Magento2: Payment config settings not decrypted when used?
In my system.xml:
<field id="production_secret" translate="label" type="obscure" sortOrder="5" showInDefault="1" showInWebsite="1" showInStore="1">
<label>Production Secret</label>
<backend_model>Magento\Config\Model\Config\Backend\Encrypted</backend_model>
<depends><field id='is_sandbox_mode'>0</field></depends>
</field>
In my payment class which extends \Magento\Payment\Model\Method\Cc
$this->secret = $this->getConfigData('production_secret');
$this->secret is still encrypted? it should be a plain text value
I'm using PHP 7.0.2
craigcarnell
All 15 comments
I'm experiencing this as well. The value decrypts fine on the config settings page somehow, but not if I call getConfigData(...) (even elsewhere on the same page request). Magento 2.0.1, PHP 7.0.2.
e: It's not to do with 2.0.1. I can reproduce it on a PHP 7 environment running 2.0.1, but not on a 5.6 environment running 2.0.1. May or may not be PHP.
rhoerr
on 22 Jan 2016
created internal ticket MAGETWO-48387
alena-marchenko
on 26 Jan 2016
If I understand correctly, yes, there is some issue with PHP 7 and encrypted configuration. But in this particular case, I believe the value that's loaded from config is supposed to by encrypted. After it's loaded, using something like the method getConfigData you mentioned, it will need to be decrypted by the code that's requesting the data, using \Magento\Framework\Encryption\EncryptorInterface.
When I do something like your example in php 5.6, I get encrypted text, but when I decrypt it, I get the plain text. The reason it shows up as plaintext on the configuration page is that the backend model, which is responsible for augmenting the save/load behaviors of config fields, decrypts it in that particular situation (but not in all cases where the config is loaded).
Does that sound right?
dsikkema-magento
on 27 Jan 2016
@dsikkema I don't think that's entirely correct. Normally the backend model runs seamlessly somewhere in the process, such that getConfigData from a payment model returns the unencrypted value in and of itself.
It has always worked in this fashion for me, on 1.x and 2.x, except for on one environment running PHP7 as noted earlier. I'm not sure the exact nature of it, but clearly there's some discrepancy at play.
rhoerr
on 27 Jan 2016
Possibly related to issue reported on #3054 as well.
OnTapKristjan
on 11 Feb 2016
We have made some changes which should resolve this for now, can you guys confirm it works as expected on PHP7?
dsikkema-magento
on 25 Feb 2016
@dsikkema I can't as I'm using your composer release 2.0.2 at the moment. Could you point out the commit and I could try that however?
craigcarnell
on 25 Feb 2016
@craigcarnell it's probably this one: https://github.com/magento/magento2/commit/32ca5c97304a1bd84cfbee7cec3d57c9307da9a6
OnTapKristjan
on 25 Feb 2016
I applied the fix manually; can confirm it fixes the problem for me.
rhoerr
on 25 Feb 2016
This solved my issue mentioned in https://github.com/magento/magento2/issues/2878
ifekaj
on 25 Feb 2016
As of Magento 2.0.4, this fix still hasn't been included. In the mean time, if you're running on PHP 7, you'll need to patch the Data.php manually.
Here's the patch: https://github.com/magento/magento2/commit/32ca5c97304a1bd84cfbee7cec3d57c9307da9a6
jaywilliams
on 12 Apr 2016
This really needs fixing ASAP in a RELEASE, not just a patch. It affects all the shipping carriers (USPS, UPS, FedEx, DHL) that have encrypted fields, we have tested with UPS XML standalone to confirm issue.
Causing major support issues, especially as PHP 7.x is now the recommended version to run Magento 2 on.
Will also affect SAAS apps or any app that has encrypted password data being stored in config db table.
wsakaren
on 9 May 2016
Hello @craigcarnell, this issue has been fixed in the 2.0.7 patch release and I'm closing it. Thanks for reporting the issue! If you have additional questions or proposals you are welcome to create another one.
KrystynaKabannyk
on 24 May 2016
I can see the patch has been applied in 2.1.0 but I am still seeing backend data that is not decrypted.
Example;
<field id="terminal_id" translate="label" type="text" sortOrder="3" showInDefault="1" showInWebsite="1" showInStore="0">
<label>Terminal ID</label>
<backend_model>Magento\Config\Model\Config\Backend\Encrypted</backend_model>
</field>
When echo out this;
$this->getConfigData('terminal_id')
Its encrypted;
When like this;
\Magento\Framework\Encryption\Encryptor $crypt
$crypt->decrypt($this->getConfigData('terminal_id'));
Its decrypted and fine.
Any Answers?
stevewinni
on 28 Jun 2016
Maybe this can help someone:
I found that putting a <backend_model>Magento\Config\Model\Config\Backend\Encrypted</backend_model> into the etc/adminhtml/system.xml is not enough. You also need to add something to the etc/config.xml!
Example:
<?xml version="1.0" encoding="UTF-8"?>
<config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="urn:magento:module:Magento_Store:etc/config.xsd">
<default>
<payment>
<mypay>
<title>Mypay</title>
<merchant_id backend_model="Magento\Config\Model\Config\Backend\Encrypted" />
<security_key backend_model="Magento\Config\Model\Config\Backend\Encrypted" />
</mypay>
</payment>
</default>
</config>
With this, there is no need to call decryption yourself, the getConfigData method will do it transparently. This works for me at least since Magento 2.1.0.
pantaoran
on 5 Dec 2016
Related issues
fvillata
路
3Comments
kandrejevs
路
3Comments
PascalBrouwers
路
3Comments
kirashet666
路
3Comments
dmitry-fedyuk
路
3Comments
Most helpful comment
Maybe this can help someone:
I found that putting a
<backend_model>Magento\Config\Model\Config\Backend\Encrypted</backend_model>into theetc/adminhtml/system.xmlis not enough. You also need to add something to theetc/config.xml!Example:
With this, there is no need to call decryption yourself, the
getConfigDatamethod will do it transparently. This works for me at least since Magento 2.1.0.