Merge remote-tracking branch 'origin/2.0.x' into 1.13.x-merge-up-into-2.0.x_BVhYvWnC

Author: DanielBadura

README.md

@@ -1,4 +1,4 @@
-[![Mutation testing badge](https://img.shields.io/endpoint?style=flat&url=https%3A%2F%2Fbadge-api.stryker-mutator.io%2Fgithub.com%2Fpatchlevel%2Fhydrator%2F1.13.x)](https://dashboard.stryker-mutator.io/reports/github.com/patchlevel/hydrator/1.13.x)
+[![Mutation testing badge](https://img.shields.io/endpoint?style=flat&url=https%3A%2F%2Fbadge-api.stryker-mutator.io%2Fgithub.com%2Fpatchlevel%2Fhydrator%2F2.0.x)](https://dashboard.stryker-mutator.io/reports/github.com/patchlevel/hydrator/2.0.x)
 [![Latest Stable Version](https://poser.pugx.org/patchlevel/hydrator/v)](//packagist.org/packages/patchlevel/hydrator)
 [![License](https://poser.pugx.org/patchlevel/hydrator/license)](//packagist.org/packages/patchlevel/hydrator)
 
@@ -527,7 +527,7 @@ There are two events: `PostExtract` and `PreHydrate`.
 For this functionality we use the [symfony/event-dispatcher](https://symfony.com/doc/current/components/event_dispatcher.html).
 
 ```php
-use Patchlevel\Hydrator\Cryptography\PersonalDataPayloadCryptographer;
+use Patchlevel\Hydrator\Cryptography\SensitiveDataPayloadCryptographer;
 use Patchlevel\Hydrator\Cryptography\Store\CipherKeyStore;
 use Patchlevel\Hydrator\Metadata\Event\EventMetadataFactory;
 use Patchlevel\Hydrator\MetadataHydrator;
@@ -556,8 +556,8 @@ $hydrator = new MetadataHydrator(eventDispatcher: $eventDispatcher);
 
 ### Cryptography
 
-The library also offers the possibility to encrypt and decrypt personal data.
-For this purpose, a key is created for each subject ID, which is used to encrypt the personal data.
+The library also offers the possibility to encrypt and decrypt sensitive data, e.g. personal data of customers.
+For this purpose, a key is created for each subject ID, which is used to encrypt the sensitive data.
 
 #### DataSubjectId
 
@@ -578,42 +578,62 @@ final class EmailChanged
 
 > [!WARNING]
 > The `DataSubjectId` must be a string. You can use a normalizer to convert it to a string.
-> The Subject ID cannot be personal data.
+> The Subject ID cannot be sensitive data.
 
-#### PersonalData
+First we need to define what the subject id is.
 
-Next, we need to specify which fields we want to encrypt.
+```php
+use Patchlevel\Hydrator\Attribute\DataSubjectId;
+
+final class EmailChanged
+{
+    public function __construct(
+        #[DataSubjectId(name: 'profile')]
+        public readonly string $profileId,
+    ) {
+    }
+}
+```
+
+You can also use multiple data subject id's in one event by defining the name of the subject id's.
 
 ```php
 use Patchlevel\Hydrator\Attribute\DataSubjectId;
-use Patchlevel\Hydrator\Attribute\PersonalData;
+use Patchlevel\Hydrator\Attribute\SensitiveData;
 
 final class DTO 
 {
     public function __construct(
-        #[DataSubjectId]
-        public readonly string $profileId,
-        #[PersonalData]
-        public readonly string|null $email,
+        #[DataSubjectId(name: 'profile1')]
+        public readonly string $profile1Id,
+        #[SensitiveData(subjectIdName: 'profile1')]
+        public readonly string|null $email1,
+        #[DataSubjectId(name: 'profile2')]
+        public readonly string $profile2Id,
+        #[SensitiveData(subjectIdName: 'profile2')]
+        public readonly string|null $email2,
     ) {
     }
 }
 ```
 
+> [!NOTE]
+> The default name of `DataSubjectId` is `default`.
+
 If the information could not be decrypted, then a fallback value is inserted.
 The default fallback value is `null`.
 You can change this by setting the `fallback` parameter.
 In this case `unknown` is added:
 
 ```php
-use Patchlevel\Hydrator\Attribute\PersonalData;
+use Patchlevel\Hydrator\Attribute\SensitiveData;
 
 final class DTO
 {
     public function __construct(
         #[DataSubjectId]
         public readonly string $profileId,
-        #[PersonalData(fallback: 'unknown')]
+        #[SensitiveData(fallback: 'unknown')]
         public readonly string $name,
     ) {
     }
@@ -624,16 +644,16 @@ You can also use a callable as a fallback.
 
 ```php
 use Patchlevel\Hydrator\Attribute\DataSubjectId;
-use Patchlevel\Hydrator\Attribute\PersonalData;
+use Patchlevel\Hydrator\Attribute\SensitiveData;
 
 final class ProfileCreated
 {
     public function __construct(
         #[DataSubjectId]
         public readonly string $profileId,
-        #[PersonalData(fallback: 'deleted profile')]
+        #[SensitiveData(fallback: 'deleted profile')]
         public readonly string $name,
-        #[PersonalData(fallbackCallable: [self::class, 'anonymizedEmail'])]
+        #[SensitiveData(fallbackCallable: [self::class, 'anonymizedEmail'])]
         public readonly string $email,
     ) {
     }
@@ -654,13 +674,13 @@ final class ProfileCreated
 Here we show you how to configure the cryptography.
 
 ```php
-use Patchlevel\Hydrator\Cryptography\PersonalDataPayloadCryptographer;
+use Patchlevel\Hydrator\Cryptography\SensitiveDataPayloadCryptographer;
 use Patchlevel\Hydrator\Cryptography\Store\CipherKeyStore;
 use Patchlevel\Hydrator\Metadata\Event\EventMetadataFactory;
 use Patchlevel\Hydrator\MetadataHydrator;
 
 $cipherKeyStore = new InMemoryCipherKeyStore();
-$cryptographer = PersonalDataPayloadCryptographer::createWithDefaultSettings($cipherKeyStore);
+$cryptographer = SensitiveDataPayloadCryptographer::createWithDefaultSettings($cipherKeyStore);
 $hydrator = new MetadataHydrator(cryptographer: $cryptographer);
 ```
 

phpstan-baseline.neon

@@ -16,7 +16,7 @@ parameters:
 			message: '#^Parameter \#2 \$data of method Patchlevel\\Hydrator\\Cryptography\\Cipher\\Cipher\:\:decrypt\(\) expects string, mixed given\.$#'
 			identifier: argument.type
 			count: 1
-			path: src/Cryptography/PersonalDataPayloadCryptographer.php
+			path: src/Cryptography/SensitiveDataPayloadCryptographer.php
 
 		-
 			message: '#^Method Patchlevel\\Hydrator\\Guesser\\BuiltInGuesser\:\:guess\(\) has parameter \$type with generic class Symfony\\Component\\TypeInfo\\Type\\ObjectType but does not specify its types\: T$#'
@@ -54,24 +54,12 @@ parameters:
 			count: 1
 			path: src/Metadata/AttributeMetadataFactory.php
 
-		-
-			message: '#^Method Patchlevel\\Hydrator\\Metadata\\AttributeMetadataFactory\:\:getPersonalData\(\) should return array\{bool, mixed, \(callable\(string, mixed\)\: mixed\)\|null\} but returns array\{false, null\}\.$#'
-			identifier: return.type
-			count: 1
-			path: src/Metadata/AttributeMetadataFactory.php
-
 		-
 			message: '#^Parameter \#1 \$class of method Patchlevel\\Hydrator\\Metadata\\AttributeMetadataFactory\:\:findNormalizerOnClass\(\) expects class\-string, string given\.$#'
 			identifier: argument.type
 			count: 3
 			path: src/Metadata/AttributeMetadataFactory.php
 
-		-
-			message: '#^Property Patchlevel\\Hydrator\\Metadata\\AttributeMetadataFactory\:\:\$guesser \(Patchlevel\\Hydrator\\Guesser\\Guesser\|null\) is never assigned null so it can be removed from the property type\.$#'
-			identifier: property.unusedType
-			count: 1
-			path: src/Metadata/AttributeMetadataFactory.php
-
 		-
 			message: '#^Property Patchlevel\\Hydrator\\Metadata\\ClassMetadata\<T of object \= object\>\:\:\$reflection \(ReflectionClass\<T of object \= object\>\) does not accept ReflectionClass\<object\>\.$#'
 			identifier: assign.propertyType
@@ -103,10 +91,10 @@ parameters:
 			path: src/Normalizer/ObjectNormalizer.php
 
 		-
-			message: '#^Method Patchlevel\\Hydrator\\Normalizer\\ReflectionTypeUtil\:\:classStringInstanceOf\(\) should return class\-string\<T\> but returns class\-string\<T\>\|\(string&T\)\.$#'
-			identifier: return.type
+			message: '#^Property Patchlevel\\Hydrator\\Tests\\Unit\\Fixture\\ChildWithSensitiveDataWithIdentifierDto\:\:\$email is never read, only written\.$#'
+			identifier: property.onlyWritten
 			count: 1
-			path: src/Normalizer/ReflectionTypeUtil.php
+			path: tests/Unit/Fixture/ChildWithSensitiveDataWithIdentifierDto.php
 
 		-
 			message: '#^Method Patchlevel\\Hydrator\\Tests\\Unit\\Fixture\\DtoWithHooks\:\:postHydrate\(\) is unused\.$#'
@@ -121,13 +109,19 @@ parameters:
 			path: tests/Unit/Fixture/DtoWithHooks.php
 
 		-
-			message: '#^Method class@anonymous/tests/Unit/Metadata/AttributeMetadataFactoryTest\.php\:454\:\:postHydrate\(\) is unused\.$#'
+			message: '#^Property Patchlevel\\Hydrator\\Tests\\Unit\\Fixture\\IdNormalizer\:\:\$idClass \(class\-string\<Patchlevel\\Hydrator\\Tests\\Unit\\Fixture\\Id\>\|null\) does not accept string\.$#'
+			identifier: assign.propertyType
+			count: 1
+			path: tests/Unit/Fixture/IdNormalizer.php
+
+		-
+			message: '#^Method class@anonymous/tests/Unit/Metadata/AttributeMetadataFactoryTest\.php\:344\:\:postHydrate\(\) is unused\.$#'
 			identifier: method.unused
 			count: 1
 			path: tests/Unit/Metadata/AttributeMetadataFactoryTest.php
 
 		-
-			message: '#^Method class@anonymous/tests/Unit/Metadata/AttributeMetadataFactoryTest\.php\:454\:\:preExtract\(\) is unused\.$#'
+			message: '#^Method class@anonymous/tests/Unit/Metadata/AttributeMetadataFactoryTest\.php\:344\:\:preExtract\(\) is unused\.$#'
 			identifier: method.unused
 			count: 1
 			path: tests/Unit/Metadata/AttributeMetadataFactoryTest.php
@@ -139,13 +133,13 @@ parameters:
 			path: tests/Unit/Metadata/AttributeMetadataFactoryTest.php
 
 		-
-			message: '#^Static method class@anonymous/tests/Unit/Metadata/AttributeMetadataFactoryTest\.php\:482\:\:postHydrate\(\) is unused\.$#'
+			message: '#^Static method class@anonymous/tests/Unit/Metadata/AttributeMetadataFactoryTest\.php\:372\:\:postHydrate\(\) is unused\.$#'
 			identifier: method.unused
 			count: 1
 			path: tests/Unit/Metadata/AttributeMetadataFactoryTest.php
 
 		-
-			message: '#^Static method class@anonymous/tests/Unit/Metadata/AttributeMetadataFactoryTest\.php\:482\:\:preExtract\(\) is unused\.$#'
+			message: '#^Static method class@anonymous/tests/Unit/Metadata/AttributeMetadataFactoryTest\.php\:372\:\:preExtract\(\) is unused\.$#'
 			identifier: method.unused
 			count: 1
 			path: tests/Unit/Metadata/AttributeMetadataFactoryTest.php

phpstan.neon.dist

@@ -13,4 +13,4 @@ services:
 	-
 		class: Patchlevel\Hydrator\Tests\Architecture\FinalClassesTest
 		tags:
-			- phpat.test
+			- phpat.test

src/Attribute/DataSubjectId.php

@@ -9,4 +9,8 @@
 #[Attribute(Attribute::TARGET_PROPERTY)]
 final class DataSubjectId
 {
+    public function __construct(
+        public readonly string $name = 'default',
+    ) {
+    }
 }

src/Attribute/PersonalData.php renamed to src/Attribute/SensitiveData.php

@@ -8,14 +8,15 @@
 use InvalidArgumentException;
 
 #[Attribute(Attribute::TARGET_PROPERTY)]
-final class PersonalData
+final class SensitiveData
 {
     /** @var (callable(string, mixed):mixed)|null */
     public readonly mixed $fallbackCallable;
 
     public function __construct(
         public readonly mixed $fallback = null,
         callable|null $fallbackCallable = null,
+        public readonly string $subjectIdName = 'default',
     ) {
         $this->fallbackCallable = $fallbackCallable;
 

src/Cryptography/CryptographyMetadataFactory.php

@@ -0,0 +1,84 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Patchlevel\Hydrator\Cryptography;
+
+use Patchlevel\Hydrator\Attribute\DataSubjectId;
+use Patchlevel\Hydrator\Attribute\SensitiveData;
+use Patchlevel\Hydrator\Metadata\ClassMetadata;
+use Patchlevel\Hydrator\Metadata\MetadataFactory;
+use ReflectionProperty;
+
+use function array_key_exists;
+
+final class CryptographyMetadataFactory implements MetadataFactory
+{
+    public function __construct(
+        private readonly MetadataFactory $metadataFactory,
+    ) {
+    }
+
+    public function metadata(string $class): ClassMetadata
+    {
+        $metadata = $this->metadataFactory->metadata($class);
+
+        $subjectIdMapping = [];
+
+        foreach ($metadata->properties as $property) {
+            $isSubjectId = false;
+            $attributeReflectionList = $property->reflection->getAttributes(DataSubjectId::class);
+
+            if ($attributeReflectionList) {
+                $subjectIdIdentifier = $attributeReflectionList[0]->newInstance()->name;
+
+                if (array_key_exists($subjectIdIdentifier, $subjectIdMapping)) {
+                    throw new DuplicateSubjectIdIdentifier(
+                        $metadata->className(),
+                        $metadata->propertyForField($subjectIdMapping[$subjectIdIdentifier])->propertyName(),
+                        $property->propertyName(),
+                        $subjectIdIdentifier,
+                    );
+                }
+
+                $subjectIdMapping[$subjectIdIdentifier] = $property->fieldName;
+
+                $isSubjectId = true;
+            }
+
+            $sensitiveDataInfo = $this->sensitiveDataInfo($property->reflection);
+
+            if (!$sensitiveDataInfo) {
+                continue;
+            }
+
+            if ($isSubjectId) {
+                throw new SubjectIdAndSensitiveDataConflict($metadata->className(), $property->propertyName());
+            }
+
+            $property->extras[SensitiveDataInfo::class] = $sensitiveDataInfo;
+        }
+
+        if ($subjectIdMapping !== []) {
+            $metadata->extras[SubjectIdFieldMapping::class] = new SubjectIdFieldMapping($subjectIdMapping);
+        }
+
+        return $metadata;
+    }
+
+    private function sensitiveDataInfo(ReflectionProperty $reflectionProperty): SensitiveDataInfo|null
+    {
+        $attributeReflectionList = $reflectionProperty->getAttributes(SensitiveData::class);
+
+        if ($attributeReflectionList === []) {
+            return null;
+        }
+
+        $attribute = $attributeReflectionList[0]->newInstance();
+
+        return new SensitiveDataInfo(
+            $attribute->subjectIdName,
+            $attribute->fallbackCallable !== null ? ($attribute->fallbackCallable)(...) : $attribute->fallback,
+        );
+    }
+}

src/Cryptography/DuplicateSubjectIdIdentifier.php

@@ -0,0 +1,28 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Patchlevel\Hydrator\Cryptography;
+
+use Patchlevel\Hydrator\Metadata\MetadataException;
+use RuntimeException;
+
+use function sprintf;
+
+final class DuplicateSubjectIdIdentifier extends RuntimeException implements MetadataException
+{
+    /** @param class-string $class */
+    public function __construct(string $class, string $firstProperty, string $secondProperty, string $subjectIdIdentifier)
+    {
+        parent::__construct(
+            sprintf(
+                'Duplicate subject id identifier found. Used %s for %s::%s and %s::%s.',
+                $subjectIdIdentifier,
+                $class,
+                $firstProperty,
+                $class,
+                $secondProperty,
+            ),
+        );
+    }
+}