diff --git a/CHANGELOG.md b/CHANGELOG.md
index e1764f8..935f5df 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -11,6 +11,7 @@ before starting to add changes. Use example [placed in the end of the page](#exa
## [Unreleased]
+- Added webform encryption modules
- Adding Lat and Long fetching to DataAddress
- [#84](https://github.com/OS2Forms/os2forms/pull/84)
Added digital post test command.
diff --git a/composer.json b/composer.json
index 50d3d8f..beee432 100644
--- a/composer.json
+++ b/composer.json
@@ -55,6 +55,7 @@
"drupal/simple_ldap": "^1.0@alpha",
"drupal/simplesamlphp_auth": "^3.2",
"drupal/smtp": "^1.0@beta",
+ "drupal/sodium": "^2.4",
"drupal/switch_page_theme": "^4.0",
"drupal/telephone_validation": "^2.2",
"drupal/token": "^1.5",
@@ -62,6 +63,7 @@
"drupal/user_default_page": "^2.1",
"drupal/webform": "^6.1",
"drupal/webform_composite": "^1.0@RC",
+ "drupal/webform_encrypt": "^2.0@alpha",
"drupal/webform_migrate": "^1.1",
"drupal/webform_node_element": "^1.2",
"drupal/webform_remote_handlers": "^1.6.0",
@@ -112,6 +114,9 @@
},
"drupal/dynamic_entity_reference": {
"entityQuery reference JOINs should specify target_type (https://www.drupal.org/project/dynamic_entity_reference/issues/3120952#comment-14141038)": "https://www.drupal.org/files/issues/2021-06-22/entityquery-reference-joins-should-specify-target_type-3120952-24.patch"
+ },
+ "drupal/webform_encrypt": {
+ "Ensure data is base64 encoded (https://www.drupal.org/project/webform_encrypt/issues/3399414)": "https://git.drupalcode.org/project/webform_encrypt/-/merge_requests/4.patch"
}
}
},
diff --git a/modules/os2forms_encrypt/config/install/encrypt.profile.webform.yml b/modules/os2forms_encrypt/config/install/encrypt.profile.webform.yml
new file mode 100644
index 0000000..19891df
--- /dev/null
+++ b/modules/os2forms_encrypt/config/install/encrypt.profile.webform.yml
@@ -0,0 +1,13 @@
+uuid: 98e9a380-a5d6-4d2a-9176-7c50a9ec7c47
+langcode: en
+status: true
+dependencies:
+ config:
+ - key.key.webform
+ module:
+ - sodium
+id: webform
+label: Webform
+encryption_method: sodium
+encryption_method_configuration: { }
+encryption_key: webform
diff --git a/modules/os2forms_encrypt/config/install/key.key.webform.yml b/modules/os2forms_encrypt/config/install/key.key.webform.yml
new file mode 100644
index 0000000..aaabea7
--- /dev/null
+++ b/modules/os2forms_encrypt/config/install/key.key.webform.yml
@@ -0,0 +1,17 @@
+uuid: be3383e8-1b0e-4b50-989f-e132900d02a0
+langcode: en
+status: true
+dependencies: { }
+id: webform
+label: Webform
+description: 'Encrypt webform submissions'
+key_type: encryption
+key_type_settings:
+ key_size: 256
+key_provider: config
+key_provider_settings:
+ key_value: LWD5+0klWZn48ZVs13UVHaHJYawX62PAMd3sklkKj/w=
+ base64_encoded: true
+key_input: text_field
+key_input_settings:
+ base64_encoded: true
diff --git a/modules/os2forms_encrypt/config/install/os2forms_encrypt.settings.yml b/modules/os2forms_encrypt/config/install/os2forms_encrypt.settings.yml
new file mode 100644
index 0000000..b2c9a5f
--- /dev/null
+++ b/modules/os2forms_encrypt/config/install/os2forms_encrypt.settings.yml
@@ -0,0 +1 @@
+enabled: 0
diff --git a/modules/os2forms_encrypt/drush.services.yml b/modules/os2forms_encrypt/drush.services.yml
new file mode 100644
index 0000000..ccb7a2a
--- /dev/null
+++ b/modules/os2forms_encrypt/drush.services.yml
@@ -0,0 +1,6 @@
+services:
+ os2forms_encrypt.commands:
+ class: Drupal\os2forms_encrypt\Commands\Os2FormsEncryptCommands
+ arguments: ['@entity_type.manager', '@config.factory']
+ tags:
+ - { name: drush.command }
diff --git a/modules/os2forms_encrypt/os2forms_encrypt.info.yml b/modules/os2forms_encrypt/os2forms_encrypt.info.yml
new file mode 100644
index 0000000..5e1e7ed
--- /dev/null
+++ b/modules/os2forms_encrypt/os2forms_encrypt.info.yml
@@ -0,0 +1,11 @@
+name: OS2Forms Encrypt
+description: Encryption functionality for OS2Forms web-forms
+package: OS2Forms
+type: module
+version: 1.0.0
+core_version_requirement: ^8 || ^9 || ^10
+dependencies:
+ - 'drupal:webform_encrypt'
+ - 'drupal:sodium'
+
+configure: os2forms_encrypt.admin_settings
diff --git a/modules/os2forms_encrypt/os2forms_encrypt.links.menu.yml b/modules/os2forms_encrypt/os2forms_encrypt.links.menu.yml
new file mode 100644
index 0000000..c7c63f8
--- /dev/null
+++ b/modules/os2forms_encrypt/os2forms_encrypt.links.menu.yml
@@ -0,0 +1,5 @@
+os2forms_encrypt.admin_settings:
+ title: 'OS2Forms Encrypt settings'
+ parent: system.admin_config_system
+ description: 'Settings for the OS2Forms Encrypt module'
+ route_name: os2forms_encrypt.admin_settings
diff --git a/modules/os2forms_encrypt/os2forms_encrypt.module b/modules/os2forms_encrypt/os2forms_encrypt.module
new file mode 100644
index 0000000..daef0b2
--- /dev/null
+++ b/modules/os2forms_encrypt/os2forms_encrypt.module
@@ -0,0 +1,23 @@
+ &$definition) {
+ if ($element_id === 'webform_element_encrypt') {
+ $definition['#process'][] = [
+ 'Drupal\os2forms_encrypt\Element\WebformElementEncrypt',
+ 'processWebformElementEncrypt',
+ ];
+ }
+ }
+}
diff --git a/modules/os2forms_encrypt/os2forms_encrypt.routing.yml b/modules/os2forms_encrypt/os2forms_encrypt.routing.yml
new file mode 100644
index 0000000..2b23f68
--- /dev/null
+++ b/modules/os2forms_encrypt/os2forms_encrypt.routing.yml
@@ -0,0 +1,7 @@
+os2forms_encrypt.admin_settings:
+ path: '/admin/config/os2forms_encrypt/settings'
+ defaults:
+ _form: '\Drupal\os2forms_encrypt\Form\SettingsForm'
+ _title: 'OS2Forms Encrypt settings'
+ requirements:
+ _permission: 'administer encrypt'
diff --git a/modules/os2forms_encrypt/src/Commands/Os2FormsEncryptCommands.php b/modules/os2forms_encrypt/src/Commands/Os2FormsEncryptCommands.php
new file mode 100644
index 0000000..e892054
--- /dev/null
+++ b/modules/os2forms_encrypt/src/Commands/Os2FormsEncryptCommands.php
@@ -0,0 +1,90 @@
+entityTypeManager = $entityTypeManager;
+ $this->configFactory = $configFactory;
+ parent::__construct();
+ }
+
+ /**
+ * Enable encrypt for all existing webform elements.
+ *
+ * @command os2forms-encrypt:enable
+ *
+ * @throws \Drupal\Core\Entity\EntityStorageException
+ */
+ public function enabledEncrypt(): void {
+ $config = $this->configFactory->get(SettingsForm::$configName);
+ if (!$config->get('enabled')) {
+ $this->output()->writeln('Encrypt has not been enabled.');
+ return;
+ }
+
+ // Get the storage for Webform entity type.
+ $webformStorage = $this->entityTypeManager->getStorage('webform');
+
+ // Load all webform entities.
+ $webforms = $webformStorage->loadMultiple();
+
+ /** @var \Drupal\webform\Entity\Webform $webform */
+ foreach ($webforms as $webform) {
+ $elements = $webform->getElementsDecoded();
+ $config = $webform->getThirdPartySettings('webform_encrypt');
+
+ $changed = FALSE;
+ foreach ($elements as $key => $element) {
+ if (!isset($config['element'][$key])) {
+ $config['element'][$key] = [
+ 'encrypt' => TRUE,
+ 'encrypt_profile' => 'webform',
+ ];
+ $changed = TRUE;
+ }
+ }
+
+ // Save the webform entity so the changes persist, if any changes where
+ // made.
+ if ($changed) {
+ $webform->setThirdPartySetting('webform_encrypt', 'element', $config['element']);
+ $webform->save();
+ }
+ }
+ }
+
+}
diff --git a/modules/os2forms_encrypt/src/Element/WebformElementEncrypt.php b/modules/os2forms_encrypt/src/Element/WebformElementEncrypt.php
new file mode 100644
index 0000000..4e27189
--- /dev/null
+++ b/modules/os2forms_encrypt/src/Element/WebformElementEncrypt.php
@@ -0,0 +1,30 @@
+get('enabled')) {
+ $element['element_encrypt']['encrypt']['#default_value'] = TRUE;
+ }
+
+ return $element;
+ }
+
+}
diff --git a/modules/os2forms_encrypt/src/Form/SettingsForm.php b/modules/os2forms_encrypt/src/Form/SettingsForm.php
new file mode 100644
index 0000000..35722d3
--- /dev/null
+++ b/modules/os2forms_encrypt/src/Form/SettingsForm.php
@@ -0,0 +1,75 @@
+config('os2forms_encrypt.settings');
+
+ $link = Link::createFromRoute($this->t('administration'), 'entity.key.collection');
+ $form['notice'] = [
+ '#type' => 'inline_template',
+ '#template' => '{{ title|t }}
{{ message|t }}
{{ adminMessage|t }}
',
+ '#context' => [
+ 'title' => 'Please note',
+ 'message' => 'The encryption key that comes with this module should not be used and should be changed before encrypting anything.',
+ 'adminMessage' => 'You can modify the key (named "webform") in the keys ' . $link->toString() . ' panel. Additionally, the execution of this command can generate a new 256-bit key for you: dd if=/dev/urandom bs=32 count=1 | base64 -i -
',
+ ],
+ ];
+
+ $form['enabled'] = [
+ '#type' => 'checkbox',
+ '#title' => $this->t('Enabled encryption'),
+ '#description' => $this->t('Enable encryption for all webform fields. Please note that encryption will be applied only to those fields that are modified after enabling this option.'),
+ '#default_value' => $config->get('enabled'),
+ ];
+
+ return parent::buildForm($form, $form_state);
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ public function submitForm(array &$form, FormStateInterface $form_state): void {
+ parent::submitForm($form, $form_state);
+
+ $this->config(self::$configName)
+ ->set('enabled', $form_state->getValue('enabled'))
+ ->save();
+ }
+
+}