Tadah
/
ciphersweet-for-laravel
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Added whereIn clause

This commit is contained in:
Bjorn Voesten 2020-12-25 01:37:58 +01:00
parent ddf24dd78f
commit 278719a552
3 changed files with 226 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
readme.md
View File

@ -1,12 +1,14 @@
# CipherSweet for Laravel # CipherSweet for Laravel
A Laravel implementation of [Paragon Initiative Enterprises CipherSweet](https://ciphersweet.paragonie.com) searchable field level encryption. A Laravel implementation of [Paragon Initiative Enterprises CipherSweet](https://ciphersweet.paragonie.com) searchable
field level encryption.
Make sure you have some basic understanding of CipherSweet before continuing. Make sure you have some basic understanding of CipherSweet before continuing.
## Installation ## Installation
Install the package using composer: Install the package using composer:
``` ```
composer require bjorn-voesten/ciphersweet-for-laravel composer require bjorn-voesten/ciphersweet-for-laravel
``` ```
@ -16,10 +18,13 @@ The package will then automatically register itself.
#### Encryption key #### Encryption key
In your `.env` file you should add: In your `.env` file you should add:
```dotenv ```dotenv
CIPHERSWEET_KEY= CIPHERSWEET_KEY=
``` ```
And then generate an encryption key: And then generate an encryption key:
``` ```
php artisan ciphersweet:key php artisan ciphersweet:key
``` ```
@ -27,6 +32,7 @@ php artisan ciphersweet:key
#### Config file #### Config file
Publish the config file: Publish the config file:
``` ```
php artisan vendor:publish --tag=ciphersweet-config php artisan vendor:publish --tag=ciphersweet-config
``` ```
@ -35,8 +41,9 @@ php artisan vendor:publish --tag=ciphersweet-config
### Define encryption ### Define encryption
Add the `BjornVoesten\CipherSweet\Concerns\WithAttributeEncryption` trait to your model <br> Add the `BjornVoesten\CipherSweet\Concerns\WithAttributeEncryption` trait to your model <br>
and add the `BjornVoesten\CipherSweet\Casts\Encrypted` cast to the attributes you want to encrypt. and add the `BjornVoesten\CipherSweet\Casts\Encrypted` cast to the attributes you want to encrypt.
```php ```php
<?php <?php
@ -99,29 +106,42 @@ class User extends Model
Attributes will be automatically encrypted and decrypted when filling and retrieving attribute values. Attributes will be automatically encrypted and decrypted when filling and retrieving attribute values.
**Note** Because the package uses Laravel casts it is not possible to combine the `Encrypted` cast and accessors/mutators. **Note** Because the package uses Laravel casts it is not possible to combine the `Encrypted` cast and
accessors/mutators.
### Searching ### Searching
**Note** When searching with the `equal to` operator models will be returned when the value is found in one of all available or defined indexes. When searching with the `not equal to` operator all models where the value is not found in any of the available or the defined indexes are returned. **Note** When searching with the `equal to` operator models will be returned when the value is found in one of all
available or defined indexes. When searching with the `not equal to` operator all models where the value is not found in
any of the available or the defined indexes are returned.
**Note** **Note**
Because of the limited search possibilities in CipherSweet only the `=` and `!=` operators are available when searching encrypted attributes. Because of the limited search possibilities in CipherSweet only the `=` and `!=` operators are available when searching
encrypted attributes.
#### `whereEncrypted` <br/>
#### `whereEncrypted`, `orWhereEncrypted`
```php ```php
User::query() User::query()
->whereEncrypted('social_security_number', '=', '123-456-789') ->whereEncrypted('social_security_number', '=', '123-456-789')
->orWhereEncrypted('social_security_number', '=', '123-456-789')
->get(); ->get();
``` ```
#### `orWhereEncrypted` <br/>
#### `whereInEncrypted`, `orWhereInEncrypted`
```php ```php
User::query() User::query()
->whereEncrypted('social_security_number', '=', '123-456-789') ->whereInEncrypted('social_security_number', [
->orWhereEncrypted('social_security_number', '=', '456-123-789') '123-456-789',
])
->orWhereInEncrypted('social_security_number', [
'456-123-789',
])
->get(); ->get();
``` ```
@ -131,7 +151,8 @@ Please see [contributing.md](contributing.md) for details and a todolist.
## Security ## Security
If you discover any security related issues, please email [security@bjornvoesten.com](mailto:security@bjornvoesten.com) instead of using the issue tracker. If you discover any security related issues, please email [security@bjornvoesten.com](mailto:security@bjornvoesten.com)
instead of using the issue tracker.
## Testing ## Testing

113
src/Concerns/WithAttributeEncryption.php
View File

@ -3,7 +3,6 @@
namespace BjornVoesten\CipherSweet\Concerns; namespace BjornVoesten\CipherSweet\Concerns;
use Illuminate\Database\Eloquent\Builder; use Illuminate\Database\Eloquent\Builder;
use Illuminate\Support\Arr;
/** /**
* @mixin \Illuminate\Database\Eloquent\Model * @mixin \Illuminate\Database\Eloquent\Model
@ -16,9 +15,8 @@ trait WithAttributeEncryption
* @param string $attribute * @param string $attribute
* @param string|int|boolean $value * @param string|int|boolean $value
* @return array * @return array
* @throws \Exception
*/ */
public function encrypt(string $attribute, $value) public function encrypt(string $attribute, $value): array
{ {
[$ciphertext, $indexes] = $result = app('ciphersweet')->encrypt( [$ciphertext, $indexes] = $result = app('ciphersweet')->encrypt(
$this, $attribute, $value $this, $attribute, $value
@ -37,9 +35,9 @@ trait WithAttributeEncryption
* Encrypt the attribute. * Encrypt the attribute.
* *
* @param string $attribute * @param string $attribute
* @return $this * @return string
*/ */
public function decrypt(string $attribute) public function decrypt(string $attribute): string
{ {
return app('ciphersweet')->decrypt( return app('ciphersweet')->decrypt(
$this, $attribute, $this->attributes[$attribute] $this, $attribute, $this->attributes[$attribute]
@ -54,27 +52,25 @@ trait WithAttributeEncryption
* @param $operator * @param $operator
* @param $value * @param $value
* @param array $indexes * @param array $indexes
* @param string $boolean
* @return void * @return void
* @throws \Exception
*/ */
public function scopeWhereEncrypted(Builder $query, string $column, $operator, $value, array $indexes = []): void public function scopeWhereEncrypted(Builder $query, string $column, $operator, $value, array $indexes = [], $boolean = 'and'): void
{ {
$available = Arr::last( /** @var array $available */
$this->encrypt($column, $value) $available = $this->encrypt($column, $value)[1];
);
$indexes = empty($indexes) $indexes = empty($indexes) ? array_keys($available) : $indexes;
? array_keys($available)
: $indexes;
$first = true; $method = $boolean === 'or'
foreach ($indexes as $index) { ? 'orWhere'
$first : 'where';
? $query->where($index, $operator, $available[$index])
: $query->orWhere($index, $operator, $available[$index]);
$first = false; $query->{$method}(function (Builder $query) use ($available, $operator, $indexes) {
} foreach ($indexes as $key => $index) {
$query->where($index, $operator, $available[$index]);
}
});
} }
/** /**
@ -83,23 +79,76 @@ trait WithAttributeEncryption
* @param \Illuminate\Database\Eloquent\Builder $query * @param \Illuminate\Database\Eloquent\Builder $query
* @param string $column * @param string $column
* @param string $operator * @param string $operator
* @param $value * @param mixed $value
* @param array $indexes * @param array $indexes
* @param string $boolean
* @return void
*/
public function scopeOrWhereEncrypted(
Builder $query, string $column, string $operator, $value,
array $indexes = [], $boolean = 'or'
): void
{
$this->scopeWhereEncrypted(
$query, $column, $operator, $value, $indexes, $boolean
);
}
/**
* Add a where in clause to the query for an encrypted column.
*
* @param \Illuminate\Database\Eloquent\Builder $query
* @param string $column
* @param array $values
* @param array $indexes
* @param string $boolean
* @return void * @return void
* @throws \Exception * @throws \Exception
*/ */
public function scopeOrWhereEncrypted(Builder $query, string $column, string $operator, $value, array $indexes = []): void public function scopeWhereInEncrypted(
Builder $query, string $column, array $values, array $indexes = [],
$boolean = 'and'
): void
{ {
$available = Arr::last( $values = array_map(function (string $value) use ($column) {
$this->encrypt($column, $value) return $this->encrypt($column, $value)[1];
}, $values);
$available = array_keys($values[0]);
$indexes = empty($indexes) ? $available : $indexes;
$method = $boolean === 'or'
? 'orWhere'
: 'where';
$query->{$method}(function (Builder $query) use ($values, $indexes) {
foreach ($indexes as $key => $index) {
(bool) $key
? $query->orWhereIn($index, $values)
: $query->whereIn($index, $values);
}
});
}
/**
* Add a or where in clause to the query for an encrypted column.
*
* @param \Illuminate\Database\Eloquent\Builder $query
* @param string $column
* @param array $values
* @param array $indexes
* @param string $boolean
* @return void
* @throws \Exception
*/
public function scopeOrWhereInEncrypted(
Builder $query, string $column, array $values, array $indexes = [],
$boolean = 'or'
): void
{
$this->scopeWhereInEncrypted(
$query, $column, $values, $indexes, $boolean
); );
$indexes = empty($indexes)
? array_keys($available)
: $indexes;
foreach ($indexes as $index) {
$query->orWhere($index, $operator, $available[$index]);
}
} }
} }

114
tests/Unit/QueryTest.php
View File

@ -98,4 +98,118 @@ class QueryTest extends TestCase
]) ])
->get(); ->get();
} }
public function testCanQueryEncryptedAttributeWithWhereInClause(): void
{
$userOne = $this->user('123-456-789');
$userTwo = $this->user('789-456-123');
$userThree = $this->user('456-789-123');
// Assert success.
/** @var \Illuminate\Database\Eloquent\Collection $keys */
$keys = User::query()
->whereInEncrypted(
'social_security_number',
[
'123-456-789',
'789-456-123',
]
)
->get()
->modelKeys();
$this->assertContains($userOne->id, $keys);
$this->assertContains($userTwo->id, $keys);
$this->assertNotContains($userThree->id, $keys);
// Assert success using provided index.
/** @var \Illuminate\Database\Eloquent\Collection $keys */
$keys = User::query()
->whereInEncrypted(
'social_security_number',
[
'123-456-789',
'789-456-123',
],
['social_security_number_index']
)
->get()
->modelKeys();
$this->assertContains($userOne->id, $keys);
$this->assertContains($userTwo->id, $keys);
$this->assertNotContains($userThree->id, $keys);
$keys = User::query()
->whereInEncrypted(
'social_security_number',
['789-456-123'],
['non_existing_index']
)
->get()
->modelKeys();
$this->assertEmpty($keys);
}
public function testCanQueryEncryptedAttributeWithOrWhereInClause(): void
{
$userOne = $this->user('123-456-789');
$userTwo = $this->user('789-456-123');
$userThree = $this->user('456-789-123');
// Assert success.
/** @var \Illuminate\Database\Eloquent\Collection $keys */
$keys = User::query()
->whereInEncrypted(
'social_security_number',
['123-456-789']
)
->orWhereInEncrypted(
'social_security_number',
['789-456-123']
)
->get()
->modelKeys();
$this->assertContains($userOne->id, $keys);
$this->assertContains($userTwo->id, $keys);
$this->assertNotContains($userThree->id, $keys);
// Assert success using provided index.
/** @var \Illuminate\Database\Eloquent\Collection $keys */
$keys = User::query()
->whereInEncrypted(
'social_security_number',
['123-456-789'],
['social_security_number_index']
)
->orWhereInEncrypted(
'social_security_number',
['789-456-123'],
['social_security_number_index']
)
->get()
->modelKeys();
$this->assertContains($userOne->id, $keys);
$this->assertContains($userTwo->id, $keys);
$this->assertNotContains($userThree->id, $keys);
$keys = User::query()
->whereInEncrypted(
'social_security_number',
['789-456-123'],
['non_existing_index']
)
->orWhereInEncrypted(
'social_security_number',
['789-456-123'],
['non_existing_index']
)
->get()
->modelKeys();
$this->assertEmpty($keys);
}
} }