Open richmirza opened 2 months ago
Given this schema:
model EncryptionTest { id String @id data String? /// @encrypted?mode=strict }
and this test:
await prisma.$queryRawUnsafe( `INSERT INTO encryption_test (id, data) VALUES ('id', 'plaintextdata')`, ); const encryptionTest = await prisma.encryptionTest.findFirst({ where: { id: 'id' }, });
I would expect this test case to throw an exception. Is my understanding incorrect?
It's a simple fix if indeed it's unexpected behaviour. https://github.com/47ng/prisma-field-encryption/blob/next/src/encryption.ts#L179 is currently
if (!cloakedStringRegex.test(cipherText)) { return }
so if a field is in the database as plaintext (which doesn't match the cloakedStringRegex) then strict mode is not taken into account. Proposed fix:
if (!cloakedStringRegex.test(cipherText)) { if (fieldConfig.strictDecryption) { throw new Error('Value is not encrypted and mode=strict') } return }
That is indeed a missing branch, could you open a PR with your proposed fix please? Thanks!
Note: please add an error for it in this file, with some context (model/field where the cleartext data was found) to help users debug their application.
Given this schema:
and this test:
I would expect this test case to throw an exception. Is my understanding incorrect?
It's a simple fix if indeed it's unexpected behaviour. https://github.com/47ng/prisma-field-encryption/blob/next/src/encryption.ts#L179 is currently
so if a field is in the database as plaintext (which doesn't match the cloakedStringRegex) then strict mode is not taken into account. Proposed fix: