Skip to content

Commit

Permalink
Merge pull request #119 from OS2Forms/develop
Browse files Browse the repository at this point in the history 
Release 3.15.4
  • Loading branch information
@jekuaitk
jekuaitk authored Jul 8, 2024
2 parents e07f404 + 273c25b commit 119b31e
Show file tree
Hide file tree
Showing 10 changed files with 586 additions and 25 deletions.
11 changes: 10 additions & 1 deletion CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,13 @@ before starting to add changes. Use example [placed in the end of the page](#exa

## [Unreleased]

## [3.15.4] 2024-07-08

- [#117](https://github.com/OS2Forms/os2forms/pull/117)
Encrypts all elements if encryption enabled.
- [#114](https://github.com/OS2Forms/os2forms/pull/114)
Encrypted computed elements.

## [3.15.3] 2024-06-25

- [OS-74] Replacing DAWA matrikula select with Datafordeler select
Expand Down Expand Up @@ -234,7 +241,9 @@ before starting to add changes. Use example [placed in the end of the page](#exa
- Security in case of vulnerabilities.
```

[Unreleased]: https://github.com/OS2Forms/os2forms/compare/3.15.2...HEAD
[Unreleased]: https://github.com/OS2Forms/os2forms/compare/3.15.4...HEAD
[3.15.4]: https://github.com/OS2Forms/os2forms/compare/3.15.3...3.15.4
[3.15.3]: https://github.com/OS2Forms/os2forms/compare/3.15.2...3.15.3
[3.15.2]: https://github.com/OS2Forms/os2forms/compare/3.15.1...3.15.2
[3.15.1]: https://github.com/OS2Forms/os2forms/compare/3.15.0...3.15.1
[3.15.0]: https://github.com/OS2Forms/os2forms/compare/3.14.1...3.15.0
Expand Down
3 changes: 2 additions & 1 deletion composer.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -104,7 +104,8 @@
"2733781 - Add Export to Word Support": "https://www.drupal.org/files/issues/2019-11-22/2733781-47.patch"
},
"drupal/webform": {
"Unlock possibility of using Entity print module export to Word": "https://www.drupal.org/files/issues/2020-02-29/3096552-6.patch"
"Unlock possibility of using Entity print module export to Word": "https://www.drupal.org/files/issues/2020-02-29/3096552-6.patch",
"Webform computed element post save alter": "https://www.drupal.org/files/issues/2024-06-25/webform_computed_post_save_field_alter.patch"
},
"drupal/user_default_page": {
"Warning: in_array() expects parameter 2 to be array, null given in user_default_page_user_logout() (https://www.drupal.org/node/3246986)": "https://www.drupal.org/files/issues/2021-11-01/user_default_page-3246986-2.patch"
Expand Down
33 changes: 33 additions & 0 deletions modules/os2forms_encrypt/README.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
# OS2Forms Encrypt module

This module extends and modifies upon [Webform Encrypt](https://www.drupal.org/project/webform_encrypt)
to provide encryption of webform element values in the database.

## Modifications from the base Webform Encrypt module

### Encryption time

Any computed elements, e.g. Computed Twig, may cause issues as
their values are attempted computed after encryption. If any calculations
are done this could result in runtime TypeErrors.

This is handled by modifying the time at which decryption is made, in
`WebformOs2FormsEncryptSubmissionStorage`.

### Permissions

The Webform Encrypt module introduces a `view encrypted values` permission.
This permission should be granted to roles that need to view encrypted values.

**Note**, that in Drupal 9 and newer drush commands are ran as an
anonymous user. This means the anonymous user needs this permission, if
at any point they need values from submissions to do their job.

### Configurable per element

The Webform Encrypt module allows configuration on element level. That is,
webform builders can actively enable and disable for each element.

We want all elements to be encrypted whenever encryption is enabled.
This is done by `os2forms_encrypt_webform_presave` and `os2forms_encrypt_form_alter` in
`os2forms_encrypt.module`.
57 changes: 41 additions & 16 deletions modules/os2forms_encrypt/os2forms_encrypt.module
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,22 +5,8 @@
* This module enabled webform submission encryption as a default option.
*/

/**
* Implements hook_webform_element_info_alter().
*
* Add extra processing function to "force" enabled encryption on webform
* elements when they are being saved in the UI.
*/
function os2forms_encrypt_element_info_alter(array &$definitions): void {
foreach ($definitions as $element_id => &$definition) {
if ($element_id === 'webform_element_encrypt') {
$definition['#process'][] = [
'Drupal\os2forms_encrypt\Element\WebformElementEncrypt',
'processWebformElementEncrypt',
];
}
}
}
use Drupal\Core\Form\FormStateInterface;
use Drupal\webform\WebformInterface;

/**
* Implements hook_entity_type_alter().
Expand All @@ -33,3 +19,42 @@ function os2forms_encrypt_entity_type_alter(array &$entity_types): void {
$entity_types['webform_submission']->setStorageClass('Drupal\os2forms_encrypt\WebformOs2FormsEncryptSubmissionStorage');
}
}

/**
* Implements hook_webform_computed_post_save_field_alter().
*
* Ensure encryption of computed element values.
*/
function os2forms_encrypt_webform_computed_post_save_field_alter(array &$fields): void {
/** @var \Drupal\os2forms_encrypt\Helper\Os2FormsEncryptor $os2formsEncryptor */
$os2formsEncryptor = \Drupal::service('os2forms_encrypt.encryptor');

$fields['value'] = $os2formsEncryptor->encryptValue($fields['value'], $fields['name'], $fields['webform_id']);
}

/**
* Implements hook_webform_presave().
*
* Enable encryption on all webform elements, whenever saved.
*/
function os2forms_encrypt_webform_presave(WebformInterface $entity): void {
/** @var \Drupal\os2forms_encrypt\Helper\Os2FormsEncryptor $os2formsEncryptor */
$os2formsEncryptor = Drupal::service('os2forms_encrypt.encryptor');

$os2formsEncryptor->enableEncryption($entity);
}

/**
* Implements hook_form_alter().
*
* Removes 'element_encrypt' element from element forms.
*
* The hook_webform_presave method ensures all elements are
* configured to be encrypted, making this element redundant.
*/
function os2forms_encrypt_form_alter(array &$form, FormStateInterface $form_state, string $form_id) {
/** @var \Drupal\os2forms_encrypt\Helper\FormHelper $formHelper */
$formHelper = Drupal::service('os2forms_encrypt.form_helper');

$formHelper->formAlter($form, $form_state, $form_id);
}
11 changes: 11 additions & 0 deletions modules/os2forms_encrypt/os2forms_encrypt.services.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
services:
os2forms_encrypt.encryptor:
class: Drupal\os2forms_encrypt\Helper\Os2FormsEncryptor
arguments: ['@encryption', '@entity_type.manager', '@config.factory']

os2forms_encrypt.form_helper:
class: Drupal\os2forms_encrypt\Helper\FormHelper

os2forms_encrypt.settings_form:
class: Drupal\os2forms_encrypt\Form\SettingsForm
arguments: ['@config.factory', '@encrypt.encryption_profile.manager']
4 changes: 3 additions & 1 deletion modules/os2forms_encrypt/src/Commands/Os2FormsEncryptCommands.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -56,6 +56,8 @@ public function enabledEncrypt(): void {
return;
}

$defaultEncryptionProfile = $config->get('default_encryption_profile');

// Get the storage for Webform entity type.
$webformStorage = $this->entityTypeManager->getStorage('webform');

Expand All @@ -72,7 +74,7 @@ public function enabledEncrypt(): void {
if (!isset($config['element'][$key])) {
$config['element'][$key] = [
'encrypt' => TRUE,
'encrypt_profile' => 'webform',
'encrypt_profile' => $defaultEncryptionProfile,
];
$changed = TRUE;
}
Expand Down
41 changes: 41 additions & 0 deletions modules/os2forms_encrypt/src/Form/SettingsForm.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,9 +2,12 @@

namespace Drupal\os2forms_encrypt\Form;

use Drupal\Core\Config\ConfigFactoryInterface;
use Drupal\Core\Form\ConfigFormBase;
use Drupal\Core\Form\FormStateInterface;
use Drupal\Core\Link;
use Drupal\encrypt\EncryptionProfileManager;
use Symfony\Component\DependencyInjection\ContainerInterface;

/**
* Class SettingsForm.
Expand All @@ -20,6 +23,28 @@ class SettingsForm extends ConfigFormBase {
*/
public static string $configName = 'os2forms_encrypt.settings';

/**
* The config factory.
*
* @var \Drupal\encrypt\EncryptionProfileManager
*/
private EncryptionProfileManager $encryptionProfileManager;

public function __construct(ConfigFactoryInterface $config_factory, EncryptionProfileManager $encryptionProfileManager) {
parent::__construct($config_factory);
$this->encryptionProfileManager = $encryptionProfileManager;
}

/**
* {@inheritdoc}
*/
public static function create(ContainerInterface $container) {
return new static(
$container->get('config.factory'),
$container->get('encrypt.encryption_profile.manager')
);
}

/**
* {@inheritdoc}
*/
Expand Down Expand Up @@ -58,6 +83,21 @@ public function buildForm(array $form, FormStateInterface $form_state): array {
'#default_value' => $config->get('enabled'),
];

$encryptionOptions = $this->encryptionProfileManager->getEncryptionProfileNamesAsOptions();

$form['default_encryption_profile'] = [
'#type' => 'select',
'#title' => $this->t('Default encryption profile'),
'#description' => $this->t('Upon saving webforms, elements that are not configured to be encrypted will be configured to encrypted with the selected encryption profile. The os2forms-encrypt:enable command will also use the default encryption profile.'),
'#options' => $encryptionOptions,
'#default_value' => $config->get('default_encryption_profile'),
'#states' => [
'visible' => [
':input[name="enabled"]' => ['checked' => TRUE],
],
],
];

return parent::buildForm($form, $form_state);
}

Expand All @@ -69,6 +109,7 @@ public function submitForm(array &$form, FormStateInterface $form_state): void {

$this->config(self::$configName)
->set('enabled', $form_state->getValue('enabled'))
->set('default_encryption_profile', $form_state->getValue('default_encryption_profile'))
->save();
}

Expand Down
30 changes: 30 additions & 0 deletions modules/os2forms_encrypt/src/Helper/FormHelper.php
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
<?php

namespace Drupal\os2forms_encrypt\Helper;

use Drupal\Core\Form\FormStateInterface;

/**
* Form helper class.
*/
class FormHelper {

/**
* Removes 'element_encrypt' element from element forms.
*
* @param array $form
* The form.
* @param \Drupal\Core\Form\FormStateInterface $form_state
* The form state.
* @param string $form_id
* The form id.
*/
public function formAlter(array &$form, FormStateInterface $form_state, string $form_id) {
if ('webform_ui_element_form' === $form_id) {
if (isset($form['element_encrypt'])) {
$form['element_encrypt']['#access'] = FALSE;
}
}
}

}
106 changes: 106 additions & 0 deletions modules/os2forms_encrypt/src/Helper/Os2FormsEncryptor.php
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,106 @@
<?php

namespace Drupal\os2forms_encrypt\Helper;

use Drupal\Core\Config\ConfigFactoryInterface;
use Drupal\Core\Entity\EntityTypeManagerInterface;
use Drupal\encrypt\EncryptServiceInterface;
use Drupal\encrypt\Entity\EncryptionProfile;
use Drupal\os2forms_encrypt\Form\SettingsForm;
use Drupal\webform\Entity\Webform;
use Drupal\webform\WebformInterface;

/**
* The Os2FormsEncryptor class.
*/
class Os2FormsEncryptor {

/**
* The encryption Service.
*
* @var \Drupal\encrypt\EncryptServiceInterface
*/
private EncryptServiceInterface $encryptionService;

/**
* The entity type manager.
*
* @var \Drupal\Core\Entity\EntityTypeManagerInterface
*/
private EntityTypeManagerInterface $entityTypeManager;

/**
* The config factory.
*
* @var \Drupal\Core\Config\ConfigFactoryInterface
*/
private ConfigFactoryInterface $configFactory;

public function __construct(EncryptServiceInterface $encryptService, EntityTypeManagerInterface $entityTypeManager, ConfigFactoryInterface $configFactory) {
$this->encryptionService = $encryptService;
$this->entityTypeManager = $entityTypeManager;
$this->configFactory = $configFactory;
}

/**
* Encrypts value if element is configured to be encrypted.
*
* @param string $value
* The value that should be encrypted.
* @param string $element
* The element.
* @param string $webformId
* The webform id.
*
* @return string
* The resulting value.
*/
public function encryptValue(string $value, string $element, string $webformId): string {
/** @var \Drupal\webform\WebformInterface $webform */
$webform = $this->entityTypeManager->getStorage('webform')->load($webformId);

$config = $webform->getThirdPartySetting('webform_encrypt', 'element');
$encryption_profile = isset($config[$element]) ? EncryptionProfile::load($config[$element]['encrypt_profile']) : FALSE;

if (!$encryption_profile) {
return $value;
}

$encrypted_data = [
'data' => base64_encode($this->encryptionService->encrypt($value, $encryption_profile)),
'encrypt_profile' => $encryption_profile->id(),
];

return serialize($encrypted_data);
}

/**
* Enables encrypt on all elements of webform.
*
* @param \Drupal\webform\WebformInterface $webform
* The webform.
*/
public function enableEncryption(WebformInterface $webform): void {

// Check that encryption is enabled.
$config = $this->configFactory->get(SettingsForm::$configName);
if (!$config->get('enabled') || !$webform instanceof Webform) {
return;
}

// Check that there are any elements to enable encryption on.
$elements = $webform->getElementsDecoded();

if (empty($elements)) {
return;
}

$encryptedElements = array_map(static fn () => [
'encrypt' => TRUE,
'encrypt_profile' => $config->get('default_encryption_profile'),
], $elements);

$webform->setThirdPartySetting('webform_encrypt', 'element', $encryptedElements);
}

}
Loading

0 comments on commit 119b31e

Please sign in to comment.