Add support for CMS 6

.gitignore

@@ -7,3 +7,4 @@
 .test-output
 /composer.lock
 *.log
+public/

README.md

@@ -12,7 +12,7 @@ This module allows Silverstripe CMS ORM data to be encrypted before being stored
 
 
 ## Requirements
-* SilverStripe CMS 5.0
+* SilverStripe CMS 6.0
 
 ## Installation
 Install via Composer:
@@ -32,7 +32,7 @@ For development environments you can set this in your `.env` e.g:
 ENCRYPT_AT_REST_KEY="{generated defuse key}"
 ```
 
-For more information view SilverStripe [Environment Management](https://docs.silverstripe.org/en/4/getting_started/environment_management/).
+For more information view SilverStripe [Environment Management](https://docs.silverstripe.org/en/6/getting_started/environment_management/).
 
 ## Usage
 

composer.json

@@ -16,12 +16,12 @@
         "source": "https://github.com/madmatt/silverstripe-encrypt-at-rest"
     },
     "require": {
-        "php": "^8.0",  
-        "silverstripe/framework": "^5",
+        "php": "^8.3",
+        "silverstripe/framework": "^6",
         "defuse/php-encryption": "^2.2"
     },
     "require-dev": {
-        "phpunit/phpunit": "^9.6"
+        "phpunit/phpunit": "^11.3"
     },
     "autoload": {
         "psr-4": {

phpunit.xml.dist

@@ -1,5 +1,5 @@
 <?xml version="1.0"?>
-<phpunit xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" bootstrap="vendor/silverstripe/cms/tests/bootstrap.php" colors="true" xsi:noNamespaceSchemaLocation="https://schema.phpunit.de/9.3/phpunit.xsd">
+<phpunit xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" bootstrap="vendor/silverstripe/framework/tests/bootstrap.php" colors="true" xsi:noNamespaceSchemaLocation="https://schema.phpunit.de/9.3/phpunit.xsd">
   <coverage includeUncoveredFiles="true">
     <include>
       <directory suffix=".php">src/</directory>

src/AtRestCryptoService.php

@@ -47,7 +47,7 @@ public function encrypt($raw, $key = null)
     public function decrypt($ciphertext, $key = null)
     {
         $key = $this->getKey($key);
-        return Crypto::Decrypt($ciphertext, $key);
+        return trim(Crypto::Decrypt($ciphertext, $key));
     }
 
     /**

src/Extension/DecryptDataObjectFieldsExtension.php

@@ -2,7 +2,7 @@
 
 namespace Madmatt\EncryptAtRest\Extension;
 
-use SilverStripe\ORM\DataExtension;
+use SilverStripe\Core\Extension;
 use SilverStripe\Core\Config\Config;
 use SilverStripe\Core\Injector\Injector;
 use SilverStripe\ORM\DataObject;
@@ -18,7 +18,7 @@
  * @package EncryptAtRest\Extension
  * @property DecryptDataObjectFieldsExtension|DataObject $owner
  */
-class DecryptDataObjectFieldsExtension extends DataExtension
+class DecryptDataObjectFieldsExtension extends Extension
 {
     /**
      * During hydration of an existing DataObject retrieved from the database, this extension method will be called. We

src/FieldType/EncryptedDatetime.php

@@ -5,6 +5,7 @@
 use Exception;
 use Madmatt\EncryptAtRest\Traits\EncryptedFieldGetValueTrait;
 use SilverStripe\Core\Injector\Injector;
+use SilverStripe\Model\ModelData;
 use SilverStripe\ORM\DB;
 use SilverStripe\ORM\FieldType\DBDatetime;
 use Madmatt\EncryptAtRest\AtRestCryptoService;
@@ -29,10 +30,11 @@ class EncryptedDatetime extends DBDatetime
     public function __construct($name = null, $options = [])
     {
         parent::__construct($name, $options);
+
         $this->service = Injector::inst()->get(AtRestCryptoService::class);
     }
 
-    public function setValue($value, $record = null, $markChanged = true)
+    public function setValue(mixed $value, null|array|ModelData $record = null, bool $markChanged = true): static
     {
         if (is_array($record) && array_key_exists($this->name, $record) && $value === null) {
             $this->value = $record[$this->name];
@@ -42,9 +44,11 @@ public function setValue($value, $record = null, $markChanged = true)
         } else {
             $this->value = $value;
         }
+
+        return $this;
     }
 
-    public function getDecryptedValue(string $value = '')
+    public function getDecryptedValue(?string $value = null)
     {
         // Test if we're actually an encrypted value;
         if (ctype_xdigit($value) && strlen($value) > 130) {
@@ -55,10 +59,12 @@ public function getDecryptedValue(string $value = '')
                 return $value;
             }
         }
-        return $value;
+
+        // If the decrypted value is empty, return null, so that the validate is skipped
+        return empty($value) ? null : $value;
     }
 
-    public function requireField()
+    public function requireField(): void
     {
         $values = array(
             'type'  => 'text',
@@ -72,7 +78,7 @@ public function requireField()
         DB::require_field($this->tableName, $this->name, $values);
     }
 
-    public function prepValueForDB($value)
+    public function prepValueForDB(mixed $value): mixed
     {
         $value = parent::prepValueForDB($value);
         $ciphertext = $this->service->encrypt($value);

src/FieldType/EncryptedDecimal.php

@@ -5,6 +5,7 @@
 use Exception;
 use Madmatt\EncryptAtRest\Traits\EncryptedFieldGetValueTrait;
 use SilverStripe\Core\Injector\Injector;
+use SilverStripe\Model\ModelData;
 use SilverStripe\ORM\DB;
 use SilverStripe\ORM\FieldType\DBDecimal;
 use Madmatt\EncryptAtRest\AtRestCryptoService;
@@ -31,7 +32,7 @@ public function __construct($name = null, $wholeSize = 9, $decimalSize = 2, $def
         $this->service = Injector::inst()->get(AtRestCryptoService::class);
     }
 
-    public function setValue($value, $record = null, $markChanged = true)
+    public function setValue(mixed $value, null|array|ModelData $record = null, bool $markChanged = true): static
     {
         if (is_array($record) && array_key_exists($this->name, $record) && $value === null) {
             $this->value = $record[$this->name];
@@ -41,6 +42,8 @@ public function setValue($value, $record = null, $markChanged = true)
         } else {
             $this->value = $value;
         }
+
+        return $this;
     }
 
     public function getDecryptedValue(string $value = '')
@@ -57,7 +60,7 @@ public function getDecryptedValue(string $value = '')
         return (float)$value;
     }
 
-    public function requireField()
+    public function requireField(): void
     {
         $values = array(
             'type'  => 'text',
@@ -71,7 +74,7 @@ public function requireField()
         DB::require_field($this->tableName, $this->name, $values);
     }
 
-    public function prepValueForDB($value)
+    public function prepEncryptedValueForDB(mixed $value): string
     {
         $value = parent::prepValueForDB($value);
         $ciphertext = $this->service->encrypt($value);

src/FieldType/EncryptedEnum.php

@@ -5,9 +5,10 @@
 use Exception;
 use Madmatt\EncryptAtRest\Traits\EncryptedFieldGetValueTrait;
 use SilverStripe\Core\Injector\Injector;
+use SilverStripe\Core\Validation\FieldValidation\OptionFieldValidator;
+use SilverStripe\Model\ModelData;
 use SilverStripe\ORM\DB;
 use SilverStripe\ORM\FieldType\DBEnum;
-use SilverStripe\ORM\ArrayLib;
 use Madmatt\EncryptAtRest\AtRestCryptoService;
 
 /**
@@ -26,13 +27,21 @@ class EncryptedEnum extends DBEnum
      */
     protected $service;
 
+    /**
+     * Disable validation added in CMS6 but todo in future release
+     */
+    private static array $field_validators = [
+        OptionFieldValidator::class => null,
+    ];
+
     public function __construct($name = null, $enum = null, $default = 0, $options = [])
     {
         parent::__construct($name, $enum, $default, $options);
+
         $this->service = Injector::inst()->get(AtRestCryptoService::class);
     }
 
-    public function setValue($value, $record = null, $markChanged = true)
+    public function setValue(mixed $value, null|array|ModelData $record = null, bool $markChanged = true): static
     {
         if (is_array($record) && array_key_exists($this->name, $record) && $value === null) {
             $this->value = $record[$this->name];
@@ -42,6 +51,8 @@ public function setValue($value, $record = null, $markChanged = true)
         } else {
             $this->value = $value;
         }
+
+        return $this;
     }
 
     public function getDecryptedValue(string $value = '')
@@ -58,7 +69,7 @@ public function getDecryptedValue(string $value = '')
         return $value;
     }
 
-    public function requireField()
+    public function requireField(): void
     {
         $values = array(
             'type'  => 'text',
@@ -72,26 +83,11 @@ public function requireField()
         DB::require_field($this->tableName, $this->name, $values);
     }
 
-    public function prepValueForDB($value)
+    public function prepValueForDB(mixed $value): array|string|null
     {
         $value = parent::prepValueForDB($value);
         $ciphertext = $this->service->encrypt($value);
         $this->value = $ciphertext;
         return $ciphertext;
     }
-
-    /**
-     * Returns the values of this enum as an array, suitable for insertion into
-     * a {@link DropdownField}
-     *
-     * @param boolean
-     *
-     * @return array
-     */
-    public function enumValues($hasEmpty = true) {
-        $this->enum = array();
-        return ($hasEmpty)
-            ? array_merge(array('' => ''), ArrayLib::valuekey($this->enum))
-            : ArrayLib::valuekey($this->enum);
-    }
 }

src/FieldType/EncryptedInt.php

@@ -5,6 +5,7 @@
 use Exception;
 use Madmatt\EncryptAtRest\Traits\EncryptedFieldGetValueTrait;
 use SilverStripe\Core\Injector\Injector;
+use SilverStripe\Model\ModelData;
 use SilverStripe\ORM\DB;
 use SilverStripe\ORM\FieldType\DBInt;
 use Madmatt\EncryptAtRest\AtRestCryptoService;
@@ -31,7 +32,7 @@ public function __construct($name = null, $defaultVal = 0)
         $this->service = Injector::inst()->get(AtRestCryptoService::class);
     }
 
-    public function setValue($value, $record = null, $markChanged = true)
+    public function setValue(mixed $value, null|array|ModelData $record = null, bool $markChanged = true): static
     {
         if (is_array($record) && array_key_exists($this->name, $record) && $value === null) {
             $this->value = $record[$this->name];
@@ -41,23 +42,25 @@ public function setValue($value, $record = null, $markChanged = true)
         } else {
             $this->value = $value;
         }
+
+        return $this;
     }
 
     public function getDecryptedValue(string $value = '')
     {
         // Test if we're actually an encrypted value;
         if (ctype_xdigit($value) && strlen($value) > 130) {
             try {
-                return $this->service->decrypt($value);
+                return (int)$this->service->decrypt($value);
             } catch (Exception $e) {
                 // We were unable to decrypt. Possibly a false positive, but return the unencrypted value
-                return $value;
+                return (int)$value;
             }
         }
-        return $value;
+        return (int)$value;
     }
 
-    public function requireField()
+    public function requireField(): void
     {
         $values = array(
             'type'  => 'text',
@@ -71,7 +74,7 @@ public function requireField()
         DB::require_field($this->tableName, $this->name, $values);
     }
 
-    public function prepValueForDB($value)
+    public function prepEncryptedValueForDB(mixed $value): string
     {
         $value = parent::prepValueForDB($value);
         $ciphertext = $this->service->encrypt($value);

src/FieldType/EncryptedText.php

@@ -5,6 +5,7 @@
 use Exception;
 use Madmatt\EncryptAtRest\Traits\EncryptedFieldGetValueTrait;
 use SilverStripe\Core\Injector\Injector;
+use SilverStripe\Model\ModelData;
 use SilverStripe\ORM\DB;
 use SilverStripe\ORM\FieldType\DBText;
 use Madmatt\EncryptAtRest\AtRestCryptoService;
@@ -24,7 +25,7 @@ public function __construct($name = null, $options = [])
         $this->service = Injector::inst()->get(AtRestCryptoService::class);
     }
 
-    public function setValue($value, $record = null, $markChanged = true)
+    public function setValue(mixed $value, null|array|ModelData $record = null, bool $markChanged = true): static
     {
         if (is_array($record) && array_key_exists($this->name, $record) && $value === null) {
             $this->value = $record[$this->name];
@@ -34,6 +35,8 @@ public function setValue($value, $record = null, $markChanged = true)
         } else {
             $this->value = $value;
         }
+
+        return $this;
     }
 
     public function getDecryptedValue(string $value = '')
@@ -50,7 +53,7 @@ public function getDecryptedValue(string $value = '')
         return $value;
     }
 
-    public function requireField()
+    public function requireField(): void
     {
         $values = array(
             'type'  => 'text',
@@ -64,7 +67,7 @@ public function requireField()
         DB::require_field($this->tableName, $this->name, $values);
     }
 
-    public function prepValueForDB($value)
+    public function prepValueForDB(mixed $value): array|string|null
     {
         $value = parent::prepValueForDB($value);
         $ciphertext = $this->service->encrypt($value);

src/FieldType/EncryptedVarchar.php

@@ -6,6 +6,7 @@
 use Madmatt\EncryptAtRest\AtRestCryptoService;
 use Madmatt\EncryptAtRest\Traits\EncryptedFieldGetValueTrait;
 use SilverStripe\Core\Injector\Injector;
+use SilverStripe\Model\ModelData;
 use SilverStripe\ORM\DB;
 use SilverStripe\ORM\FieldType\DBVarchar;
 
@@ -32,7 +33,7 @@ public function __construct($name = null, $size = 255, $options = array())
         $this->service = Injector::inst()->get(AtRestCryptoService::class);
     }
 
-    public function setValue($value, $record = null, $markChanged = true)
+    public function setValue(mixed $value, null|array|ModelData $record = null, bool $markChanged = true): static
     {
         if (is_array($record) && array_key_exists($this->name, $record) && $value === null) {
             $this->value = $record[$this->name];
@@ -42,6 +43,8 @@ public function setValue($value, $record = null, $markChanged = true)
         } else {
             $this->value = $value;
         }
+
+        return $this;
     }
 
     public function getDecryptedValue(string $value = '')
@@ -58,7 +61,7 @@ public function getDecryptedValue(string $value = '')
         return $value;
     }
 
-    public function requireField()
+    public function requireField(): void
     {
         $values = array(
             'type' => 'text',
@@ -72,7 +75,7 @@ public function requireField()
         DB::require_field($this->tableName, $this->name, $values);
     }
 
-    public function prepValueForDB($value)
+    public function prepValueForDB(mixed $value): array|string|null
     {
         $value = parent::prepValueForDB($value);
         $ciphertext = $this->service->encrypt($value);