Merge pull request #6 from ntidev/adding-unaudited-fields-feature

Adding functions to remove unaudited fields

Author: bvisonl

src/DataDog/AuditBundle/EventListener/ControllerListener.php

@@ -9,23 +9,32 @@
 use Symfony\Component\HttpKernel\Event\FilterControllerEvent;
 use Symfony\Component\DependencyInjection\ContainerInterface;
 use DataDog\AuditBundle\Annotations\NTIAudit;
+use Exception;
 
 class ControllerListener
 {
     /** @var ContainerInterface */
     protected $container;
+    protected $unauditedRequestFieldsPath = [];
 
     public function __construct(ContainerInterface $container)
     {
         $this->container = $container;
     }
 
+    public function addUnauditedRequestFields(array $unauditedRequestFields)
+    {
+        $this->unauditedRequestFieldsPath = $unauditedRequestFields;
+    }
+
     public function onKernelController(FilterControllerEvent $event){
 
         if(!$this->container->getParameter('nti_audit.audit_request.enabled')){
             return;
         }
 
+        $this->addUnauditedRequestFields($this->container->getParameter('nti_audit.audit_request.unaudited_request_fields'));
+
         if (!is_array($controllers = $event->getController())) {
             return;
         }
@@ -89,6 +98,10 @@ public function onKernelController(FilterControllerEvent $event){
         $queryData = $request->getQueryString();
         $data = $request->getContent();
 
+        // Filter sensitive data
+        foreach ($this->unauditedRequestFieldsPath as $unauditedPath)
+            $data = $this->removeJsonField($unauditedPath, $data);
+        
         // Set Object
         $audit = new AuditRequest();
         $audit->setMethod($method);
@@ -110,4 +123,49 @@ public function onKernelController(FilterControllerEvent $event){
 
         }
     }
+
+    public function removeJsonField($path, $data) {
+        
+        $pathKeys = explode(".", $path);
+        $unauditedField = $pathKeys[count($pathKeys) - 1];
+
+        // Remove '$' from keys
+        array_shift($pathKeys);
+
+        if(!is_string($data) || !$this->is_json($data) || !preg_match('/\b'.$unauditedField.'\b/', $data))
+            return $data;
+
+        $data = json_decode($data, true);
+        $data = $this->searchAndRemoveField($pathKeys, $data);
+        $data = json_encode($data);
+        return $data;
+    }
+
+    public function searchAndRemoveField($pathKeys, $data){
+        $field = &$data;
+        $pathKeysLeft = $pathKeys;
+        foreach ($pathKeys as $key) {
+            try{
+                if(is_array($field[$key]) && array_values($field[$key]) === $field[$key]){
+                    array_shift($pathKeysLeft);
+                    foreach ($field[$key] as $arrKey => $arr) {
+                        $field[$key][$arrKey] = $this->searchAndRemoveField($pathKeysLeft, $arr);
+                    }
+                    return $data;
+                } else {
+                    array_shift($pathKeysLeft);
+                }
+                $field = &$field[$key];
+            } catch (Exception $ex){
+                return $data;
+            }
+        }
+        $field = "*";
+        return $data;
+    }
+
+    public function is_json($string) {
+        json_decode($string);
+        return (json_last_error() == JSON_ERROR_NONE) ? true : false;
+    }
 }

src/DataDog/AuditBundle/EventSubscriber/AuditSubscriber.php

@@ -34,6 +34,7 @@ class AuditSubscriber implements EventSubscriber
 
     protected $auditedEntities = [];
     protected $unauditedEntities = [];
+    protected $unauditedFields = [];
 
     protected $inserted = []; // [$source, $changeset]
     protected $updated = []; // [$source, $changeset]
@@ -81,6 +82,15 @@ public function addUnauditedEntities(array $unauditedEntities)
         }
     }
 
+    public function addUnauditedFields(array $unauditedFields)
+    {
+        foreach ($unauditedFields as $unauditedField) {
+            foreach ($unauditedField as $key => $unauditedFieldChild) {
+                $this->unauditedFields[$key] = $unauditedFieldChild;
+            }
+        }
+    }
+
     public function getUnauditedEntities()
     {
         return array_keys($this->unauditedEntities);
@@ -365,13 +375,57 @@ protected function id(EntityManager $em, $entity)
         return $pk;
     }
 
+    
+    function is_json($string) {
+        json_decode($string);
+        return (json_last_error() == JSON_ERROR_NONE) ? true : false;
+    }
+
+    protected function filterRecursive($unauditedFields, $array){
+        foreach($array as $key => $value){
+            if(is_string($key) && in_array($key, $unauditedFields)){
+                $array[$key] = "*";
+            }
+            if(is_array($value)){
+                $array[$key] = $this->filterRecursive($unauditedFields, $value);
+            }
+        }
+        return $array;
+    }
+
+    protected function removeUnauditedFields($fieldName, $unauditedFields, $data){
+        if(is_string($fieldName) && in_array($fieldName, $unauditedFields)){
+            return "*";
+        }
+        foreach($unauditedFields as $unauditedField){
+            if(is_string($data) && preg_match('/\b'.$unauditedField.'\b/', $data)){
+                if ($this->is_json($data)) {
+                    $decoded = json_decode($data, true);
+                    $decoded = $this->filterRecursive($unauditedFields, $decoded);
+                    $data = json_encode($decoded);
+                    return $data;
+                } else {
+                    return "*";
+                }
+            }
+        }
+        return $data;
+    }
+
     protected function diff(EntityManager $em, $entity, array $ch)
     {
         $uow = $em->getUnitOfWork();
         $meta = $em->getClassMetadata(get_class($entity));
         $diff = [];
         foreach ($ch as $fieldName => list($old, $new)) {
             if ($meta->hasField($fieldName) && !array_key_exists($fieldName, $meta->embeddedClasses)) {
+
+                // Filter sensitive data
+                if(array_key_exists($meta->getName(), $this->unauditedFields)) {
+                    $old = $this->removeUnauditedFields($fieldName, $this->unauditedFields[$meta->getName()], $old);
+                    $new = $this->removeUnauditedFields($fieldName, $this->unauditedFields[$meta->getName()], $new);  
+                }
+
                 $mapping = $meta->fieldMappings[$fieldName];
                 $diff[$fieldName] = [
                     'old' => $this->value($em, Type::getType($mapping['type']), $old),
@@ -382,11 +436,26 @@ protected function diff(EntityManager $em, $entity, array $ch)
                 $mapping = $meta->associationMappings[$fieldName];
                 $colName = $meta->getSingleAssociationJoinColumnName($fieldName);
                 $assocMeta = $em->getClassMetadata($mapping['targetEntity']);
-                $diff[$fieldName] = [
-                    'old' => $this->assoc($em, $old, true),
-                    'new' => $this->assoc($em, $new, true),
-                    'col' => $colName,
-                ];
+                
+                // Filter sensitive data
+                if(array_key_exists($meta->getName(), $this->unauditedFields)) {
+                    $old = $this->removeUnauditedFields($fieldName, $this->unauditedFields[$meta->getName()], $old);
+                    $new = $this->removeUnauditedFields($fieldName, $this->unauditedFields[$meta->getName()], $new);
+                } 
+
+                if($old == "*" && $new == "*"){
+                    $diff[$fieldName] = [
+                        'old' => $old,
+                        'new' => $new,
+                        'col' => $colName,
+                    ];
+                } else {
+                    $diff[$fieldName] = [
+                        'old' => $this->assoc($em, $old, true),
+                        'new' => $this->assoc($em, $new, true),
+                        'col' => $colName,
+                    ];
+                }
             }
         }
         return $diff;
@@ -499,4 +568,4 @@ public function getUser()
 
         return $user;
     }
-}
+}