From ccec89210ba7e0a677f523b983ed168441d65d1d Mon Sep 17 00:00:00 2001 From: Ambroise Maupate Date: Wed, 14 Feb 2024 16:05:36 +0100 Subject: [PATCH] feat(Settings): Removed encrypted Settings. Use symfony:secret to store secrets. BREAKING CHANGE: Setting encryption and crypto keys have been dropped, migrate all your secrets to symfony:secrets to get only one secure vault. Remove any crypto configuration from `config/packages/roadiz_core.yml`: ```yaml security: private_key_name: default ``` --- composer.json | 1 - config/packages/roadiz_core.yaml | 2 - lib/RoadizCoreBundle/composer.json | 1 - .../config/fixtures/settings.json | 37 ------ .../config/packages/roadiz_core.yaml | 2 - lib/RoadizCoreBundle/config/services.yaml | 7 - .../migrations/Version20240214145403.php | 31 +++++ .../src/Console/DecodePrivateKeyCommand.php | 45 ------- .../src/Console/EncodePrivateKeyCommand.php | 46 ------- .../src/Console/GeneratePrivateKeyCommand.php | 38 ------ .../src/Console/PrivateKeyCommand.php | 53 -------- .../src/Crypto/UniqueKeyEncoderFactory.php | 55 -------- .../src/DependencyInjection/Configuration.php | 13 -- .../RoadizCoreExtension.php | 34 ----- .../SettingLifeCycleSubscriber.php | 125 ------------------ lib/RoadizCoreBundle/src/Entity/Setting.php | 52 +------- lib/RoadizCoreBundle/src/Form/SettingType.php | 4 - .../Resources/views/settings/list.html.twig | 2 +- 18 files changed, 37 insertions(+), 511 deletions(-) create mode 100644 lib/RoadizCoreBundle/migrations/Version20240214145403.php delete mode 100644 lib/RoadizCoreBundle/src/Console/DecodePrivateKeyCommand.php delete mode 100644 lib/RoadizCoreBundle/src/Console/EncodePrivateKeyCommand.php delete mode 100644 lib/RoadizCoreBundle/src/Console/GeneratePrivateKeyCommand.php delete mode 100644 lib/RoadizCoreBundle/src/Console/PrivateKeyCommand.php delete mode 100644 lib/RoadizCoreBundle/src/Crypto/UniqueKeyEncoderFactory.php delete mode 100644 lib/RoadizCoreBundle/src/Doctrine/EventSubscriber/SettingLifeCycleSubscriber.php diff --git a/composer.json b/composer.json index aed83785..16b5508a 100644 --- a/composer.json +++ b/composer.json @@ -66,7 +66,6 @@ "psr/cache": ">=1.0.1", "psr/log": ">=1.1", "ramsey/uuid": "^4.7", - "rezozero/crypto": "^1.0.0", "rezozero/intervention-request-bundle": "~3.0.0", "rezozero/liform-bundle": "^0.19", "rezozero/tree-walker": "^1.3.0", diff --git a/config/packages/roadiz_core.yaml b/config/packages/roadiz_core.yaml index 7be43228..20295732 100644 --- a/config/packages/roadiz_core.yaml +++ b/config/packages/roadiz_core.yaml @@ -5,8 +5,6 @@ roadiz_core: staticDomainName: ~ documentsLibDir: 'lib/Documents/src' useNativeJsonColumnType: true - security: - private_key_name: default medias: unsplash_client_id: '%env(string:APP_UNSPLASH_CLIENT_ID)%' soundcloud_client_id: '%env(string:APP_SOUNDCLOUD_CLIENT_ID)%' diff --git a/lib/RoadizCoreBundle/composer.json b/lib/RoadizCoreBundle/composer.json index 6a523983..7148fd8a 100644 --- a/lib/RoadizCoreBundle/composer.json +++ b/lib/RoadizCoreBundle/composer.json @@ -39,7 +39,6 @@ "phpdocumentor/reflection-docblock": "^5.2", "phpoffice/phpspreadsheet": "^1.15", "ramsey/uuid": "^4.7", - "rezozero/crypto": "^1.0.0", "rezozero/intervention-request-bundle": "~3.0.0", "rezozero/liform-bundle": "^0.19", "rezozero/tree-walker": "^1.3.0", diff --git a/lib/RoadizCoreBundle/config/fixtures/settings.json b/lib/RoadizCoreBundle/config/fixtures/settings.json index 137890ad..ee93f247 100644 --- a/lib/RoadizCoreBundle/config/fixtures/settings.json +++ b/lib/RoadizCoreBundle/config/fixtures/settings.json @@ -2,7 +2,6 @@ { "name": "force_locale", "visible": true, - "encrypted": false, "description": "Force displaying translation locale in every node’ paths. This should be *ON* if you redirect users based on their language on homepage.", "setting_group": { "name": "Development", @@ -15,7 +14,6 @@ "name": "force_locale_with_urlaliases", "description": "force_locale_with_urlaliases.help", "visible": true, - "encrypted": false, "setting_group": { "name": "Development", "in_menu": true @@ -25,7 +23,6 @@ { "name": "leaflet_map_tile_url", "value": "https:\/\/{s}.tile.osm.org\/{z}\/{x}\/{y}.png", - "encrypted": false, "description": "Default maps tiles layout when using *Leaflet*.", "visible": true, "setting_group": { @@ -38,7 +35,6 @@ { "name": "maps_default_location", "value": "{\"lat\":45.769785, \"lng\":4.833967, \"zoom\":14}", - "encrypted": false, "description": "Default maps marker location.", "visible": true, "setting_group": { @@ -52,7 +48,6 @@ "name": "openid_button_label", "description": "openid_button_label.help", "visible": true, - "encrypted": false, "setting_group": { "name": "OpenId", "in_menu": true @@ -62,7 +57,6 @@ { "name": "support_email_address", "visible": true, - "encrypted": false, "description": "Support email address, used in every system emails footer", "setting_group": { "name": "Emailings", @@ -74,7 +68,6 @@ { "name": "email_sender", "visible": true, - "encrypted": false, "description": "Default sender email, used as origin for every system email sent. This email **must be allowed by your SMTP server.**", "setting_group": { "name": "Emailings", @@ -86,7 +79,6 @@ { "name": "email_sender_name", "visible": true, - "encrypted": false, "setting_group": { "name": "Emailings", "in_menu": true @@ -97,7 +89,6 @@ { "name": "universal_analytics_id", "visible": true, - "encrypted": false, "setting_group": { "name": "APIs", "in_menu": true @@ -108,18 +99,6 @@ { "name": "google_tag_manager_id", "visible": true, - "encrypted": false, - "setting_group": { - "name": "APIs", - "in_menu": true - }, - "type": 0, - "default_values": "" - }, - { - "name": "instagram_access_token", - "visible": true, - "encrypted": true, "setting_group": { "name": "APIs", "in_menu": true @@ -130,7 +109,6 @@ { "name": "seo_description", "visible": true, - "encrypted": false, "setting_group": { "name": "Site information", "in_menu": true @@ -141,7 +119,6 @@ { "name": "site_name", "visible": true, - "encrypted": false, "setting_group": { "name": "Site information", "in_menu": true @@ -152,7 +129,6 @@ { "name": "maintenance_mode", "visible": true, - "encrypted": false, "description": "Switch maintenance mode. Only login page will be available for public requests.", "setting_group": { "name": "Site information", @@ -164,7 +140,6 @@ { "name": "site_copyright", "visible": true, - "encrypted": false, "setting_group": { "name": "Site information", "in_menu": true @@ -174,7 +149,6 @@ }, { "name": "main_color", - "encrypted": false, "visible": true, "setting_group": { "name": "Site information", @@ -186,7 +160,6 @@ { "name": "admin_image", "visible": true, - "encrypted": false, "setting_group": { "name": "Site information", "in_menu": true @@ -197,7 +170,6 @@ { "name": "login_image", "visible": true, - "encrypted": false, "description": "Replace random *Splashbase* login images with your own.", "setting_group": { "name": "Site information", @@ -209,7 +181,6 @@ { "name": "facebook_url", "visible": true, - "encrypted": false, "setting_group": { "name": "Social networks", "in_menu": true @@ -220,7 +191,6 @@ { "name": "instagram_url", "visible": true, - "encrypted": false, "setting_group": { "name": "Social networks", "in_menu": true @@ -231,7 +201,6 @@ { "name": "pinterest_url", "visible": true, - "encrypted": false, "setting_group": { "name": "Social networks", "in_menu": true @@ -242,7 +211,6 @@ { "name": "twitter_url", "visible": true, - "encrypted": false, "setting_group": { "name": "Social networks", "in_menu": true @@ -253,7 +221,6 @@ { "name": "linkedin_url", "visible": true, - "encrypted": false, "setting_group": { "name": "Social networks", "in_menu": true @@ -264,7 +231,6 @@ { "name": "youtube_url", "visible": true, - "encrypted": false, "setting_group": { "name": "Social networks", "in_menu": true @@ -276,7 +242,6 @@ "name": "custom_preview_scheme", "description": "custom_preview_scheme.help", "visible": true, - "encrypted": false, "setting_group": { "name": "Site information", "in_menu": true @@ -287,7 +252,6 @@ "name": "custom_public_scheme", "description": "custom_public_scheme.help", "visible": true, - "encrypted": false, "setting_group": { "name": "Site information", "in_menu": true @@ -298,7 +262,6 @@ "name": "dashboard_iframe", "description": "dashboard_iframe.help", "visible": true, - "encrypted": false, "setting_group": { "name": "Site information", "in_menu": true diff --git a/lib/RoadizCoreBundle/config/packages/roadiz_core.yaml b/lib/RoadizCoreBundle/config/packages/roadiz_core.yaml index 818584c3..85272097 100644 --- a/lib/RoadizCoreBundle/config/packages/roadiz_core.yaml +++ b/lib/RoadizCoreBundle/config/packages/roadiz_core.yaml @@ -11,8 +11,6 @@ roadiz_core: # Be careful if you are using a reverse-proxy cache, YOU MUST vary on Accept-Language header and normalize it. # @see https://varnish-cache.org/docs/6.3/users-guide/increasing-your-hitrate.html#http-vary useAcceptLanguageHeader: '%env(bool:APP_USE_ACCEPT_LANGUAGE_HEADER)%' - security: - private_key_name: default themes: [] medias: unsplash_client_id: '%env(string:APP_UNSPLASH_CLIENT_ID)%' diff --git a/lib/RoadizCoreBundle/config/services.yaml b/lib/RoadizCoreBundle/config/services.yaml index 956fd71a..c8a5f262 100644 --- a/lib/RoadizCoreBundle/config/services.yaml +++ b/lib/RoadizCoreBundle/config/services.yaml @@ -34,7 +34,6 @@ services: $appNamespace: '%roadiz_core.app_namespace%' $projectDir: '%kernel.project_dir%' $exportDir: '%kernel.project_dir%/var/export' - $privateKeyName: '%roadiz_core.private_key_name%' $generatedEntitiesDir: '%roadiz_core.generated_entities_dir%' $serializedNodeTypesDir: '%roadiz_core.serialized_node_types_dir%' $importFilesConfigPath: '%roadiz_core.import_files_config_path%' @@ -436,12 +435,6 @@ services: RZ\Roadiz\Random\PasswordGenerator: ~ - RZ\Crypto\KeyChain\KeyChainInterface: - alias: RZ\Crypto\KeyChain\AsymmetricFilesystemKeyChain - - RZ\Crypto\KeyChain\AsymmetricFilesystemKeyChain: - arguments: ['%kernel.project_dir%/var/secret', true] - JMS\Serializer\Construction\ObjectConstructorInterface: alias: RZ\Roadiz\CoreBundle\Serializer\ObjectConstructor\ObjectConstructor diff --git a/lib/RoadizCoreBundle/migrations/Version20240214145403.php b/lib/RoadizCoreBundle/migrations/Version20240214145403.php new file mode 100644 index 00000000..a20f4e63 --- /dev/null +++ b/lib/RoadizCoreBundle/migrations/Version20240214145403.php @@ -0,0 +1,31 @@ +addSql('ALTER TABLE settings DROP encrypted'); + } + + public function down(Schema $schema): void + { + // this down() migration is auto-generated, please modify it to your needs + $this->addSql('ALTER TABLE settings ADD encrypted TINYINT(1) DEFAULT 0 NOT NULL'); + } +} diff --git a/lib/RoadizCoreBundle/src/Console/DecodePrivateKeyCommand.php b/lib/RoadizCoreBundle/src/Console/DecodePrivateKeyCommand.php deleted file mode 100644 index f86cc50d..00000000 --- a/lib/RoadizCoreBundle/src/Console/DecodePrivateKeyCommand.php +++ /dev/null @@ -1,45 +0,0 @@ -setName('crypto:private-key:decode') - ->addArgument('key-name', InputArgument::REQUIRED) - ->addArgument('data', InputArgument::REQUIRED) - ; - } - - protected function execute(InputInterface $input, OutputInterface $output): int - { - $io = new SymfonyStyle($input, $output); - - $keyName = $input->getArgument('key-name'); - $encoder = $this->uniqueKeyEncoderFactory->getEncoder($keyName); - $encoded = $encoder->decode($input->getArgument('data')); - - $io->note($encoded->getString()); - return 0; - } -} diff --git a/lib/RoadizCoreBundle/src/Console/EncodePrivateKeyCommand.php b/lib/RoadizCoreBundle/src/Console/EncodePrivateKeyCommand.php deleted file mode 100644 index 24e49841..00000000 --- a/lib/RoadizCoreBundle/src/Console/EncodePrivateKeyCommand.php +++ /dev/null @@ -1,46 +0,0 @@ -setName('crypto:private-key:encode') - ->addArgument('key-name', InputArgument::REQUIRED) - ->addArgument('data', InputArgument::REQUIRED) - ; - } - - protected function execute(InputInterface $input, OutputInterface $output): int - { - $io = new SymfonyStyle($input, $output); - - $keyName = $input->getArgument('key-name'); - $encoder = $this->uniqueKeyEncoderFactory->getEncoder($keyName); - $encoded = $encoder->encode(new HiddenString($input->getArgument('data'))); - - $io->note($encoded); - return 0; - } -} diff --git a/lib/RoadizCoreBundle/src/Console/GeneratePrivateKeyCommand.php b/lib/RoadizCoreBundle/src/Console/GeneratePrivateKeyCommand.php deleted file mode 100644 index 9b610e4a..00000000 --- a/lib/RoadizCoreBundle/src/Console/GeneratePrivateKeyCommand.php +++ /dev/null @@ -1,38 +0,0 @@ -setName('crypto:private-key:generate') - ->setDescription('Generate a default private key to encode data in your database.') - ; - } - - protected function execute(InputInterface $input, OutputInterface $output): int - { - $io = new SymfonyStyle($input, $output); - - $this->keyChain->generate($this->privateKeyName); - $io->success(sprintf('Private key has been generated: %s', $this->privateKeyName)); - return 0; - } -} diff --git a/lib/RoadizCoreBundle/src/Console/PrivateKeyCommand.php b/lib/RoadizCoreBundle/src/Console/PrivateKeyCommand.php deleted file mode 100644 index 245887f4..00000000 --- a/lib/RoadizCoreBundle/src/Console/PrivateKeyCommand.php +++ /dev/null @@ -1,53 +0,0 @@ -setName('crypto:private-key:info') - ->addArgument('key-name', InputArgument::REQUIRED) - ->setDescription('Get a private or public key information') - ; - } - - protected function execute(InputInterface $input, OutputInterface $output): int - { - $io = new SymfonyStyle($input, $output); - - $keyName = $input->getArgument('key-name'); - $key = $this->keyChain->get($keyName); - - $io->table([ - 'name', - 'type', - 'derivation', - 'usage', - 'base64', - ], [[ - $keyName, - $key->isAsymmetricKey() ? 'asymmetric' : 'symmetric', - $key->isPublicKey() ? 'public' : 'private', - $key->isSigningKey() ? 'signing' : 'encryption', - base64_encode($key->getRawKeyMaterial()) - ]]); - return 0; - } -} diff --git a/lib/RoadizCoreBundle/src/Crypto/UniqueKeyEncoderFactory.php b/lib/RoadizCoreBundle/src/Crypto/UniqueKeyEncoderFactory.php deleted file mode 100644 index 9747ed07..00000000 --- a/lib/RoadizCoreBundle/src/Crypto/UniqueKeyEncoderFactory.php +++ /dev/null @@ -1,55 +0,0 @@ -keyChain = $keyChain; - $this->defaultKeyName = $defaultKeyName; - } - - public function getEncoder(?string $keyName = null): UniqueKeyEncoderInterface - { - try { - $keyName = $keyName ?? $this->defaultKeyName; - $key = $this->keyChain->get($keyName); - - if ($key instanceof EncryptionSecretKey) { - $publicKey = $key->derivePublicKey(); - return new AsymmetricUniqueKeyEncoder( - $publicKey, - $key - ); - } elseif ($key instanceof EncryptionKey) { - return new SymmetricUniqueKeyEncoder($key); - } - } catch (\Exception $exception) { - throw new InvalidKey( - sprintf('Key %s is not a valid encryption key', $keyName), - 0, - $exception - ); - } - - throw new InvalidKey(sprintf('Key %s is not a valid encryption key', $keyName)); - } -} diff --git a/lib/RoadizCoreBundle/src/DependencyInjection/Configuration.php b/lib/RoadizCoreBundle/src/DependencyInjection/Configuration.php index 5529c8d4..89834aef 100644 --- a/lib/RoadizCoreBundle/src/DependencyInjection/Configuration.php +++ b/lib/RoadizCoreBundle/src/DependencyInjection/Configuration.php @@ -65,19 +65,6 @@ public function getConfigTreeBuilder(): TreeBuilder their node-type to avoid name conflicts with reachable nodes (pages). EOT) ->end() - ->arrayNode('security') - ->addDefaultsIfNotSet() - ->children() - ->scalarNode('private_key_dir') - ->defaultValue('%kernel.project_dir%/var/secret') - ->info('Asymmetric cryptographic key directory.') - ->end() - ->scalarNode('private_key_name') - ->defaultValue('default') - ->info('Asymmetric cryptographic key name.') - ->end() - ->end() - ->end() ->append($this->addSolrNode()) ->append($this->addInheritanceNode()) ->append($this->addReverseProxyCacheNode()) diff --git a/lib/RoadizCoreBundle/src/DependencyInjection/RoadizCoreExtension.php b/lib/RoadizCoreBundle/src/DependencyInjection/RoadizCoreExtension.php index 908ea3de..25442d1f 100644 --- a/lib/RoadizCoreBundle/src/DependencyInjection/RoadizCoreExtension.php +++ b/lib/RoadizCoreBundle/src/DependencyInjection/RoadizCoreExtension.php @@ -6,12 +6,9 @@ use League\CommonMark\Environment\Environment; use League\CommonMark\MarkdownConverter; -use RZ\Crypto\KeyChain\AsymmetricFilesystemKeyChain; -use RZ\Crypto\KeyChain\KeyChainInterface; use RZ\Roadiz\CoreBundle\Cache\CloudflareProxyCache; use RZ\Roadiz\CoreBundle\Cache\ReverseProxyCache; use RZ\Roadiz\CoreBundle\Cache\ReverseProxyCacheLocator; -use RZ\Roadiz\CoreBundle\Crypto\UniqueKeyEncoderFactory; use RZ\Roadiz\CoreBundle\Entity\CustomForm; use RZ\Roadiz\CoreBundle\Entity\Document; use RZ\Roadiz\CoreBundle\Entity\Node; @@ -64,12 +61,6 @@ public function load(array $configs, ContainerBuilder $container): void $container->setParameter('roadiz_core.inheritance_type', $config['inheritance']['type']); $container->setParameter('roadiz_core.max_versions_showed', $config['maxVersionsShowed']); $container->setParameter('roadiz_core.static_domain_name', $config['staticDomainName'] ?? ''); - $container->setParameter('roadiz_core.private_key_name', $config['security']['private_key_name']); - $container->setParameter('roadiz_core.private_key_dir', $config['security']['private_key_dir']); - $container->setParameter( - 'roadiz_core.private_key_path', - $config['security']['private_key_dir'] . DIRECTORY_SEPARATOR . $config['security']['private_key_name'] - ); $container->setParameter('roadiz_core.default_node_source_controller', $config['defaultNodeSourceController']); $container->setParameter('roadiz_core.use_native_json_column_type', $config['useNativeJsonColumnType']); $container->setParameter('roadiz_core.use_typed_node_names', $config['useTypedNodeNames']); @@ -131,31 +122,6 @@ public function load(array $configs, ContainerBuilder $container): void $this->registerReverseProxyCache($config, $container); $this->registerSolr($config, $container); $this->registerMarkdown($config, $container); - $this->registerCrypto($config, $container); - } - - private function registerCrypto(array $config, ContainerBuilder $container): void - { - $container->setDefinition( - UniqueKeyEncoderFactory::class, - (new Definition()) - ->setClass(UniqueKeyEncoderFactory::class) - ->setPublic(true) - ->setArguments([ - new Reference(KeyChainInterface::class), - $container->getParameter('roadiz_core.private_key_name') - ]) - ); - - $container->setDefinition( - KeyChainInterface::class, - (new Definition()) - ->setClass(AsymmetricFilesystemKeyChain::class) - ->setPublic(true) - ->setArguments([ - $container->getParameter('roadiz_core.private_key_dir') - ]) - ); } private function registerReverseProxyCache(array $config, ContainerBuilder $container): void diff --git a/lib/RoadizCoreBundle/src/Doctrine/EventSubscriber/SettingLifeCycleSubscriber.php b/lib/RoadizCoreBundle/src/Doctrine/EventSubscriber/SettingLifeCycleSubscriber.php deleted file mode 100644 index acc18d84..00000000 --- a/lib/RoadizCoreBundle/src/Doctrine/EventSubscriber/SettingLifeCycleSubscriber.php +++ /dev/null @@ -1,125 +0,0 @@ -uniqueKeyEncoderFactory = $uniqueKeyEncoderFactory; - $this->privateKeyName = $privateKeyName; - $this->logger = $logger; - } - - /** - * {@inheritdoc} - */ - public function getSubscribedEvents(): array - { - return [ - Events::preUpdate, - Events::postLoad - ]; - } - - /** - * @param PreUpdateEventArgs $event - * @throws InvalidKey - */ - public function preUpdate(PreUpdateEventArgs $event): void - { - $setting = $event->getObject(); - if ($setting instanceof Setting) { - if ( - $event->hasChangedField('encrypted') && - $event->getNewValue('encrypted') === false && - null !== $setting->getRawValue() - ) { - /* - * Set raw value and do not encode it if setting is not encrypted anymore. - */ - $setting->setValue($setting->getRawValue()); - } elseif ( - $event->hasChangedField('encrypted') && - $event->getNewValue('encrypted') === true && - null !== $setting->getRawValue() - ) { - /* - * Encode value for the first time. - */ - $setting->setValue($this->getEncoder()->encode(new HiddenString($setting->getRawValue()))); - } elseif ( - $setting->isEncrypted() && - $event->hasChangedField('value') && - null !== $event->getNewValue('value') - ) { - /* - * Encode setting if value has changed - */ - $event->setNewValue('value', $this->getEncoder()->encode(new HiddenString($event->getNewValue('value')))); - $setting->setClearValue($event->getNewValue('value')); - } - } - } - - /** - * @param LifecycleEventArgs $event - */ - public function postLoad(LifecycleEventArgs $event): void - { - $setting = $event->getObject(); - if ( - $setting instanceof Setting && - $setting->isEncrypted() && - null !== $setting->getRawValue() - ) { - try { - $setting->setClearValue($this->getEncoder()->decode($setting->getRawValue())->getString()); - } catch (InvalidKey $exception) { - $this->logger->error( - sprintf('Failed to decode "%s" setting value', $setting->getName()), - [ - 'exception_message' => $exception->getMessage(), - 'trace' => $exception->getTraceAsString(), - 'entity' => $setting - ] - ); - } catch (InvalidMessage $exception) { - $this->logger->error( - sprintf('Failed to decode "%s" setting value', $setting->getName()), - [ - 'exception_message' => $exception->getMessage(), - 'trace' => $exception->getTraceAsString(), - 'entity' => $setting - ] - ); - } - } - } - - /** - * @throws InvalidKey - */ - protected function getEncoder(): UniqueKeyEncoderInterface - { - return $this->uniqueKeyEncoderFactory->getEncoder($this->privateKeyName); - } -} diff --git a/lib/RoadizCoreBundle/src/Entity/Setting.php b/lib/RoadizCoreBundle/src/Entity/Setting.php index 75a0777b..102bd087 100644 --- a/lib/RoadizCoreBundle/src/Entity/Setting.php +++ b/lib/RoadizCoreBundle/src/Entity/Setting.php @@ -71,25 +71,11 @@ class Setting extends AbstractEntity #[Serializer\Groups(['setting', 'nodes_sources'])] private ?string $value = null; - /** - * Holds clear setting value after value is decoded by postLoad Doctrine event. - * - * READ ONLY: Not persisted value to hold clear value if setting is encrypted. - */ - #[SymfonySerializer\Ignore] - #[Serializer\Exclude] - private ?string $clearValue = null; - #[ORM\Column(type: 'boolean', nullable: false, options: ['default' => true])] #[SymfonySerializer\Groups(['setting'])] #[Serializer\Groups(['setting'])] private bool $visible = true; - #[ORM\Column(type: 'boolean', nullable: false, options: ['default' => false])] - #[SymfonySerializer\Groups(['setting'])] - #[Serializer\Groups(['setting'])] - private bool $encrypted = false; - #[ORM\ManyToOne( targetEntity: SettingGroup::class, cascade: ['persist', 'merge'], @@ -172,34 +158,26 @@ public function getRawValue(): ?string } /** - * Getter for setting value OR clear value, if encrypted. - * * @return string|bool|\DateTime|int|null * @throws \Exception */ #[SymfonySerializer\Ignore] public function getValue(): string|bool|\DateTime|int|null { - if ($this->isEncrypted()) { - $value = $this->clearValue; - } else { - $value = $this->value; - } - if ($this->getType() == AbstractField::BOOLEAN_T) { - return (bool) $value; + return (bool) $this->value; } - if (null !== $value) { + if (null !== $this->value) { if ($this->getType() == AbstractField::DATETIME_T) { - return new \DateTime($value); + return new \DateTime($this->value); } if ($this->getType() == AbstractField::DOCUMENTS_T) { - return (int) $value; + return (int) $this->value; } } - return $value; + return $this->value; } /** @@ -223,26 +201,6 @@ public function setValue(mixed $value): self return $this; } - /** - * @return bool - */ - public function isEncrypted(): bool - { - return $this->encrypted; - } - - /** - * @param bool $encrypted - * - * @return Setting - */ - public function setEncrypted(bool $encrypted): Setting - { - $this->encrypted = $encrypted; - - return $this; - } - /** * @return int */ diff --git a/lib/RoadizCoreBundle/src/Form/SettingType.php b/lib/RoadizCoreBundle/src/Form/SettingType.php index cd5b2613..56392a67 100644 --- a/lib/RoadizCoreBundle/src/Form/SettingType.php +++ b/lib/RoadizCoreBundle/src/Form/SettingType.php @@ -48,10 +48,6 @@ public function buildForm(FormBuilderInterface $builder, array $options): void 'label' => 'visible', 'required' => false, ]) - ->add('encrypted', CheckboxType::class, [ - 'label' => 'encrypted', - 'required' => false, - ]) ->add('type', ChoiceType::class, [ 'label' => 'type', 'required' => true, diff --git a/lib/Rozier/src/Resources/views/settings/list.html.twig b/lib/Rozier/src/Resources/views/settings/list.html.twig index 867439b4..5df80eb1 100644 --- a/lib/Rozier/src/Resources/views/settings/list.html.twig +++ b/lib/Rozier/src/Resources/views/settings/list.html.twig @@ -57,7 +57,7 @@

- {%- if setting.setting.Encrypted -%} {% endif %}{{ setting.setting.name|trans|inlineMarkdown -}} + {{ setting.setting.name|trans|inlineMarkdown -}}

{% if setting.setting.description %}