(dev/core#2258) Support for rotating key on SMTP password

civicrm · Dec 21, 2020 · 9557c0f · 9557c0f
1 parent f9899e6
commit 9557c0f
Show file tree

Hide file tree

Showing 2 changed files with 51 additions and 0 deletions.
diff --git a/Civi/Core/Container.php b/Civi/Core/Container.php
@@ -361,6 +361,7 @@ public function createEventDispatcher() {
     $dispatcher->addListener('hook_civicrm_post::Case', ['\Civi\CCase\Events', 'fireCaseChange']);
     $dispatcher->addListener('hook_civicrm_caseChange', ['\Civi\CCase\Events', 'delegateToXmlListeners']);
     $dispatcher->addListener('hook_civicrm_caseChange', ['\Civi\CCase\SequenceListener', 'onCaseChange_static']);
+    $dispatcher->addListener('hook_civicrm_cryptoRotateKey', ['\Civi\Crypto\RotateKeys', 'rotateSmtp']);
     $dispatcher->addListener('hook_civicrm_eventDefs', ['\Civi\Core\CiviEventInspector', 'findBuiltInEvents']);
     // TODO We need a better code-convention for metadata about non-hook events.
     $dispatcher->addListener('hook_civicrm_eventDefs', ['\Civi\API\Events', 'hookEventDefs']);

diff --git a/Civi/Crypto/RotateKeys.php b/Civi/Crypto/RotateKeys.php
@@ -0,0 +1,50 @@
+<?php
+/*
+ +--------------------------------------------------------------------+
+ | Copyright CiviCRM LLC. All rights reserved.                        |
+ |                                                                    |
+ | This work is published under the GNU AGPLv3 license with some      |
+ | permitted exceptions and without any warranty. For full license    |
+ | and copyright information, see https://civicrm.org/licensing       |
+ +--------------------------------------------------------------------+
+ */
+
+namespace Civi\Crypto;
+
+use Civi\Core\Event\GenericHookEvent;
+
+/**
+ * Class RotateKeys
+ *
+ * @package Civi\Crypto
+ */
+class RotateKeys {
+
+  /**
+   * The SMTP password is stored inside of the 'mailing_backend' setting.
+   *
+   * @see CRM_Utils_Hook::cryptoRotateKey()
+   */
+  public static function rotateSmtp(GenericHookEvent $e) {
+    if ($e->tag !== 'CRED') {
+      return;
+    }
+
+    $mand = \Civi::settings()->getMandatory('mailing_backend');
+    if ($mand !== NULL && !empty($mand['smtpPassword'])) {
+      $e->log->warning('The settings override for smtpPassword cannot be changed automatically.');
+    }
+
+    $exp = \Civi::settings()->getExplicit('mailing_backend');
+    if ($exp !== NULL && !empty($exp['smtpPassword'])) {
+      $cryptoToken = \Civi::service('crypto.token');
+      $newValue = $cryptoToken->rekey($exp['smtpPassword'], 'CRED');
+      if ($newValue !== NULL) {
+        $exp['smtpPassword'] = $newValue;
+        \Civi::settings()->set('mailing_backend', $exp);
+        $e->log->info('Updated mailing_backend.smtpPassword');
+      }
+    }
+  }
+
+}