Payment config settings not decrypted when used?

[csdougliss]

In my system.xml:

<field id="production_secret" translate="label" type="obscure" sortOrder="5" showInDefault="1" showInWebsite="1" showInStore="1">
                    <label>Production Secret</label>
                    <backend_model>Magento\Config\Model\Config\Backend\Encrypted</backend_model>
                    <depends><field id='is_sandbox_mode'>0</field></depends>
                </field>

In my payment class which extends \Magento\Payment\Model\Method\Cc

$this->secret = $this->getConfigData('production_secret');

$this->secret is still encrypted? it should be a plain text value

I'm using PHP 7.0.2

Inchoo/magento2-Inchoo_Stripe#6

[rhoerr]

I'm experiencing this as well. The value decrypts fine on the config settings page somehow, but not if I call getConfigData(...) (even elsewhere on the same page request). Magento 2.0.1, PHP 7.0.2.

e: It's not to do with 2.0.1. I can reproduce it on a PHP 7 environment running 2.0.1, but not on a 5.6 environment running 2.0.1. May or may not be PHP.

[alena-marchenko]

created internal ticket MAGETWO-48387

[dsikkema-magento]

If I understand correctly, yes, there is some issue with PHP 7 and encrypted configuration. But in this particular case, I believe the value that's loaded from config is supposed to by encrypted. After it's loaded, using something like the method getConfigData you mentioned, it will need to be decrypted by the code that's requesting the data, using \Magento\Framework\Encryption\EncryptorInterface.

When I do something like your example in php 5.6, I get encrypted text, but when I decrypt it, I get the plain text. The reason it shows up as plaintext on the configuration page is that the backend model, which is responsible for augmenting the save/load behaviors of config fields, decrypts it in that particular situation (but not in all cases where the config is loaded).

Does that sound right?

[rhoerr]

@dsikkema I don't think that's entirely correct. Normally the backend model runs seamlessly somewhere in the process, such that getConfigData from a payment model returns the unencrypted value in and of itself.

It has always worked in this fashion for me, on 1.x and 2.x, except for on one environment running PHP7 as noted earlier. I'm not sure the exact nature of it, but clearly there's some discrepancy at play.

[OnTapKristjan]

Possibly related to issue reported on #3054 as well.

[dsikkema-magento]

We have made some changes which should resolve this for now, can you guys confirm it works as expected on PHP7?

[csdougliss]

@dsikkema I can't as I'm using your composer release 2.0.2 at the moment. Could you point out the commit and I could try that however?

[OnTapKristjan]

@craigcarnell it's probably this one: 32ca5c9

[rhoerr]

I applied the fix manually; can confirm it fixes the problem for me.

[ifekaj]

This solved my issue mentioned in #2878

[jaywilliams]

As of Magento 2.0.4, this fix still hasn't been included. In the mean time, if you're running on PHP 7, you'll need to patch the Data.php manually.

Here's the patch: 32ca5c9

[birchestx]

This really needs fixing ASAP in a RELEASE, not just a patch. It affects all the shipping carriers (USPS, UPS, FedEx, DHL) that have encrypted fields, we have tested with UPS XML standalone to confirm issue.

Causing major support issues, especially as PHP 7.x is now the recommended version to run Magento 2 on.

Will also affect SAAS apps or any app that has encrypted password data being stored in config db table.

[KrystynaKabannyk]

Hello @craigcarnell, this issue has been fixed in the 2.0.7 patch release and I'm closing it. Thanks for reporting the issue! If you have additional questions or proposals you are welcome to create another one.

[stevewinni]

I can see the patch has been applied in 2.1.0 but I am still seeing backend data that is not decrypted.

Example;

<field id="terminal_id" translate="label" type="text" sortOrder="3" showInDefault="1" showInWebsite="1" showInStore="0">
       <label>Terminal ID</label>
       <backend_model>Magento\Config\Model\Config\Backend\Encrypted</backend_model>
</field>

When echo out this;
$this->getConfigData('terminal_id')
Its encrypted;

When like this;
\Magento\Framework\Encryption\Encryptor $crypt
$crypt->decrypt($this->getConfigData('terminal_id'));

Its decrypted and fine.

Any Answers?

[pantaoran]

Maybe this can help someone:

I found that putting a <backend_model>Magento\Config\Model\Config\Backend\Encrypted</backend_model> into the etc/adminhtml/system.xml is not enough. You also need to add something to the etc/config.xml!

Example:

<?xml version="1.0" encoding="UTF-8"?>
<config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="urn:magento:module:Magento_Store:etc/config.xsd">
    <default>
        <payment>
            <mypay>
                <title>Mypay</title>
                <merchant_id backend_model="Magento\Config\Model\Config\Backend\Encrypted" />
                <security_key backend_model="Magento\Config\Model\Config\Backend\Encrypted" />
            </mypay>
        </payment>
    </default>
</config>

With this, there is no need to call decryption yourself, the getConfigData method will do it transparently. This works for me at least since Magento 2.1.0.