vendor/eckinox/sensitive-data-bundle/src/EventSubscriber/SensitiveFieldSubscriber.php line 62

Open in your IDE?
  1. <?php
  3. namespace Eckinox\SensitiveDataBundle\EventSubscriber;
  5. use Eckinox\SensitiveDataBundle\Form\SensitiveTypeInterface;
  6. use Eckinox\SensitiveDataBundle\Security\SensitiveDataMapper;
  7. use Eckinox\SensitiveDataBundle\Security\SensitiveDataRetriever;
  8. use Symfony\Component\EventDispatcher\EventSubscriberInterface;
  9. use Symfony\Component\Form\FormEvent;
  10. use Symfony\Component\Form\FormEvents;
  11. use Symfony\Component\Form\FormInterface;
  12. use Symfony\Component\HttpFoundation\Request;
  13. use Symfony\Component\HttpFoundation\RequestStack;
  14. use Symfony\Component\Serializer\NameConverter\CamelCaseToSnakeCaseNameConverter;
  16. /**
  17.  * The `SensitiveFieldSubscriber`'s job is to set the data of
  18.  * sensitive fields to their original value if they haven't been
  19.  * changed by the user, in order to prevent empty or bogus values
  20.  * from replacing the real user data when submitting the form.
  21.  */
  22. class SensitiveFieldSubscriber implements EventSubscriberInterface
  23. {
  24.     /** @var SensitiveDataMapper */
  25.     private $sensitiveDataMapper;
  27.     /** @var SensitiveDataRetriever */
  28.     private $sensitiveDataRetriever;
  30.     /** @var Request */
  31.     private $request;
  33.     /** @var array<string,array<int,object>> */
  34.     private $preChangeEntities = [];
  36.     public function __construct(SensitiveDataMapper $sensitiveDataMapperSensitiveDataRetriever $sensitiveDataRetrieverRequestStack $requestStack)
  37.     {
  38.         $this->sensitiveDataMapper $sensitiveDataMapper;
  39.         $this->sensitiveDataRetriever $sensitiveDataRetriever;
  40.         $this->request $requestStack->getCurrentRequest();
  41.     }
  43.     public static function getSubscribedEvents()
  44.     {
  45.         return [
  46.             FormEvents::POST_SET_DATA => 'onPostSetData',
  47.             FormEvents::SUBMIT => 'onSubmit',
  48.         ];
  49.     }
  51.     public function onPostSetData(FormEvent $event): void
  52.     {
  53.         if (empty($this->request->request->all())) {
  54.             return;
  55.         }
  57.         $form $event->getForm();
  59.         $this->storeSensitiveEntityData($form);
  60.     }
  62.     public function onSubmit(FormEvent $event): void
  63.     {
  64.         $form $event->getForm();
  66.         $this->restoreUnchangedSensitiveValues($form);
  67.     }
  69.     /**
  70.      * Stores a version of each entity affected by the form before the user's
  71.      * submitted data is loaded into them.
  72.      *
  73.      * This allows us to restore the sensitive data on submit for situations
  74.      * where it would've been replaced by the "• • • • •" placeholder value.
  75.      */
  76.     private function storeSensitiveEntityData(FormInterface $form): void
  77.     {
  78.         static $handledFormTypes = [];
  80.         $objectId spl_object_id($form);
  82.         if (isset($handledFormTypes[$objectId])) {
  83.             return;
  84.         }
  86.         $handledFormTypes[$objectId] = true;
  88.         // Check if the form is sensitive - if so, it needs to be processed
  89.         if ($form->getConfig()->getType()->getInnerType() instanceof SensitiveTypeInterface) {
  90.             $entity $this->sensitiveDataMapper->getEntityFromForm($form);
  91.             $entityClass get_class($entity);
  93.             if (!isset($this->preChangeEntities[$entityClass])) {
  94.                 $this->preChangeEntities[$entityClass] = [];
  95.             }
  97.             $this->preChangeEntities[$entityClass][$entity->getId()] = clone $entity;
  98.         }
  100.         // Recurse on all child forms
  101.         foreach ($form->all() as $childForm) {
  102.             $this->storeSensitiveEntityData($childForm);
  103.         }
  104.     }
  106.     /**
  107.      * Restores the sensitive data that has been replaced by the "• • • • •"
  108.      * placeholder value.
  109.      */
  110.     private function restoreUnchangedSensitiveValues(FormInterface $form): void
  111.     {
  112.         static $handledFormTypes = [];
  114.         $objectId spl_object_id($form);
  116.         if (isset($handledFormTypes[$objectId])) {
  117.             return;
  118.         }
  120.         $handledFormTypes[$objectId] = true;
  122.         // Check if the form is sensitive - if so, it needs to be processed
  123.         if ($form->getConfig()->getType()->getInnerType() instanceof SensitiveTypeInterface) {
  124.             $value $form->getData();
  126.             // Check if the value is the sensitive data replacement/placeholder
  127.             if (strpos($value'•') !== false && !strlen(str_replace([' ''•'], ''$value))) {
  128.                 // Retrieve the secret from the pre-submit entity
  129.                 $entity $this->sensitiveDataMapper->getEntityFromForm($form);
  130.                 $preChangeEntity $this->preChangeEntities[get_class($entity)][$entity->getId()] ?? null;
  131.                 $mapping $this->sensitiveDataMapper->getMapping($entity$form->getName());
  132.                 $realValue $this->sensitiveDataRetriever->getSecret($mapping$preChangeEntity ?: $entity);
  134.                 // Restore the secret in the entity
  135.                 $caseConverter = new CamelCaseToSnakeCaseNameConverter();
  136.                 $setter 'set'.ucfirst($caseConverter->denormalize($form->getName()));
  137.                 $entity->$setter($realValue);
  138.             }
  139.         }
  141.         // Recurse on all child forms
  142.         foreach ($form->all() as $childForm) {
  143.             $this->restoreUnchangedSensitiveValues($childForm);
  144.         }
  145.     }
  146. }