Required JSON field name was missing at depth 0 on encryptJSON() in strict mode

[rabol]

Hi

in a Laravel project, I'm trying to store an array of data.
here is the data

$data = [
        [
            'name' => 'test',
            'prompt' => 'Ask for name',
            'who' => 'sender',
            'type' => 'text',
        ],
        [
            'name' => 'test',
            'prompt' => 'Ask for name',
            'who' => 'sender',
            'type' => 'text',
        ],
        [
            'name' => 'test',
            'prompt' => 'Ask for name',
            'who' => 'sender',
            'type' => 'text',
        ],
    ];

the table has 2 columns, name and data

code

        $map = (new JsonFieldMap())
            ->addTextField('name')
            ->addTextField('prompt')
            ->addTextField('who')
            ->addTextField('type');

        $encryptedRow
            ->addField('name')
            ->addBlindIndex('name', new BlindIndex('name_index'))
            ->addJsonField('data', $map);

[paragonie-security]

There are a couple of limitations with the current JSON field design:

1. The ability to add blind indexes on arbitrary JSON fields (or even compound indexes on the same data) is absent.
2. Lists are not currently supported, only object hashes.
3. Arbitrary-depth is not supported; only a flat key-value structure.

This works great if you're storing, e.g. Stripe events as JSONB in a PostgreSQL database but want to encrypt them first. It doesn't work for your use case.

You could iterate over the list with an instance of EncryptedRow and encrypt each blob individually. For example:

        $encryptedRow
            ->addTextField('name')
            ->addTextField('prompt')
            ->addTextField('who')
            ->addTextField('type')
            ->addBlindIndex('name', new BlindIndex('name_index'));

// Encrypt path:
$encryptedData = [];
foreach ($data as $index => $row) {
    $encryptedData[$index] = $encryptedRow->prepareRowForStorage($row);
}
$storeThis = json_encode($encryptedData);

// Decrypt path:
$fromDatabase = json_decode($_whatever_, true);
$data = [];
foreach ($fromDatabase as $index => $row) {
    $data[$index] = $encryptedRow->decryptRow($row[1]);
}
var_dump($data);

However, this has one serious drawback and limitation: The items within the list can be freely arranged because its position in the list is not authenticated. This may be desirable in some cases, however!

If we decide to add arbitrary depth and list support to JsonFieldMap, it would not be as flexible: The indices of the list items would be authenticated, always.

[rabol]

Ok, thanks for the reply.

I my case I don't need to search in the json field, so I think I will convert the db field to a text and then json encode/decode
when storing / retrieving the data

[rabol]

I have noticed that if I do something like this UserDoc::select('from_title')
(select from_title from user_docs where user_id = 1)

I get an EmptyFieldException

basically any select that does not include all the encrypted columns will throw this exception.

I must have missed someting in my setup ?

[paragonie-security]

Yes, empty fields are not permitted by default.

ciphersweet/src/EncryptedRow.php

Lines 847 to 863 in 198a301

	/**
	* @return bool
	*/
	public function getPermitEmpty(): bool
	{
	return $this->permitEmpty;
	}
	/**
	* @param bool $permitted
	* @return $this
	*/
	public function setPermitEmpty(bool $permitted): static
	{
	$this->permitEmpty = $permitted;
	return $this;
	}

You can call setPermitEmpty(true) on your EncryptedRow object to avoid this exception.

[paragonie-security]

The changes in #88 will also make this easier to automate.