Encrypt SMTP password at rest with AES-256-GCM

2026-06-25 16:19:19 +02:00 · 2026-05-08 12:48:27 +02:00
parent 95fcbc919a
commit 7e35bba530
6 changed files with 184 additions and 16 deletions
--- a/TODO.md
+++ b/TODO.md
@@ -57,17 +57,3 @@
  - [x] All `$required = true` callers in `form.php`, `fieldset-tfe-info.php`, `fieldset-academic.php`, `fieldset-licence-explanation.php`, `fieldset-files.php` changed to `!$adminMode`
  - [x] Hardcoded `required` HTML attributes in `fieldset-tfe-info.php` (synopsis, objet radios), `fieldset-licence-explanation.php` (access type radios), `jury-fieldset.php` (promoteur, lecteurs interne/externe) gated on `!$adminMode`
  - [x] Dynamic JS `ulbInput.required` in jury fieldset also gated
-  - [x] Remove server-side validation for orientation, ap, finality, licence, jury roles in `ThesisEditController::save()` — admins can save partial records
-  - [x] Same for `ThesisCreateController::submit()`: added `$adminMode` param, pass `true` from `admin/actions/formulaire.php`
-
- [x] Encrypt SMTP password at rest (AES-256-GCM)
-  - [x] `app/.env` — holds `APP_KEY` (base64, 32 bytes); added to `.gitignore`
-  - [x] `src/Crypto.php` — `encrypt()` / `decrypt()` / `isEncrypted()` via OpenSSL AES-256-GCM
-  - [x] `SmtpRelay::getSettings()` — decrypts password after DB fetch
-  - [x] `SmtpRelay::updateSettings()` — encrypts password before DB write
-  - [x] `parametres.php` template — password field no longer pre-filled (ciphertext never sent to browser)
-  - [x] Migration `018_encrypt_smtp_password.php` — encrypted existing plaintext in DB; moved to applied/
-  - [x] `justfile` — `deploy` calls `deploy-env` (uploads `.env` only if remote doesn't exist yet)
-  - [x] `justfile` — `deploy-env` recipe: safe upload with guards
-  - [x] `justfile` — `reencrypt-password` recipe: rotates APP_KEY on remote DB
-  - [x] `scripts/reencrypt-smtp-password.php` — decrypts with old key, re-encrypts with new key, updates `.env`