Contrib.social

Support encrypting fields stored in unique columns.

Open on Drupal.org β†’
Created on 13 November 2021, about 3 years ago
Updated 19 July 2023, over 1 year ago

Problem/Motivation

An error occurs when processing queue items that encrypt user name fields and the values don't get encrypted.
The error is:
SQLSTATE[23000]: Integrity constraint violation: 1062 Duplicate entry '?-en' for key 'user__name': INSERT INTO "users_field_data" ("uid", "langcode", "preferred_langcode", "preferred_admin_langcode", "name", "pass", "mail", "timezone", "status", "created", "changed", "access", "login", "init", "default_langcode", "encrypted_field_storage__value", "encrypted_field_storage__encryption_profile") VALUES (:db_insert_placeholder_0, :db_insert_placeholder_1, :db_insert_placeholder_2, :db_insert_placeholder_3, :db_insert_placeholder_4, :db_insert_placeholder_5, :db_insert_placeholder_6, :db_insert_placeholder_7, :db_insert_placeholder_8, :db_insert_placeholder_9, :db_insert_placeholder_10, :db_insert_placeholder_11, :db_insert_placeholder_12, :db_insert_placeholder_13, :db_insert_placeholder_14, :db_insert_placeholder_15, :db_insert_placeholder_16); Array ( [:db_insert_placeholder_0] => redacted [:db_insert_placeholder_1] => en [:db_insert_placeholder_2] => en [:db_insert_placeholder_3] => en [:db_insert_placeholder_4] => πŸ”’ [:db_insert_placeholder_5] => redacted [:db_insert_placeholder_6] => πŸ”’ [:db_insert_placeholder_7] => redacted [:db_insert_placeholder_8] => 1 [:db_insert_placeholder_9] => 1629851034 [:db_insert_placeholder_10] => 1630023293 [:db_insert_placeholder_11] => 1630023800 [:db_insert_placeholder_12] => 1630023247 [:db_insert_placeholder_13] => redacted [:db_insert_placeholder_14] => 1 [:db_insert_placeholder_15] => redacted [:db_insert_placeholder_16] => authenticated_aes_for_user_data_encryption )

Steps to reproduce

Encrypt the name field on User entity type.
Process queue

✨ Feature request
Status

Needs work

Version

3.0

Component

Code

Created by

πŸ‡ΊπŸ‡ΈUnited States damondt

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

  • Comment over 1 year ago β†’
    πŸ‡©πŸ‡ͺGermany TipiT Hamburg

    I would say that this is a high priority issue, because this module is the only one that supports encrypting field values in Drupal. Additionally there is no module that supports encrypting usernames.

    Because "Username" is considered PII (personal identifiable information) and should be always kept encrypted. There are a lot of companies using Drupal that are under GDPR, HIPAA or storing information as a part of a medical device. Does this means Drupal is not a option for them, because there is no solution to encrypt the "Username"?

  • Comment over 1 year ago β†’
    πŸ‡ΊπŸ‡ΈUnited States damondt

    @TipiT It's possible to encrypt usernames, the default username field could be autofilled and hidden and optionally an encrypted psudo-username field added. This patch just gets it to work on the default username field. And I don't think GDPR applies here, my understanding is that only requires consent for data storage as opposed to encryption.

  • Comment over 1 year ago β†’
    πŸ‡©πŸ‡ͺGermany TipiT Hamburg

    @damondt I would argue that's a hack, at least a workaround, not the same as encrypting the username field. Actually that is already what we do for security reasons, but like already said, it's not exactly the same thing, because login etc. gets more complicated.

    I think you are right about the GDPR, but as a good guidance, any PII should be stored encrypted.

  • Comment about 1 year ago β†’
    πŸ‡²πŸ‡½Mexico jaimeah

    I am seeing an issue with this patch: while this does encrypt the username, it does not allow you to login back again: the unencrypted value becomes unavailable.

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024