feat(Settings): Removed encrypted Settings. Use symfony:secret to sto…

…re secrets. BREAKING CHANGE: Setting encryption and crypto keys have been dropped, migrate all your secrets to symfony:secrets to get only one secure vault. Remove any crypto configuration from `config/packages/roadiz_core.yml`: ```yaml security: private_key_name: default ```
roadiz · Feb 14, 2024 · ccec892 · ccec892
1 parent 18edbeb
commit ccec892
Show file tree

Hide file tree

Showing 18 changed files with 37 additions and 511 deletions.
diff --git a/composer.json b/composer.json
@@ -66,7 +66,6 @@
         "psr/cache": ">=1.0.1",
         "psr/log": ">=1.1",
         "ramsey/uuid": "^4.7",
-        "rezozero/crypto": "^1.0.0",
         "rezozero/intervention-request-bundle": "~3.0.0",
         "rezozero/liform-bundle": "^0.19",
         "rezozero/tree-walker": "^1.3.0",

diff --git a/config/packages/roadiz_core.yaml b/config/packages/roadiz_core.yaml
@@ -5,8 +5,6 @@ roadiz_core:
     staticDomainName: ~
     documentsLibDir: 'lib/Documents/src'
     useNativeJsonColumnType: true
-    security:
-        private_key_name: default
     medias:
         unsplash_client_id: '%env(string:APP_UNSPLASH_CLIENT_ID)%'
         soundcloud_client_id: '%env(string:APP_SOUNDCLOUD_CLIENT_ID)%'

diff --git a/lib/RoadizCoreBundle/composer.json b/lib/RoadizCoreBundle/composer.json
@@ -39,7 +39,6 @@
         "phpdocumentor/reflection-docblock": "^5.2",
         "phpoffice/phpspreadsheet": "^1.15",
         "ramsey/uuid": "^4.7",
-        "rezozero/crypto": "^1.0.0",
         "rezozero/intervention-request-bundle": "~3.0.0",
         "rezozero/liform-bundle": "^0.19",
         "rezozero/tree-walker": "^1.3.0",

diff --git a/lib/RoadizCoreBundle/config/fixtures/settings.json b/lib/RoadizCoreBundle/config/fixtures/settings.json
@@ -2,7 +2,6 @@
     {
         "name": "force_locale",
         "visible": true,
-        "encrypted": false,
         "description": "Force displaying translation locale in every node’ paths. This should be *ON* if you redirect users based on their language on homepage.",
         "setting_group": {
             "name": "Development",
@@ -15,7 +14,6 @@
         "name": "force_locale_with_urlaliases",
         "description": "force_locale_with_urlaliases.help",
         "visible": true,
-        "encrypted": false,
         "setting_group": {
             "name": "Development",
             "in_menu": true
@@ -25,7 +23,6 @@
     {
         "name": "leaflet_map_tile_url",
         "value": "https:\/\/{s}.tile.osm.org\/{z}\/{x}\/{y}.png",
-        "encrypted": false,
         "description": "Default maps tiles layout when using *Leaflet*.",
         "visible": true,
         "setting_group": {
@@ -38,7 +35,6 @@
     {
         "name": "maps_default_location",
         "value": "{\"lat\":45.769785, \"lng\":4.833967, \"zoom\":14}",
-        "encrypted": false,
         "description": "Default maps marker location.",
         "visible": true,
         "setting_group": {
@@ -52,7 +48,6 @@
         "name": "openid_button_label",
         "description": "openid_button_label.help",
         "visible": true,
-        "encrypted": false,
         "setting_group": {
             "name": "OpenId",
             "in_menu": true
@@ -62,7 +57,6 @@
     {
         "name": "support_email_address",
         "visible": true,
-        "encrypted": false,
         "description": "Support email address, used in every system emails footer",
         "setting_group": {
             "name": "Emailings",
@@ -74,7 +68,6 @@
     {
         "name": "email_sender",
         "visible": true,
-        "encrypted": false,
         "description": "Default sender email, used as origin for every system email sent. This email **must be allowed by your SMTP server.**",
         "setting_group": {
             "name": "Emailings",
@@ -86,7 +79,6 @@
     {
         "name": "email_sender_name",
         "visible": true,
-        "encrypted": false,
         "setting_group": {
             "name": "Emailings",
             "in_menu": true
@@ -97,7 +89,6 @@
     {
         "name": "universal_analytics_id",
         "visible": true,
-        "encrypted": false,
         "setting_group": {
             "name": "APIs",
             "in_menu": true
@@ -108,18 +99,6 @@
     {
         "name": "google_tag_manager_id",
         "visible": true,
-        "encrypted": false,
-        "setting_group": {
-            "name": "APIs",
-            "in_menu": true
-        },
-        "type": 0,
-        "default_values": ""
-    },
-    {
-        "name": "instagram_access_token",
-        "visible": true,
-        "encrypted": true,
         "setting_group": {
             "name": "APIs",
             "in_menu": true
@@ -130,7 +109,6 @@
     {
         "name": "seo_description",
         "visible": true,
-        "encrypted": false,
         "setting_group": {
             "name": "Site information",
             "in_menu": true
@@ -141,7 +119,6 @@
     {
         "name": "site_name",
         "visible": true,
-        "encrypted": false,
         "setting_group": {
             "name": "Site information",
             "in_menu": true
@@ -152,7 +129,6 @@
     {
         "name": "maintenance_mode",
         "visible": true,
-        "encrypted": false,
         "description": "Switch maintenance mode. Only login page will be available for public requests.",
         "setting_group": {
             "name": "Site information",
@@ -164,7 +140,6 @@
     {
         "name": "site_copyright",
         "visible": true,
-        "encrypted": false,
         "setting_group": {
             "name": "Site information",
             "in_menu": true
@@ -174,7 +149,6 @@
     },
     {
         "name": "main_color",
-        "encrypted": false,
         "visible": true,
         "setting_group": {
             "name": "Site information",
@@ -186,7 +160,6 @@
     {
         "name": "admin_image",
         "visible": true,
-        "encrypted": false,
         "setting_group": {
             "name": "Site information",
             "in_menu": true
@@ -197,7 +170,6 @@
     {
         "name": "login_image",
         "visible": true,
-        "encrypted": false,
         "description": "Replace random *Splashbase* login images with your own.",
         "setting_group": {
             "name": "Site information",
@@ -209,7 +181,6 @@
     {
         "name": "facebook_url",
         "visible": true,
-        "encrypted": false,
         "setting_group": {
             "name": "Social networks",
             "in_menu": true
@@ -220,7 +191,6 @@
     {
         "name": "instagram_url",
         "visible": true,
-        "encrypted": false,
         "setting_group": {
             "name": "Social networks",
             "in_menu": true
@@ -231,7 +201,6 @@
     {
         "name": "pinterest_url",
         "visible": true,
-        "encrypted": false,
         "setting_group": {
             "name": "Social networks",
             "in_menu": true
@@ -242,7 +211,6 @@
     {
         "name": "twitter_url",
         "visible": true,
-        "encrypted": false,
         "setting_group": {
             "name": "Social networks",
             "in_menu": true
@@ -253,7 +221,6 @@
     {
         "name": "linkedin_url",
         "visible": true,
-        "encrypted": false,
         "setting_group": {
             "name": "Social networks",
             "in_menu": true
@@ -264,7 +231,6 @@
     {
         "name": "youtube_url",
         "visible": true,
-        "encrypted": false,
         "setting_group": {
             "name": "Social networks",
             "in_menu": true
@@ -276,7 +242,6 @@
         "name": "custom_preview_scheme",
         "description": "custom_preview_scheme.help",
         "visible": true,
-        "encrypted": false,
         "setting_group": {
             "name": "Site information",
             "in_menu": true
@@ -287,7 +252,6 @@
         "name": "custom_public_scheme",
         "description": "custom_public_scheme.help",
         "visible": true,
-        "encrypted": false,
         "setting_group": {
             "name": "Site information",
             "in_menu": true
@@ -298,7 +262,6 @@
         "name": "dashboard_iframe",
         "description": "dashboard_iframe.help",
         "visible": true,
-        "encrypted": false,
         "setting_group": {
             "name": "Site information",
             "in_menu": true

diff --git a/lib/RoadizCoreBundle/config/packages/roadiz_core.yaml b/lib/RoadizCoreBundle/config/packages/roadiz_core.yaml
@@ -11,8 +11,6 @@ roadiz_core:
     # Be careful if you are using a reverse-proxy cache, YOU MUST vary on Accept-Language header and normalize it.
     # @see https://varnish-cache.org/docs/6.3/users-guide/increasing-your-hitrate.html#http-vary
     useAcceptLanguageHeader: '%env(bool:APP_USE_ACCEPT_LANGUAGE_HEADER)%'
-    security:
-        private_key_name: default
     themes: []
     medias:
         unsplash_client_id: '%env(string:APP_UNSPLASH_CLIENT_ID)%'

diff --git a/lib/RoadizCoreBundle/config/services.yaml b/lib/RoadizCoreBundle/config/services.yaml
@@ -34,7 +34,6 @@ services:
             $appNamespace: '%roadiz_core.app_namespace%'
             $projectDir: '%kernel.project_dir%'
             $exportDir: '%kernel.project_dir%/var/export'
-            $privateKeyName: '%roadiz_core.private_key_name%'
             $generatedEntitiesDir: '%roadiz_core.generated_entities_dir%'
             $serializedNodeTypesDir: '%roadiz_core.serialized_node_types_dir%'
             $importFilesConfigPath: '%roadiz_core.import_files_config_path%'
@@ -436,12 +435,6 @@ services:
 
     RZ\Roadiz\Random\PasswordGenerator: ~
 
-    RZ\Crypto\KeyChain\KeyChainInterface:
-        alias: RZ\Crypto\KeyChain\AsymmetricFilesystemKeyChain
-
-    RZ\Crypto\KeyChain\AsymmetricFilesystemKeyChain:
-        arguments: ['%kernel.project_dir%/var/secret', true]
-
     JMS\Serializer\Construction\ObjectConstructorInterface:
         alias: RZ\Roadiz\CoreBundle\Serializer\ObjectConstructor\ObjectConstructor
 

diff --git a/lib/RoadizCoreBundle/migrations/Version20240214145403.php b/lib/RoadizCoreBundle/migrations/Version20240214145403.php
@@ -0,0 +1,31 @@
+<?php
+
+declare(strict_types=1);
+
+namespace RZ\Roadiz\Migrations;
+
+use Doctrine\DBAL\Schema\Schema;
+use Doctrine\Migrations\AbstractMigration;
+
+/**
+ * Auto-generated Migration: Please modify to your needs!
+ */
+final class Version20240214145403 extends AbstractMigration
+{
+    public function getDescription(): string
+    {
+        return 'Removed useless setting encryption (use symfony:secrets)';
+    }
+
+    public function up(Schema $schema): void
+    {
+        // this up() migration is auto-generated, please modify it to your needs
+        $this->addSql('ALTER TABLE settings DROP encrypted');
+    }
+
+    public function down(Schema $schema): void
+    {
+        // this down() migration is auto-generated, please modify it to your needs
+        $this->addSql('ALTER TABLE settings ADD encrypted TINYINT(1) DEFAULT 0 NOT NULL');
+    }
+}
diff --git a/lib/RoadizCoreBundle/src/Console/DecodePrivateKeyCommand.php b/lib/RoadizCoreBundle/src/Console/DecodePrivateKeyCommand.php
diff --git a/lib/RoadizCoreBundle/src/Console/EncodePrivateKeyCommand.php b/lib/RoadizCoreBundle/src/Console/EncodePrivateKeyCommand.php