Merge pull request #14 from rxu/dont-expose-private-key

Do not expose private key in ACP module (phpBB 4.0 consistent).
phpbb-extensions · Jan 4, 2024 · d25a683 · d25a683
2 parents 387d4e4 + e0c2429
commit d25a683
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 4 deletions.
diff --git a/acp/wpn_acp_module.php b/acp/wpn_acp_module.php
@@ -98,7 +98,7 @@ public function display_settings()
 		$this->template->assign_vars([
 			'S_WEBPUSH_ENABLE'		=> $this->config['wpn_webpush_enable'],
 			'WEBPUSH_VAPID_PUBLIC'	=> $this->config['wpn_webpush_vapid_public'],
-			'WEBPUSH_VAPID_PRIVATE'	=> $this->config['wpn_webpush_vapid_private'],
+			'WEBPUSH_VAPID_PRIVATE'	=> !$this->config['wpn_webpush_vapid_private'] ?: '********', // Replace private key with asterixes
 			'U_ACTION'				=> $this->u_action,
 		]);
 	}
@@ -117,6 +117,12 @@ public function save_settings()
 			'wpn_webpush_vapid_private'=> ['validate' => 'string:25:255', 'lang' => 'WEBPUSH_VAPID_PRIVATE'],
 		];
 
+		// Do not validate and update private key field if the content is ******** and the key was already set
+		if ($config_array['wpn_webpush_vapid_private'] == '********' && $this->config['wpn_webpush_vapid_private'])
+		{
+			unset($display_settings['wpn_webpush_vapid_private'], $config_array['wpn_webpush_vapid_private']);
+		}
+
 		if ($config_array['wpn_webpush_enable'])
 		{
 			// Validate config values
@@ -135,9 +141,10 @@ public function save_settings()
 
 		$this->log->add('admin', $this->user->data['user_id'], $this->user->ip, 'LOG_CONFIG_WEBPUSH');
 
-		$this->config->set('wpn_webpush_enable', $config_array['wpn_webpush_enable']);
-		$this->config->set('wpn_webpush_vapid_public', $config_array['wpn_webpush_vapid_public']);
-		$this->config->set('wpn_webpush_vapid_private', $config_array['wpn_webpush_vapid_private']);
+		foreach ($config_array as $config_name => $config_value)
+		{
+			$this->config->set($config_name, $config_value);
+		}
 
 		trigger_error($this->lang->lang('CONFIG_UPDATED') . adm_back_link($this->u_action), E_USER_NOTICE);
 	}

diff --git a/tests/functional/functional_test.php b/tests/functional/functional_test.php
@@ -57,6 +57,7 @@ public function test_acp_module()
 
 		foreach ($form_data as $config_name => $config_value)
 		{
+			$config_value = ($config_name === 'config[wpn_webpush_vapid_private]') ? '********' : $config_value;
 			$this->assertEquals($config_value, $crawler->filter('input[name="' . $config_name . '"]')->attr('value'));
 		}
 	}
-Original file line number
+Diff line change
@@ Expand Up / @@ -57,6 +57,7 @@ public function test_acp_module() @@
     		foreach ($form_data as $config_name => $config_value)
     		{
+    			$config_value = ($config_name === 'config[wpn_webpush_vapid_private]') ? '********' : $config_value;
     			$this->assertEquals($config_value, $crawler->filter('input[name="' . $config_name . '"]')->attr('value'));
     		}
     	}
@@ Expand Down @@