Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Converts the CryptoExceptions into session messages. #26444

Merged
merged 1 commit into from
Jun 20, 2023
Merged

Converts the CryptoExceptions into session messages. #26444

merged 1 commit into from
Jun 20, 2023

Conversation

VangelisP
Copy link
Contributor

Overview

Converts the CryptoExceptions into session messages. Please see https://lab.civicrm.org/dev/core/-/issues/4308 for more information

Before

If you change the CIVICRM_CRED_KEYS variable (or clone the site), access to /civicrm/admin/setting/smtp?reset=1 is producing a WSOD due to the key change

After

Gain access to /civicrm/admin/setting/smtp?reset=1 but also warn the user that his/her key is invalid and needs to re-enter it.

@civibot
Copy link

civibot bot commented Jun 5, 2023

(Standard links)

@civibot civibot bot added the master label Jun 5, 2023
@totten
Copy link
Member

totten commented Jun 6, 2023
edited
Loading

For the purposes of /civicrm/admin/setting/smtp?reset=1, I agree this looks better. I like that the message even gets translated here. For this screen, it is fair to show a UI message and fill smtpPassword with some placeholder (like null or "" or the raw ciphertext).

But I'm skeptical about straight substitution of CryptoException with setStatus(). The essential issue is that there are multiple paths to that line, and I think it's going to trade one problem for another. Some examples:

  • This status check uses the exception to detect whether SIGN key is working. Without the exception, the status-message won't be reported properly. (EDIT: I haven't r-run with the patch. But in HEAD, it looks to be this exact exception that it relies on.)
  • The error-condition (bad-key; due to prod<=>staging; or due to mangled key-rotation; or due to other misconfiguration) would also affect background-operations, such as email-blasts or membership-reminders. There is no "session" where it can display the notice, so the notice would be dropped. Execution would proceed with some dummy value -- and then fail in some arbitrary/chaotic way. It seems better IMHO for these to fail with the exception (because that's easier to debug).

Would it make sense to you if the setting form caught the exception and then passed it to the UI (e.g. setStatus($e->getMessage()))?

@VangelisP
Copy link
Contributor Author

Hi @totten , I was almost certain that there were more things happening in the backend but i didn't knew how many and where. Your suggestion is way more optimized and efficient and does the job (just tested it) equally because I do get what I want to get (a notification to the admin(s) about the invalid key).

I will rework my patch to do that instead.

Many thanks!

@totten
Copy link
Member

totten commented Jun 20, 2023

Thank you, @VangelisP! I tried it out, and it seems to work well.

All tests passed. Merging.

@totten totten merged commit c53925b into civicrm:master Jun 20, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
master
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@VangelisP @totten