patchlevel · DavidBadura · Apr 4, 2025 · Mar 20, 2025 · Mar 20, 2025
diff --git a/baseline.xml b/baseline.xml
@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<files psalm-version="5.26.1@d747f6500b38ac4f7dfc5edbcae6e4b637d7add0">
+<files psalm-version="6.9.1@81c8a77c0793d450fee40265cfe68891df11d505">
   <file src="src/Cryptography/Cipher/OpensslCipherKeyFactory.php">
     <ArgumentTypeCoercion>
       <code><![CDATA[openssl_random_pseudo_bytes($this->ivLength)]]></code>
@@ -14,12 +14,14 @@
   </file>
   <file src="src/Cryptography/PersonalDataPayloadCryptographer.php">
     <MixedArgument>
-      <code><![CDATA[$data[$propertyMetadata->fieldName()]]]></code>
+      <code><![CDATA[$rawData]]></code>
     </MixedArgument>
     <MixedAssignment>
       <code><![CDATA[$data[$propertyMetadata->fieldName()]]]></code>
       <code><![CDATA[$data[$propertyMetadata->fieldName()]]]></code>
       <code><![CDATA[$data[$propertyMetadata->fieldName()]]]></code>
+      <code><![CDATA[$rawData]]></code>
+      <code><![CDATA[$rawData]]></code>
     </MixedAssignment>
   </file>
   <file src="src/Metadata/AttributeMetadataFactory.php">

diff --git a/src/Cryptography/PersonalDataPayloadCryptographer.php b/src/Cryptography/PersonalDataPayloadCryptographer.php
@@ -23,6 +23,7 @@ public function __construct(
         private readonly CipherKeyStore $cipherKeyStore,
         private readonly CipherKeyFactory $cipherKeyFactory,
         private readonly Cipher $cipher,
+        private readonly bool $fallbackWithoutPrefix = true,
     ) {
     }
 
@@ -51,10 +52,12 @@ public function encrypt(ClassMetadata $metadata, array $data): array
                 continue;
             }
 
-            $data[$propertyMetadata->fieldName()] = $this->cipher->encrypt(
+            $data[$propertyMetadata->encryptedFieldName()] = $this->cipher->encrypt(
                 $cipherKey,
                 $data[$propertyMetadata->fieldName()],
             );
+
+            unset($data[$propertyMetadata->fieldName()]);
         }
 
         return $data;
@@ -84,6 +87,15 @@ public function decrypt(ClassMetadata $metadata, array $data): array
                 continue;
             }
 
+            if (array_key_exists($propertyMetadata->encryptedFieldName(), $data)) {
+                $rawData = $data[$propertyMetadata->encryptedFieldName()];
+                unset($data[$propertyMetadata->encryptedFieldName()]);
+            } elseif ($this->fallbackWithoutPrefix) {
+                $rawData = $data[$propertyMetadata->fieldName()];
+            } else {
+                continue;
+            }
+
             if (!$cipherKey) {
                 $data[$propertyMetadata->fieldName()] = $propertyMetadata->personalDataFallback();
                 continue;
@@ -92,7 +104,7 @@ public function decrypt(ClassMetadata $metadata, array $data): array
             try {
                 $data[$propertyMetadata->fieldName()] = $this->cipher->decrypt(
                     $cipherKey,
-                    $data[$propertyMetadata->fieldName()],
+                    $rawData,
                 );
             } catch (DecryptionFailed) {
                 $data[$propertyMetadata->fieldName()] = $propertyMetadata->personalDataFallback();

diff --git a/src/Metadata/PropertyMetadata.php b/src/Metadata/PropertyMetadata.php
@@ -4,9 +4,12 @@
 
 namespace Patchlevel\Hydrator\Metadata;
 
+use InvalidArgumentException;
 use Patchlevel\Hydrator\Normalizer\Normalizer;
 use ReflectionProperty;
 
+use function str_starts_with;
+
 /**
  * @psalm-type serialized = array{
  *     className: class-string,
@@ -19,13 +22,18 @@
  */
 final class PropertyMetadata
 {
+    private const ENCRYPTED_PREFIX = '!';
+
     public function __construct(
         private readonly ReflectionProperty $reflection,
         private readonly string $fieldName,
         private readonly Normalizer|null $normalizer = null,
         private readonly bool $isPersonalData = false,
         private readonly mixed $personalDataFallback = null,
     ) {
+        if (str_starts_with($fieldName, self::ENCRYPTED_PREFIX)) {
+            throw new InvalidArgumentException('fieldName must not start with !');
+        }
     }
 
     public function reflection(): ReflectionProperty
@@ -43,6 +51,11 @@ public function fieldName(): string
         return $this->fieldName;
     }
 
+    public function encryptedFieldName(): string
+    {
+        return self::ENCRYPTED_PREFIX . $this->fieldName;
+    }
+
     public function normalizer(): Normalizer|null
     {
         return $this->normalizer;

diff --git a/tests/Unit/Cryptography/PersonalDataPayloadCryptographerTest.php b/tests/Unit/Cryptography/PersonalDataPayloadCryptographerTest.php
@@ -77,7 +77,7 @@ public function testEncryptWithMissingKey(): void
 
         $result = $cryptographer->encrypt($this->metadata(PersonalDataProfileCreated::class), ['id' => 'foo', 'email' => 'info@patchlevel.de']);
 
-        self::assertEquals(['id' => 'foo', 'email' => 'encrypted'], $result);
+        self::assertEquals(['id' => 'foo', '!email' => 'encrypted'], $result);
     }
 
     public function testEncryptWithExistingKey(): void
@@ -109,7 +109,7 @@ public function testEncryptWithExistingKey(): void
 
         $result = $cryptographer->encrypt($this->metadata(PersonalDataProfileCreated::class), ['id' => 'foo', 'email' => 'info@patchlevel.de']);
 
-        self::assertEquals(['id' => 'foo', 'email' => 'encrypted'], $result);
+        self::assertEquals(['id' => 'foo', '!email' => 'encrypted'], $result);
     }
 
     public function testSkipDecrypt(): void
@@ -148,9 +148,10 @@ public function testDecryptWithMissingKey(): void
             $cipherKeyStore->reveal(),
             $cipherKeyFactory->reveal(),
             $cipher->reveal(),
+            false,
         );
 
-        $result = $cryptographer->decrypt($this->metadata(PersonalDataProfileCreated::class), ['id' => 'foo', 'email' => 'encrypted']);
+        $result = $cryptographer->decrypt($this->metadata(PersonalDataProfileCreated::class), ['id' => 'foo', '!email' => 'encrypted']);
 
         self::assertEquals(['id' => 'foo', 'email' => new Email('unknown')], $result);
     }
@@ -180,9 +181,10 @@ public function testDecryptWithInvalidKey(): void
             $cipherKeyStore->reveal(),
             $cipherKeyFactory->reveal(),
             $cipher->reveal(),
+            false,
         );
 
-        $result = $cryptographer->decrypt($this->metadata(PersonalDataProfileCreated::class), ['id' => 'foo', 'email' => 'encrypted']);
+        $result = $cryptographer->decrypt($this->metadata(PersonalDataProfileCreated::class), ['id' => 'foo', '!email' => 'encrypted']);
 
         self::assertEquals(['id' => 'foo', 'email' => new Email('unknown')], $result);
     }
@@ -202,6 +204,68 @@ public function testDecryptWithExistingKey(): void
         $cipherKeyFactory = $this->prophesize(CipherKeyFactory::class);
         $cipherKeyFactory->__invoke()->shouldNotBeCalled();
 
+        $cipher = $this->prophesize(Cipher::class);
+        $cipher
+            ->decrypt($cipherKey, 'encrypted')
+            ->willReturn('info@patchlevel.de')
+            ->shouldBeCalledOnce();
+
+        $cryptographer = new PersonalDataPayloadCryptographer(
+            $cipherKeyStore->reveal(),
+            $cipherKeyFactory->reveal(),
+            $cipher->reveal(),
+            false,
+        );
+
+        $result = $cryptographer->decrypt($this->metadata(PersonalDataProfileCreated::class), ['id' => 'foo', '!email' => 'encrypted']);
+
+        self::assertEquals(['id' => 'foo', 'email' => 'info@patchlevel.de'], $result);
+    }
+
+    public function testDecryptWithoutPrefixField(): void
+    {
+        $cipherKey = new CipherKey(
+            'foo',
+            'bar',
+            'baz',
+        );
+
+        $cipherKeyStore = $this->prophesize(CipherKeyStore::class);
+        $cipherKeyStore->get('foo')->willReturn($cipherKey);
+        $cipherKeyStore->store('foo', Argument::type(CipherKey::class))->shouldNotBeCalled();
+
+        $cipherKeyFactory = $this->prophesize(CipherKeyFactory::class);
+        $cipherKeyFactory->__invoke()->shouldNotBeCalled();
+
+        $cipher = $this->prophesize(Cipher::class);
+
+        $cryptographer = new PersonalDataPayloadCryptographer(
+            $cipherKeyStore->reveal(),
+            $cipherKeyFactory->reveal(),
+            $cipher->reveal(),
+            false,
+        );
+
+        $result = $cryptographer->decrypt($this->metadata(PersonalDataProfileCreated::class), ['id' => 'foo', 'email' => 'info@patchlevel.de']);
+
+        self::assertEquals(['id' => 'foo', 'email' => 'info@patchlevel.de'], $result);
+    }
+
+    public function testDecryptWithFallbackWithoutPrefix(): void
+    {
+        $cipherKey = new CipherKey(
+            'foo',
+            'bar',
+            'baz',
+        );
+
+        $cipherKeyStore = $this->prophesize(CipherKeyStore::class);
+        $cipherKeyStore->get('foo')->willReturn($cipherKey);
+        $cipherKeyStore->store('foo', Argument::type(CipherKey::class))->shouldNotBeCalled();
+
+        $cipherKeyFactory = $this->prophesize(CipherKeyFactory::class);
+        $cipherKeyFactory->__invoke()->shouldNotBeCalled();
+
         $cipher = $this->prophesize(Cipher::class);
         $cipher
             ->decrypt($cipherKey, 'encrypted')