Skip to content

C
coconva2118
Switch branch/tag
Find file
BlameHistoryPermalink
SodiumChachaPatch.php 4.93 KB
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 
<?php
/**
 * Copyright © Magento, Inc. All rights reserved.
 * See COPYING.txt for license details.
 */
declare(strict_types=1);

namespace Magento\EncryptionKey\Setup\Patch\Data;

use Magento\Framework\Setup\Patch\DataPatchInterface;
use Magento\Framework\App\ObjectManager;

/**
 * Migrate encrypted configuration values to the latest cipher
 */
class SodiumChachaPatch implements DataPatchInterface
{
    /**
     * @var \Magento\Framework\Config\ScopeInterface
     */
    private $scope;

    /**
     * @var \Magento\Framework\Setup\ModuleDataSetupInterface
     */
    private $moduleDataSetup;

    /**
     * @var \Magento\Config\Model\Config\Structure
     */
    private $structure;

    /**
     * @var \Magento\Framework\Encryption\EncryptorInterface
     */
    private $encryptor;

    /**
     * @var \Magento\Framework\App\State
     */
    private $state;

    /**
     * SodiumChachaPatch constructor.
     * @param \Magento\Framework\Setup\ModuleDataSetupInterface $moduleDataSetup
     * @param \Magento\Config\Model\Config\Structure\Proxy $structure
     * @param \Magento\Framework\Encryption\EncryptorInterface $encryptor
     * @param \Magento\Framework\App\State $state
     * @param \Magento\Framework\Config\ScopeInterface|null $scope
     */
    public function __construct(
        \Magento\Framework\Setup\ModuleDataSetupInterface $moduleDataSetup,
        \Magento\Config\Model\Config\Structure\Proxy $structure,
        \Magento\Framework\Encryption\EncryptorInterface $encryptor,
        \Magento\Framework\App\State $state,
        \Magento\Framework\Config\ScopeInterface $scope = null
    ) {
        $this->moduleDataSetup = $moduleDataSetup;
        $this->structure = $structure;
        $this->encryptor = $encryptor;
        $this->state = $state;
        $this->scope = $scope ?? ObjectManager::getInstance()->get(\Magento\Framework\Config\ScopeInterface::class);
    }

    /**
     * @inheritdoc
     */
    public function apply()
    {
        $this->moduleDataSetup->startSetup();

        $this->reEncryptSystemConfigurationValues();

        $this->moduleDataSetup->endSetup();
    }

    /**
     * @inheritdoc
     */
    public static function getDependencies()
    {
        return [];
    }

    /**
     * @inheritdoc
     */
    public function getAliases()
    {
        return [];
    }

    /**
     * Re encrypt sensitive data in the system configuration
     */
    private function reEncryptSystemConfigurationValues()
    {
        $table = $this->moduleDataSetup->getTable('core_config_data');
        $hasEncryptedData = $this->moduleDataSetup->getConnection()->fetchOne(
            $this->moduleDataSetup->getConnection()
                ->select()
                ->from($table, [new \Zend_Db_Expr('count(value)')])
                ->where('value LIKE ?', '0:2%')
        );
        if ($hasEncryptedData !== '0') {
            $currentScope = $this->scope->getCurrentScope();
            $structure = $this->structure;
            $paths = $this->state->emulateAreaCode(
                \Magento\Framework\App\Area::AREA_ADMINHTML,
                function () use ($structure) {
                    $this->scope->setCurrentScope(\Magento\Framework\App\Area::AREA_ADMINHTML);
                    /** Returns list of structure paths to be re encrypted */
                    $paths = $structure->getFieldPathsByAttribute(
                        'backend_model',
                        \Magento\Config\Model\Config\Backend\Encrypted::class
                    );
                    /** Returns list of mapping between configPath => [structurePaths] */
                    $mappedPaths = $structure->getFieldPaths();
                    foreach ($mappedPaths as $mappedPath => $data) {
                        foreach ($data as $structurePath) {
                            if ($structurePath !== $mappedPath && $key = array_search($structurePath, $paths)) {
                                $paths[$key] = $mappedPath;
                            }
                        }
                    }

                    return array_unique($paths);
                }
            );
            $this->scope->setCurrentScope($currentScope);
            // walk through found data and re-encrypt it
            if ($paths) {
                $values = $this->moduleDataSetup->getConnection()->fetchPairs(
                    $this->moduleDataSetup->getConnection()
                        ->select()
                        ->from($table, ['config_id', 'value'])
                        ->where('path IN (?)', $paths)
                        ->where('value NOT LIKE ?', '')
                );
                foreach ($values as $configId => $value) {
                    $this->moduleDataSetup->getConnection()->update(
                        $table,
                        ['value' => $this->encryptor->encrypt($this->encryptor->decrypt($value))],
                        ['config_id = ?' => (int)$configId]
                    );
                }
            }
        }
    }
}