search

copyhackers / airstory-wp

Send your blog posts from Airstory writing software to WordPress for publication.
https://wordpress.org/plugins/airstory
MIT License
4 stars 1 forks source link

Add support for alternate OpenSSL cipher algorithms #55

Closed stevegrunwell closed 7 years ago

stevegrunwell commented 7 years ago

Rather than hard-code a secure (but not ubiquitous) cipher in the AIRSTORY_ENCRYPTION_ALGORITHM constant, this PR adds the Airstory\Credentials\get_cipher_algorithm() function, which will find a suitable algorithm from a list of common-yet-acceptable options.

Once the algorithm is determined, this value is saved to the database (via add_site_option()), then used on all subsequent encryption/decryption requests. This practice ensures that once a site settles on an algorithm the same algorithm will be used moving forward.

This PR also adds additional tests around error cases when encrypting/decrypting user tokens, plus ensures that the cipher algorithm saved to the database is removed if the plugin is uninstalled. Fixes #53.

lukecav commented 7 years ago

@stevegrunwell commits in the pull request look good to me.