Add fields property to encryptedFieldsMap

Author: GromNaN

lib/Doctrine/ODM/MongoDB/Mapping/MappingException.php

@@ -314,14 +314,4 @@ public static function rootDocumentCannotBeEncrypted(string $className): self
             $className,
         ));
     }
-
-    public static function invalidEncryptedQueryRangeType(string $className, string $fieldName, string $type): self
-    {
-        return new self(sprintf(
-            'The field type "%s" for field "%s::%s" is not supported for "range" query on encrypted field.',
-            $type,
-            $className,
-            $fieldName,
-        ));
-    }
 }

lib/Doctrine/ODM/MongoDB/MongoDBException.php

@@ -160,4 +160,9 @@ public static function transactionalSessionMismatch(): self
     {
         return new self('The transactional operation cannot be executed because it was started in a different session.');
     }
+
+    public static function notADocumentClass(string $className): self
+    {
+        return new self(sprintf('The class "%s" is not a document class.', $className));
+    }
 }

lib/Doctrine/ODM/MongoDB/SchemaManager.php

@@ -650,7 +650,7 @@ public function createDocumentCollection(string $documentName, ?int $maxTimeMs =
             $encryptedFields = (new EncryptedFieldsMapGenerator($this->dm->getMetadataFactory()))->getEncryptedFieldsMapForClass($class->name);
 
             if ($encryptedFields) {
-                $options['encryptedFields'] = ['fields' => $encryptedFields];
+                $options['encryptedFields'] = $encryptedFields;
             }
         }
 

lib/Doctrine/ODM/MongoDB/Utility/EncryptedFieldsMapGenerator.php

@@ -8,6 +8,7 @@
 use Doctrine\ODM\MongoDB\Mapping\ClassMetadata;
 use Doctrine\ODM\MongoDB\Mapping\ClassMetadataFactoryInterface;
 use Doctrine\ODM\MongoDB\Mapping\MappingException;
+use Doctrine\ODM\MongoDB\MongoDBException;
 use Doctrine\ODM\MongoDB\Types\Type;
 use Generator;
 use LogicException;
@@ -26,7 +27,7 @@ public function __construct(private ClassMetadataFactoryInterface $classMetadata
     /**
      * Returns the full encryption fields map for a document manager
      *
-     * @return array<class-string, array<int, array{path: string, bsonType: string, keyId: ?string}>>
+     * @return array<class-string, array{fields: array<int, array{path: string, bsonType: string, keyId: null}>}>
      */
     public function getEncryptedFieldsMap(): array
     {
@@ -43,7 +44,7 @@ public function getEncryptedFieldsMap(): array
                 continue;
             }
 
-            $encryptedFieldsMap[$classMetadata->getName()] = $classMap;
+            $encryptedFieldsMap[$classMetadata->getName()] = ['fields' => $classMap];
         }
 
         return $encryptedFieldsMap;
@@ -54,20 +55,30 @@ public function getEncryptedFieldsMap(): array
      *
      * @param class-string $className
      *
-     * @return array<int, array{path: string, bsonType: string, keyId: ?string}>
+     * @return array{fields: array<int, array{path: string, bsonType: string, keyId: null}>}|null
      */
-    public function getEncryptedFieldsMapForClass(string $className): array
+    public function getEncryptedFieldsMapForClass(string $className): ?array
     {
         $classMetadata = $this->classMetadataFactory->getMetadataFor($className);
 
-        return iterator_to_array($this->createEncryptedFieldsMapForClass($classMetadata));
+        if (! $classMetadata->isDocument()) {
+            throw MongoDBException::notADocumentClass($className);
+        }
+
+        $fields = iterator_to_array($this->createEncryptedFieldsMapForClass($classMetadata));
+
+        if ($fields === []) {
+            return null;
+        }
+
+        return ['fields' => $fields];
     }
 
     /**
      * @param array<class-string, true> $visitedClasses
      * @phpstan-param ClassMetadata<T> $classMetadata
      *
-     * @return Generator<int, array{path: string, bsonType: string, keyId: ?string}>
+     * @return Generator<int, array{path: string, bsonType: string, keyId: null}>
      *
      * @template T of object
      */
@@ -86,15 +97,14 @@ private function createEncryptedFieldsMapForClass(
         }
 
         foreach ($classMetadata->fieldMappings as $mapping) {
-            // @todo support polymorphic types and inheritance?
             // Add fields recursively
             if ($mapping['embedded'] ?? false) {
                 $embedMetadata = $this->classMetadataFactory->getMetadataFor($mapping['targetDocument']);
 
                 // When the embedded document class is encrypted, the field is encrypted,
                 // but none of the embedded fields are encrypted separately.
                 if ($embedMetadata->isEncrypted) {
-                    $mapping['encrypt'] ??= []; // @todo get the keyId
+                    $mapping['encrypt'] ??= [];
                 } elseif (! isset($mapping['encrypt'])) {
                     yield from $this->createEncryptedFieldsMapForClass(
                         $embedMetadata,

phpstan-baseline.neon

@@ -1999,43 +1999,43 @@ parameters:
 			path: tests/Doctrine/ODM/MongoDB/Tests/Tools/EncryptedFieldsMapGeneratorTest.php
 
 		-
-			message: '#^Method Doctrine\\Persistence\\Mapping\\AbstractClassMetadataFactory@anonymous/tests/Doctrine/ODM/MongoDB/Tests/Tools/EncryptedFieldsMapGeneratorTest\.php\:168\:\:__construct\(\) has parameter \$classNames with no value type specified in iterable type array\.$#'
+			message: '#^Method Doctrine\\Persistence\\Mapping\\AbstractClassMetadataFactory@anonymous/tests/Doctrine/ODM/MongoDB/Tests/Tools/EncryptedFieldsMapGeneratorTest\.php\:197\:\:__construct\(\) has parameter \$classNames with no value type specified in iterable type array\.$#'
 			identifier: missingType.iterableValue
 			count: 1
 			path: tests/Doctrine/ODM/MongoDB/Tests/Tools/EncryptedFieldsMapGeneratorTest.php
 
 		-
-			message: '#^Method Doctrine\\Persistence\\Mapping\\AbstractClassMetadataFactory@anonymous/tests/Doctrine/ODM/MongoDB/Tests/Tools/EncryptedFieldsMapGeneratorTest\.php\:168\:\:doLoadMetadata\(\) has parameter \$class with generic interface Doctrine\\Persistence\\Mapping\\ClassMetadata but does not specify its types\: T$#'
+			message: '#^Method Doctrine\\Persistence\\Mapping\\AbstractClassMetadataFactory@anonymous/tests/Doctrine/ODM/MongoDB/Tests/Tools/EncryptedFieldsMapGeneratorTest\.php\:197\:\:doLoadMetadata\(\) has parameter \$class with generic interface Doctrine\\Persistence\\Mapping\\ClassMetadata but does not specify its types\: T$#'
 			identifier: missingType.generics
 			count: 1
 			path: tests/Doctrine/ODM/MongoDB/Tests/Tools/EncryptedFieldsMapGeneratorTest.php
 
 		-
-			message: '#^Method Doctrine\\Persistence\\Mapping\\AbstractClassMetadataFactory@anonymous/tests/Doctrine/ODM/MongoDB/Tests/Tools/EncryptedFieldsMapGeneratorTest\.php\:168\:\:doLoadMetadata\(\) has parameter \$parent with generic interface Doctrine\\Persistence\\Mapping\\ClassMetadata but does not specify its types\: T$#'
+			message: '#^Method Doctrine\\Persistence\\Mapping\\AbstractClassMetadataFactory@anonymous/tests/Doctrine/ODM/MongoDB/Tests/Tools/EncryptedFieldsMapGeneratorTest\.php\:197\:\:doLoadMetadata\(\) has parameter \$parent with generic interface Doctrine\\Persistence\\Mapping\\ClassMetadata but does not specify its types\: T$#'
 			identifier: missingType.generics
 			count: 1
 			path: tests/Doctrine/ODM/MongoDB/Tests/Tools/EncryptedFieldsMapGeneratorTest.php
 
 		-
-			message: '#^Method Doctrine\\Persistence\\Mapping\\AbstractClassMetadataFactory@anonymous/tests/Doctrine/ODM/MongoDB/Tests/Tools/EncryptedFieldsMapGeneratorTest\.php\:168\:\:getAllMetadata\(\) return type with generic interface Doctrine\\Persistence\\Mapping\\ClassMetadata does not specify its types\: T$#'
+			message: '#^Method Doctrine\\Persistence\\Mapping\\AbstractClassMetadataFactory@anonymous/tests/Doctrine/ODM/MongoDB/Tests/Tools/EncryptedFieldsMapGeneratorTest\.php\:197\:\:getAllMetadata\(\) return type with generic interface Doctrine\\Persistence\\Mapping\\ClassMetadata does not specify its types\: T$#'
 			identifier: missingType.generics
 			count: 1
 			path: tests/Doctrine/ODM/MongoDB/Tests/Tools/EncryptedFieldsMapGeneratorTest.php
 
 		-
-			message: '#^Method Doctrine\\Persistence\\Mapping\\AbstractClassMetadataFactory@anonymous/tests/Doctrine/ODM/MongoDB/Tests/Tools/EncryptedFieldsMapGeneratorTest\.php\:168\:\:initializeReflection\(\) has parameter \$class with generic interface Doctrine\\Persistence\\Mapping\\ClassMetadata but does not specify its types\: T$#'
+			message: '#^Method Doctrine\\Persistence\\Mapping\\AbstractClassMetadataFactory@anonymous/tests/Doctrine/ODM/MongoDB/Tests/Tools/EncryptedFieldsMapGeneratorTest\.php\:197\:\:initializeReflection\(\) has parameter \$class with generic interface Doctrine\\Persistence\\Mapping\\ClassMetadata but does not specify its types\: T$#'
 			identifier: missingType.generics
 			count: 1
 			path: tests/Doctrine/ODM/MongoDB/Tests/Tools/EncryptedFieldsMapGeneratorTest.php
 
 		-
-			message: '#^Method Doctrine\\Persistence\\Mapping\\AbstractClassMetadataFactory@anonymous/tests/Doctrine/ODM/MongoDB/Tests/Tools/EncryptedFieldsMapGeneratorTest\.php\:168\:\:isEntity\(\) has parameter \$class with generic interface Doctrine\\Persistence\\Mapping\\ClassMetadata but does not specify its types\: T$#'
+			message: '#^Method Doctrine\\Persistence\\Mapping\\AbstractClassMetadataFactory@anonymous/tests/Doctrine/ODM/MongoDB/Tests/Tools/EncryptedFieldsMapGeneratorTest\.php\:197\:\:isEntity\(\) has parameter \$class with generic interface Doctrine\\Persistence\\Mapping\\ClassMetadata but does not specify its types\: T$#'
 			identifier: missingType.generics
 			count: 1
 			path: tests/Doctrine/ODM/MongoDB/Tests/Tools/EncryptedFieldsMapGeneratorTest.php
 
 		-
-			message: '#^Method Doctrine\\Persistence\\Mapping\\AbstractClassMetadataFactory@anonymous/tests/Doctrine/ODM/MongoDB/Tests/Tools/EncryptedFieldsMapGeneratorTest\.php\:168\:\:wakeupReflection\(\) has parameter \$class with generic interface Doctrine\\Persistence\\Mapping\\ClassMetadata but does not specify its types\: T$#'
+			message: '#^Method Doctrine\\Persistence\\Mapping\\AbstractClassMetadataFactory@anonymous/tests/Doctrine/ODM/MongoDB/Tests/Tools/EncryptedFieldsMapGeneratorTest\.php\:197\:\:wakeupReflection\(\) has parameter \$class with generic interface Doctrine\\Persistence\\Mapping\\ClassMetadata but does not specify its types\: T$#'
 			identifier: missingType.generics
 			count: 1
 			path: tests/Doctrine/ODM/MongoDB/Tests/Tools/EncryptedFieldsMapGeneratorTest.php

tests/Doctrine/ODM/MongoDB/Tests/Tools/EncryptedFieldsMapGeneratorTest.php

@@ -10,11 +10,13 @@
 use Doctrine\ODM\MongoDB\Mapping\ClassMetadata;
 use Doctrine\ODM\MongoDB\Mapping\ClassMetadataFactoryInterface;
 use Doctrine\ODM\MongoDB\Mapping\MappingException;
+use Doctrine\ODM\MongoDB\MongoDBException;
 use Doctrine\ODM\MongoDB\Tests\BaseTestCase;
 use Doctrine\ODM\MongoDB\Utility\EncryptedFieldsMapGenerator;
 use Doctrine\Persistence\Mapping\AbstractClassMetadataFactory;
 use Doctrine\Persistence\Mapping\Driver\MappingDriver;
 use Doctrine\Persistence\Mapping\ReflectionService;
+use Documents\Bars\Bar;
 use Documents\Encryption\Client;
 use Documents\Encryption\InvalidRootEncrypt;
 use Documents\Encryption\Patient;
@@ -52,7 +54,7 @@ public function testGetEncryptionFieldsMapForClass(): void
             ],
         ];
 
-        self::assertEquals($expected, $encryptedFieldsMap);
+        self::assertEquals(['fields' => $expected], $encryptedFieldsMap);
     }
 
     public function testGetEncryptionFieldsMapForClassForEmbeddedDocument(): void
@@ -73,7 +75,7 @@ public function testGetEncryptionFieldsMapForClassForEmbeddedDocument(): void
             ],
         ];
 
-        self::assertSame($expected, $encryptedFieldsMap);
+        self::assertEquals(['fields' => $expected], $encryptedFieldsMap);
     }
 
     public function testVariousRangeTypes(): void
@@ -115,7 +117,7 @@ public function testVariousRangeTypes(): void
             ],
         ];
 
-        self::assertEquals($expected, $encryptedFieldsMap);
+        self::assertEquals(['fields' => $expected], $encryptedFieldsMap);
     }
 
     public function testRootDocumentsCannotBeEncrypted(): void
@@ -140,29 +142,58 @@ public function testGetEncryptionFieldsMap(): void
 
         $expectedEncryptedFieldsMap = [
             Patient::class => [
-                [
-                    'path' => 'patientRecord.ssn',
-                    'bsonType' => 'string',
-                    'keyId' => null,
-                    'queries' => ['queryType' => 'equality'],
-                ],
-                [
-                    'path' => 'patientRecord.billing',
-                    'bsonType' => 'object',
-                    'keyId' => null,
-                ],
-                [
-                    'path' => 'patientRecord.billingAmount',
-                    'bsonType' => 'int',
-                    'keyId' => null,
-                    'queries' => ['queryType' => 'range', 'min' => 100, 'max' => 2000, 'sparsity' => 1, 'trimFactor' => 4],
+                'fields' => [
+                    [
+                        'path' => 'patientRecord.ssn',
+                        'bsonType' => 'string',
+                        'keyId' => null,
+                        'queries' => ['queryType' => 'equality'],
+                    ],
+                    [
+                        'path' => 'patientRecord.billing',
+                        'bsonType' => 'object',
+                        'keyId' => null,
+                    ],
+                    [
+                        'path' => 'patientRecord.billingAmount',
+                        'bsonType' => 'int',
+                        'keyId' => null,
+                        'queries' => ['queryType' => 'range', 'min' => 100, 'max' => 2000, 'sparsity' => 1, 'trimFactor' => 4],
+                    ],
                 ],
             ],
         ];
 
         $this->assertEquals($expectedEncryptedFieldsMap, $encryptedFieldsMap);
     }
 
+    public function testNoEncryptedFields(): void
+    {
+        $classMetadataFactory = $this->createMetadataFactory(
+            $this->dm->getMetadataFactory(),
+            Bar::class,
+        );
+
+        $factory = new EncryptedFieldsMapGenerator($classMetadataFactory);
+
+        self::assertSame([], $factory->getEncryptedFieldsMap());
+        self::assertNull($factory->getEncryptedFieldsMapForClass(Bar::class));
+    }
+
+    public function testNotADocumentClass(): void
+    {
+        $classMetadataFactory = $this->createMetadataFactory(
+            $this->dm->getMetadataFactory(),
+            PatientRecord::class,
+        );
+
+        $this->expectException(MongoDBException::class);
+        $this->expectExceptionMessage('The class "Documents\Encryption\PatientRecord" is not a document class.');
+
+        $factory = new EncryptedFieldsMapGenerator($classMetadataFactory);
+        $factory->getEncryptedFieldsMapForClass(PatientRecord::class);
+    }
+
     private function createMetadataFactory(ClassMetadataFactoryInterface $classMetadataFactory, string ...$className): ClassMetadataFactoryInterface
     {
         return new class ($classMetadataFactory, $className) extends AbstractClassMetadataFactory implements ClassMetadataFactoryInterface