LeKoala\Encrypt\EncryptedDBField

Complexity

Total Complexity

46

Size/Duplication

Total Lines	297
Duplicated Lines	0 %

Importance

Changes	1
Bugs	0	Features	0

18 Methods

Rating	Name	Duplication	Size	Complexity
A	getEncryptedField()	0	8	2
A	setValueField()	0	3	1
A	getSearchValue()	0	14	5
A	addToQuery()	0	5	1
A	fetchRecord()	0	7	2
A	writeToManipulation()	0	16	2
A	getSearchParams()	0	8	2
A	getValueField()	0	3	1
A	getBlindIndexField()	0	3	1
A	setBlindIndexField()	0	3	1
A	scaffoldFormField()	0	4	1
A	__toString()	0	3	1
A	Nice()	0	3	1
A	scalarValueOnly()	0	3	1
F	setValue()	0	64	19
A	saveInto()	0	24	3
A	isChanged()	0	3	1
A	exists()	0	3	1

<?php

namespace LeKoala\Encrypt;

use Exception;
use SilverStripe\ORM\DataObject;
use SilverStripe\Forms\TextField;
use ParagonIE\CipherSweet\BlindIndex;
use SilverStripe\ORM\Queries\SQLSelect;
use ParagonIE\CipherSweet\EncryptedField;
use SilverStripe\ORM\FieldType\DBComposite;
use ParagonIE\CipherSweet\Exception\InvalidCiphertextException;

/**
 * Value will be set on parent record through built in getField
 * mechanisms for composite fields
 */
class EncryptedDBField extends DBComposite
{
    /**
     * @param array
     */
    private static $composite_db = array(

The private property $composite_db is not used, and could be removed.

        "Value" => "Varchar(191)",
        "BlindIndex" => 'Varchar(32)',
    );

    /**
     * @return string
     */
    public function getValueField()
    {
        return $this->getField('Value');
    }

    /**
     * @return $this
     */
    public function setValueField($value, $markChanged = true)
    {
        return $this->setField('Value', $value, $markChanged);
    }

    /**
     * @return string
     */
    public function getBlindIndexField()
    {
        return $this->getField('BlindIndex');
    }

    /**
     * @return $this
     */
    public function setBlindIndexField($value, $markChanged = true)
    {
        return $this->setField('BlindIndex', $value, $markChanged);
    }

    /**
     * @param CipherSweet $engine

The type LeKoala\Encrypt\CipherSweet was not found. Maybe you did not declare it correctly or list all dependencies?

     * @return EncryptedField
     */
    public function getEncryptedField($engine = null)
    {
        if ($engine === null) {
            $engine = EncryptHelper::getCipherSweet();
        }
        $encryptedField = (new EncryptedField($engine, $this->tableName, $this->name))
            ->addBlindIndex(new BlindIndex($this->name . "BlindIndex", [], 32));
        return $encryptedField;
    }

    /**
     * This is not called anymore, we rely on saveInto for now
     * @link https://github.com/silverstripe/silverstripe-framework/issues/8800
     * @param array $manipulation
     * @return void
     */
    public function writeToManipulation(&$manipulation)
    {
        $encryptedField = $this->getEncryptedField();

        if ($this->value) {
            $dataForStorage = $encryptedField->prepareForStorage($this->value);
            $encryptedValue = $this->prepValueForDB($dataForStorage[0]);
            $blindIndexes = $dataForStorage[1];
        } else {
            $encryptedValue = null;
            $blindIndexes = [];
        }


        $manipulation['fields'][$this->name . 'Value'] = $encryptedValue;
        $manipulation['fields'][$this->name . 'BlindIndex'] = $blindIndexes[$this->name . "BlindIndex"] ?? null;
    }

    /**
     * @param SQLSelect $query
     */
    public function addToQuery(&$query)
    {
        parent::addToQuery($query);
        $query->selectField(sprintf('"%sValue"', $this->name));
        $query->selectField(sprintf('"%sBlindIndex"', $this->name));
    }

    /**
     * Return the blind index value to search in the database
     *
     * @param string $val The unencrypted value
     * @param string $index The blind index. Defaults to full index
     * @return string
     */
    public function getSearchValue($val, $index = 'BlindIndex')
    {
        if (!$this->tableName && $this->record) {
            $this->tableName = DataObject::getSchema()->tableName(get_class($this->record));

It seems like $this->record can also be of type array; however, parameter $object of get_class() does only seem to accept object, maybe add an additional type check?

        }
        if (!$this->tableName) {
            throw new Exception("Table name not set for search value. Please set a dataobject.");
        }
        if (!$this->name) {
            throw new Exception("Name not set for search value");
        }
        $field = $this->getEncryptedField();
        $index = $field->getBlindIndex($val, $this->name . $index);
        return $index;

The expression return $index also could return the type array<string,string> which is incompatible with the documented return type string.

    }

    /**
     * Return a ready to use array params for a where clause
     *
     * @param string $val The unencrypted value
     * @param string $index The blind index. Defaults to full index
     * @return array
     */
    public function getSearchParams($val, $index = null)
    {
        if (!$index) {
            $index = 'BlindIndex';
        }
        $searchValue = $this->getSearchValue($val, $index);
        $blindIndexField = $this->name . $index;
        return array($blindIndexField . ' = ?' => $searchValue);
    }

    /**
     * @param string $val The unencrypted value
     * @param string $index The blind index. Defaults to full index
     * @return DataObject
     */
    public function fetchRecord($val, $index = null)
    {
        if (!$this->record) {
            throw new Exception("No record set for this field");
        }
        $class = get_class($this->record);

It seems like $this->record can also be of type array; however, parameter $object of get_class() does only seem to accept object, maybe add an additional type check?

        return $class::get()->where($this->getSearchParams($val, $index))->first();
    }

    public function setValue($value, $record = null, $markChanged = true)
    {
        if ($markChanged) {
            $this->isChanged = true;
        }

        // When given a dataobject, bind this field to that
        if ($record instanceof DataObject) {
            $this->bindTo($record);
            $record = null;
        }

        // Convert an object to an array
        if ($record && $record instanceof DataObject) {
            $record = $record->getQueriedDatabaseFields();
        }

        // Set the table name if it was not set earlier
        if (!$this->tableName && $record) {
            $this->tableName = DataObject::getSchema()->tableName(get_class($record));
            if (!$this->tableName) {
                throw new Exception("Could not get table name from record from " . gettype($record));
            }
        }

        $encryptedField = $this->getEncryptedField();
        // Value will store the decrypted value
        if ($value instanceof EncryptedDBField) {
            $this->value = $value->getValue();
        } elseif ($record && isset($record[$this->name . 'Value'])) {
            // In that case, the value come from the database and might be encrypted
            if ($record[$this->name . 'Value']) {
                $encryptedValue = $record[$this->name . 'Value'];
                try {
                    if (EncryptHelper::isEncrypted($encryptedValue)) {
                        $this->value = $encryptedField->decryptValue($encryptedValue);
                    } else {
                        // Value wasn't crypted in the db
                        $this->value = $encryptedValue;
                    }
                } catch (InvalidCiphertextException $ex) {
                    // rotate backend ?
                    // $this->value = $newEncryptedField->decryptValue($encryptedValue);
                } catch (Exception $ex) {
                    // We cannot decrypt
                    $this->value = $this->nullValue();

Are you sure the assignment to $this->value is correct as $this->nullValue() targeting SilverStripe\ORM\FieldType\DBField::nullValue() seems to always return null.

                }
            } else {
                $this->value = $this->nullValue();

Are you sure the assignment to $this->value is correct as $this->nullValue() targeting SilverStripe\ORM\FieldType\DBField::nullValue() seems to always return null.

            }
        } elseif (is_array($value)) {
            if (array_key_exists('Value', $value)) {
                $this->value = $value;
            }
        } elseif (is_string($value) || !$value) {
            $this->value = $value;
        } else {
            throw new Exception("Unexcepted value of type " . gettype($value));
        }

        // Forward changes since writeToManipulation are not called
        // $this->setValueField($value, $markChanged);

        return $this;
    }

    /**
     * @return string
     */
    public function Nice($options = array())

The parameter $options is not used and could be removed.

    {
        return $this->getValue();
    }

    /**
     * @return boolean
     */
    public function exists()
    {
        return strlen($this->value) > 0;
    }

    /**
     * This is called by getChangedFields() to check if a field is changed
     *
     * @return boolean
     */
    public function isChanged()
    {
        return $this->isChanged;
    }

    /**
     * If we pass a DBField to the setField method, it will
     * trigger this method
     *
     * We save encrypted value on sub fields. They will be collected
     * by write() operation by prepareManipulationTable
     *
     * Currently prepareManipulationTable ignores composite fields
     * so we rely on the sub field mechanisms
     *
     * @param DataObject $dataObject
     * @return void
     */
    public function saveInto($dataObject)
    {
        $encryptedField = $this->getEncryptedField();

        if ($this->value) {
            $dataForStorage = $encryptedField->prepareForStorage($this->value);
            $encryptedValue = $this->prepValueForDB($dataForStorage[0]);
            $blindIndexes = $dataForStorage[1];
        } else {
            $encryptedValue = null;
            $blindIndexes = [];
        }

        // This cause infinite loops
        // $dataObject->setField($this->getName(), $this->value);

        // Encrypt value
        $key = $this->getName() . 'Value';
        $dataObject->setField($key, $encryptedValue);

        // Build blind index
        $key = $this->getName() . 'BlindIndex';
        if (isset($blindIndexes[$key])) {
            $dataObject->setField($key, $blindIndexes[$key]);
        }
    }

    /**
     * @param string $title Optional. Localized title of the generated instance
     * @return FormField

The type LeKoala\Encrypt\FormField was not found. Maybe you did not declare it correctly or list all dependencies?

     */
    public function scaffoldFormField($title = null, $params = null)
    {
        $field = TextField::create($this->name);
        return $field;
    }

    /**
     * Returns the string value
     */
    public function __toString()
    {
        return (string) $this->getValue();
    }

    public function scalarValueOnly()
    {
        return false;
    }
}