Skip to content

Commit

Permalink
OAuth2. Do not use encryption if key is empty
Browse files Browse the repository at this point in the history
  • Loading branch information
@ebogdanov
ebogdanov committed Apr 8, 2018
1 parent a867356 commit 044263b
Showing 1 changed file with 17 additions and 6 deletions.
23 changes: 17 additions & 6 deletions QuickBooks/Driver.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1446,10 +1446,13 @@ public function oauth2Load($key, $app_username, $app_tenant)
{
if (!empty($data['oauth2_access_token']))
{
$AES = QuickBooks_Encryption_Factory::create('aes');
if (strlen($key) > 0)
{
$AES = QuickBooks_Encryption_Factory::create('aes');

$data['oauth2_access_token'] = $AES->decrypt($key, $data['oauth2_access_token']);
$data['oauth2_refresh_token'] = $AES->decrypt($key, $data['oauth2_refresh_token']);
$data['oauth2_access_token'] = $AES->decrypt($key, $data['oauth2_access_token']);
$data['oauth2_refresh_token'] = $AES->decrypt($key, $data['oauth2_refresh_token']);
}
}

return $data;
Expand All @@ -1462,10 +1465,18 @@ abstract protected function _oauth2Load($app_username, $app_tenant);

public function oauth2AccessWrite($key, $app_username, $app_tenant, $access_token, $refresh_token, $access_token_expire, $refresh_token_expire, $realm, $flavor = '')
{
$AES = QuickBooks_Encryption_Factory::create('aes');
if (strlen($key) > 0)
{
$AES = QuickBooks_Encryption_Factory::create('aes');

$encrypted_access_token = $AES->encrypt($key, $access_token);
$encrypted_refresh_token = $AES->encrypt($key, $refresh_token);
$encrypted_access_token = $AES->encrypt($key, $access_token);
$encrypted_refresh_token = $AES->encrypt($key, $refresh_token);
}
else
{
$encrypted_access_token = $access_token;
$encrypted_refresh_token = $refresh_token;
}

return $this->_oauth2AccessWrite($app_username, $app_tenant, $encrypted_access_token, $encrypted_refresh_token, $access_token_expire, $refresh_token_expire, $realm, $flavor);
}
Expand Down

2 comments on commit 044263b

@kpirbhai
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

mcrypt has been deprecated as of 7.0. Any chance you'll include the ability to use openssl instead?

@ebogdanov
Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, I can change this, but it can take a while to ensure compatiblity.

Please sign in to comment.