MAGETWO-96566: Data is not re encrypted in database after upgrade from 2.2 to 2.3 and switching PHP version

irenelagno · irenelagno · commit a44e84949558 · 2018-12-05T09:19:05.000-06:00
diff --git a/app/code/Magento/Config/Model/Config/Structure.php b/app/code/Magento/Config/Model/Config/Structure.php
@@ -337,7 +337,6 @@ protected function _getGroupFieldPathsByAttribute(array $fields, $parentPath, $a
     /**
      * Collects config paths and their structure paths from configuration files.
      * Returns the map of config paths and their structure paths.
-     *
      * All paths are declared in module's system.xml.
      *
      * ```xml
@@ -394,7 +393,7 @@ private function getFieldsRecursively(array $elements = [])
 
         foreach ($elements as $element) {
             if (isset($element['children'])) {
-                $result = array_replace_recursive(
+                $result = array_merge_recursive(
                     $result,
                     $this->getFieldsRecursively($element['children'])
                 );
diff --git a/app/code/Magento/Config/Test/Unit/Model/Config/StructureTest.php b/app/code/Magento/Config/Test/Unit/Model/Config/StructureTest.php
@@ -418,6 +418,7 @@ public function testGetFieldPaths()
                 'field_2'
             ],
             'field_3' => [
+                'field_3',
                 'field_3'
             ],
             'field_3_1' => [
diff --git a/app/code/Magento/EncryptionKey/Setup/Patch/Data/SodiumChachaPatch.php b/app/code/Magento/EncryptionKey/Setup/Patch/Data/SodiumChachaPatch.php
@@ -14,6 +14,11 @@
  */
 class SodiumChachaPatch implements DataPatchInterface
 {
+    /**
+     * @var \Magento\Framework\Config\ScopeInterface
+     */
+    private $scope;
+
     /**
      * @var \Magento\Framework\Setup\ModuleDataSetupInterface
      */
@@ -35,25 +40,29 @@ class SodiumChachaPatch implements DataPatchInterface
     private $state;
 
     /**
+     * SodiumChachaPatch constructor.
      * @param \Magento\Framework\Setup\ModuleDataSetupInterface $moduleDataSetup
      * @param \Magento\Config\Model\Config\Structure\Proxy $structure
      * @param \Magento\Framework\Encryption\EncryptorInterface $encryptor
      * @param \Magento\Framework\App\State $state
+     * @param \Magento\Framework\Config\ScopeInterface $scope
      */
     public function __construct(
         \Magento\Framework\Setup\ModuleDataSetupInterface $moduleDataSetup,
         \Magento\Config\Model\Config\Structure\Proxy $structure,
         \Magento\Framework\Encryption\EncryptorInterface $encryptor,
-        \Magento\Framework\App\State $state
+        \Magento\Framework\App\State $state,
+        \Magento\Framework\Config\ScopeInterface $scope
     ) {
         $this->moduleDataSetup = $moduleDataSetup;
         $this->structure = $structure;
         $this->encryptor = $encryptor;
         $this->state = $state;
+        $this->scope = $scope;
     }
 
     /**
-     * {@inheritdoc}
+     * @inheritdoc
      */
     public function apply()
     {
@@ -65,49 +74,75 @@ public function apply()
     }
 
     /**
-     * {@inheritdoc}
+     * @inheritdoc
      */
     public static function getDependencies()
     {
         return [];
     }
 
     /**
-     * {@inheritdoc}
+     * @inheritdoc
      */
     public function getAliases()
     {
         return [];
     }
 
+    /**
+     * Re encrypt sensitive data in the system configuration
+     */
     private function reEncryptSystemConfigurationValues()
     {
-        $structure = $this->structure;
-        $paths = $this->state->emulateAreaCode(
-            \Magento\Framework\App\Area::AREA_ADMINHTML,
-            function () use ($structure) {
-                return $structure->getFieldPathsByAttribute(
-                    'backend_model',
-                    \Magento\Config\Model\Config\Backend\Encrypted::class
-                );
-            }
+        $table = $this->moduleDataSetup->getTable('core_config_data');
+        $hasEncryptedData = $this->moduleDataSetup->getConnection()->fetchOne(
+            $this->moduleDataSetup->getConnection()
+                ->select()
+                ->from($table, [new \Zend_Db_Expr('count(value)')])
+                ->where('value LIKE ?', '0:2%')
         );
-        // walk through found data and re-encrypt it
-        if ($paths) {
-            $table = $this->moduleDataSetup->getTable('core_config_data');
-            $values = $this->moduleDataSetup->getConnection()->fetchPairs(
-                $this->moduleDataSetup->getConnection()
-                    ->select()
-                    ->from($table, ['config_id', 'value'])
-                    ->where('path IN (?)', $paths)
-                    ->where('value NOT LIKE ?', '')
+        if ($hasEncryptedData !== '0') {
+            $currentScope = $this->scope->getCurrentScope();
+            $structure = $this->structure;
+            $paths = $this->state->emulateAreaCode(
+                \Magento\Framework\App\Area::AREA_ADMINHTML,
+                function () use ($structure) {
+                    $this->scope->setCurrentScope(\Magento\Framework\App\Area::AREA_ADMINHTML);
+                    /** Returns list of structure paths to be re encrypted */
+                    $paths = $structure->getFieldPathsByAttribute(
+                        'backend_model',
+                        \Magento\Config\Model\Config\Backend\Encrypted::class
+                    );
+                    /** Returns list of mapping between configPath => [structurePaths] */
+                    $mappedPaths = $structure->getFieldPaths();
+                    foreach ($mappedPaths as $mappedPath => $data) {
+                        foreach ($data as $structurePath) {
+                            if ($structurePath !== $mappedPath && $key = array_search($structurePath, $paths)) {
+                                $paths[$key] = $mappedPath;
+                            }
+                        }
+                    }
+
+                    return array_unique($paths);
+                }
             );
-            foreach ($values as $configId => $value) {
-                $this->moduleDataSetup->getConnection()->update(
-                    $table,
-                    ['value' => $this->encryptor->encrypt($this->encryptor->decrypt($value))],
-                    ['config_id = ?' => (int)$configId]
+            $this->scope->setCurrentScope($currentScope);
+            // walk through found data and re-encrypt it
+            if ($paths) {
+                $values = $this->moduleDataSetup->getConnection()->fetchPairs(
+                    $this->moduleDataSetup->getConnection()
+                        ->select()
+                        ->from($table, ['config_id', 'value'])
+                        ->where('path IN (?)', $paths)
+                        ->where('value NOT LIKE ?', '')
                 );
+                foreach ($values as $configId => $value) {
+                    $this->moduleDataSetup->getConnection()->update(
+                        $table,
+                        ['value' => $this->encryptor->encrypt($this->encryptor->decrypt($value))],
+                        ['config_id = ?' => (int)$configId]
+                    );
+                }
             }
         }
     }
