Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update doctrine entity changeset data onLoad, preFlush and postFlush. #34

Open
achterin opened this issue Jan 11, 2023 · 4 comments
Open

Comments

@achterin
Copy link

When using this bundle in conjunction with DamienHarper/auditor-bundle one can observe that the entity changeset produced is plain wrong.

What I expect to see on insert:
Old value: null
New value: encrypted new value

Instead you get this:
Old value: encrypted new value
New value: decrypted new value

What I expect to see on change:
Old value: encrypted old value
New value: encrypted new value

Instead you get this:
Old value: decrypted new value
New value: encrypted new value

I've spend quite some time to figure out how this can be fixed and tracked it down to two problems:

  1. onFlush is the wrong event to encrypt on change as the changeset is already created by doctrine with decrypted values. preFlush would be better as this allows to populate the entity-properties with the encrypted values and doctrine will create the changeset just fine.
  2. onLoad needs to set the encrypted value as original data, not the decrypted one.

Right now I'm stuck sadly because it seems that MySQL and Postgres work differently. With MySQL I can rely on new entities not being in the doctrine entity-map, but the get inserted there when pre-flush is fired when using Postgres.

I think the current behavior is not desired as this will result in sensitive data being leaked as they get written to the audit tables in plaintext. On top of that the changes written to audit tables are plain wrong and are more or less useless.

I am looking forward to your opinion on this matter.

@mogilvie
Copy link
Owner

Hi @achterin, which version of the bundle are you using? There was a merge done a few days ago into master which changed the events, or do I need to look at the taged versions?

I'll have a look at the auditor bundle. We don't use that ourselves. and see if that help me replicate your analysis.

@achterin
Copy link
Author

Hi @mogilvie , thanks for your response.
I was using last release tag as well as latest master for my test. I'm looking forward to your feedback on this matter.

@mogilvie
Copy link
Owner

mogilvie commented Feb 13, 2023

Hi @achterin

Doctrine calculates it's change set by comparing the flushed entities in the entityMap against the originalEntityData. If we leave, or set, the originalEntityData to the encrypted value, then it always triggers a change state because the decrypted value is always different from the original encrypted value.

We cannot simply re-encrypt the value during preFush, because the encryption process is not repeatable. Re-encrypting the same value creates a different encrypted value, even if the decrypted data is exactly the same. This is an desired outcome with the encryption process.

The above two suggestions would result in every encrypted property being re-persisted for all entities, along with unnecessary re-encryption. This imposes additional workload on the persistance process.

So the reason that the onLoad subscriber sets the original data as the decrypted value, is to avoid triggering a change event in the unitOfWork.

However, you could achieve your desired outcome by creating your own DoctrineEncryptSubscriber, and implementing an array of initial onLoad decrypted properties and values. Later, during onPreFlush compare the entitySet against the onLoad decrypted array of properties. If the decrypted values are the same, then remove the property from the changeSet.

This method also caries an overhead with it, depending on how many encrypted properties you might have. I don't want to impose this overhead on every user of the bundle.

The bundle already allows you to define your own DoctrineEncryptsubscriber in your Config\Packages directory.

spec_shaper_encrypt:
  subscriber_class: App\EventSubscriber\YourDoctrineEncryptSubscriber

If you do find a low overhead way of achieving the desired outcome then please submit a pull request.

@mogilvie
Copy link
Owner

I'm still interested in doing this. So I might try and measure what that overhead might be, and test if it's significant.

@mogilvie mogilvie changed the title Wrong doctrine entity changeset data Update doctrine entity changeset data onLoad, preFlush and postFlush. Feb 14, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants