Anonymisierung von Parametern

payone-woocommerce-3.php

@@ -16,7 +16,7 @@
 define('PAYONE_PLUGIN_PATH', __DIR__);
 define('PAYONE_VIEW_PATH', PAYONE_PLUGIN_PATH.'/views');
 
-require_once 'autoload.php';
+require_once 'src/autoload.php';
 
 if ( in_array( 'woocommerce/woocommerce.php', apply_filters( 'active_plugins', get_option( 'active_plugins' ) ) ) ) {
     $payonePlugin = new \Payone\Plugin();

phpunit.xml

@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!-- https://phpunit.de/manual/current/en/appendixes.configuration.html -->
+<phpunit xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:noNamespaceSchemaLocation="http://schema.phpunit.de/4.8/phpunit.xsd"
+         backupGlobals="false"
+         colors="true"
+         bootstrap="src/autoload.php"
+>
+    <php>
+        <ini name="error_reporting" value="-1" />
+        <server name="KERNEL_DIR" value="src/" />
+    </php>
+
+    <testsuites>
+        <testsuite name="Project Test Suite">
+            <directory>tests</directory>
+        </testsuite>
+    </testsuites>
+
+    <filter>
+        <whitelist>
+            <directory>src</directory>
+            <exclude>
+                <directory>src/*Bundle/Resources</directory>
+                <directory>src/*/*Bundle/Resources</directory>
+                <directory>src/*/Bundle/*Bundle/Resources</directory>
+            </exclude>
+        </whitelist>
+    </filter>
+</phpunit>

src/Payone/Payone/Api/DataTransfer.php

@@ -6,6 +6,12 @@ class DataTransfer
 {
     private $parameterBag;
 
+    private $fieldsToAnonymize = [
+        'cardpan' => [4, 4],
+        'iban' => [4, 3],
+        'street' => [1, 1],
+    ];
+
     public function __construct()
     {
         $this->clear();
@@ -66,8 +72,32 @@ public function unserializeParameters($serialized)
         $this->parameterBag = json_decode($serialized, true);
     }
 
-    private function anonymize()
+    public function anonymizeParameters()
+    {
+        foreach ($this->parameterBag as $key => $value) {
+            $this->parameterBag[$key] = $this->anonymize($key, $value);
+        }
+    }
+
+    /**
+     * @param string $key
+     * @param string $value
+     *
+     * @return string
+     */
+    private function anonymize($key, $value)
     {
-        // @todo Alle persönlichen Daten anonymisieren
+        $anonymizationRule = isset($this->fieldsToAnonymize[$key]) ? $this->fieldsToAnonymize[$key] : null;
+
+        if ($anonymizationRule) {
+            $numberFirstCharacters = $anonymizationRule[0];
+            $numberLastCharacters = $anonymizationRule[1];
+
+            $value = substr($value, 0, $numberFirstCharacters)
+                     .str_repeat('x', strlen($value) - $numberFirstCharacters - $numberLastCharacters)
+                     .substr($value, -$numberLastCharacters);
+        }
+
+        return $value;
     }
 }

autoload.php → src/autoload.php

@@ -4,16 +4,11 @@
  * PSR-4 Autoloader from http://www.php-fig.org/psr/psr-4/examples/
  */
 
-defined( 'ABSPATH' ) or die( 'Direct access not allowed' );
-
 spl_autoload_register(function ($class) {
 
     // project-specific namespace prefix
     $prefix = 'Payone';
 
-    // base directory for the namespace prefix
-    $base_dir = __DIR__ . '/src/';
-
     // does the class use the namespace prefix?
     $len = strlen($prefix);
     if (strncmp($prefix, $class, $len) !== 0) {
@@ -24,7 +19,7 @@
     // replace the namespace prefix with the base directory, replace namespace
     // separators with directory separators in the relative class name, append
     // with .php
-    $file = $base_dir . str_replace('\\', '/', $class) . '.php';
+    $file = __DIR__ . '/' . str_replace('\\', '/', $class) . '.php';
 
     // if the file exists, require it
     if (file_exists($file)) {

tests/DataTransferTest.php

@@ -0,0 +1,38 @@
+<?php
+
+use PHPUnit\Framework\TestCase;
+
+final class DataTransferTest extends TestCase
+{
+    public function testGetAndSet()
+    {
+        $dataTransfer = new \Payone\Payone\Api\DataTransfer();
+
+        $dataTransfer->set('test', '1234');
+        $dataTransfer->set('cardpan', '4111111111111111');
+        $dataTransfer->set('iban', 'DE85123456782599100003');
+        $dataTransfer->set('street', 'Hauptstrasse 1');
+
+        $this->assertEquals('1234', $dataTransfer->get('test'));
+        $this->assertEquals('4111111111111111', $dataTransfer->get('cardpan'));
+        $this->assertEquals('DE85123456782599100003', $dataTransfer->get('iban'));
+        $this->assertEquals('Hauptstrasse 1', $dataTransfer->get('street'));
+    }
+
+    public function testAnonymization()
+    {
+        $dataTransfer = new \Payone\Payone\Api\DataTransfer();
+
+        $dataTransfer->set('test', '1234');
+        $dataTransfer->set('cardpan', '4111111111111111');
+        $dataTransfer->set('iban', 'DE85123456782599100003');
+        $dataTransfer->set('street', 'Hauptstrasse 1');
+
+        $dataTransfer->anonymizeParameters();
+
+        $this->assertEquals('1234', $dataTransfer->get('test'));
+        $this->assertEquals('4111xxxxxxxx1111', $dataTransfer->get('cardpan'));
+        $this->assertEquals('DE85xxxxxxxxxxxxxxx003', $dataTransfer->get('iban'));
+        $this->assertEquals('Hxxxxxxxxxxxx1', $dataTransfer->get('street'));
+    }
+}