Apply type awareness actions on failure of hash validation #612
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
I found that when acra-server validates searchable hash after decryption and it failed then it skips applying
response_on_fail
option and just returns as is. It's because our searchable encryptor decrypts data as first, marks the current context as successful decryption, and then validates hash which will fail. Due to the context was marked as successful, acra-server do nothing on encoding stage because it expects valid raw value instead of returning error or default value.In this PR were added marking context as NotDecrypted in case of failed hash validation and tests for that.
Additionally found, that our encryptor_config validations denied searchable fields with type awareness (probably because searchable encryption was added after the first introduction of type awareness) and added missed masks.
Checklist
with new changes