By default strip sensitive data from serialized exceptions

wol-soft · wol-soft · commit 491716b9cd60 · 2020-07-24T19:59:56.000+02:00
diff --git a/src/Exception/JSONModelValidationException.php b/src/Exception/JSONModelValidationException.php
@@ -16,5 +16,35 @@
  */
 abstract class JSONModelValidationException extends Exception implements JsonSerializable, SerializationInterface
 {
-    use SerializableTrait;
+    use SerializableTrait {
+        toArray as protected _toArray;
+    }
+
+    /**
+     * @inheritDoc
+     *
+     * @param bool $stripSensitiveData By default the file and the line of the exception will not be serialized
+     */
+    public function toArray(array $except = [], int $depth = 512, bool $stripSensitiveData = true)
+    {
+        if ($stripSensitiveData && !in_array('__KEEP_SENSITIVE_DATA__', $except)) {
+            $except = array_merge($except, ['file', 'line']);
+        } else {
+            array_push($except, '__KEEP_SENSITIVE_DATA__');
+        }
+
+        return $this->_toArray($except, $depth);
+    }
+
+    /**
+     * @inheritDoc
+     */
+    public function toJSON(array $except = [], int $options = 0, int $depth = 512, bool $stripSensitiveData = true)
+    {
+        if ($depth < 1) {
+            return false;
+        }
+
+        return json_encode($this->toArray($except, $depth, $stripSensitiveData), $options, $depth);
+    }
 }
diff --git a/src/Traits/SerializableTrait.php b/src/Traits/SerializableTrait.php
@@ -61,43 +61,47 @@ public function toArray(array $except = [], int $depth = 512)
 
         $depth--;
         $modelData = [];
-        array_push($except, 'rawModelDataInput', 'errorRegistry');
+        array_push($except, 'rawModelDataInput', 'errorRegistry', 'customSerializer');
 
-        foreach (get_object_vars($this) as $key => $value) {
+        foreach (get_class_vars(get_class($this)) as $key => $value) {
             if (in_array($key, $except)) {
                 continue;
             }
 
             if ($customSerializer = $this->getCustomSerializerMethod($key)) {
-                $this->handleSerializedValue($modelData, $key, $this->{$customSerializer}());
+                $this->handleSerializedValue($modelData, $key, $this->{$customSerializer}(), $depth, $except);
                 continue;
             }
 
-            if (is_array($value)) {
-                $subData = [];
-                foreach ($value as $subKey => $element) {
-                    $subData[$subKey] = $this->evaluateAttribute($element, $depth, $except);
-                }
-                $modelData[$key] = $subData;
-            } else {
-                $modelData[$key] = $this->evaluateAttribute($value, $depth, $except);
-            }
+            $modelData[$key] = $this->serializeValue($this->$key, $depth, $except);
         }
 
         return $modelData;
     }
 
-    private function handleSerializedValue(array &$data, $key, $serializedValue): void
+    private function handleSerializedValue(array &$data, $key, $serializedValue, int $depth, array $except): void
     {
         if ($serializedValue instanceof SerializedValue &&
             $serializedValue->getSerializationStrategy() === SerializedValue::STRATEGY_MERGE_VALUE
         ) {
-            $data = array_merge($data, $serializedValue->getSerializedValue());
+            $data = array_merge($data, $this->serializeValue($serializedValue->getSerializedValue(), $depth, $except));
 
             return;
         }
 
-        $data[$key] = $serializedValue;
+        $data[$key] = $this->serializeValue($serializedValue, $depth, $except);
+    }
+
+    private function serializeValue($value, int $depth, array $except) {
+        if (is_array($value)) {
+            $subData = [];
+            foreach ($value as $subKey => $element) {
+                $subData[$subKey] = $this->evaluateAttribute($element, $depth, $except);
+            }
+            return $subData;
+        }
+
+        return $this->evaluateAttribute($value, $depth, $except);
     }
 
     private function evaluateAttribute($attribute, int $depth, array $except)
@@ -113,9 +117,9 @@ private function evaluateAttribute($attribute, int $depth, array $except)
         return (0 >= $depth)
             ? null
             : (
-                method_exists($attribute, 'toArray')
-                    ? $attribute->toArray($except, $depth - 1)
-                    : get_object_vars($attribute)
+            method_exists($attribute, 'toArray')
+                ? $attribute->toArray($except, $depth - 1)
+                : get_object_vars($attribute)
             );
     }
 
diff --git a/tests/Exception/ErrorRegistryExceptionTest.php b/tests/Exception/ErrorRegistryExceptionTest.php
@@ -65,8 +65,16 @@ public function testErrorRegistryExceptionCollectsMessages(): void
             'message' => "Value for test1 must not be larger than 2\nValue for test2 must not be larger than 2",
         ];
 
-        $this->assertSame($expectedOutput, $errorRegistry->toArray(['file', 'line', 'code']));
-        $this->assertSame(json_encode($expectedOutput), $errorRegistry->toJSON(['file', 'line', 'code']));
+        $this->assertSame($expectedOutput, $errorRegistry->toArray(['code']));
+        $this->assertSame(json_encode($expectedOutput), $errorRegistry->toJSON(['code']));
+
+        $serialized = $errorRegistry->toArray(['code'], 512, false);
+        $this->assertArrayHasKey('file', $serialized);
+        $this->assertArrayHasKey('line', $serialized);
+        $this->assertArrayHasKey('file', $serialized['errors'][0]);
+        $this->assertArrayHasKey('line', $serialized['errors'][0]);
+        $this->assertArrayHasKey('file', json_decode($errorRegistry->toJSON(['code'], 0, 512, false), true));
+        $this->assertArrayHasKey('line', json_decode($errorRegistry->toJSON(['code'], 0, 512, false), true));
 
         throw $errorRegistry;
     }
