Secure email passwords (close #27)

swissup · Apr 5, 2023 · e53ad88 · e53ad88
1 parent 3df9752
commit e53ad88
Show file tree

Hide file tree

Showing 8 changed files with 303 additions and 1 deletion.
diff --git a/Api/EncryptorInterface.php b/Api/EncryptorInterface.php
@@ -0,0 +1,21 @@
+<?php
+namespace Swissup\Email\Api;
+
+interface EncryptorInterface
+{
+    /**
+    * Encrypt a string
+    *
+    * @param string $data
+    * @return string
+    */
+    public function encrypt($data);
+
+    /**
+    * Decrypt a string
+    *
+    * @param string $data
+    * @return string
+    */
+    public function decrypt($data);
+}
diff --git a/Api/ServiceEncryptorInterface.php b/Api/ServiceEncryptorInterface.php
@@ -0,0 +1,23 @@
+<?php
+namespace Swissup\Email\Api;
+
+use Swissup\Email\Api\Data\ServiceInterface;
+
+interface ServiceEncryptorInterface
+{
+    /**
+    * Encrypt a string
+    *
+    * @param string $data
+    * @return string
+    */
+    public function encrypt(ServiceInterface $object): void;
+
+    /**
+    * Decrypt a string
+    *
+    * @param string $data
+    * @return string
+    */
+    public function decrypt(ServiceInterface $object): void;
+}
diff --git a/Model/Data/Encryptor.php b/Model/Data/Encryptor.php
@@ -0,0 +1,76 @@
+<?php
+namespace Swissup\Email\Model\Data;
+
+use Swissup\Email\Api\EncryptorInterface;
+
+class Encryptor implements EncryptorInterface
+{
+    const PREFIX = 'encrypted:';
+
+    /**
+     * @var \Magento\Framework\Encryption\EncryptorInterface
+     */
+    private $encryptor;
+
+    /**
+     * Constructor
+     *
+     * @param \Magento\Framework\Encryption\EncryptorInterface $encryptor
+     */
+    public function __construct(
+        \Magento\Framework\Encryption\EncryptorInterface $encryptor
+    ) {
+        $this->encryptor = $encryptor;
+    }
+
+    private function isEncryptionEnabled()
+    {
+        return true;
+    }
+
+    /**
+     * Encrypt a string
+     *
+     * @param string $data
+     * @return string
+     */
+    public function encrypt($data)
+    {
+        $isEncryptionEnabled = $this->isEncryptionEnabled();
+        $data = (string) $data;
+        if ($isEncryptionEnabled) {
+            $data = self::PREFIX . $this->encryptor->encrypt($data);
+        }
+        return $data;
+    }
+
+    /**
+     * @param string $data
+     * @return bool
+     */
+    private function isEncryptedData(string $data)
+    {
+        return strpos($data, self::PREFIX) === 0;
+    }
+
+    /**
+     * Decrypt a string
+     *
+     * @param string $data
+     * @return string
+     */
+    public function decrypt($data)
+    {
+        $isEncryptionEnabled = $this->isEncryptionEnabled();
+        if ($isEncryptionEnabled) {
+            $data = (string) $data;
+            $prefix = self::PREFIX;
+            if ($this->isEncryptedData($data)) {
+                $data = substr($data, strlen($prefix));
+                $data = $this->encryptor->decrypt($data);
+            }
+        }
+
+        return $data;
+    }
+}
diff --git a/Model/Service/Encryptor.php b/Model/Service/Encryptor.php
@@ -0,0 +1,62 @@
+<?php
+namespace Swissup\Email\Model\Service;
+
+use Swissup\Email\Api\EncryptorInterface;
+use Swissup\Email\Api\ServiceEncryptorInterface;
+use Swissup\Email\Api\Data\ServiceInterface;
+
+class Encryptor implements ServiceEncryptorInterface
+{
+    /**
+     * @var EncryptorInterface
+     */
+    private $encryptor;
+
+    /**
+     * @param EncryptorInterface $encryptor
+     */
+    public function __construct(EncryptorInterface $encryptor)
+    {
+        $this->encryptor = $encryptor;
+    }
+
+    /**
+     * @return string[]
+     */
+    private function getAttributes()
+    {
+        return ['password'];
+    }
+
+    /**
+     * @param DataObject $object
+     * @return void
+     */
+    public function encrypt(ServiceInterface $object): void
+    {
+        foreach ($this->getAttributes() as $attributeCode) {
+            $value = $object->getData($attributeCode);
+            if ($value) {
+                $object->setData($attributeCode, $this->encryptor->encrypt($value));
+            }
+        }
+    }
+
+    /**
+     * @param DataObject $object
+     * @return void
+     */
+    public function decrypt(ServiceInterface $object): void
+    {
+        foreach ($this->getAttributes() as $attributeCode) {
+            $value = $object->getData($attributeCode);
+            if ($value) {
+                try {
+                    $object->setData($attributeCode, $this->encryptor->decrypt($value));
+                } catch (\Exception $e) {
+                    // value is not encrypted or something wrong with encrypted data
+                }
+            }
+        }
+    }
+}
diff --git a/Plugin/Model/ServicePlugin.php b/Plugin/Model/ServicePlugin.php
@@ -0,0 +1,38 @@
+<?php
+declare(strict_types=1);
+
+namespace Swissup\Email\Plugin\Model;
+
+use Magento\Framework\DataObject;
+use Swissup\Email\Model\Service;
+
+class ServicePlugin
+{
+    /**
+     * @var \Swissup\Email\Api\ServiceEncryptorInterface
+     */
+    private $serviceEncryptor;
+
+    /**
+     * @param \Swissup\Email\Api\ServiceEncryptorInterface $serviceEncryptor
+     */
+    public function __construct(\Swissup\Email\Api\ServiceEncryptorInterface $serviceEncryptor)
+    {
+        $this->serviceEncryptor = $serviceEncryptor;
+    }
+
+    public function afterBeforeSave(Service $subject): void
+    {
+        $this->serviceEncryptor->encrypt($subject);
+    }
+
+    public function afterAfterSave(Service $subject): void
+    {
+        $this->serviceEncryptor->decrypt($subject);
+    }
+
+    public function afterAfterLoad(Service $subject): void
+    {
+        $this->serviceEncryptor->decrypt($subject);
+    }
+}
diff --git a/Setup/Patch/Data/EncryptPasswords.php b/Setup/Patch/Data/EncryptPasswords.php
@@ -0,0 +1,76 @@
+<?php
+
+namespace Swissup\Email\Setup\Patch\Data;
+
+
+use Magento\Framework\App\ResourceConnection;
+use Magento\Framework\Setup\ModuleDataSetupInterface;
+use Magento\Framework\Setup\Patch\DataPatchInterface;
+use Magento\Framework\Setup\Patch\PatchVersionInterface;
+
+class EncryptPasswords implements DataPatchInterface, PatchVersionInterface
+{
+    /**
+     * @var ModuleDataSetupInterface
+     */
+    private $moduleDataSetup;
+
+    /**
+     * @var \Swissup\Email\Model\Service\CollectionFactory
+     */
+    private $serviceCollectionFactory;
+
+    /**
+     * @param ModuleDataSetupInterface $moduleDataSetup
+     * @param \Swissup\Email\Model\Service\CollectionFactory $serviceCollectionFactory
+     */
+    public function __construct(
+        ModuleDataSetupInterface $moduleDataSetup,
+        \Swissup\Email\Model\Service\CollectionFactory $serviceCollectionFactory
+    ) {
+        $this->moduleDataSetup = $moduleDataSetup;
+        $this->serviceCollectionFactory = $serviceCollectionFactory;
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function apply()
+    {
+        $setup = $this->moduleDataSetup;
+        $setup->startSetup();
+
+        $collection = $this->serviceCollectionFactory->create();
+        foreach ($collection as $service) {
+            $service->load($service->getId());
+            $service->setDataChanges(true);
+            $service->save();
+        }
+
+        $setup->endSetup();
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public static function getDependencies()
+    {
+        return [];
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public static function getVersion()
+    {
+        return '2.3.0';
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function getAliases()
+    {
+        return [];
+    }
+}
diff --git a/etc/di.xml b/etc/di.xml
@@ -9,6 +9,8 @@
     <preference for="Magento\Framework\Mail\TransportInterface" type="Swissup\Email\Mail\Transport"/>
 
     <preference for="Magento\Framework\Mail\EmailMessageInterface" type="Swissup\Email\Mail\EmailMessage"/>
+    <preference for="Swissup\Email\Api\EncryptorInterface" type="Swissup\Email\Model\Data\Encryptor" />
+    <preference for="Swissup\Email\Api\ServiceEncryptorInterface" type="Swissup\Email\Model\Service\Encryptor" />
 <!--
     <type name="Magento\Framework\Mail\TransportInterface">
         <plugin name="swissup_email_transport" type="Swissup\Email\Mail\TransportPlugin" sortOrder="1" disabled="false"/>
@@ -44,4 +46,8 @@
             <argument name="filterPool" xsi:type="object" shared="false">SwissupEmailServiceGridFilterPool</argument>
         </arguments>
     </virtualType>
+
+    <type name="Swissup\Email\Model\Service">
+        <plugin name="SecureProtectedDataPlugin" type="Swissup\Email\Plugin\Model\ServicePlugin" sortOrder="10"/>
+    </type>
 </config>
diff --git a/etc/module.xml b/etc/module.xml
@@ -1,6 +1,6 @@
 <?xml version="1.0"?>
 <config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="urn:magento:framework:Module/etc/module.xsd">
-    <module name="Swissup_Email" setup_version="1.1.0">
+    <module name="Swissup_Email" setup_version="1.7.4">
         <sequence>
             <module name="Magento_Email"/>
             <module name="Magento_Backend"/>