active_record-pgcrypto 0.2.4 → 0.2.5

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 6225d8f7dd8ecd182236f45d3a9d68884207891563ae550c03f0b3038e3a31d4
-  data.tar.gz: 21543ff3b8587257c94acd367e4e40dbbbd484c2030e231eaefd03d6bf86e47a
+  metadata.gz: 720cc8894659947200a913bee9a2757ddb9b31f993dd5a710d0a4dba781c3f95
+  data.tar.gz: e4309d8fe0032d489a205158bd37768cc867aaa8adf8e0999ffbf20ee32082bf
 SHA512:
-  metadata.gz: 5a2bcca8231ecc1ebfe00dfdb61ef55311f736de9b6752ab2a6c8e09f4fd2a70b53df4a07c80dd7dd5509f3d32c750c20e506a361a3bbfeade1bbc22362fdad9
-  data.tar.gz: 0ac5f283a26ebc13f1c601fcafb02b13a6ae8c52d7f0366e33eac32a33a06189b396a6a99e3b4e54ec6bac13be3d1b43183388876e4bf998fdfdf1e3be4d8453
+  metadata.gz: 146fbaa31f74481b715ae9dec906bf5f556ad23881a5c0a7d8510cd5869500104ad4d211b0c273499f60aa9d6c9e5a12c24a7e1da1c4a6dd7c7294494b585d9d
+  data.tar.gz: 7e534fd989099428241b88f64822c55b75f8e6a2e7a923c03f002c4353dd76b0dfbc34be8d108f29f883911c2598af9074122d87b9002937c717003c3043f231

data/lib/active_record/pgcrypto/log_subscriber.rb

@@ -2,8 +2,10 @@ module ActiveRecord
   module PGCrypto
     # Subscribes to the logger and obfuscates the sensitive queries.
     module LogSubscriber
+      # rubocop:disable Lint/MixedRegexpCaptureTypes
       REGEXP = \
         /(\(*)(?<operation>pgp_sym_(decrypt|encrypt)_bytea)(\(+.*\)+)/im.freeze
+      # rubocop:enable Lint/MixedRegexpCaptureTypes
       PLACEHOLDER = '[FILTERED]'.freeze
 
       # Scrubs the log event from any sensitive SQL

data/lib/active_record/pgcrypto/patches.rb

@@ -11,7 +11,7 @@ module ActiveRecord
       # can return same decrypted values, we don't check it.
       #
       # @return [FalseClass] on our coder values.
-      def changed_in_place?(*)
+      def changed_in_place?(*args, **kwargs)
         return false if coder == ActiveRecord::PGCrypto::SymmetricCoder
 
         super

data/lib/active_record/pgcrypto/version.rb

@@ -1,5 +1,5 @@
 module ActiveRecord
   module PGCrypto
-    VERSION = '0.2.4'.freeze
+    VERSION = '0.2.5'.freeze
   end
 end

data/spec/active_record/pgcrypto/log_subscriber_spec.rb

@@ -0,0 +1,24 @@
+require 'spec_helper'
+require 'active_record/pgcrypto/log_subscriber'
+
+RSpec.describe ActiveRecord::PGCrypto::LogSubscriber do
+  let(:pgcrypto_key) { FFaker::Internet.password }
+  let(:subscriber) { ActiveRecord::LogSubscriber.new }
+  let(:event_payload) do
+    { sql: "SELECT PGP_SYM_ENCRYPT_BYTEA('data', '#{pgcrypto_key}')" }
+  end
+  let(:event) do
+    ActiveSupport::Notifications::Event.new(:test, 0, 0, :id, event_payload)
+  end
+
+  before do
+    ActiveRecord::PGCrypto.enable_log_subscriber!
+  end
+
+  it do
+    subscriber.sql(event)
+
+    expect(event.payload[:sql]).not_to include(pgcrypto_key)
+    expect(event.payload[:sql]).to include(described_class::PLACEHOLDER)
+  end
+end

data/spec/active_record/pgcrypto/symmetric_coder_spec.rb

@@ -0,0 +1,36 @@
+require 'spec_helper'
+require 'active_record/pgcrypto/symmetric_coder'
+
+RSpec.describe ActiveRecord::PGCrypto::SymmetricCoder do
+  let(:pgcrypto_key) { FFaker::Internet.password }
+  let(:text) { '€n©őđ3Đ' }
+  let(:numeric) { rand(1.0..5.0) }
+
+  before do
+    described_class.pgcrypto_key = pgcrypto_key
+  end
+
+  it { expect(described_class.pgcrypto_key).to eq(pgcrypto_key) }
+
+  context 'with encrypted text' do
+    it { expect(described_class.dump(text)).not_to eq(text) }
+
+    it { expect(described_class.dump(text)).not_to be_blank }
+
+    it do
+      expect(described_class.load(described_class.dump(text))).to eq(text)
+    end
+  end
+
+  context 'with encrypted numeric' do
+    it { expect(described_class.dump(numeric)).not_to eq(numeric.to_s) }
+
+    it { expect(described_class.dump(numeric)).not_to be_blank }
+
+    it do
+      expect(
+        described_class.load(described_class.dump(numeric))
+      ).to eq(numeric.to_s)
+    end
+  end
+end

data/spec/dummy.rb

@@ -0,0 +1,27 @@
+require 'active_record'
+require 'logger'
+
+ActiveRecord::Base.logger = Logger.new($stdout)
+ActiveRecord::Base.logger.level = ENV['LOG_LEVEL'] || Logger::WARN
+ActiveRecord::Base.establish_connection(ENV['DATABASE_URL'])
+
+ActiveRecord::Schema.define do
+  enable_extension 'pgcrypto'
+
+  create_table :users, force: true do |t|
+    t.binary :email
+  end
+end
+
+# Enable PGCrypto Symmetric encryption support.
+ENV['PGCRYPTO_SYM_KEY'] = SecureRandom.hex(10)
+require 'active_record/pgcrypto'
+
+class User < ActiveRecord::Base
+  serialize(:email, ActiveRecord::PGCrypto::SymmetricCoder)
+
+  def self.decrypted_email
+    ActiveRecord::PGCrypto::SymmetricCoder
+      .decrypted_arel_text(arel_table[:email])
+  end
+end

data/spec/integration/model_spec.rb

@@ -0,0 +1,32 @@
+require 'spec_helper'
+require 'securerandom'
+
+RSpec.describe User do
+  let(:good_user) { User.create!(email: FFaker::Internet.email) }
+  let(:bad_user) { User.create!(email: FFaker::Internet.email) }
+
+  it 'finds the searched user' do
+    expect(good_user.email).not_to eq(bad_user.email)
+
+    filtered = User.where(
+      User.decrypted_email.matches("#{good_user.email.first(4)}%")
+    )
+
+    expect(filtered.count).to eq(1)
+    expect(filtered.first).to eq(good_user)
+  end
+
+  it 'stays unchanged' do
+    good_user.reload
+    expect(good_user).not_to be_changed
+
+    good_user.email = good_user.reload.email
+    expect(good_user).not_to be_changed
+
+    good_user.email = FFaker::Internet.email
+    expect(good_user).to be_changed
+
+    good_user.reload
+    expect(good_user).not_to be_changed
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,22 @@
+require 'bundler/setup'
+require 'simplecov'
+
+SimpleCov.start do
+  add_group 'Lib', 'lib'
+  add_group 'Tests', 'spec'
+end
+SimpleCov.minimum_coverage 90
+
+require 'dummy'
+require 'ffaker'
+require 'rspec'
+
+RSpec.configure do |config|
+  config.mock_with :rspec
+  config.filter_run_when_matching :focus
+  config.disable_monkey_patching!
+
+  config.expect_with :rspec do |c|
+    c.syntax = :expect
+  end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: active_record-pgcrypto
 version: !ruby/object:Gem::Version
-  version: 0.2.4
+  version: 0.2.5
 platform: ruby
 authors:
 - Stas SUȘCOV
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-03-04 00:00:00.000000000 Z
+date: 2021-01-09 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activerecord
@@ -157,24 +157,18 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- ".github/ISSUE_TEMPLATE.md"
-- ".github/PULL_REQUEST_TEMPLATE.md"
-- ".github/workflows/ci.yml"
-- ".gitignore"
-- ".rubocop.yml"
-- ".yardstick.yml"
-- CODE_OF_CONDUCT.md
-- Dockerfile
-- Gemfile
 - LICENSE.txt
 - README.md
-- Rakefile
-- active_record-pgcrypto.gemspec
 - lib/active_record/pgcrypto.rb
 - lib/active_record/pgcrypto/log_subscriber.rb
 - lib/active_record/pgcrypto/patches.rb
 - lib/active_record/pgcrypto/symmetric_coder.rb
 - lib/active_record/pgcrypto/version.rb
+- spec/active_record/pgcrypto/log_subscriber_spec.rb
+- spec/active_record/pgcrypto/symmetric_coder_spec.rb
+- spec/dummy.rb
+- spec/integration/model_spec.rb
+- spec/spec_helper.rb
 homepage: https://github.com/stas/active_record-pgcrypto
 licenses:
 - MIT
@@ -194,7 +188,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.1
+rubygems_version: 3.2.3
 signing_key: 
 specification_version: 4
 summary: PGCrypto for ActiveRecord

data/.github/ISSUE_TEMPLATE.md

@@ -1,16 +0,0 @@
-## Expected Behavior
-
-
-## Actual Behavior
-
-
-## Steps to Reproduce the Problem
-
-  1.
-  2.
-  3.
-
-## Specifications
-
-  - Version:
-  - Ruby version:

data/.github/PULL_REQUEST_TEMPLATE.md

@@ -1,17 +0,0 @@
-## What is the current behavior?
-
-<!-- Please describe the current behavior that you are modifying, or link to a
-  relevant issue. -->
-
-## What is the new behavior?
-
-<!-- Please describe the behavior or changes that are being added here. -->
-
-## Checklist
-
-Please make sure the following requirements are complete:
-
-- [ ] Tests for the changes have been added (for bug fixes / features)
-- [ ] Docs have been reviewed and added / updated if needed (for bug fixes /
-  features)
-- [ ] All automated checks pass (CI/CD)

data/.github/workflows/ci.yml

@@ -1,47 +0,0 @@
-name: CI
-
-on: [push, pull_request]
-
-jobs:
-  ruby_rails_matrix:
-    runs-on: ubuntu-18.04
-
-    services:
-      postgres:
-        image: postgres:11.6
-        env:
-          POSTGRES_USER: postgres
-          POSTGRES_PASSWORD: postgres
-          POSTGRES_DB: postgres
-        ports:
-          - 5432/tcp
-        options: --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5
-
-    strategy:
-      matrix:
-        ruby: [2.4, 2.7]
-        rails: [4, 5, 6]
-        exclude:
-          - ruby: 2.4
-            rails: 6
-          - ruby: 2.7
-            rails: 4
-
-    steps:
-    - uses: actions/checkout@master
-
-    - name: Sets up the environment
-      uses: actions/setup-ruby@v1
-      with:
-        ruby-version: ${{ matrix.ruby }}
-
-    - name: Runs code QA and tests
-      env:
-        RAILS_VERSION: ~> ${{ matrix.rails }}
-        DATABASE_URL: postgresql://postgres:postgres@localhost:${{ job.services.postgres.ports[5432] }}/postgres?pool=5
-      run: |
-        rm -rf Gemfile.lock
-        gem uninstall bundler -a --force
-        gem install bundler -v '~> 1'
-        bundle
-        rake

data/.gitignore

@@ -1,12 +0,0 @@
-/.bundle/
-/.yardoc
-/_yardoc/
-/coverage/
-/doc/
-/pkg/
-/spec/reports/
-/tmp/
-
-# rspec failure tracking
-.rspec_status
-Gemfile.lock

data/.rubocop.yml

@@ -1,50 +0,0 @@
-require:
-  - rubocop-performance
-  - rubocop-rspec
-
-RSpec:
-  Enabled: true
-
-RSpec/MultipleExpectations:
-  Enabled: false
-
-Performance:
-  Enabled: true
-
-Bundler:
-  Enabled: true
-
-Gemspec:
-  Enabled: true
-
-Style/StringLiterals:
-  Enabled: true
-  EnforcedStyle: single_quotes
-
-Style/FrozenStringLiteralComment:
-  Enabled: false
-
-Metrics/LineLength:
-  Max: 80
-
-Metrics/BlockLength:
-  Exclude:
-    - 'spec/**/*_spec.rb'
-    - '**/*.gemspec'
-
-Layout/IndentationConsistency:
-  EnforcedStyle: normal
-
-Style/BlockDelimiters:
-  Enabled: true
-
-RSpec/FilePath:
-  Exclude:
-    - 'spec/**/*_spec.rb'
-
-RSpec/DescribedClass:
-  Exclude:
-    - 'spec/integration/*_spec.rb'
-
-RSpec/ExampleLength:
-  Enabled: false

data/.yardstick.yml

@@ -1,29 +0,0 @@
----
-path: ['lib/**/*.rb']
-threshold: 100
-rules:
-  ApiTag::Presence:
-    enabled: false
-  ApiTag::Inclusion:
-    enabled: false
-  ApiTag::ProtectedMethod:
-    enabled: false
-  ApiTag::PrivateMethod:
-    enabled: false
-  ExampleTag:
-    enabled: false
-  ReturnTag:
-    enabled: true
-    exclude: []
-  Summary::Presence:
-    enabled: true
-    exclude: []
-  Summary::Length:
-    enabled: true
-    exclude: []
-  Summary::Delimiter:
-    enabled: true
-    exclude: []
-  Summary::SingleLine:
-    enabled: true
-    exclude: []

data/CODE_OF_CONDUCT.md

@@ -1,74 +0,0 @@
-# Contributor Covenant Code of Conduct
-
-## Our Pledge
-
-In the interest of fostering an open and welcoming environment, we as
-contributors and maintainers pledge to making participation in our project and
-our community a harassment-free experience for everyone, regardless of age, body
-size, disability, ethnicity, gender identity and expression, level of experience,
-nationality, personal appearance, race, religion, or sexual identity and
-orientation.
-
-## Our Standards
-
-Examples of behavior that contributes to creating a positive environment
-include:
-
-* Using welcoming and inclusive language
-* Being respectful of differing viewpoints and experiences
-* Gracefully accepting constructive criticism
-* Focusing on what is best for the community
-* Showing empathy towards other community members
-
-Examples of unacceptable behavior by participants include:
-
-* The use of sexualized language or imagery and unwelcome sexual attention or
-advances
-* Trolling, insulting/derogatory comments, and personal or political attacks
-* Public or private harassment
-* Publishing others' private information, such as a physical or electronic
-  address, without explicit permission
-* Other conduct which could reasonably be considered inappropriate in a
-  professional setting
-
-## Our Responsibilities
-
-Project maintainers are responsible for clarifying the standards of acceptable
-behavior and are expected to take appropriate and fair corrective action in
-response to any instances of unacceptable behavior.
-
-Project maintainers have the right and responsibility to remove, edit, or
-reject comments, commits, code, wiki edits, issues, and other contributions
-that are not aligned to this Code of Conduct, or to ban temporarily or
-permanently any contributor for other behaviors that they deem inappropriate,
-threatening, offensive, or harmful.
-
-## Scope
-
-This Code of Conduct applies both within project spaces and in public spaces
-when an individual is representing the project or its community. Examples of
-representing a project or community include using an official project e-mail
-address, posting via an official social media account, or acting as an appointed
-representative at an online or offline event. Representation of a project may be
-further defined and clarified by project maintainers.
-
-## Enforcement
-
-Instances of abusive, harassing, or otherwise unacceptable behavior may be
-reported by contacting the project team at stas@nerd.ro. All
-complaints will be reviewed and investigated and will result in a response that
-is deemed necessary and appropriate to the circumstances. The project team is
-obligated to maintain confidentiality with regard to the reporter of an incident.
-Further details of specific enforcement policies may be posted separately.
-
-Project maintainers who do not follow or enforce the Code of Conduct in good
-faith may face temporary or permanent repercussions as determined by other
-members of the project's leadership.
-
-## Attribution
-
-This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
-available at [http://contributor-covenant.org/version/1/4][version]
-
-[homepage]: http://contributor-covenant.org
-[version]: http://contributor-covenant.org/version/1/4/

data/Dockerfile

@@ -1,17 +0,0 @@
-FROM postgres:11.6-alpine
-
-RUN apk add --no-cache git build-base ruby ruby-full ruby-dev
-
-RUN gem install -q --no-ri --no-rdoc -v '~> 1' bundler
-
-RUN mkdir /gem
-WORKDIR /gem
-
-COPY ./ ./
-RUN bundle install --no-cache
-
-ENV DATABASE_URL=postgresql://postgres@localhost/postgres?pool=5
-
-ENTRYPOINT []
-
-CMD ["sh", "-c", "(nohup /docker-entrypoint.sh postgres > /dev/null &) && sleep 3 && bundle install && bundle exec rake"]

data/Gemfile

@@ -1,3 +0,0 @@
-source 'https://rubygems.org'
-
-gemspec

data/Rakefile

@@ -1,23 +0,0 @@
-require 'bundler/gem_tasks'
-require 'rspec/core/rake_task'
-require 'rubocop/rake_task'
-require 'yaml'
-require 'yardstick/rake/verify'
-
-desc('Documentation stats and measurements')
-task('qa:docs') do
-  yaml = YAML.load_file('.yardstick.yml')
-  config = Yardstick::Config.coerce(yaml)
-  measure = Yardstick.measure(config)
-  measure.puts
-  coverage = Yardstick.round_percentage(measure.coverage * 100)
-  exit(1) if coverage < config.threshold
-end
-
-RuboCop::RakeTask.new('qa:code')
-
-desc('Run QA tasks')
-task(qa: ['qa:docs', 'qa:code'])
-
-RSpec::Core::RakeTask.new(spec: :qa)
-task(default: :spec)

data/active_record-pgcrypto.gemspec

@@ -1,35 +0,0 @@
-lib = File.expand_path('lib', __dir__)
-$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
-require 'active_record/pgcrypto/version'
-
-Gem::Specification.new do |spec|
-  spec.name          = 'active_record-pgcrypto'
-  spec.version       = ActiveRecord::PGCrypto::VERSION
-  spec.authors       = ['Stas SUȘCOV']
-  spec.email         = ['stas@nerd.ro']
-
-  spec.summary       = 'PGCrypto for ActiveRecord'
-  spec.description   = 'PostgreSQL PGCrypto support for ActiveRecord models.'
-  spec.homepage      = 'https://github.com/stas/active_record-pgcrypto'
-  spec.license       = 'MIT'
-
-  # Specify which files should be added to the gem when it is released.
-  spec.files         = Dir.chdir(File.expand_path(__dir__)) do
-    `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(spec)/}) }
-  end
-  spec.require_paths = ['lib']
-
-  spec.add_dependency 'activerecord', (ENV['RAILS_VERSION'] || '>= 3.2')
-
-  pg_version = '< 1' if ENV['RAILS_VERSION'].to_s.split(' ').last.to_i == 4
-
-  spec.add_development_dependency 'bundler'
-  spec.add_development_dependency 'ffaker'
-  spec.add_development_dependency 'pg', pg_version
-  spec.add_development_dependency 'rake'
-  spec.add_development_dependency 'rspec'
-  spec.add_development_dependency 'rubocop-performance'
-  spec.add_development_dependency 'rubocop-rspec'
-  spec.add_development_dependency 'simplecov'
-  spec.add_development_dependency 'yardstick'
-end