From 0708ea875a3bd7e5bc49d529ddd4cd31c98fc5e5 Mon Sep 17 00:00:00 2001
From: James Cole <thegrumpydictator@gmail.com>
Date: Sat, 19 Oct 2019 09:37:35 +0200
Subject: [PATCH] Always verify keys, should also help with Heroku instances.

---
 .../Commands/Integrity/RestoreOAuthKeys.php   |  24 +---
 app/Http/Middleware/Installer.php             |   3 +
 app/Support/System/OAuthKeys.php              | 111 ++++++++++++++++++
 3 files changed, 120 insertions(+), 18 deletions(-)
 create mode 100644 app/Support/System/OAuthKeys.php

diff --git a/app/Console/Commands/Integrity/RestoreOAuthKeys.php b/app/Console/Commands/Integrity/RestoreOAuthKeys.php
index b41a95930e..3e01552b71 100644
--- a/app/Console/Commands/Integrity/RestoreOAuthKeys.php
+++ b/app/Console/Commands/Integrity/RestoreOAuthKeys.php
@@ -23,6 +23,7 @@ namespace FireflyIII\Console\Commands\Integrity;
 
 use Artisan;
 use Crypt;
+use FireflyIII\Support\System\OAuthKeys;
 use Illuminate\Console\Command;
 
 /**
@@ -30,8 +31,6 @@ use Illuminate\Console\Command;
  */
 class RestoreOAuthKeys extends Command
 {
-    private const PRIVATE_KEY = 'oauth_private_key';
-    private const PUBLIC_KEY  = 'oauth_public_key';
     /**
      * The console command description.
      *
@@ -62,7 +61,7 @@ class RestoreOAuthKeys extends Command
      */
     private function generateKeys(): void
     {
-        Artisan::call('passport:keys');
+        OAuthKeys::generateKeys();
     }
 
     /**
@@ -70,7 +69,7 @@ class RestoreOAuthKeys extends Command
      */
     private function keysInDatabase(): bool
     {
-        return app('fireflyconfig')->has(self::PRIVATE_KEY) && app('fireflyconfig')->has(self::PUBLIC_KEY);
+        return OAuthKeys::keysInDatabase();
     }
 
     /**
@@ -78,10 +77,7 @@ class RestoreOAuthKeys extends Command
      */
     private function keysOnDrive(): bool
     {
-        $private = storage_path('oauth-private.key');
-        $public  = storage_path('oauth-public.key');
-
-        return file_exists($private) && file_exists($public);
+        return OAuthKeys::hasKeyFiles();
     }
 
     /**
@@ -89,12 +85,7 @@ class RestoreOAuthKeys extends Command
      */
     private function restoreKeysFromDB(): void
     {
-        $privateContent = Crypt::decrypt(app('fireflyconfig')->get(self::PRIVATE_KEY)->data);
-        $publicContent  = Crypt::decrypt(app('fireflyconfig')->get(self::PUBLIC_KEY)->data);
-        $private        = storage_path('oauth-private.key');
-        $public         = storage_path('oauth-public.key');
-        file_put_contents($private, $privateContent);
-        file_put_contents($public, $publicContent);
+        OAuthKeys::restoreKeysFromDB();
     }
 
     /**
@@ -129,9 +120,6 @@ class RestoreOAuthKeys extends Command
      */
     private function storeKeysInDB(): void
     {
-        $private = storage_path('oauth-private.key');
-        $public  = storage_path('oauth-public.key');
-        app('fireflyconfig')->set(self::PRIVATE_KEY, Crypt::encrypt(file_get_contents($private)));
-        app('fireflyconfig')->set(self::PUBLIC_KEY, Crypt::encrypt(file_get_contents($public)));
+        OAuthKeys::storeKeysInDB();
     }
 }
\ No newline at end of file
diff --git a/app/Http/Middleware/Installer.php b/app/Http/Middleware/Installer.php
index 9ea4ed2764..e9f5e3eb29 100644
--- a/app/Http/Middleware/Installer.php
+++ b/app/Http/Middleware/Installer.php
@@ -27,6 +27,7 @@ namespace FireflyIII\Http\Middleware;
 use Closure;
 use DB;
 use FireflyIII\Exceptions\FireflyException;
+use FireflyIII\Support\System\OAuthKeys;
 use Illuminate\Database\QueryException;
 use Log;
 
@@ -71,6 +72,7 @@ class Installer
         if ($this->hasNoTables() || $this->oldDBVersion() || $this->oldVersion()) {
             return response()->redirectTo(route('installer.index'));
         }
+        OAuthKeys::verifyKeysRoutine();
         // update scheme version
         // update firefly version
 
@@ -182,4 +184,5 @@ class Installer
 
         return false;
     }
+
 }
diff --git a/app/Support/System/OAuthKeys.php b/app/Support/System/OAuthKeys.php
new file mode 100644
index 0000000000..65cc879d71
--- /dev/null
+++ b/app/Support/System/OAuthKeys.php
@@ -0,0 +1,111 @@
+<?php
+/**
+ * OAuthKeys.php
+ * Copyright (c) 2019 thegrumpydictator@gmail.com
+ *
+ * This file is part of Firefly III (https://github.com/firefly-iii).
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ */
+
+namespace FireflyIII\Support\System;
+
+use Artisan;
+use Crypt;
+use Laravel\Passport\Console\KeysCommand;
+
+/**
+ * Class OAuthKeys
+ */
+class OAuthKeys
+{
+    private const PRIVATE_KEY = 'oauth_private_key';
+    private const PUBLIC_KEY  = 'oauth_public_key';
+
+    /**
+     *
+     */
+    public static function generateKeys(): void
+    {
+        Artisan::registerCommand(new KeysCommand());
+        Artisan::call('passport:keys');
+    }
+
+    /**
+     * @return bool
+     */
+    public static function hasKeyFiles(): bool
+    {
+        $private = storage_path('oauth-private.key');
+        $public  = storage_path('oauth-public.key');
+
+        return file_exists($private) && file_exists($public);
+    }
+
+    /**
+     * @return bool
+     */
+    public static function keysInDatabase(): bool
+    {
+        return app('fireflyconfig')->has(self::PRIVATE_KEY) && app('fireflyconfig')->has(self::PUBLIC_KEY);
+    }
+
+    /**
+     *
+     */
+    public static function restoreKeysFromDB(): void
+    {
+        $privateContent = Crypt::decrypt(app('fireflyconfig')->get(self::PRIVATE_KEY)->data);
+        $publicContent  = Crypt::decrypt(app('fireflyconfig')->get(self::PUBLIC_KEY)->data);
+        $private        = storage_path('oauth-private.key');
+        $public         = storage_path('oauth-public.key');
+        file_put_contents($private, $privateContent);
+        file_put_contents($public, $publicContent);
+    }
+
+    /**
+     *
+     */
+    public static function storeKeysInDB(): void
+    {
+        $private = storage_path('oauth-private.key');
+        $public  = storage_path('oauth-public.key');
+        app('fireflyconfig')->set(self::PRIVATE_KEY, Crypt::encrypt(file_get_contents($private)));
+        app('fireflyconfig')->set(self::PUBLIC_KEY, Crypt::encrypt(file_get_contents($public)));
+    }
+
+    /**
+     *
+     */
+    public static function verifyKeysRoutine(): void
+    {
+        if (!self::keysInDatabase() && !self::hasKeyFiles()) {
+            self::generateKeys();
+            self::storeKeysInDB();
+
+            return;
+        }
+        if (self::keysInDatabase() && !self::hasKeyFiles()) {
+            self::restoreKeysFromDB();
+
+            return;
+        }
+        if (!self::keysInDatabase() && self::hasKeyFiles()) {
+            self::storeKeysInDB();
+
+            return;
+        }
+    }
+
+}
\ No newline at end of file