Merge pull request Sylius#7855 from pamil/enigma

Store encrypted gateway configurations in the database

composer.json

@@ -42,8 +42,8 @@
         "knplabs/knp-menu-bundle": "^2.1",
         "liip/imagine-bundle": "^1.6",
         "ocramius/proxy-manager": "^1.0",
-        "payum/payum": "^1.3",
-        "payum/payum-bundle": "^2.1",
+        "payum/payum": "^1.4",
+        "payum/payum-bundle": "^2.2",
         "php-http/guzzle6-adapter": "^1.1",
         "polishsymfonycommunity/symfony-mocker-container": "^1.0",
         "sensio/distribution-bundle": "^5.0",

docs/cookbook/encrypting-gateway-config.rst

@@ -0,0 +1,37 @@
+How to encrypt gateway config stored in the database?
+=====================================================
+
+**1.** Generate your Defuse Secret Key by executing the following script:
+
+.. code-block:: php
+
+    <?php
+
+    use Defuse\Crypto\Key;
+
+    require_once 'vendor/autoload.php';
+
+    var_dump(Key::createNewRandomKey()->saveToAsciiSafeString());
+
+**2.** Store your generated key in a parameter in ``app/config/parameters.yml``.
+
+.. code-block:: yaml
+
+    # app/config/parameters.yml
+
+    parameters:
+        # ...
+        defuse_secret: "YOUR_GENERATED_KEY"
+
+**3.** Add the following code to the application configuration in the ``app/config/config.yml``.
+
+.. code-block:: yaml
+
+    # app/config/config.yml
+
+    payum:
+        dynamic_gateways:
+            encryption:
+                defuse_secret_key: "%defuse_secret%"
+
+**4.** Existing gateway configs will be automatically encrypted when updated. New gateway configs will be encrypted by default.

docs/cookbook/index.rst

@@ -19,6 +19,7 @@ The Cookbook
     images-gridfs
     images-on-entity
     embedding-products
+    encrypting-gateway-config
     taxons-menu
     facebook-login
     cron-jobs

docs/cookbook/map.rst.inc

@@ -13,6 +13,7 @@
 * :doc:`/cookbook/images-gridfs`
 * :doc:`/cookbook/images-on-entity`
 * :doc:`/cookbook/embedding-products`
+* :doc:`/cookbook/encrypting-gateway-config`
 * :doc:`/cookbook/taxons-menu`
 * :doc:`/cookbook/facebook-login`
 * :doc:`/cookbook/cron-jobs`

src/Sylius/Bundle/PayumBundle/DependencyInjection/SyliusPayumExtension.php

@@ -11,8 +11,6 @@
 
 namespace Sylius\Bundle\PayumBundle\DependencyInjection;
 
-use Payum\Bundle\PayumBundle\DependencyInjection\MainConfiguration as PayumConfiguration;
-use Payum\Bundle\PayumBundle\DependencyInjection\PayumExtension;
 use Sylius\Bundle\ResourceBundle\DependencyInjection\Extension\AbstractResourceExtension;
 use Symfony\Component\Config\FileLocator;
 use Symfony\Component\DependencyInjection\ContainerBuilder;

src/Sylius/Bundle/PayumBundle/Form/Extension/CryptedGatewayConfigTypeExtension.php

@@ -0,0 +1,82 @@
+<?php
+
+/*
+ * This file is part of the Sylius package.
+ *
+ * (c) Paweł Jędrzejewski
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Sylius\Bundle\PayumBundle\Form\Extension;
+
+use Payum\Core\Security\CryptedInterface;
+use Payum\Core\Security\CypherInterface;
+use Sylius\Bundle\PayumBundle\Form\Type\GatewayConfigType;
+use Symfony\Component\Form\AbstractTypeExtension;
+use Symfony\Component\Form\FormBuilderInterface;
+use Symfony\Component\Form\FormEvent;
+use Symfony\Component\Form\FormEvents;
+
+/**
+ * @author Kamil Kokot <kamil.kokot@lakion.com>
+ */
+final class CryptedGatewayConfigTypeExtension extends AbstractTypeExtension
+{
+    /**
+     * @var CypherInterface|null
+     */
+    private $cypher;
+
+    /**
+     * @param CypherInterface|null $cypher
+     */
+    public function __construct(CypherInterface $cypher = null)
+    {
+        $this->cypher = $cypher;
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function buildForm(FormBuilderInterface $builder, array $options)
+    {
+        if (null === $this->cypher) {
+            return;
+        }
+
+        $builder
+            ->addEventListener(FormEvents::PRE_SET_DATA, function (FormEvent $event) {
+                $gatewayConfig = $event->getData();
+
+                if (!$gatewayConfig instanceof CryptedInterface) {
+                    return;
+                }
+
+                $gatewayConfig->decrypt($this->cypher);
+
+                $event->setData($gatewayConfig);
+            })
+            ->addEventListener(FormEvents::POST_SUBMIT, function (FormEvent $event) {
+                $gatewayConfig = $event->getData();
+
+                if (!$gatewayConfig instanceof CryptedInterface) {
+                    return;
+                }
+
+                $gatewayConfig->encrypt($this->cypher);
+
+                $event->setData($gatewayConfig);
+            })
+        ;
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function getExtendedType()
+    {
+        return GatewayConfigType::class;
+    }
+}

src/Sylius/Bundle/PayumBundle/Form/Type/GatewayConfigType.php

@@ -37,7 +37,7 @@ final class GatewayConfigType extends AbstractResourceType
      */
     public function __construct(
         $dataClass,
-        $validationGroups = [],
+        array $validationGroups = [],
         FormTypeRegistryInterface $gatewayConfigurationTypeRegistry
     ) {
         parent::__construct($dataClass, $validationGroups);