Added warning for Mcrypt

2025-07-07 17:04:45 -04:00 · 2017-12-03 11:18:33 +02:00 · 2017-12-03 11:18:33 +02:00 · 60f711ec8b
commit 60f711ec8b
parent 9a4af6c889
3 changed files with 17 additions and 3 deletions
--- a/app/Console/Commands/UpdateKey.php
+++ b/app/Console/Commands/UpdateKey.php
@ -70,7 +70,8 @@ class UpdateKey extends Command
            $key = str_random(32);
        }

-        $crypt = new Encrypter($key, config('app.cipher'));
+        $cipher = $legacy ? 'AES-256-CBC' : config('app.cipher');
+        $crypt = new Encrypter($key, $cipher);

        // update values using the new key/encrypter
        foreach (AccountGateway::all() as $gateway) {
@ -85,11 +86,21 @@ class UpdateKey extends Command
            $bank->save();
        }

+        $message = date('r') . ' Successfully updated ';
        if ($envWriteable) {
-            $this->info(date('r') . ' Successfully update the key');
+            if ($legacy) {
+                $message .= 'the key, set the cipher in the .env file to AES-256-CBC';
+            } else {
+                $message .= 'the key';
+            }
        } else {
-            $this->info(date('r') . ' Successfully update data, make sure to set the new app key: ' . $key);
+            if ($legacy) {
+                $message .= 'the data, make sure to set the new cipher/key: AES-256-CBC/' . $key;
+            } else {
+                $message .= 'the data, make sure to set the new key: ' . $key;
+            }
        }
+        $this->info($message);
    }

    /**
--- a/app/Listeners/HandleUserLoggedIn.php
+++ b/app/Listeners/HandleUserLoggedIn.php
@ -101,6 +101,8 @@ class HandleUserLoggedIn
            // warn if using the default app key
            if (in_array(config('app.key'), ['SomeRandomString', 'SomeRandomStringSomeRandomString', 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'])) {
                Session::flash('error', trans('texts.error_app_key_set_to_default'));
+            } elseif (in_array($appCipher, ['MCRYPT_RIJNDAEL_256', 'MCRYPT_RIJNDAEL_128'])) {
+                Session::flash('error', trans('texts.mcrypt_warning'));
            }
        }
    }
--- a/resources/lang/en/texts.php
+++ b/resources/lang/en/texts.php
@ -2602,6 +2602,7 @@ $LANG = array(
    'unable_to_delete_primary' => 'Note: to delete this company first delete all linked companies.',
    'please_register' => 'Please register your account',
    'processing_request' => 'Processing request',
+    'mcrypt_warning' => 'Warning: Mcrypt is deprecated, run <code>php artisan ninja:update-key --legacy=true</code> to update your cipher.',

 );