AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-03-04 12:54:51 +00:00
Code Issues Packages Projects Releases Wiki Activity

WIP: Allow decrypting logins/credentials via the API

Browse Source
This commit is contained in:
wrongecho
2024-08-25 12:45:18 +01:00
parent 9ef3099495
commit 24ff6f5c84
4 changed files with 5 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
api/v1/credentials/create.php
View File

@@ -27,4 +27,4 @@ if (!empty($api_key_decrypt_password) && !empty($name) && !(empty($password))) {
} }
// Output // Output
require_once '../create_output.php'; require_once '../create_output.php';

2
api/v1/credentials/credential_model.php
View File

@@ -117,4 +117,4 @@ if (isset($_POST['login_software_id'])) {
$software_id = $credential_row['login_software_id']; $software_id = $credential_row['login_software_id'];
} else { } else {
$software_id = ''; $software_id = '';
} }

2
api/v1/credentials/update.php
View File

@@ -35,4 +35,4 @@ if (!empty($_POST['api_key_decrypt_password']) && !empty($login_id)) {
} }
// Output // Output
require_once '../update_output.php'; require_once '../update_output.php';

6
functions.php
View File

@@ -380,10 +380,8 @@ function encryptLoginEntry($login_password_cleartext)
return $iv . $ciphertext; return $iv . $ciphertext;
} }
function apiDecryptLoginEntry($login_ciphertext, $api_key_decrypt_hash, $api_key_decrypt_password) function apiDecryptLoginEntry($login_ciphertext, $api_key_decrypt_hash, #[\SensitiveParameter]$api_key_decrypt_password)
{ {
// TODO: try marking $api_key_decrypt_password as sensitive - new in PHP 8.2
// Split the login entry (username/password) into IV and Ciphertext // Split the login entry (username/password) into IV and Ciphertext
$login_iv = substr($login_ciphertext, 0, 16); $login_iv = substr($login_ciphertext, 0, 16);
$login_ciphertext = $salt = substr($login_ciphertext, 16); $login_ciphertext = $salt = substr($login_ciphertext, 16);
@@ -395,7 +393,7 @@ function apiDecryptLoginEntry($login_ciphertext, $api_key_decrypt_hash, $api_key
return openssl_decrypt($login_ciphertext, 'aes-128-cbc', $site_encryption_master_key, 0, $login_iv); return openssl_decrypt($login_ciphertext, 'aes-128-cbc', $site_encryption_master_key, 0, $login_iv);
} }
function apiEncryptLoginEntry($credential_cleartext, $api_key_decrypt_hash, $api_key_decrypt_password) function apiEncryptLoginEntry(#[\SensitiveParameter]$credential_cleartext, $api_key_decrypt_hash, #[\SensitiveParameter]$api_key_decrypt_password)
{ {
$iv = randomString(); $iv = randomString();