mirror/opensourcepos
1
0
Fork 0
mirror of https://github.com/opensourcepos/opensourcepos.git synced 2026-06-16 19:40:28 -04:00
Code Issues Packages Projects Releases Wiki Activity
Files
48e3f948f50352acbda3d55de89dba54d4fc3f7d
opensourcepos/app/Libraries/Mailchimp_lib.php
Ollama 48e3f948f5 Fix encryption key persistence for Docker environments 
The check_encryption() function now properly handles Docker/container
environments where ROOTPATH/.env may be read-only or ephemeral.

Changes:
- Returns false when key persistence fails instead of always returning true
- Removes error suppression (@) to properly detect write failures
- Adds fallback to WRITEPATH/config/encryption.key for container volumes
- Splits logic into separate functions for clarity and testability

Fixes encryption key being lost on container restarts, which caused
stored passwords to become undecryptable.

GitHub-Issue: #4554

Add fallback key loading from WRITEPATH in Encryption config

When encryption key is not available from .env or environment variables,
the config now attempts to load from WRITEPATH/config/encryption.key.

This supports Docker environments where:
- .env file is read-only or ephemeral
- Key was persisted to the writable volume via check_encryption()

GitHub-Issue: #4554

Handle encryption unavailability gracefully in controllers

Changed EncrypterInterface property to nullable and added proper error
handling for cases where encryption key is not available.

Changes:
- Config controller: nullable encrypter property, try/catch around encryption
- Email_lib: check encryption before using encrypter
- Return meaningful error messages when encryption fails
- Log warnings when passwords saved without encryption

Users will now see clear error messages instead of unhandled exceptions
when encryption key cannot be initialized.

GitHub-Issue: #4554

Add encryption_failed error message to language file

Added localization string for encryption failure error messages.

GitHub-Issue: #4554

Add decrypt_value() and encrypt_value() helper functions

Extracts the recurring decryption/encryption pattern into reusable helper
functions with consistent error handling:

- decrypt_value(): Safely decrypts encrypted values with try/catch
- encrypt_value(): Safely encrypts values with error handling

Both functions handle:
- Empty/null values gracefully
- Missing encryption key (logs warning)
- Encryption/decryption failures (logs error, returns default)

This pattern appears in 8+ locations across the codebase.

GitHub-Issue: #4554

Refactor all encryption/decryption to use helper functions

Replaces direct encrypter calls with decrypt_value() and encrypt_value()
helpers throughout the codebase for consistent error handling:

- Config controller: SMTP, SMS, Mailchimp credential encryption
- Email_lib: SMTP password decryption
- Sms_lib: SMS password decryption
- Mailchimp_lib: API key decryption
- Customers controller: Mailchimp list ID decryption

Removes nullable EncrypterInterface property from Config controller as
encryption is now handled via helper functions.

GitHub-Issue: #4554

Address CodeRabbit feedback: validate key length, clarify encryption failure handling

- loadKeyFromWritable() now validates key length >= 64 before accepting
- encrypt_value() renamed  param, defaults to failing encryption required
- Clearer error message when credentials not saved

GitHub-Issue: #4554

fix: address CodeRabbit review comments for encryption key persistence

- Always mirror encryption key to both .env and WRITEPATH (Docker safety)
- Guard array key access with isset() before reading in Encryption.php
- Fix encrypt_value() to not treat string '0' as empty
- Improve error logging for failed encryption attempts

refactor: PSR-compliant naming and address objecttothis review comments

- Rename functions to camelCase: checkEncryption, writeEncryptionKeyToEnv, writeEncryptionKeyToWritable, loadEncryptionKeyFromWritable, abortEncryptionConversion, removeBackup, decryptValue, encryptValue
- Update all callers in Config.php, Customers.php, Migrations, Email_lib.php, Sms_lib.php, Mailchimp_lib.php
- Add EncryptionException import in security_helper.php (removed FQN)
- Use camelCase variables: $smtpPass, $emailConfig, $batchSaveData in affected files
- Remove unnecessary inline comments (code is self-documenting)
- Keep necessary docstrings for public API documentation

Address remaining CodeRabbit review comments

- Fix decryptValue() to use explicit null/empty check instead of empty()
  (handles string "0" correctly)
- Guard checkEncryption() result in migration before proceeding
- Check read success before writing backup restoration
- Consistent DIRECTORY_SEPARATOR usage in paths

GitHub-Issue: #4554
2026-06-09 23:39:03 +02:00

332 lines
13 KiB
PHP
Raw Blame History

<?php
namespace app\Libraries;
use Config\OSPOS;
/**
* MailChimp API v3 REST client Connector
*
* Interface for communicating with the Mailchimp v3 API
*
* Inspired by the work of:
* - Rajitha Bandara: https://github.com/rajitha-bandara/ci-mailchimp-v3-rest-client
* - Stefan Ashwell: https://github.com/stef686/codeigniter-mailchimp-api-v3
*/
class MailchimpConnector
{
/**
* API Key
*
* @var string[]
*/
private $_api_key = ''; // TODO: Hungarian notation
/**
* API Endpoint
*
* @var string[]
*/
private $_api_endpoint = 'https://<dc>.api.mailchimp.com/3.0/'; // TODO: Hungarian notation
/**
* Constructor
*/
public function __construct(string $api_key = '')
{
$config = config(OSPOS::class)->settings;
$mailchimp_api_key = $config['mailchimp_api_key'] ?? '';
if (!empty($mailchimp_api_key)) {
$this->_api_key = empty($api_key)
? decryptValue($mailchimp_api_key)
: $api_key;
}
if (!empty($this->_api_key)) {
// Replace <dc> with correct datacenter obtained from the last part of the api key
$strings = explode('-', $this->_api_key);
if (is_array($strings) && !empty($strings[1])) {
$this->_api_endpoint = str_replace('<dc>', $strings[1], $this->_api_endpoint);
}
}
}
/**
* Call an API method. Every request needs the API key
* @param string $httpVerb The HTTP method to be used
* @param string $method The API method to call, e.g. 'lists/list'
* @param array $args An array of arguments to pass to the method. Will be json-encoded for you.
* @return array|bool Associative array of json decoded API response or false on error.
*/
public function call(string $method, string $httpVerb = 'POST', array $args = []): bool|array
{
if (!empty($this->_api_key)) { // TODO: Hungarian notation
return $this->_request($httpVerb, $method, $args); // TODO: Hungarian notation
}
return false;
}
/**
* Builds the request URL based on request type
* @param string $httpVerb The HTTP method to be used
* @param string $method The API method to be called
* @param array $args Assoc array of parameters to be passed
* @return string Request URL
*/
private function _build_request_url(string $method, string $httpVerb = 'POST', array $args = []): string // TODO: Hungarian notation.
{
if ($httpVerb == 'GET') {
return $this->_api_endpoint . $method . '?' . http_build_query($args); // TODO: Hungarian notation
}
return $this->_api_endpoint . $method; // TODO: Hungarian notation
}
/**
* Performs the underlying HTTP request.
* @param string $httpVerb The HTTP method to be used
* @param string $method The API method to be called
* @param array $args Assoc array of parameters to be passed
* @return bool|array Assoc array of decoded result or False
*/
private function _request(string $httpVerb, string $method, array $args = []): bool|array // TODO: Hungarian notation
{
$result = false;
if (($ch = curl_init()) !== false) {
curl_setopt($ch, CURLOPT_URL, $this->_build_request_url($method, $httpVerb, $args));
curl_setopt($ch, CURLOPT_HTTPHEADER, ['Content-Type: application/json']);
curl_setopt($ch, CURLOPT_USERPWD, "user:" . $this->_api_key);
curl_setopt($ch, CURLOPT_USERAGENT, 'PHP-MCAPI/3.0');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_TIMEOUT, 10);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($args));
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, $httpVerb);
$result = curl_exec($ch);
curl_close($ch);
}
return $result ? json_decode($result, true) : false;
}
}
/**
* Mailchimp library, usable from CI code
*
* Library with utility queries to interface Mailchimp v3 API
*
* Inspired by the work of ThinkShout: https://github.com/thinkshout/mailchimp-api-php
*/
class Mailchimp_lib // TODO: IMO We need to stick to the one class per file principle.
{
private $_connector; // TODO: Hungarian notation
/**
* @param array $params
*/
public function __construct(array $params = [])
{
$api_key = (count($params) > 0 && !empty($params['api_key'])) ? $params['api_key'] : '';
$this->_connector = new MailchimpConnector($api_key);
}
/**
* Gets information about all lists owned by the authenticated account.
*
* @param array $parameters
* Associative array of optional request parameters.
* By the default it places a simple query to list name & id and count of members & merge_fields
* NOTE: no space between , and next word is allowed. You will not get the filter to work in full but just the first tag
* @return array|bool
* @see http://developer.mailchimp.com/documentation/mailchimp/reference/lists/#read-get_lists
*/
public function getLists(array $parameters = ['fields' => 'lists.id,lists.name,lists.stats.member_count,lists.stats.merge_field_count']): bool|array
{
return $this->_connector->call('/lists', 'GET', $parameters); // TODO: Hungarian notation
}
/**
* Gets a MailChimp list.
*
* @param string $list_id
* The ID of the list.
* @param array $parameters Associative array of optional request parameters.
* @return array|bool
* @see http://developer.mailchimp.com/documentation/mailchimp/reference/lists/#read-get_lists_list_id
*/
public function getList(string $list_id, array $parameters = ['fields' => 'id,name,stats.member_count,stats.merge_field_count']): bool|array
{
return $this->_connector->call("/lists/$list_id", 'GET', $parameters); // TODO: Hungarian notation
}
/**
* Gets information about all members of a MailChimp list.
*
* @param string $list_id
* The ID of the list.
* @param array $parameters
* Associative array of optional request parameters.
* @return array|bool
* @see http://developer.mailchimp.com/documentation/mailchimp/reference/lists/members/#read-get_lists_list_id_members
*/
public function getMembers(string $list_id, int $count, int $offset, array $parameters = ['fields' => 'members.id,members.email_address,members.unique_email_id,members.status,members.merge_fields']): bool|array
{
$parameters += [
'count' => $count,
'offset' => $offset
];
return $this->_connector->call("/lists/$list_id/members", 'GET', $parameters); // TODO: Hungarian notation
}
/**
* Gets information about a member of a MailChimp list.
*
* @param string $list_id
* The ID of the list.
* @param string $md5id
* The member's email address md5 hash which is the id.
* @param array $parameters
* Associative array of optional request parameters.
* @return array|bool
* @see http://developer.mailchimp.com/documentation/mailchimp/reference/lists/members/#read-get_lists_list_id_members_subscriber_hash
*/
public function getMemberInfoById(string $list_id, string $md5id, array $parameters = ['fields' => 'email_address,status,merge_fields']): bool|array
{
return $this->_connector->call("/lists/$list_id/members/$md5id", 'GET', $parameters); // TODO: Hungarian notation
}
/**
* Gets information about a member of a MailChimp list.
*
* @param string $list_id
* The ID of the list.
* @param string $email
* The member's email address.
* @param array $parameters
* Associative array of optional request parameters.
* @return array|bool
* @see http://developer.mailchimp.com/documentation/mailchimp/reference/lists/members/#read-get_lists_list_id_members_subscriber_hash
*/
public function getMemberInfo(string $list_id, string $email, array $parameters = []): bool|array
{
return $this->_connector->call("/lists/$list_id/members/" . md5(strtolower($email)), 'GET', $parameters);
}
/**
* Gets activity related to a member of a MailChimp list.
*
* @param string $list_id The ID of the list.
* @param string $email The member's email address.
* @param array $parameters Associative array of optional request parameters.
* @return array|bool Associative array of results or false.
* @see http://developer.mailchimp.com/documentation/mailchimp/reference/lists/members/activity/#read-get_lists_list_id_members_subscriber_hash_activity
*/
public function getMemberActivity(string $list_id, string $email, array $parameters = []): bool|array
{
return $this->_connector->call("/lists/$list_id/members/" . md5(strtolower($email)) . '/activity', 'GET', $parameters); // TODO: Hungarian notation
}
/**
* Adds a new member to a MailChimp list.
*
* @param string $list_id
* The ID of the list.
* @param string $email
* The email address to add.
* @param array $parameters
* Associative array of optional request parameters.
* @return array|bool
* @see http://developer.mailchimp.com/documentation/mailchimp/reference/lists/members/#create-post_lists_list_id_members
*/
public function addMember(string $list_id, string $email, string $first_name, string $last_name, array $parameters = []): bool|array
{
$parameters += [
'email_address' => $email,
'status' => 'subscribed',
'merge_fields' => [
'FNAME' => $first_name,
'LNAME' => $last_name
]
];
return $this->_connector->call("/lists/$list_id/members/", 'POST', $parameters); // TODO: Hungarian notation
}
/**
* Removes a member from a MailChimp list.
*
* @param string $list_id
* The ID of the list.
* @param string $email
* The member's email address.
* @return array|bool
* @see http://developer.mailchimp.com/documentation/mailchimp/reference/lists/members/#delete-delete_lists_list_id_members_subscriber_hash
*/
public function removeMember(string $list_id, string $email): bool|array
{
return $this->_connector->call("/lists/$list_id/members/" . md5(strtolower($email)), 'DELETE'); // TODO: Hungarian notation
}
/**
* Updates a member of a MailChimp list.
*
* @param string $list_id
* The ID of the list.
* @param string $email
* The member's email address.
* @param array $parameters
* Associative array of optional request parameters.
* @return array|bool
* @see http://developer.mailchimp.com/documentation/mailchimp/reference/lists/members/#edit-patch_lists_list_id_members_subscriber_hash
*/
public function updateMember(string $list_id, string $email, string $first_name, string $last_name, array $parameters = []): bool|array
{
$parameters += [
'status' => 'subscribed',
'merge_fields' => [
'FNAME' => $first_name,
'LNAME' => $last_name
]
];
return $this->_connector->call("/lists/$list_id/members/" . md5(strtolower($email)), 'PATCH', $parameters); // TODO: Hungarian notation
}
/**
* Adds a new or update an existing member of a MailChimp list.
*
* @param string $list_id
* The ID of the list.
* @param string $email
* The member's email address.
* @param array $parameters
* Associative array of optional request parameters.
* @return array|bool
* @see http://developer.mailchimp.com/documentation/mailchimp/reference/lists/members/#edit-put_lists_list_id_members_subscriber_hash
*/
public function addOrUpdateMember(string $list_id, string $email, string $first_name, string $last_name, string $status, array $parameters = []): bool|array
{
$parameters += [
'email_address' => $email,
'status' => $status,
'status_if_new' => 'subscribed',
'merge_fields' => [
'FNAME' => $first_name,
'LNAME' => $last_name
]
];
return $this->_connector->call("/lists/$list_id/members/" . md5(strtolower($email)), 'PUT', $parameters); // TODO: Hungarian notation
}
}
Reference in New Issue View Git Blame Copy Permalink