groove/Part-DB-server
1
0
Fork 0
mirror of https://github.com/Part-DB/Part-DB-server.git synced 2025-12-06 11:09:29 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

Redact API keys overwritten via env variables to prevent leakage to undesired users

Browse source
This commit is contained in:
Jan Böhmer 2025-08-29 23:24:42 +02:00
parent ab811b1b7b
commit f945118827
2 changed files with 35 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

31
src/Form/Type/APIKeyType.php
View file

@ -28,9 +28,14 @@ use Symfony\Component\Form\Extension\Core\Type\PasswordType;
use Symfony\Component\Form\FormInterface; use Symfony\Component\Form\FormInterface;
use Symfony\Component\Form\FormView; use Symfony\Component\Form\FormView;
use Symfony\Component\OptionsResolver\OptionsResolver; use Symfony\Component\OptionsResolver\OptionsResolver;
use Symfony\Contracts\Translation\TranslatorInterface;
class APIKeyType extends AbstractType class APIKeyType extends AbstractType
{ {
public function __construct(private readonly TranslatorInterface $translator)
{
}
public function getParent(): string public function getParent(): string
{ {
return PasswordType::class; return PasswordType::class;
@ -38,8 +43,30 @@ class APIKeyType extends AbstractType
public function buildView(FormView $view, FormInterface $form, array $options): void public function buildView(FormView $view, FormInterface $form, array $options): void
{ {
//Ensure that the field is never empty $viewData = $form->getViewData();
$view->vars['value'] = $form->getViewData();
//If the field is disabled, show the redacted API key
if ($options['disabled'] ?? false) {
if ($viewData === null || $viewData === '') {
$view->vars['value'] = $viewData;
} else {
$view->vars['value'] = self::redact((string)$viewData) . ' (' . $this ->translator->trans("form.apikey.redacted") . ')';
}
} else { //Otherwise, show the actual value
$view->vars['value'] = $viewData;
}
}
public static function redact(string $apiKey): string
{
//Show only the last 2 characters of the API key if it is long enough (more than 16 characters)
//Replace all other characters with dots
if (strlen($apiKey) > 16) {
return str_repeat('*', strlen($apiKey) - 2) . substr($apiKey, -2);
}
return str_repeat('*', strlen($apiKey));
} }
public function configureOptions(OptionsResolver $resolver): void public function configureOptions(OptionsResolver $resolver): void

6
translations/messages.en.xlf
View file

@ -13051,5 +13051,11 @@ Please note, that you can not impersonate a disabled user. If you try you will g
<target>Info provider settings</target> <target>Info provider settings</target>
</segment> </segment>
</unit> </unit>
<unit id="VgSodKY" name="form.apikey.redacted">
<segment>
<source>form.apikey.redacted</source>
<target>Redacted for security reasons</target>
</segment>
</unit>
</file> </file>
</xliff> </xliff>