Polishing for formatting

Original Pull Request: #4455
Add integration test to ensure schema validation fails when domain type property values are not encrypted as expected.
2023-08-07 11:28:40 -04:00 · 2023-08-03 10:17:06 -04:00 · 2023-07-18 06:42:23 +02:00 · 2023-07-18 06:25:06 +02:00
8 changed files with 52 additions and 8 deletions
--- a/pom.xml
+++ b/pom.xml
@@ -5,7 +5,7 @@

 	<groupId>org.springframework.data</groupId>
 	<artifactId>spring-data-mongodb-parent</artifactId>
-	<version>4.2.0-SNAPSHOT</version>
+	<version>4.2.x-4454-SNAPSHOT</version>
 	<packaging>pom</packaging>

 	<name>Spring Data MongoDB</name>
--- a/spring-data-mongodb-benchmarks/pom.xml
+++ b/spring-data-mongodb-benchmarks/pom.xml
@@ -7,7 +7,7 @@
 	<parent>
 		<groupId>org.springframework.data</groupId>
 		<artifactId>spring-data-mongodb-parent</artifactId>
-		<version>4.2.0-SNAPSHOT</version>
+		<version>4.2.x-4454-SNAPSHOT</version>
 		<relativePath>../pom.xml</relativePath>
 	</parent>

--- a/spring-data-mongodb-distribution/pom.xml
+++ b/spring-data-mongodb-distribution/pom.xml
@@ -15,7 +15,7 @@
 	<parent>
 		<groupId>org.springframework.data</groupId>
 		<artifactId>spring-data-mongodb-parent</artifactId>
-		<version>4.2.0-SNAPSHOT</version>
+		<version>4.2.x-4454-SNAPSHOT</version>
 		<relativePath>../pom.xml</relativePath>
 	</parent>

--- a/spring-data-mongodb/pom.xml
+++ b/spring-data-mongodb/pom.xml
@@ -13,7 +13,7 @@
 	<parent>
 		<groupId>org.springframework.data</groupId>
 		<artifactId>spring-data-mongodb-parent</artifactId>
-		<version>4.2.0-SNAPSHOT</version>
+		<version>4.2.x-4454-SNAPSHOT</version>
 		<relativePath>../pom.xml</relativePath>
 	</parent>

--- a/spring-data-mongodb/src/main/java/org/springframework/data/mongodb/core/MappingMongoJsonSchemaCreator.java
+++ b/spring-data-mongodb/src/main/java/org/springframework/data/mongodb/core/MappingMongoJsonSchemaCreator.java
@@ -203,8 +203,9 @@ class MappingMongoJsonSchemaCreator implements MongoJsonSchemaCreator {
 								target.properties(nestedProperties.toArray(new JsonSchemaProperty[0])), required));
 					}
 				}
-				return targetProperties.size() == 1 ? targetProperties.iterator().next()
+				JsonSchemaProperty schemaProperty = targetProperties.size() == 1 ? targetProperties.iterator().next()
 						: JsonSchemaProperty.merged(targetProperties);
+				return applyEncryptionDataIfNecessary(property, schemaProperty);
 			}
 		}

--- a/spring-data-mongodb/src/main/java/org/springframework/data/mongodb/core/schema/IdentifiableJsonSchemaProperty.java
+++ b/spring-data-mongodb/src/main/java/org/springframework/data/mongodb/core/schema/IdentifiableJsonSchemaProperty.java
@@ -36,6 +36,7 @@ import org.springframework.data.mongodb.core.schema.TypedJsonSchemaObject.Timest
 import org.springframework.lang.Nullable;
 import org.springframework.util.Assert;
 import org.springframework.util.ObjectUtils;
+import org.springframework.util.StringUtils;

 /**
 * {@link JsonSchemaProperty} implementation.
@@ -1139,7 +1140,9 @@ public class IdentifiableJsonSchemaProperty<T extends JsonSchemaObject> implemen
 				enc.append("bsonType", type.toBsonType().value()); // TODO: no samples with type -> is it bson type all the way?
 			}

-			enc.append("algorithm", algorithm);
+			if (StringUtils.hasText(algorithm)) {
+				enc.append("algorithm", algorithm);
+			}

 			propertySpecification.append("encrypt", enc);

--- a/spring-data-mongodb/src/test/java/org/springframework/data/mongodb/core/MappingMongoJsonSchemaCreatorUnitTests.java
+++ b/spring-data-mongodb/src/test/java/org/springframework/data/mongodb/core/MappingMongoJsonSchemaCreatorUnitTests.java
@@ -271,6 +271,17 @@ class MappingMongoJsonSchemaCreatorUnitTests {
 				.containsEntry("properties.value", new Document("type", "string"));
 	}

+	@Test // GH-4454
+	void wrapEncryptedEntityTypeLikeProperty() {
+
+		MongoJsonSchema schema = MongoJsonSchemaCreator.create() //
+				.filter(MongoJsonSchemaCreator.encryptedOnly()) // filter non encrypted fields
+				.createSchemaFor(WithEncryptedEntityLikeProperty.class);
+
+		assertThat(schema.schemaDocument()) //
+				.containsEntry("properties.domainTypeValue", Document.parse("{'encrypt': {'bsonType': 'object' } }"));
+	}
+
 	// --> TYPES AND JSON

 	// --> ENUM
@@ -676,4 +687,9 @@ class MappingMongoJsonSchemaCreatorUnitTests {
 	static class PropertyClashWithA {
 		Integer aNonEncrypted;
 	}
+
+	@Encrypted(algorithm = "AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic")
+	static class WithEncryptedEntityLikeProperty {
+		@Encrypted SomeDomainType domainTypeValue;
+	}
 }
--- a/spring-data-mongodb/src/test/java/org/springframework/data/mongodb/core/MongoTemplateValidationTests.java
+++ b/spring-data-mongodb/src/test/java/org/springframework/data/mongodb/core/MongoTemplateValidationTests.java
@@ -33,8 +33,10 @@ import org.springframework.context.annotation.Configuration;
 import org.springframework.dao.DataIntegrityViolationException;
 import org.springframework.data.mongodb.config.AbstractMongoClientConfiguration;
 import org.springframework.data.mongodb.core.CollectionOptions.ValidationOptions;
+import org.springframework.data.mongodb.core.mapping.Encrypted;
 import org.springframework.data.mongodb.core.mapping.Field;
 import org.springframework.data.mongodb.core.query.Criteria;
+import org.springframework.data.mongodb.core.schema.MongoJsonSchema;
 import org.springframework.data.mongodb.test.util.Client;
 import org.springframework.data.mongodb.test.util.MongoClientExtension;
 import org.springframework.lang.Nullable;
@@ -46,11 +48,13 @@ import com.mongodb.client.model.ValidationLevel;

 /**
 * Integration tests for {@link CollectionOptions#validation(ValidationOptions)} using
- * {@link org.springframework.data.mongodb.core.validation.CriteriaValidator} and
- * {@link org.springframework.data.mongodb.core.validation.DocumentValidator}.
+ * {@link org.springframework.data.mongodb.core.validation.CriteriaValidator},
+ * {@link org.springframework.data.mongodb.core.validation.DocumentValidator} and
+ * {@link org.springframework.data.mongodb.core.validation.JsonSchemaValidator}.
 *
 * @author Andreas Zink
 * @author Christoph Strobl
+ * @author Julia Lee
 */
@ExtendWith({ MongoClientExtension.class, SpringExtension.class })
 public class MongoTemplateValidationTests {
@@ -186,6 +190,20 @@ public class MongoTemplateValidationTests {
 		assertThat(getValidatorInfo(COLLECTION_NAME)).isEqualTo(new Document("customName", new Document("$type", "bool")));
 	}

+	@Test // GH-4454
+	public void failsJsonSchemaValidationForEncryptedDomainEntityProperty() {
+
+		MongoJsonSchema schema = MongoJsonSchemaCreator.create().createSchemaFor(BeanWithEncryptedDomainEntity.class);
+		template.createCollection(COLLECTION_NAME, CollectionOptions.empty().schema(schema));
+
+		BeanWithEncryptedDomainEntity person = new BeanWithEncryptedDomainEntity();
+		person.encryptedDomainEntity = new SimpleBean("some string", 100, null);
+
+		assertThatExceptionOfType(DataIntegrityViolationException.class)
+			.isThrownBy(() -> template.save(person))
+			.withMessageContaining("Document failed validation");
+	}
+
 	private Document getCollectionOptions(String collectionName) {
 		return getCollectionInfo(collectionName).get("options", Document.class);
 	}
@@ -271,4 +289,10 @@ public class MongoTemplateValidationTests {
 			return "MongoTemplateValidationTests.SimpleBean(nonNullString=" + this.getNonNullString() + ", rangedInteger=" + this.getRangedInteger() + ", customFieldName=" + this.getCustomFieldName() + ")";
 		}
 	}
+
+	@org.springframework.data.mongodb.core.mapping.Document(collection = COLLECTION_NAME)
+	@Encrypted(algorithm = "AEAD_AES_256_CBC_HMAC_SHA_512-Deterministic")
+	static class BeanWithEncryptedDomainEntity {
+		@Encrypted SimpleBean encryptedDomainEntity;
+	}
 }
Author	SHA1	Message	Date
Julia	9439e7feef	Polishing for formatting Original Pull Request: #4455	2023-08-07 11:28:40 -04:00
Julia	f80e2e7f1d	Add integration test to ensure schema validation fails when domain type property values are not encrypted as expected. Closes #4454 Original Pull Request: #4455	2023-08-03 10:17:06 -04:00
Christoph Strobl	d1ed973fa0	Fix schema generation for encrypted fields that are considered domain entities. This commit makes sure to consider the encrypted annotation on fields that are considered domain type property values, encrypting the entire object if necessary.	2023-07-18 06:42:23 +02:00
Christoph Strobl	24e1ae0a2b	Prepare issue branch.	2023-07-18 06:25:06 +02:00