-
Notifications
You must be signed in to change notification settings - Fork 824
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
FIX Generate salt if needed #11158
FIX Generate salt if needed #11158
Conversation
Please create an issue for this and link to it (I've added that section back to the PR template for you), so we can track this. We track issues, not PRs. If this is indeed a bug and affects CMS 4, please target the |
In your reproduction steps you have noted "On a Member without a password" - is that the only scenario where a member doesn't have a salt? |
i added the issue i didn't dive further than my use case, but from the code, it's clear enough:
i think both options make sense, but i'd rather generate a salt unless there is a good reason not to do it there |
I've looked a little deeper into this. If a user does not have a salt, one is generated for them in this flow when saving the record:
Because of this flow, a member with no salt should only occur if that member has been created programatically and has not yet been saved to the database. What is your use case where the above flow doesn't occur? Since there's a |
@GuySartorelli well, the issue was with my admin user in dev mode, so while I fully agree that this should not happen, it technically can. I don't see the advantage of "assuming" there is a salt: either an exception is thrown (there is no salt, and it should not happen) or a salt is generated |
By admin user do you mean the default admin account? As far as the change this PR is making, it seems like if anything should happen it should throw an exception - having a write there seems unexpected, and setting a salt seems like it's just hiding an underlying problem. |
agreed, i updated the PR. Actually by reading the comment above, it seems the original intent is to check that both the PasswordEncryption AND the Salt are available, so that's what I did |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hmm. I can't find what might have caused the salt to be missing on default admin... unless I guess it's on a fairly old project or old DB?
In either case this seems like what the condition should have been in the first place.
Thanks for making this change and for your patience.
Description
Some Members may not have a Salt defined. Yet, it's possible to call
encryptWithUserSettings
nonetheless and the framework will assume a Salt exist. This is not correct, since it will fail to encrypt things properly.I don't see any reason to assume anything and not generate a Salt if needed.
Alternative option if we don't want to generate a salt: at least throw a proper exception explaining that you cannot encrypt with an empty salt instead of assuming there is a valid value there.
Manual testing steps
Issues
#11159
Pull request checklist