)));
|
|
|
|
|
|
2026-01-23 15:14:29 +01:00
|
|
|
$result = file_exists($private) && file_exists($public);
|
2026-01-17 16:02:59 +01:00
|
|
|
Log::debug(sprintf('Method will return %s', var_export($result, true)));
|
2026-01-17 16:11:09 +01:00
|
|
|
|
2026-01-17 16:02:59 +01:00
|
|
|
return $result;
|
2019-10-19 09:37:35 +02:00
|
|
|
}
|
|
|
|
|
|
2021-03-21 09:15:40 +01:00
|
|
|
public static function keysInDatabase(): bool
|
2019-10-19 09:37:35 +02:00
|
|
|
{
|
2021-12-02 18:14:43 +01:00
|
|
|
$privateKey = '';
|
|
|
|
|
$publicKey = '';
|
|
|
|
|
// better check if keys are in the database:
|
2026-01-17 16:02:59 +01:00
|
|
|
$hasPrivate = FireflyConfig::has(self::PRIVATE_KEY);
|
|
|
|
|
$hasPublic = FireflyConfig::has(self::PUBLIC_KEY);
|
|
|
|
|
|
|
|
|
|
Log::debug(sprintf('keysInDatabase: hasPrivate:%s, hasPublic:%s', var_export($hasPrivate, true), var_export($hasPublic, true)));
|
|
|
|
|
|
|
|
|
|
if ($hasPrivate && $hasPublic) {
|
2021-12-02 18:14:43 +01:00
|
|
|
try {
|
2026-01-23 15:09:50 +01:00
|
|
|
$privateKey = trim((string) FireflyConfig::get(self::PRIVATE_KEY)?->data);
|
|
|
|
|
$publicKey = trim((string) FireflyConfig::get(self::PUBLIC_KEY)?->data);
|
2026-01-17 16:11:09 +01:00
|
|
|
} catch (ContainerExceptionInterface|FireflyException|NotFoundExceptionInterface $e) {
|
2025-11-09 09:08:03 +01:00
|
|
|
Log::error(sprintf('Could not validate keysInDatabase(): %s', $e->getMessage()));
|
|
|
|
|
Log::error($e->getTraceAsString());
|
2021-12-02 18:14:43 +01:00
|
|
|
}
|
|
|
|
|
}
|
2026-01-17 16:02:59 +01:00
|
|
|
if ('' === $privateKey) {
|
|
|
|
|
Log::warning('Private key in DB is unexpectedly an empty string.');
|
|
|
|
|
}
|
|
|
|
|
if ('' === $publicKey) {
|
|
|
|
|
Log::warning('Public key in DB is unexpectedly an empty string.');
|
|
|
|
|
}
|
|
|
|
|
if ('' !== $privateKey) {
|
|
|
|
|
Log::debug(sprintf('SHA2 hash of private key in DB: %s', hash('sha256', $privateKey)));
|
|
|
|
|
}
|
|
|
|
|
if ('' !== $publicKey) {
|
|
|
|
|
Log::debug(sprintf('SHA2 hash of public key in DB : %s', hash('sha256', $publicKey)));
|
|
|
|
|
}
|
2026-01-23 15:14:29 +01:00
|
|
|
$return = '' !== $privateKey && '' !== $publicKey;
|
2026-01-17 16:02:59 +01:00
|
|
|
Log::debug(sprintf('keysInDatabase will return %s', var_export($return, true)));
|
2025-11-09 09:11:55 +01:00
|
|
|
|
2026-01-17 16:02:59 +01:00
|
|
|
return $return;
|
2019-10-19 09:37:35 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
2025-10-05 12:57:58 +02:00
|
|
|
* @throws ContainerExceptionInterface
|
2022-03-29 15:10:05 +02:00
|
|
|
* @throws FireflyException
|
2025-10-05 12:57:58 +02:00
|
|
|
* @throws NotFoundExceptionInterface
|
|
|
|
|
* @throws FilesystemException
|
2019-10-19 09:37:35 +02:00
|
|
|
*/
|
2021-12-21 16:35:28 +01:00
|
|
|
public static function restoreKeysFromDB(): bool
|
2019-10-19 09:37:35 +02:00
|
|
|
{
|
2026-01-17 16:02:59 +01:00
|
|
|
Log::debug('restoreKeysFromDB()');
|
2026-01-23 15:09:50 +01:00
|
|
|
$privateKey = (string) FireflyConfig::get(self::PRIVATE_KEY)?->data;
|
|
|
|
|
$publicKey = (string) FireflyConfig::get(self::PUBLIC_KEY)?->data;
|
2023-12-20 19:35:52 +01:00
|
|
|
|
2026-01-17 16:02:59 +01:00
|
|
|
if ('' === $privateKey) {
|
|
|
|
|
Log::warning('Private key is not in the database.');
|
|
|
|
|
}
|
|
|
|
|
if ('' === $publicKey) {
|
|
|
|
|
Log::warning('Public key is not in the database.');
|
|
|
|
|
}
|
|
|
|
|
|
2021-12-21 16:35:28 +01:00
|
|
|
try {
|
2026-01-17 16:02:59 +01:00
|
|
|
$privateContent = trim(Crypt::decrypt($privateKey));
|
|
|
|
|
$publicContent = trim(Crypt::decrypt($publicKey));
|
2022-03-29 15:00:29 +02:00
|
|
|
} catch (DecryptException $e) {
|
2025-11-09 09:08:03 +01:00
|
|
|
Log::error('Could not decrypt pub/private keypair.');
|
|
|
|
|
Log::error($e->getMessage());
|
2021-12-21 16:35:28 +01:00
|
|
|
|
|
|
|
|
// delete config vars from DB:
|
2025-10-08 06:31:47 +02:00
|
|
|
FireflyConfig::delete(self::PRIVATE_KEY);
|
|
|
|
|
FireflyConfig::delete(self::PUBLIC_KEY);
|
2026-01-17 16:02:59 +01:00
|
|
|
Log::debug('Done with generateKeysFromDB(), return FALSE');
|
2026-01-17 16:11:09 +01:00
|
|
|
|
2021-12-21 16:35:28 +01:00
|
|
|
return false;
|
|
|
|
|
}
|
2026-01-23 15:14:29 +01:00
|
|
|
$private = storage_path('oauth-private.key');
|
|
|
|
|
$public = storage_path('oauth-public.key');
|
2025-05-27 17:06:15 +02:00
|
|
|
file_put_contents($private, $privateContent);
|
|
|
|
|
file_put_contents($public, $publicContent);
|
2023-12-20 19:35:52 +01:00
|
|
|
|
2026-01-17 16:02:59 +01:00
|
|
|
Log::debug(sprintf('Will store private key with hash "%s" in file "%s"', hash('sha256', $privateContent), $private));
|
|
|
|
|
Log::debug(sprintf('Will store public key with hash "%s" in file "%s"', hash('sha256', $publicContent), $public));
|
|
|
|
|
Log::debug('Done with generateKeysFromDB()');
|
|
|
|
|
|
2021-12-21 16:35:28 +01:00
|
|
|
return true;
|
2019-10-19 09:37:35 +02:00
|
|
|
}
|
2025-09-26 06:05:37 +02:00
|
|
|
|
|
|
|
|
public static function storeKeysInDB(): void
|
|
|
|
|
{
|
2026-01-17 16:02:59 +01:00
|
|
|
$private = storage_path('oauth-private.key');
|
|
|
|
|
$public = storage_path('oauth-public.key');
|
|
|
|
|
$privateContent = file_get_contents($private);
|
|
|
|
|
$publicContent = file_get_contents($public);
|
|
|
|
|
FireflyConfig::set(self::PRIVATE_KEY, Crypt::encrypt($privateContent));
|
|
|
|
|
FireflyConfig::set(self::PUBLIC_KEY, Crypt::encrypt($publicContent));
|
|
|
|
|
|
2026-01-23 15:09:50 +01:00
|
|
|
Log::debug(sprintf(
|
|
|
|
|
'Will store the content of file "%s" as "%s" in the database (hash: %s)',
|
|
|
|
|
$private,
|
|
|
|
|
self::PRIVATE_KEY,
|
|
|
|
|
hash('sha256', $privateContent)
|
|
|
|
|
));
|
|
|
|
|
Log::debug(sprintf(
|
|
|
|
|
'Will store the content of file "%s" as "%s" in the database (hash: %s)',
|
|
|
|
|
$public,
|
|
|
|
|
self::PUBLIC_KEY,
|
|
|
|
|
hash('sha256', $publicContent)
|
|
|
|
|
));
|
2025-09-26 06:05:37 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public static function verifyKeysRoutine(): void
|
|
|
|
|
{
|
|
|
|
|
if (!self::keysInDatabase() && !self::hasKeyFiles()) {
|
|
|
|
|
self::generateKeys();
|
|
|
|
|
self::storeKeysInDB();
|
|
|
|
|
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
if (self::keysInDatabase() && !self::hasKeyFiles()) {
|
|
|
|
|
self::restoreKeysFromDB();
|
|
|
|
|
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
if (!self::keysInDatabase() && self::hasKeyFiles()) {
|
|
|
|
|
self::storeKeysInDB();
|
|
|
|
|
}
|
|
|
|
|
}
|
2020-05-30 07:33:06 +02:00
|
|
|
}
|
