fix(migration): prevent encrypting already encrypted values

2024-06-26 10:10:57 +12:00 · 2021-01-19 09:35:51 +01:00 · 2021-01-19 09:35:51 +01:00 · ac3e908c04
parent d4bf4027c1
commit ac3e908c04
2 changed files with 10 additions and 0 deletions
--- a/src/Appwrite/Migration/Version/V06.php
+++ b/src/Appwrite/Migration/Version/V06.php
@ -34,6 +34,13 @@ class V06 extends Migration
                break;
            case Database::SYSTEM_COLLECTION_KEYS:
                if ($document->getAttribute('secret', null)) {
+                    $json = \json_decode($document->getAttribute('secret'));
+                    if ($json->{'data'} || $json->{'method'} || $json->{'iv'} || $json->{'tag'} || $json->{'version'})
+                    {
+                        Console::log('Secret already encrypted. Skipped: ' . $document->getId());
+                        break;
+                    }
+
                    $key = App::getEnv('_APP_OPENSSL_KEY_V1');
                    $iv = OpenSSL::randomPseudoBytes(OpenSSL::cipherIVLength(OpenSSL::CIPHER_AES_128_GCM));
                    $tag = null;
--- a/tests/unit/Migration/MigrationV06Test.php
+++ b/tests/unit/Migration/MigrationV06Test.php
@ -52,5 +52,8 @@ class MigrationV06Test extends TestCase
        $this->assertObjectHasAttribute('iv', $encrypted);
        $this->assertObjectHasAttribute('tag', $encrypted);
        $this->assertObjectHasAttribute('version', $encrypted);
+        
+        $document =  $method->invokeArgs($v06, [$document]);
+        $this->assertEquals($document->getAttribute('secret', null), json_encode($encrypted));
    }
 }