From 24e1ae0a2be4f4b7eebc2fd86abd44ce68ba30db Mon Sep 17 00:00:00 2001 From: Christoph Strobl Date: Tue, 18 Jul 2023 06:25:06 +0200 Subject: [PATCH 1/4] Prepare issue branch. --- pom.xml | 2 +- spring-data-mongodb-benchmarks/pom.xml | 2 +- spring-data-mongodb-distribution/pom.xml | 2 +- spring-data-mongodb/pom.xml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/pom.xml b/pom.xml index 366786fc6d..d97c844245 100644 --- a/pom.xml +++ b/pom.xml @@ -5,7 +5,7 @@ org.springframework.data spring-data-mongodb-parent - 4.2.0-SNAPSHOT + 4.2.x-4454-SNAPSHOT pom Spring Data MongoDB diff --git a/spring-data-mongodb-benchmarks/pom.xml b/spring-data-mongodb-benchmarks/pom.xml index 2de4b6b635..9c01922aac 100644 --- a/spring-data-mongodb-benchmarks/pom.xml +++ b/spring-data-mongodb-benchmarks/pom.xml @@ -7,7 +7,7 @@ org.springframework.data spring-data-mongodb-parent - 4.2.0-SNAPSHOT + 4.2.x-4454-SNAPSHOT ../pom.xml diff --git a/spring-data-mongodb-distribution/pom.xml b/spring-data-mongodb-distribution/pom.xml index 060a6d0dd9..9d5e043041 100644 --- a/spring-data-mongodb-distribution/pom.xml +++ b/spring-data-mongodb-distribution/pom.xml @@ -15,7 +15,7 @@ org.springframework.data spring-data-mongodb-parent - 4.2.0-SNAPSHOT + 4.2.x-4454-SNAPSHOT ../pom.xml diff --git a/spring-data-mongodb/pom.xml b/spring-data-mongodb/pom.xml index dc07f13ccc..ef305e5431 100644 --- a/spring-data-mongodb/pom.xml +++ b/spring-data-mongodb/pom.xml @@ -13,7 +13,7 @@ org.springframework.data spring-data-mongodb-parent - 4.2.0-SNAPSHOT + 4.2.x-4454-SNAPSHOT ../pom.xml From d1ed973fa0a2056a0d7ff800418d8bca5ee30682 Mon Sep 17 00:00:00 2001 From: Christoph Strobl Date: Tue, 18 Jul 2023 06:25:13 +0200 Subject: [PATCH 2/4] Fix schema generation for encrypted fields that are considered domain entities. This commit makes sure to consider the encrypted annotation on fields that are considered domain type property values, encrypting the entire object if necessary. --- .../core/MappingMongoJsonSchemaCreator.java | 3 ++- .../schema/IdentifiableJsonSchemaProperty.java | 5 ++++- .../MappingMongoJsonSchemaCreatorUnitTests.java | 16 ++++++++++++++++ 3 files changed, 22 insertions(+), 2 deletions(-) diff --git a/spring-data-mongodb/src/main/java/org/springframework/data/mongodb/core/MappingMongoJsonSchemaCreator.java b/spring-data-mongodb/src/main/java/org/springframework/data/mongodb/core/MappingMongoJsonSchemaCreator.java index 0265382c4d..33bbec8a7a 100644 --- a/spring-data-mongodb/src/main/java/org/springframework/data/mongodb/core/MappingMongoJsonSchemaCreator.java +++ b/spring-data-mongodb/src/main/java/org/springframework/data/mongodb/core/MappingMongoJsonSchemaCreator.java @@ -203,8 +203,9 @@ private JsonSchemaProperty computeSchemaForProperty(List is it bson type all the way? } - enc.append("algorithm", algorithm); + if(StringUtils.hasText(algorithm)) { + enc.append("algorithm", algorithm); + } propertySpecification.append("encrypt", enc); diff --git a/spring-data-mongodb/src/test/java/org/springframework/data/mongodb/core/MappingMongoJsonSchemaCreatorUnitTests.java b/spring-data-mongodb/src/test/java/org/springframework/data/mongodb/core/MappingMongoJsonSchemaCreatorUnitTests.java index 2b33682757..ac2fd8a945 100644 --- a/spring-data-mongodb/src/test/java/org/springframework/data/mongodb/core/MappingMongoJsonSchemaCreatorUnitTests.java +++ b/spring-data-mongodb/src/test/java/org/springframework/data/mongodb/core/MappingMongoJsonSchemaCreatorUnitTests.java @@ -271,6 +271,17 @@ void bsonTypeVsJustTypeValueResolutionIsDoneByDefault() { .containsEntry("properties.value", new Document("type", "string")); } + @Test // GH-4454 + void wrapEncryptedEntityTypeLikeProperty() { + + MongoJsonSchema schema = MongoJsonSchemaCreator.create() // + .filter(MongoJsonSchemaCreator.encryptedOnly()) // filter non encrypted fields + .createSchemaFor(WithEncryptedEntityLikeProperty.class); + + assertThat(schema.schemaDocument()) // + .containsEntry("properties.domainTypeValue", Document.parse("{'encrypt': {'bsonType': 'object' } }")); + } + // --> TYPES AND JSON // --> ENUM @@ -676,4 +687,9 @@ static class C extends A { static class PropertyClashWithA { Integer aNonEncrypted; } + + @Encrypted(algorithm = "AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic") + static class WithEncryptedEntityLikeProperty { + @Encrypted SomeDomainType domainTypeValue; + } } From f80e2e7f1d5249fcb3ac36cfda88f9729287459b Mon Sep 17 00:00:00 2001 From: Julia <5765049+sxhinzvc@users.noreply.github.com> Date: Thu, 3 Aug 2023 10:06:59 -0400 Subject: [PATCH 3/4] Add integration test to ensure schema validation fails when domain type property values are not encrypted as expected. Closes #4454 Original Pull Request: #4455 --- .../core/MongoTemplateValidationTests.java | 28 +++++++++++++++++-- 1 file changed, 26 insertions(+), 2 deletions(-) diff --git a/spring-data-mongodb/src/test/java/org/springframework/data/mongodb/core/MongoTemplateValidationTests.java b/spring-data-mongodb/src/test/java/org/springframework/data/mongodb/core/MongoTemplateValidationTests.java index fd5036884b..f375ebeac0 100644 --- a/spring-data-mongodb/src/test/java/org/springframework/data/mongodb/core/MongoTemplateValidationTests.java +++ b/spring-data-mongodb/src/test/java/org/springframework/data/mongodb/core/MongoTemplateValidationTests.java @@ -33,8 +33,10 @@ import org.springframework.dao.DataIntegrityViolationException; import org.springframework.data.mongodb.config.AbstractMongoClientConfiguration; import org.springframework.data.mongodb.core.CollectionOptions.ValidationOptions; +import org.springframework.data.mongodb.core.mapping.Encrypted; import org.springframework.data.mongodb.core.mapping.Field; import org.springframework.data.mongodb.core.query.Criteria; +import org.springframework.data.mongodb.core.schema.MongoJsonSchema; import org.springframework.data.mongodb.test.util.Client; import org.springframework.data.mongodb.test.util.MongoClientExtension; import org.springframework.lang.Nullable; @@ -46,11 +48,13 @@ /** * Integration tests for {@link CollectionOptions#validation(ValidationOptions)} using - * {@link org.springframework.data.mongodb.core.validation.CriteriaValidator} and - * {@link org.springframework.data.mongodb.core.validation.DocumentValidator}. + * {@link org.springframework.data.mongodb.core.validation.CriteriaValidator}, + * {@link org.springframework.data.mongodb.core.validation.DocumentValidator} and + * {@link org.springframework.data.mongodb.core.validation.JsonSchemaValidator}. * * @author Andreas Zink * @author Christoph Strobl + * @author Julia Lee */ @ExtendWith({ MongoClientExtension.class, SpringExtension.class }) public class MongoTemplateValidationTests { @@ -186,6 +190,20 @@ public void mapsDocumentValidatorFieldsCorrectly() { assertThat(getValidatorInfo(COLLECTION_NAME)).isEqualTo(new Document("customName", new Document("$type", "bool"))); } + @Test // GH-4454 + public void failsJsonSchemaValidationForEncryptedDomainEntityProperty() { + + MongoJsonSchema schema = MongoJsonSchemaCreator.create().createSchemaFor(BeanWithEncryptedDomainEntity.class); + template.createCollection(COLLECTION_NAME, CollectionOptions.empty().schema(schema)); + + BeanWithEncryptedDomainEntity person = new BeanWithEncryptedDomainEntity(); + person.encryptedDomainEntity = new SimpleBean("some string", 100, null); + + assertThatExceptionOfType(DataIntegrityViolationException.class) + .isThrownBy(() -> template.save(person)) + .withMessageContaining("Document failed validation"); + } + private Document getCollectionOptions(String collectionName) { return getCollectionInfo(collectionName).get("options", Document.class); } @@ -271,4 +289,10 @@ public String toString() { return "MongoTemplateValidationTests.SimpleBean(nonNullString=" + this.getNonNullString() + ", rangedInteger=" + this.getRangedInteger() + ", customFieldName=" + this.getCustomFieldName() + ")"; } } + + @org.springframework.data.mongodb.core.mapping.Document(collection = COLLECTION_NAME) + @Encrypted(algorithm = "AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic") + static class BeanWithEncryptedDomainEntity { + @Encrypted SimpleBean encryptedDomainEntity; + } } From 9439e7feefd668d46b7569d9ce8140e6c364c72d Mon Sep 17 00:00:00 2001 From: Julia <5765049+sxhinzvc@users.noreply.github.com> Date: Mon, 7 Aug 2023 11:28:35 -0400 Subject: [PATCH 4/4] Polishing for formatting Original Pull Request: #4455 --- .../mongodb/core/schema/IdentifiableJsonSchemaProperty.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spring-data-mongodb/src/main/java/org/springframework/data/mongodb/core/schema/IdentifiableJsonSchemaProperty.java b/spring-data-mongodb/src/main/java/org/springframework/data/mongodb/core/schema/IdentifiableJsonSchemaProperty.java index 1d8df3f6b5..9a4466916a 100644 --- a/spring-data-mongodb/src/main/java/org/springframework/data/mongodb/core/schema/IdentifiableJsonSchemaProperty.java +++ b/spring-data-mongodb/src/main/java/org/springframework/data/mongodb/core/schema/IdentifiableJsonSchemaProperty.java @@ -1140,7 +1140,7 @@ public Document toDocument() { enc.append("bsonType", type.toBsonType().value()); // TODO: no samples with type -> is it bson type all the way? } - if(StringUtils.hasText(algorithm)) { + if (StringUtils.hasText(algorithm)) { enc.append("algorithm", algorithm); }