attr_digest 1.2.0 → 2.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 63cdafa1a0c9fb93a2faf186e6cfc34a9cbb3a82
-  data.tar.gz: 92768dd263b1ef29f66b6634a79373164ed43534
+  metadata.gz: eaa4ae880f27d1904cc66b8d9f7186616ab8054b
+  data.tar.gz: b00e5deaa044a148f202cc1400bce150083b995a
 SHA512:
-  metadata.gz: c9135190b059ebddd9bae632614f5c787675d0cb627679b081e25f387d99bbed91217606e280ad1a9863898fb249ce831085dd2fcc1d03487a6a9b7d0332c7f7
-  data.tar.gz: ce9daa1a773fc71b8c2a9741aa91cece52490e15ee7be7bf5edc5e026c48d44e452f6a127b8007fb6acf8dc686b9a9ba21ce7abb00566d1ee39b3c4cdb9d3ee3
+  metadata.gz: 4f2b05367ce886a884cf6b7a0c508efbfd212bf72f14e2b5594debd46dc8184fbdde02801018925359e8acd870094e07a99a9658ac5180159ab3102c7b8022ed
+  data.tar.gz: 4b341a00e8c34d9bce2a1c493238d1f9bd26f508956e87f63fd5e183bfcf22841cc0139ed98a308a0c152c1eada81e03fe36594c6e7fba14947d27dd103cde6c

data/CHANGELOG.md

@@ -1,5 +1,18 @@
 # Change Log
 
+##v2.0.0
+- Added Ruby 2.3.1 to Travis CI configuration file.
+- Updated README.
+- Added length validator option.
+- Added format validation option.
+- Refactored validation method name.
+- Updated Argon2 dependency to V1.1.1.
+- Added secret key option.
+- Renamed spec classes and factory names.
+- Added time_cost and memory_cost to attr_digest class method and AttrDigest constant.
+- Coerce values to string, permit blank digest with tests.
+- Added NoDigestException and tests.
+
 ##v1.2.0
 - Updated ActiveSupport and ActiveRecord between 4.2.6 and v5.0.0.
 

data/README.md

@@ -2,7 +2,7 @@
 [![Build Status](https://travis-ci.org/brightcommerce/attr_digest.svg?branch=master)](https://travis-ci.org/brightcommerce/attr_digest)
 [![codecov.io](https://codecov.io/github/brightcommerce/attr_digest/coverage.svg?branch=master)](https://codecov.io/github/brightcommerce/attr_digest?branch=master)
 [![HitCount](https://hitt.herokuapp.com/brightcommerce/attr_digest.svg)](https://github.com/brightcommerce/attr_digest)
-[![contributions welcome](https://img.shields.io/badge/contributions-welcome-brightgreen.svg?style=flat)](https://github.com/dwyl/esta/issues)
+[![contributions welcome](https://img.shields.io/badge/contributions-welcome-brightgreen.svg?style=flat)](https://github.com/brightcommerce/attr_digest/pulls)
 
 # AttrDigest
 
@@ -19,7 +19,7 @@ This Gem uses the [Ruby Argon2 Gem](https://github.com/technion/ruby-argon2) whi
 To install add the following line to your `Gemfile`:
 
 ``` ruby
-gem 'attr_digest',
+gem 'attr_digest'
 ```
 
 And run `bundle install`.
@@ -29,7 +29,7 @@ And run `bundle install`.
 Runtime:
 - activerecord (>= 4.2.6, ~> 5.0.0)
 - activesupport (>= 4.2.6, ~> 5.0.0)
-- argon2 (~> 1.1.0)
+- argon2 (~> 1.1.1)
 
 Development/Test:
 - rake (~> 10.5)
@@ -40,11 +40,10 @@ Development/Test:
 
 ## Compatibility
 
-Tested with Ruby 2.3.1p112 (2016-04-26 revision 54768) [x86_64-darwin15] against ActiveRecord 5.0.0 on Mac OS X El Capitan 10.11.5 (15F34).
+Tested with Ruby 2.3.1p112 (2016-04-26 revision 54768) [x86_64-darwin15] against ActiveRecord 5.0.0 on macOS Sierra 10.12.1 (16B2555).
 
 Argon2 requires Ruby 2.2 minimum and an OS platform that supports Ruby FFI Bindings, so unfortunately Windows is out.
 
-
 ## Usage
 
 Attributes to be digested are declared using the `attr_digest` class method in your model:
@@ -98,7 +97,34 @@ If you prefer to skip confirmations for the attribute you are hashing, you can p
 attr_digest :security_answer, confirmation: false
 ```
 
-#### Protected Digest Setter
+#### Format
+
+You can ensure the attribute you are hashing matches a given regular expression by passing a `format` option:
+
+```ruby
+attr_digest :password, format: { with: /\A[a-zA-Z]+\z/, message: "only allows letters" }
+```
+
+AttrDigest adds the Rails format validator and passes the options hash through as is. See [Active Record Validations format validator](http://edgeguides.rubyonrails.org/active_record_validations.html#format) for options you can pass to the `format` options hash.
+
+**NOTE:** The `format` option is not affected by the `validations` option. Adding the `format` option will add a Rails format validator *regardless* of whether the `validations` option is set to `true` or `false`.
+
+#### Length
+
+You can ensure the attribute your are hashing meets certain length criteria by passing a `length` option:
+
+```ruby
+attr_digest :password, length: { minimum: 5 }
+attr_digest :password, length: { maximum: 10 }
+attr_digest :password, length: { in: 5..10 }
+attr_digest :password, length: { is: 8 }
+```
+
+AttrDigest adds the Rails length validator and passes the options hash through as is. See [Active Record Validations length validator](http://edgeguides.rubyonrails.org/active_record_validations.html#length) for options you can pass to the `length` options hash.
+
+**NOTE:** The `length` option is not affected by the `validations` option. Adding the `length` option will add a Rails length validator *regardless* of whether the `validations` option is set to `true` or `false`.
+
+### Protected Digest Setter
 
 If you want to prevent the attribute's digest being set directly, you can include the `protected` option:
 
@@ -108,9 +134,47 @@ attr_digest :security_answer, protected: true
 
 The attribute's digest is *not* protected from direct setting by default.
 
+### Time and Memory Costs
+
+**AttrDigest** sets a default time and memory cost and expects the following minimum and maximum values:
+
+Option | Minimum Value | Maximum Value | Default Value
+--- | --- | --- | ---
+:time_cost | 1 | 10 | 2
+:memory_cost | 1 | 31 | 16
+
+You can change the global defaults by setting the cost options directly on the `AttrDigest` class:
+
+```ruby
+AttrDigest.time_cost = 3
+AttrDigest.memory_cost = 12
+```
+
+You can also change the time and memory cost for a specific attribute by passing the options to the `attr_digest` class method in your model:
+
+```ruby
+attr_digest :security_answer, time_cost: 3, memory_cost: 12
+```
+
+### Secret Key
+
+Argon2 supports an optional secret key value. This should be stored securely on your server, such as alongside your database credentials. Hashes generated with a secret key will only validate when presented that secret.
+
+You can set the optional secret key globally by setting the `secret` attribute on the `AttrDigest` class:
+
+```ruby
+AttrDigest.secret =  Rails.application.secrets.secret_key_base
+```
+
+You can also set the optional secret key for a specific attribute by passing the `:secret` option to the `attr_digest` class method in your model:
+
+```ruby
+attr_digest :security_answer, secret: Rails.application.secrets.secret_key_base
+```
+
 ## Tests
 
-Tests are written using Rspec, FactoryGirl and Sqlite3. There are 31 examples with 100% code coverage.
+Tests are written using Rspec, FactoryGirl and Sqlite3. There are 52 examples with 100% code coverage.
 
 To run the tests, execute the default rake task:
 
@@ -118,10 +182,6 @@ To run the tests, execute the default rake task:
 bundle exec rake
 ```
 
-## Roadmap
-
-I would like to add the ability to pass a `secret` to the Argon2 hasher. This functionality exists in the Ruby Argon2 Gem.
-
 ## Contributing
 
 1. Fork it
@@ -134,6 +194,10 @@ I would like to add the ability to pass a `secret` to the Argon2 hasher. This fu
 
 I would like to thank [Panayotis Matsinopoulos](http://www.matsinopoulos.gr) for his [has_secure_attribute](https://github.com/pmatsinopoulos/has_secure_attribute) gem which provided a lot of the inspiration and framework for **AttrDigest**.
 
+I would also like to thank [Lawrence Sproul](https://github.com/Lawrence-Sproul) for bringing to light some potential error conditions,  providing the motivation to make the gem feature complete and the inspiration for additional validation options.
+
+This gem was written and is maintained by [Jurgen Jocubeit](https://github.com/JurgenJocubeit), CEO and President Brightcommerce, Inc.
+
 ## License
 
 The gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT).

data/lib/attr_digest/attr_digest.rb

@@ -5,44 +5,99 @@ require 'active_support/all'
 module AttrDigest
   extend ActiveSupport::Concern
 
+  class Error < ::StandardError
+  end
+
+  class NoDigestException < Error
+  end
+
+  class InvalidMemoryCost < Error
+  end
+
+  class InvalidTimeCost < Error
+  end
+
   class << self
     attr_accessor :time_cost
     attr_accessor :memory_cost
+    attr_accessor :secret
   end
 
-  self.time_cost = 2
-  self.memory_cost = 16
+  self.time_cost = 2 # 1..10
+  self.memory_cost = 16 # 1..31
 
   module ClassMethods
     def attr_digest(meth, *args, &block)
       attribute_sym = meth.to_sym
       attr_reader attribute_sym
 
-      options = { validations: true, protected: false, case_sensitive: true, confirmation: true }
+      options = {
+        validations: true,
+        protected: false,
+        case_sensitive: true,
+        confirmation: true,
+        time_cost: AttrDigest.time_cost,
+        memory_cost: AttrDigest.memory_cost,
+        secret: AttrDigest.secret
+      }
       options.merge! args[0] unless args.blank?
 
       if options[:validations]
-        confirm attribute_sym if options[:confirmation]
+        add_confirmation_validation(attribute_sym) if options[:confirmation]
         validates attribute_sym, presence: true, on: :create
         before_create { raise "#{attribute_sym}_digest missing on new record" if send("#{attribute_sym}_digest").blank? }
       end
 
+      if options[:format]
+        add_format_validation(attribute_sym, options)
+      end
+
+      if options[:length]
+        add_length_validation(attribute_sym, options)
+      end
+
       define_setter(attribute_sym, options)
       protect_setter(attribute_sym) if options[:protected]
       define_authenticate_method(attribute_sym, options)
     end
 
-    def confirm(attribute_sym)
+    def add_confirmation_validation(attribute_sym)
       validates attribute_sym, confirmation: true, if: lambda { |m| m.send(attribute_sym).present? }
       validates "#{attribute_sym}_confirmation".to_sym, presence: true, if: lambda { |m| m.send(attribute_sym).present? }
     end
 
+    def add_format_validation(attribute_sym, options)
+      validates attribute_sym, format: options[:format], if: lambda { |m| m.send(attribute_sym).present? }
+    end
+
+    def add_length_validation(attribute_sym, options)
+      validates attribute_sym, length: options[:length], if: lambda { |m| m.send(attribute_sym).present? }
+    end
+
     def define_setter(attribute_sym, options)
       define_method "#{attribute_sym.to_s}=" do |unencrypted_value|
-        unless unencrypted_value.blank?
-          instance_variable_set("@#{attribute_sym.to_s}".to_sym, unencrypted_value)
-          password = Argon2::Password.new(t_cost: AttrDigest.time_cost, m_cost: AttrDigest.memory_cost)
-          send("#{attribute_sym.to_s}_digest=".to_sym, password.create(options[:case_sensitive] ? unencrypted_value : unencrypted_value.downcase))
+        if options[:memory_cost] < 1 || options[:memory_cost] > 31
+          raise InvalidMemoryCost.new("Invalid memory cost, min 1 and max 31")
+        end
+
+        if options[:time_cost] < 1 || options[:time_cost] > 31
+          raise InvalidTimeCost.new("Invalid time cost, min 1 and max 10")
+        end
+
+        password = if options[:secret]
+          Argon2::Password.new(t_cost: options[:time_cost], m_cost: options[:memory_cost], secret: options[:secret])
+        else
+          Argon2::Password.new(t_cost: options[:time_cost], m_cost: options[:memory_cost])
+        end
+
+        if options[:validations] == true
+          unless unencrypted_value.blank?
+            instance_variable_set("@#{attribute_sym.to_s}".to_sym, unencrypted_value)
+            send("#{attribute_sym.to_s}_digest=".to_sym, password.create(options[:case_sensitive] ? unencrypted_value : unencrypted_value.downcase))
+          end
+        else
+          instance_variable_set("@#{attribute_sym.to_s}".to_sym, "#{unencrypted_value}")
+          send("#{attribute_sym.to_s}_digest=".to_sym, password.create(options[:case_sensitive] ? "#{unencrypted_value}" : "#{unencrypted_value}".downcase))
         end
       end
     end
@@ -56,12 +111,22 @@ module AttrDigest
 
     def define_authenticate_method(attribute_sym, options)
       define_method "authenticate_#{attribute_sym}" do |value|
-        Argon2::Password.verify_password((options[:case_sensitive] ? value : value.downcase), send("#{attribute_sym}_digest"))
+        digest = send("#{attribute_sym}_digest")
+        if digest.blank?
+          raise NoDigestException.new("Digest for #{attribute_sym} is nil, there is nothing to authenticate with.")
+        end
+        if options[:secret]
+          Argon2::Password.verify_password((options[:case_sensitive] ? "#{value}" : "#{value}".downcase), digest, options[:secret])
+        else
+          Argon2::Password.verify_password((options[:case_sensitive] ? "#{value}" : "#{value}".downcase), digest)
+        end
       end
     end
 
     protected :attr_digest
-    protected :confirm
+    protected :add_confirmation_validation
+    protected :add_format_validation
+    protected :add_length_validation
     protected :define_setter
     protected :protect_setter
     protected :define_authenticate_method

data/lib/attr_digest/version.rb

@@ -1,7 +1,7 @@
 module AttrDigest
   module VERSION
-    MAJOR = 1
-    MINOR = 2
+    MAJOR = 2
+    MINOR = 0
     TINY  = 0
     PRE   = nil
     STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.')

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: attr_digest
 version: !ruby/object:Gem::Version
-  version: 1.2.0
+  version: 2.0.0
 platform: ruby
 authors:
 - Jurgen Jocubeit
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-07-03 00:00:00.000000000 Z
+date: 2016-11-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -56,14 +56,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.1.0
+        version: 1.1.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.1.0
+        version: 1.1.1
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -171,5 +171,5 @@ rubyforge_project:
 rubygems_version: 2.5.1
 signing_key: 
 specification_version: 4
-summary: AttrDigest v1.2.0
+summary: AttrDigest v2.0.0
 test_files: []