add field prefix for encrypted fields

DavidBadura · DavidBadura · commit ddf20ea92348 · 2025-03-20T16:29:26.000+01:00
diff --git a/src/Cryptography/PersonalDataPayloadCryptographer.php b/src/Cryptography/PersonalDataPayloadCryptographer.php
@@ -19,10 +19,13 @@
 
 final class PersonalDataPayloadCryptographer implements PayloadCryptographer
 {
+    public const string ENCRYPTED_PREFIX = '!';
+
     public function __construct(
         private readonly CipherKeyStore $cipherKeyStore,
         private readonly CipherKeyFactory $cipherKeyFactory,
         private readonly Cipher $cipher,
+        private readonly bool $fallbackWithoutPrefix = true,
     ) {
     }
 
@@ -51,10 +54,12 @@ public function encrypt(ClassMetadata $metadata, array $data): array
                 continue;
             }
 
-            $data[$propertyMetadata->fieldName()] = $this->cipher->encrypt(
+            $data[self::ENCRYPTED_PREFIX . $propertyMetadata->fieldName()] = $this->cipher->encrypt(
                 $cipherKey,
                 $data[$propertyMetadata->fieldName()],
             );
+
+            unset($data[$propertyMetadata->fieldName()]);
         }
 
         return $data;
@@ -84,6 +89,17 @@ public function decrypt(ClassMetadata $metadata, array $data): array
                 continue;
             }
 
+            $fieldNameWithPrefix = self::ENCRYPTED_PREFIX . $propertyMetadata->fieldName();
+
+            if (array_key_exists($fieldNameWithPrefix, $data)) {
+                $rawData = $data[$fieldNameWithPrefix];
+                unset($data[$fieldNameWithPrefix]);
+            } elseif ($this->fallbackWithoutPrefix) {
+                $rawData = $data[$propertyMetadata->fieldName()];
+            } else {
+                continue;
+            }
+
             if (!$cipherKey) {
                 $data[$propertyMetadata->fieldName()] = $propertyMetadata->personalDataFallback();
                 continue;
@@ -92,7 +108,7 @@ public function decrypt(ClassMetadata $metadata, array $data): array
             try {
                 $data[$propertyMetadata->fieldName()] = $this->cipher->decrypt(
                     $cipherKey,
-                    $data[$propertyMetadata->fieldName()],
+                    $rawData,
                 );
             } catch (DecryptionFailed) {
                 $data[$propertyMetadata->fieldName()] = $propertyMetadata->personalDataFallback();
diff --git a/src/Metadata/PropertyMetadata.php b/src/Metadata/PropertyMetadata.php
@@ -4,9 +4,13 @@
 
 namespace Patchlevel\Hydrator\Metadata;
 
+use InvalidArgumentException;
+use Patchlevel\Hydrator\Cryptography\PersonalDataPayloadCryptographer;
 use Patchlevel\Hydrator\Normalizer\Normalizer;
 use ReflectionProperty;
 
+use function str_starts_with;
+
 /**
  * @psalm-type serialized = array{
  *     className: class-string,
@@ -26,6 +30,9 @@ public function __construct(
         private readonly bool $isPersonalData = false,
         private readonly mixed $personalDataFallback = null,
     ) {
+        if (str_starts_with($fieldName, PersonalDataPayloadCryptographer::ENCRYPTED_PREFIX)) {
+            throw new InvalidArgumentException('fieldName must not start with !');
+        }
     }
 
     public function reflection(): ReflectionProperty
diff --git a/tests/Unit/Cryptography/PersonalDataPayloadCryptographerTest.php b/tests/Unit/Cryptography/PersonalDataPayloadCryptographerTest.php
@@ -77,7 +77,7 @@ public function testEncryptWithMissingKey(): void
 
         $result = $cryptographer->encrypt($this->metadata(PersonalDataProfileCreated::class), ['id' => 'foo', 'email' => 'info@patchlevel.de']);
 
-        self::assertEquals(['id' => 'foo', 'email' => 'encrypted'], $result);
+        self::assertEquals(['id' => 'foo', '!email' => 'encrypted'], $result);
     }
 
     public function testEncryptWithExistingKey(): void
@@ -109,7 +109,7 @@ public function testEncryptWithExistingKey(): void
 
         $result = $cryptographer->encrypt($this->metadata(PersonalDataProfileCreated::class), ['id' => 'foo', 'email' => 'info@patchlevel.de']);
 
-        self::assertEquals(['id' => 'foo', 'email' => 'encrypted'], $result);
+        self::assertEquals(['id' => 'foo', '!email' => 'encrypted'], $result);
     }
 
     public function testSkipDecrypt(): void
@@ -148,9 +148,10 @@ public function testDecryptWithMissingKey(): void
             $cipherKeyStore->reveal(),
             $cipherKeyFactory->reveal(),
             $cipher->reveal(),
+            false,
         );
 
-        $result = $cryptographer->decrypt($this->metadata(PersonalDataProfileCreated::class), ['id' => 'foo', 'email' => 'encrypted']);
+        $result = $cryptographer->decrypt($this->metadata(PersonalDataProfileCreated::class), ['id' => 'foo', '!email' => 'encrypted']);
 
         self::assertEquals(['id' => 'foo', 'email' => new Email('unknown')], $result);
     }
@@ -180,9 +181,10 @@ public function testDecryptWithInvalidKey(): void
             $cipherKeyStore->reveal(),
             $cipherKeyFactory->reveal(),
             $cipher->reveal(),
+            false,
         );
 
-        $result = $cryptographer->decrypt($this->metadata(PersonalDataProfileCreated::class), ['id' => 'foo', 'email' => 'encrypted']);
+        $result = $cryptographer->decrypt($this->metadata(PersonalDataProfileCreated::class), ['id' => 'foo', '!email' => 'encrypted']);
 
         self::assertEquals(['id' => 'foo', 'email' => new Email('unknown')], $result);
     }
@@ -202,6 +204,68 @@ public function testDecryptWithExistingKey(): void
         $cipherKeyFactory = $this->prophesize(CipherKeyFactory::class);
         $cipherKeyFactory->__invoke()->shouldNotBeCalled();
 
+        $cipher = $this->prophesize(Cipher::class);
+        $cipher
+            ->decrypt($cipherKey, 'encrypted')
+            ->willReturn('info@patchlevel.de')
+            ->shouldBeCalledOnce();
+
+        $cryptographer = new PersonalDataPayloadCryptographer(
+            $cipherKeyStore->reveal(),
+            $cipherKeyFactory->reveal(),
+            $cipher->reveal(),
+            false,
+        );
+
+        $result = $cryptographer->decrypt($this->metadata(PersonalDataProfileCreated::class), ['id' => 'foo', '!email' => 'encrypted']);
+
+        self::assertEquals(['id' => 'foo', 'email' => 'info@patchlevel.de'], $result);
+    }
+
+    public function testDecryptWithoutPrefixField(): void
+    {
+        $cipherKey = new CipherKey(
+            'foo',
+            'bar',
+            'baz',
+        );
+
+        $cipherKeyStore = $this->prophesize(CipherKeyStore::class);
+        $cipherKeyStore->get('foo')->willReturn($cipherKey);
+        $cipherKeyStore->store('foo', Argument::type(CipherKey::class))->shouldNotBeCalled();
+
+        $cipherKeyFactory = $this->prophesize(CipherKeyFactory::class);
+        $cipherKeyFactory->__invoke()->shouldNotBeCalled();
+
+        $cipher = $this->prophesize(Cipher::class);
+
+        $cryptographer = new PersonalDataPayloadCryptographer(
+            $cipherKeyStore->reveal(),
+            $cipherKeyFactory->reveal(),
+            $cipher->reveal(),
+            false,
+        );
+
+        $result = $cryptographer->decrypt($this->metadata(PersonalDataProfileCreated::class), ['id' => 'foo', 'email' => 'info@patchlevel.de']);
+
+        self::assertEquals(['id' => 'foo', 'email' => 'info@patchlevel.de'], $result);
+    }
+
+    public function testDecryptWithFallbackWithoutPrefix(): void
+    {
+        $cipherKey = new CipherKey(
+            'foo',
+            'bar',
+            'baz',
+        );
+
+        $cipherKeyStore = $this->prophesize(CipherKeyStore::class);
+        $cipherKeyStore->get('foo')->willReturn($cipherKey);
+        $cipherKeyStore->store('foo', Argument::type(CipherKey::class))->shouldNotBeCalled();
+
+        $cipherKeyFactory = $this->prophesize(CipherKeyFactory::class);
+        $cipherKeyFactory->__invoke()->shouldNotBeCalled();
+
         $cipher = $this->prophesize(Cipher::class);
         $cipher
             ->decrypt($cipherKey, 'encrypted')
