<?php
/**
* Copyright © Magento, Inc. All rights reserved.
* See COPYING.txt for license details.
*/
declare(strict_types=1);
namespace Magento\EncryptionKey\Setup\Patch\Data;
use Magento\Framework\Setup\Patch\DataPatchInterface;
use Magento\Framework\App\ObjectManager;
/**
* Migrate encrypted configuration values to the latest cipher
*/
class SodiumChachaPatch implements DataPatchInterface
{
/**
* @var \Magento\Framework\Config\ScopeInterface
*/
private $scope;
/**
* @var \Magento\Framework\Setup\ModuleDataSetupInterface
*/
private $moduleDataSetup;
/**
* @var \Magento\Config\Model\Config\Structure
*/
private $structure;
/**
* @var \Magento\Framework\Encryption\EncryptorInterface
*/
private $encryptor;
/**
* @var \Magento\Framework\App\State
*/
private $state;
/**
* SodiumChachaPatch constructor.
* @param \Magento\Framework\Setup\ModuleDataSetupInterface $moduleDataSetup
* @param \Magento\Config\Model\Config\Structure\Proxy $structure
* @param \Magento\Framework\Encryption\EncryptorInterface $encryptor
* @param \Magento\Framework\App\State $state
* @param \Magento\Framework\Config\ScopeInterface|null $scope
*/
public function __construct(
\Magento\Framework\Setup\ModuleDataSetupInterface $moduleDataSetup,
\Magento\Config\Model\Config\Structure\Proxy $structure,
\Magento\Framework\Encryption\EncryptorInterface $encryptor,
\Magento\Framework\App\State $state,
\Magento\Framework\Config\ScopeInterface $scope = null
) {
$this->moduleDataSetup = $moduleDataSetup;
$this->structure = $structure;
$this->encryptor = $encryptor;
$this->state = $state;
$this->scope = $scope ?? ObjectManager::getInstance()->get(\Magento\Framework\Config\ScopeInterface::class);
}
/**
* @inheritdoc
*/
public function apply()
{
$this->moduleDataSetup->startSetup();
$this->reEncryptSystemConfigurationValues();
$this->moduleDataSetup->endSetup();
}
/**
* @inheritdoc
*/
public static function getDependencies()
{
return [];
}
/**
* @inheritdoc
*/
public function getAliases()
{
return [];
}
/**
* Re encrypt sensitive data in the system configuration
*/
private function reEncryptSystemConfigurationValues()
{
$table = $this->moduleDataSetup->getTable('core_config_data');
$hasEncryptedData = $this->moduleDataSetup->getConnection()->fetchOne(
$this->moduleDataSetup->getConnection()
->select()
->from($table, [new \Zend_Db_Expr('count(value)')])
->where('value LIKE ?', '0:2%')
);
if ($hasEncryptedData !== '0') {
$currentScope = $this->scope->getCurrentScope();
$structure = $this->structure;
$paths = $this->state->emulateAreaCode(
\Magento\Framework\App\Area::AREA_ADMINHTML,
function () use ($structure) {
$this->scope->setCurrentScope(\Magento\Framework\App\Area::AREA_ADMINHTML);
/** Returns list of structure paths to be re encrypted */
$paths = $structure->getFieldPathsByAttribute(
'backend_model',
\Magento\Config\Model\Config\Backend\Encrypted::class
);
/** Returns list of mapping between configPath => [structurePaths] */
$mappedPaths = $structure->getFieldPaths();
foreach ($mappedPaths as $mappedPath => $data) {
foreach ($data as $structurePath) {
if ($structurePath !== $mappedPath && $key = array_search($structurePath, $paths)) {
$paths[$key] = $mappedPath;
}
}
}
return array_unique($paths);
}
);
$this->scope->setCurrentScope($currentScope);
// walk through found data and re-encrypt it
if ($paths) {
$values = $this->moduleDataSetup->getConnection()->fetchPairs(
$this->moduleDataSetup->getConnection()
->select()
->from($table, ['config_id', 'value'])
->where('path IN (?)', $paths)
->where('value NOT LIKE ?', '')
);
foreach ($values as $configId => $value) {
$this->moduleDataSetup->getConnection()->update(
$table,
['value' => $this->encryptor->encrypt($this->encryptor->decrypt($value))],
['config_id = ?' => (int)$configId]
);
}
}
}
}
}