From 5d1d5e03ec30b10d7c6c01bbe89771cac8f43672 Mon Sep 17 00:00:00 2001
From: Touhidur Rahman <abir.ruet@gmail.com>
Date: Sun, 28 Apr 2024 13:45:53 +0600
Subject: [PATCH 1/6] pkp/pkp-lib#9895 new config setting added

---
 config.TEMPLATE.inc.php | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/config.TEMPLATE.inc.php b/config.TEMPLATE.inc.php
index 463435724ac..16564b10744 100644
--- a/config.TEMPLATE.inc.php
+++ b/config.TEMPLATE.inc.php
@@ -50,11 +50,6 @@
 ; To set the "Secure" attribute for the cookie see the setting force_ssl at the [security] group
 session_samesite = Lax
 
-; Enable this if want to enable cookie encryption
-; The length of the cookie encryption key must be 16 characters
-; Note that updating or removing cookie encryption key will result in logout from all devices
-; session_cookie_encryption_key = ''
-
 ; Enable support for running scheduled tasks
 ; Set this to On if you have set up the scheduled tasks script to
 ; execute periodically

From 04dcd2f072ceeb0afd0bdfea9481d8cc2e3afd18 Mon Sep 17 00:00:00 2001
From: Touhidur Rahman <abir.ruet@gmail.com>
Date: Sun, 28 Apr 2024 13:46:27 +0600
Subject: [PATCH 2/6] pkp/pkp-lib#9895 Submodule Update
 ##touhidurabir/i9895_main##

---
 lib/pkp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/pkp b/lib/pkp
index bee9547b491..4d85c0feee9 160000
--- a/lib/pkp
+++ b/lib/pkp
@@ -1 +1 @@
-Subproject commit bee9547b491353e92e53e5ed2da2d197a24be972
+Subproject commit 4d85c0feee944902581c69d645cc59c5602dc714

From b81a95c091f4fabbd904ff419857764a93b7f327 Mon Sep 17 00:00:00 2001
From: Touhidur Rahman <abir.ruet@gmail.com>
Date: Thu, 2 May 2024 17:58:07 +0600
Subject: [PATCH 3/6] pkp/pkp-lib#9895 new config setting added

---
 config.TEMPLATE.inc.php | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/config.TEMPLATE.inc.php b/config.TEMPLATE.inc.php
index 16564b10744..f002ca0cd19 100644
--- a/config.TEMPLATE.inc.php
+++ b/config.TEMPLATE.inc.php
@@ -24,6 +24,12 @@
 
 [general]
 
+[general]
+
+; An application specific key that is required for the app to run
+; Internally this is used for any encryption (specifically cookie encryption if enabled)
+app_key = 
+
 ; Set this to On once the system has been installed
 ; (This is generally done automatically by the installer)
 installed = Off
@@ -255,6 +261,14 @@
 
 [security]
 
+; Specific cipher algorithm used to generate app key and encryption purpose
+; Valid and available algorithms are `aes-128-cbc`, `aes-256-cbc`, `aes-128-gcm` and `aes-256-gcm`
+; cipher = 'aes-256-cbc'
+
+; Define should the cookie at user's end need to be encrypted
+; Enabling/Disbaling will force all user to re-login
+; cookie_encryption = On
+
 ; Force SSL connections site-wide and also sets the "Secure" flag for session cookies
 ; See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie#secure
 force_ssl = Off

From dd21471d3ae102766a28759abd0cd3d5614953fb Mon Sep 17 00:00:00 2001
From: Touhidur Rahman <abir.ruet@gmail.com>
Date: Fri, 3 May 2024 19:39:32 +0600
Subject: [PATCH 4/6] pkp/pkp-lib#9895 added app key add process in upgrade

---
 dbscripts/xml/upgrade.xml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/dbscripts/xml/upgrade.xml b/dbscripts/xml/upgrade.xml
index ad92cd9da0f..9fa850c0529 100644
--- a/dbscripts/xml/upgrade.xml
+++ b/dbscripts/xml/upgrade.xml
@@ -13,6 +13,7 @@
 
 <install version="3.5.0.0">
 	<code function="checkPhpVersion" />
+	<code function="addAppKey" />
 
 	<upgrade minversion="2.0.0.0" maxversion="3.2.9.9">
 		<!-- OJS < 3.1.0 upgrade unsupported -->

From 79ccffd3b4101af8e4718a73c4c190388b8c1aaa Mon Sep 17 00:00:00 2001
From: Touhidur Rahman <abir.ruet@gmail.com>
Date: Wed, 29 May 2024 01:42:05 +0600
Subject: [PATCH 5/6] pkp/pkp-lib#9895 moved app key setup on upgrade as part
 of migration

---
 config.TEMPLATE.inc.php         | 2 +-
 dbscripts/xml/upgrade.xml       | 2 +-
 docs/release-notes/README-3.5.0 | 8 +++++++-
 3 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/config.TEMPLATE.inc.php b/config.TEMPLATE.inc.php
index f002ca0cd19..ec58d6d174b 100644
--- a/config.TEMPLATE.inc.php
+++ b/config.TEMPLATE.inc.php
@@ -266,7 +266,7 @@
 ; cipher = 'aes-256-cbc'
 
 ; Define should the cookie at user's end need to be encrypted
-; Enabling/Disbaling will force all user to re-login
+; Enabling/Disabling will force all user to re-login
 ; cookie_encryption = On
 
 ; Force SSL connections site-wide and also sets the "Secure" flag for session cookies
diff --git a/dbscripts/xml/upgrade.xml b/dbscripts/xml/upgrade.xml
index 9fa850c0529..943de28a7e6 100644
--- a/dbscripts/xml/upgrade.xml
+++ b/dbscripts/xml/upgrade.xml
@@ -13,7 +13,6 @@
 
 <install version="3.5.0.0">
 	<code function="checkPhpVersion" />
-	<code function="addAppKey" />
 
 	<upgrade minversion="2.0.0.0" maxversion="3.2.9.9">
 		<!-- OJS < 3.1.0 upgrade unsupported -->
@@ -125,6 +124,7 @@
 
 	<upgrade minversion="3.1.0.0" maxversion="3.4.9.9">
 		<migration class="PKP\migration\upgrade\v3_5_0\PreflightCheckMigration" fallback="3.4.9.9" />
+		<migration class="PKP\migration\upgrade\v3_5_0\I9895_AddAppKeyToConfigFile"/>
 		<migration class="PKP\migration\upgrade\v3_5_0\InstallEmailTemplates"/>
 		<migration class="PKP\migration\upgrade\v3_5_0\I9197_MigrateAccessKeys"/>
 		<migration class="PKP\migration\upgrade\v3_5_0\I9253_SiteAnnouncements"/>
diff --git a/docs/release-notes/README-3.5.0 b/docs/release-notes/README-3.5.0
index a74aa52de98..df11c237937 100644
--- a/docs/release-notes/README-3.5.0
+++ b/docs/release-notes/README-3.5.0
@@ -11,9 +11,15 @@ See config.TEMPLATE.inc.php for a description and examples of all supported
 configuration parameters.
 
 New config.inc.php parameters added for general:
-    - session_cookie_enctyption_key (default value: ''), allow cookie encryption when set
+    - app_key (default value: ''), application specific key will used internally for encryption/decryption
+
+New config.inc.php parameters added for security:
+    - cipher (default value: ''), cipher algorithm used to generate app key and encryption purpose
+    - cookie_encryption (default value: ''), allow cookie encryption when set
+
 
 New Features
 ------------
     #9566 : Convert session and cookie management to Laravel
+    #9895 : Introduce APP KEY feature of Laravel
 

From 4b213101e0d46df5976dc42ff5f495c1f238b557 Mon Sep 17 00:00:00 2001
From: Touhidur Rahman <abir.ruet@gmail.com>
Date: Fri, 7 Jun 2024 17:53:01 +0600
Subject: [PATCH 6/6] pkp/pkp-lib#9895 readme updated

---
 docs/release-notes/README-3.5.0 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/release-notes/README-3.5.0 b/docs/release-notes/README-3.5.0
index df11c237937..e2a1829ed49 100644
--- a/docs/release-notes/README-3.5.0
+++ b/docs/release-notes/README-3.5.0
@@ -11,7 +11,7 @@ See config.TEMPLATE.inc.php for a description and examples of all supported
 configuration parameters.
 
 New config.inc.php parameters added for general:
-    - app_key (default value: ''), application specific key will used internally for encryption/decryption
+    - app_key (default value: ''), application specific key will used internally for encryption/decryption. This will be automatically added at upgrade.
 
 New config.inc.php parameters added for security:
     - cipher (default value: ''), cipher algorithm used to generate app key and encryption purpose