RubyGems - attr_encrypted - Versions diffs - 1.0.9 → 1.1.0 - Mend

attr_encrypted 1.0.9 → 1.1.0

Files changed (17) hide show

data/README.rdoc +308 -0
data/Rakefile +1 -1
data/lib/attr_encrypted.rb +192 -196
data/lib/attr_encrypted/adapters/active_record.rb +55 -0
data/lib/attr_encrypted/adapters/data_mapper.rb +21 -0
data/lib/attr_encrypted/adapters/sequel.rb +13 -0
data/test/active_record_test.rb +1 -1
data/test/attr_encrypted_test.rb +12 -5
data/test/data_mapper_test.rb +1 -1
data/test/sequel_test.rb +1 -1
data/test/test_helper.rb +0 -6
metadata +14 -10
data/CHANGELOG +0 -45
data/README.markdown +0 -299
data/lib/huberry/attr_encrypted/adapters/active_record.rb +0 -57
data/lib/huberry/attr_encrypted/adapters/data_mapper.rb +0 -23
data/lib/huberry/attr_encrypted/adapters/sequel.rb +0 -15

data/lib/attr_encrypted/adapters/active_record.rb ADDED Viewed

@@ -0,0 +1,55 @@
+if defined?(ActiveRecord)
+  module AttrEncrypted
+    module Adapters
+      module ActiveRecord
+        def self.extended(base)
+          base.attr_encrypted_options[:encode] = true
+          base.eigenclass_eval { alias_method_chain :method_missing, :attr_encrypted }
+        end
+        protected
+          # Ensures the attribute methods for db fields have been defined before calling the original
+          # <tt>attr_encrypted</tt> method
+          def attr_encrypted(*attrs)
+            define_attribute_methods rescue nil
+            super
+            attrs.reject { |attr| attr.is_a?(Hash) }.each { |attr| alias_method "#{attr}_before_type_cast", attr }
+          end
+          # Allows you to use dynamic methods like <tt>find_by_email</tt> or <tt>scoped_by_email</tt> for
+          # encrypted attributes
+          #
+          # NOTE: This only works when the <tt>:key</tt> option is specified as a string (see the README)
+          #
+          # This is useful for encrypting fields like email addresses. Your user's email addresses
+          # are encrypted in the database, but you can still look up a user by email for logging in
+          #
+          # Example
+          #
+          #   class User < ActiveRecord::Base
+          #     attr_encrypted :email, :key => 'secret key'
+          #   end
+          #
+          #   User.find_by_email_and_password('test@example.com', 'testing')
+          #   # results in a call to
+          #   User.find_by_encrypted_email_and_password('the_encrypted_version_of_test@example.com', 'testing')
+          def method_missing_with_attr_encrypted(method, *args, &block)
+            if match = /^(find|scoped)_(all_by|by)_([_a-zA-Z]\w*)$/.match(method.to_s)
+              attribute_names = match.captures.last.split('_and_')
+              attribute_names.each_with_index do |attribute, index|
+                if attr_encrypted?(attribute)
+                  args[index] = send("encrypt_#{attribute}", args[index])
+                  attribute_names[index] = encrypted_attributes[attribute]
+                end
+              end
+              method = "#{match.captures[0]}_#{match.captures[1]}_#{attribute_names.join('_and_')}".to_sym
+            end
+            method_missing_without_attr_encrypted(method, *args, &block)
+          end
+      end
+    end
+  end
+  ActiveRecord::Base.extend AttrEncrypted::Adapters::ActiveRecord
+end

data/lib/attr_encrypted/adapters/data_mapper.rb ADDED Viewed

@@ -0,0 +1,21 @@
+if defined?(DataMapper)
+  module AttrEncrypted
+    module Adapters
+      module DataMapper
+        def self.extended(base)
+          base.eigenclass_eval do
+            alias_method :included_without_attr_encrypted, :included
+            alias_method :included, :included_with_attr_encrypted
+          end
+        end
+        def included_with_attr_encrypted(base)
+          included_without_attr_encrypted(base)
+          base.attr_encrypted_options[:encode] = true
+        end
+      end
+    end
+  end
+  DataMapper::Resource.extend AttrEncrypted::Adapters::DataMapper
+end

data/lib/attr_encrypted/adapters/sequel.rb ADDED Viewed

@@ -0,0 +1,13 @@
+if defined?(Sequel)
+  module AttrEncrypted
+    module Adapters
+      module Sequel
+        def self.extended(base)
+          base.attr_encrypted_options[:encode] = true
+        end
+      end
+    end
+  end
+  Sequel::Model.extend AttrEncrypted::Adapters::Sequel
+end

data/test/active_record_test.rb CHANGED Viewed

@@ -20,7 +20,7 @@ create_people_table
 class Person < ActiveRecord::Base
   attr_encrypted :email, :key => 'a secret key'
-  attr_encrypted :credentials, :key => Proc.new { |user| Huberry::Encryptor.encrypt(:value => user.salt, :key => 'some private key') }, :marshal => true
+  attr_encrypted :credentials, :key => Proc.new { |user| Encryptor.encrypt(:value => user.salt, :key => 'some private key') }, :marshal => true
   def after_initialize
     self.salt ||= Digest::SHA256.hexdigest((Time.now.to_i * rand(5)).to_s)

data/test/attr_encrypted_test.rb CHANGED Viewed

@@ -24,6 +24,9 @@ class User
   attr_encrypted :with_false_if, :key => 'secret key', :if => false
   attr_encrypted :with_true_unless, :key => 'secret key', :unless => true
   attr_encrypted :with_false_unless, :key => 'secret key', :unless => false
+  attr_encryptor :aliased, :key => 'secret_key'
   attr_accessor :salt
   def initialize
@@ -157,7 +160,7 @@ class AttrEncryptedTest < Test::Unit::TestCase
     assert_nil @user.ssn_encrypted
     @user.ssn = 'testing'
     assert_not_nil @user.ssn_encrypted
-    assert_equal Huberry::Encryptor.encrypt(:value => 'testing', :key => @user.salt), @user.ssn_encrypted
+    assert_equal Encryptor.encrypt(:value => 'testing', :key => @user.salt), @user.ssn_encrypted
   end
   def test_should_evaluate_a_key_passed_as_a_proc
@@ -165,7 +168,7 @@ class AttrEncryptedTest < Test::Unit::TestCase
     assert_nil @user.crypted_password_test
     @user.password = 'testing'
     assert_not_nil @user.crypted_password_test
-    assert_equal Huberry::Encryptor.encrypt(:value => 'testing', :key => 'User'), @user.crypted_password_test
+    assert_equal Encryptor.encrypt(:value => 'testing', :key => 'User'), @user.crypted_password_test
   end
   def test_should_use_options_found_in_the_attr_encrypted_options_attribute
@@ -173,7 +176,7 @@ class AttrEncryptedTest < Test::Unit::TestCase
     assert_nil @user.crypted_password_test
     @user.password = 'testing'
     assert_not_nil @user.crypted_password_test
-    assert_equal Huberry::Encryptor.encrypt(:value => 'testing', :key => 'User'), @user.crypted_password_test
+    assert_equal Encryptor.encrypt(:value => 'testing', :key => 'User'), @user.crypted_password_test
   end
   def test_should_inherit_encrypted_attributes
@@ -215,7 +218,7 @@ class AttrEncryptedTest < Test::Unit::TestCase
     assert_nil @user.encrypted_with_true_if
     @user.with_true_if = 'testing'
     assert_not_nil @user.encrypted_with_true_if
-    assert_equal Huberry::Encryptor.encrypt(:value => 'testing', :key => 'secret key'), @user.encrypted_with_true_if
+    assert_equal Encryptor.encrypt(:value => 'testing', :key => 'secret key'), @user.encrypted_with_true_if
   end
   def test_should_not_encrypt_with_false_if
@@ -231,7 +234,7 @@ class AttrEncryptedTest < Test::Unit::TestCase
     assert_nil @user.encrypted_with_false_unless
     @user.with_false_unless = 'testing'
     assert_not_nil @user.encrypted_with_false_unless
-    assert_equal Huberry::Encryptor.encrypt(:value => 'testing', :key => 'secret key'), @user.encrypted_with_false_unless
+    assert_equal Encryptor.encrypt(:value => 'testing', :key => 'secret key'), @user.encrypted_with_false_unless
   end
   def test_should_not_encrypt_with_true_unless
@@ -242,4 +245,8 @@ class AttrEncryptedTest < Test::Unit::TestCase
     assert_equal 'testing', @user.encrypted_with_true_unless
   end
+  def test_should_work_with_aliased_attr_encryptor
+    assert User.encrypted_attributes.include?('aliased')
+  end
 end

data/test/data_mapper_test.rb CHANGED Viewed

@@ -11,7 +11,7 @@ class Client
   property :salt, String
   attr_encrypted :email, :key => 'a secret key'
-  attr_encrypted :credentials, :key => Proc.new { |client| Huberry::Encryptor.encrypt(:value => client.salt, :key => 'some private key') }, :marshal => true
+  attr_encrypted :credentials, :key => Proc.new { |client| Encryptor.encrypt(:value => client.salt, :key => 'some private key') }, :marshal => true
   def initialize(attrs = {})
     super attrs

data/test/sequel_test.rb CHANGED Viewed

@@ -12,7 +12,7 @@ end
 class Human < Sequel::Model(:humans)
   attr_encrypted :email, :key => 'a secret key'
-  attr_encrypted :credentials, :key => Proc.new { |human| Huberry::Encryptor.encrypt(:value => human.salt, :key => 'some private key') }, :marshal => true
+  attr_encrypted :credentials, :key => Proc.new { |human| Encryptor.encrypt(:value => human.salt, :key => 'some private key') }, :marshal => true
   def after_initialize(attrs = {})
     self.salt ||= Digest::SHA1.hexdigest((Time.now.to_i * rand(5)).to_s)

data/test/test_helper.rb CHANGED Viewed

@@ -3,12 +3,6 @@ require 'digest/sha2'
 require 'rubygems'
-gem 'activerecord'
-gem 'datamapper'
-gem 'sequel'
-require 'eigenclass'
-require 'encryptor'
 require 'active_record'
 require 'datamapper'
 require 'sequel'

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: attr_encrypted
 version: !ruby/object:Gem::Version
-  version: 1.0.9
+  version: 1.1.0
 platform: ruby
 authors:
 - Sean Huber
@@ -9,7 +9,7 @@ autorequire:
 bindir: bin
 cert_chain: []
-date: 2009-01-14 00:00:00 -08:00
+date: 2010-01-28 00:00:00 -08:00
 default_executable:
 dependencies:
 - !ruby/object:Gem::Dependency
@@ -20,7 +20,7 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 1.0.1
+        version: 1.1.1
     version:
 - !ruby/object:Gem::Dependency
   name: encryptor
@@ -30,7 +30,7 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 1.0.0
+        version: 1.1.0
     version:
 description: Generates attr_accessors that encrypt and decrypt attributes transparently
 email: shuber@huberry.com
@@ -41,14 +41,17 @@ extensions: []
 extra_rdoc_files: []
 files:
-- CHANGELOG
 - lib/attr_encrypted.rb
-- lib/huberry/attr_encrypted/adapters/active_record.rb
-- lib/huberry/attr_encrypted/adapters/data_mapper.rb
-- lib/huberry/attr_encrypted/adapters/sequel.rb
+- lib/attr_encrypted/adapters/active_record.rb
+- lib/attr_encrypted/adapters/data_mapper.rb
+- lib/attr_encrypted/adapters/sequel.rb
 - MIT-LICENSE
 - Rakefile
-- README.markdown
+- README.rdoc
+- test/active_record_test.rb
+- test/attr_encrypted_test.rb
+- test/data_mapper_test.rb
+- test/sequel_test.rb
 - test/test_helper.rb
 has_rdoc: true
 homepage: http://github.com/shuber/attr_encrypted
@@ -59,7 +62,7 @@ rdoc_options:
 - --line-numbers
 - --inline-source
 - --main
-- README.markdown
+- README.rdoc
 require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
@@ -86,3 +89,4 @@ test_files:
 - test/attr_encrypted_test.rb
 - test/data_mapper_test.rb
 - test/sequel_test.rb
+- test/test_helper.rb

data/CHANGELOG DELETED Viewed

@@ -1,45 +0,0 @@
-2009-05-20 - Sean Huber (shuber@huberry.com)
-  * Update ActiveRecord tests
-2009-01-18 - Sean Huber (shuber@huberry.com)
-  * Don't attempt to encrypt/decrypt empty strings
-2009-01-14 - Sean Huber (shuber@huberry.com)
-  * Move Class logic into Object
-2009-01-13 - Sean Huber (shuber@huberry.com)
-  * :marshal no longer defaults to true in ORM adapters
-  * Load gem dependencies
-2009-01-12 - Sean Huber (shuber@huberry.com)
-  * Remove read_attribute and write_attribute methods - unnecessary
-  * ActiveRecord and DataMapper extensions are now "adapters"
-  * Check for existing reader and writer methods separately before creating default ones for encrypted attributes
-  * Typo: should send(encrypted_attribute_name.to_sym) instead of send(encrypted_attribute_name.to_s)
-  * Add Sequel adapter
-  * Update DataMapper tests
-  * Update README
-  * Set attr_encrypted_options instead of overwriting the attr_encrypted method in adapters
-2009-01-11 - Sean Huber (shuber@huberry.com)
-  * Update README
-2009-01-10 - Sean Huber (shuber@huberry.com)
-  * Update README
-2009-01-08 - Sean Huber (shuber@huberry.com)
-  * Update comments and documentation
-  * Update README
-  * Add gemspec
-  * Add support for data mapper
-  * Attribute methods are now defined before calling attr_encrypted when using active record
-  * Add ability to specify your own encoding directives
-  * Update logic that evaluates symbol and proc options
-  * Add support for :if and :unless options
-  * Add AttrEncrypted namespace
-2009-01-07 - Sean Huber (shuber@huberry.com)
-  * Initial commit
-  * Add comments/documentation to the active record related logic
-  * Add more attr_encrypted tests
-  * Update tests and comments

data/README.markdown DELETED Viewed

@@ -1,299 +0,0 @@
-attr\_encrypted
-===============
-Generates attr\_accessors that encrypt and decrypt attributes transparently
-It works with ANY class, however, you get a few extra features when you're using it with ActiveRecord, DataMapper, or Sequel
-Installation
-------------
-	gem install attr_encrypted --source http://gemcutter.org
-Usage
------
-### Basic ###
-Encrypting attributes has never been easier:
-	class User
-	  attr_accessor :name
-	  attr_encrypted :ssn, :key => 'a secret key'
-	  def load
-	    # loads the stored data
-	  end
-	  def save
-	    # saves the :name and :encrypted_ssn attributes somewhere (e.g. filesystem, database, etc)
-	  end
-	end
-	@user = User.new
-	@user.ssn = '123-45-6789'
-	@user.encrypted_ssn # returns the encrypted version of :ssn
-	@user.save
-	@user = User.load
-	@user.ssn # decrypts :encrypted_ssn and returns '123-45-6789'
-### Specifying the encrypted attribute name ###
-By default, the encrypted attribute name is `encrypted_#{attribute}` (e.g. `attr_encrypted :email` would create an attribute named `encrypted_email`). So, if you're storing the encrypted attribute in the database, you need to make sure the `encrypted_#{attribute}` field exists in your table. You have a couple of options if you want to name your attribute something else.
-#### The `:attribute` option ####
-You can simply pass the name of the encrypted attribute as the `:attribute` option:
-	class User
-	  attr_encrypted :email, :key => 'a secret key', :attribute => 'email_encrypted'
-	end
-This would generate an attribute named `email_encrypted`
-#### The `:prefix` and `:suffix` options ####
-If you're planning on encrypting a few different attributes and you don't like the `encrypted_#{attribute}` naming convention then you can specify your own:
-	class User
-	  attr_encrypted :email, :credit_card, :ssn, :key => 'a secret key', :prefix => 'secret_', :suffix => '_crypted'
-	end
-This would generate the following attributes: `secret_email_crypted`, `secret_credit_card_crypted`, and `secret_ssn_crypted`.
-### Encryption keys ###
-Although a `:key` option may not be required (see custom encryptor below), it has a few special features
-#### Unique keys for each attribute ####
-You can specify unique keys for each attribute if you'd like:
-	class User
-	  attr_encrypted :email, :key => 'a secret key'
-	  attr_encrypted :ssn, :key => 'a different secret key'
-	end
-#### Symbols representing instance methods as keys ####
-If your class has an instance method that determines the encryption key to use, simply pass a symbol representing it like so:
-	class User
-	  attr_encrypted :email, :key => :encryption_key
-	  def encryption_key
-	    # does some fancy logic and returns an encryption key
-	  end
-	end
-#### Procs as keys ####
-You can pass a proc/lambda object as the `:key` option as well:
-	class User
-	  attr_encrypted :email, :key => proc { |user| ... }
-	end
-### Conditional encrypting ###
-There may be times that you want to only encrypt when certain conditions are met. For example maybe you're using rails and you don't want to encrypt
-attributes when you're in development mode. You can specify conditions like this:
-	class User < ActiveRecord::Base
-	  attr_encrypted :email, :key => 'a secret key', :unless => Rails.env.development?
-	end
-You can specify both `:if` and `:unless` options. If you pass a symbol representing an instance method then the result of the method will be evaluated.
-Any objects that respond to `:call` are evaluated as well.
-### Custom encryptor ###
-The [Huberry::Encryptor](http://github.com/shuber/encryptor) class is used by default. You may use your own custom encryptor by specifying
-the `:encryptor`, `:encrypt_method`, and `:decrypt_method` options
-Lets suppose you'd like to use this custom encryptor class:
-	class SillyEncryptor
-	  def self.silly_encrypt(options)
-	    (options[:value] + options[:secret_key]).reverse
-	  end
-	  def self.silly_decrypt(options)
-	    options[:value].reverse.gsub(/#{options[:secret_key]}$/, '')
-	  end
-	end
-Simply set up your class like so:
-	class User
-	  attr_encrypted :email, :secret_key => 'a secret key', :encryptor => SillyEncryptor, :encrypt_method => :silly_encrypt, :decrypt_method => :silly_decrypt
-	end
-Any options that you pass to `attr_encrypted` will be passed to the encryptor along with the `:value` option which contains the string to encrypt/decrypt.
-Notice it uses `:secret_key` instead of `:key`.
-### Custom algorithms ###
-The default [Huberry::Encryptor](http://github.com/shuber/encryptor) uses the standard ruby OpenSSL library. It's default algorithm is `aes-256-cbc`. You can
-modify this by passing the `:algorithm` option to the `attr_encrypted` call like so:
-	class User
-	  attr_encrypted :email, :key => 'a secret key', :algorithm => 'bf'
-	end
-Run `openssl list-cipher-commands` to view a list of algorithms supported on your platform. See [http://github.com/shuber/encryptor](http://github.com/shuber/encryptor) for more information.
-	aes-128-cbc
-	aes-128-ecb
-	aes-192-cbc
-	aes-192-ecb
-	aes-256-cbc
-	aes-256-ecb
-	base64
-	bf
-	bf-cbc
-	bf-cfb
-	bf-ecb
-	bf-ofb
-	cast
-	cast-cbc
-	cast5-cbc
-	cast5-cfb
-	cast5-ecb
-	cast5-ofb
-	des
-	des-cbc
-	des-cfb
-	des-ecb
-	des-ede
-	des-ede-cbc
-	des-ede-cfb
-	des-ede-ofb
-	des-ede3
-	des-ede3-cbc
-	des-ede3-cfb
-	des-ede3-ofb
-	des-ofb
-	des3
-	desx
-	idea
-	idea-cbc
-	idea-cfb
-	idea-ecb
-	idea-ofb
-	rc2
-	rc2-40-cbc
-	rc2-64-cbc
-	rc2-cbc
-	rc2-cfb
-	rc2-ecb
-	rc2-ofb
-	rc4
-	rc4-40
-### Default options ###
-Let's imagine that you have a few attributes that you want to encrypt with different keys, but you don't like the `encrypted_#{attribute}` naming convention.
-Instead of having to define your class like this:
-	class User
-	  attr_encrypted :email, :key => 'a secret key', :prefix => '', :suffix => '_crypted'
-	  attr_encrypted :ssn, :key => 'a different secret key', :prefix => '', :suffix => '_crypted'
-	  attr_encrypted :credit_card, :key => 'another secret key', :prefix => '', :suffix => '_crypted'
-	end
-You can simply define some default options like so:
-	class User
-	  attr_encrypted_options.merge!(:prefix => '', :suffix => '_crypted')
-	  attr_encrypted :email, :key => 'a secret key'
-	  attr_encrypted :ssn, :key => 'a different secret key'
-	  attr_encrypted :credit_card, :key => 'another secret key'
-	end
-This should help keep your classes clean and DRY.
-### Encoding ###
-You're probably going to be storing your encrypted attributes somehow (e.g. filesystem, database, etc) and may run into some issues trying to store a weird
-encrypted string. I've had this problem myself using MySQL. You can simply pass the `:encode` option to automatically encode/decode when encrypting/decrypting.
-	class User
-	  attr_encrypted :email, :key => 'some secret key', :encode => true
-	end
-The default encoding is `m*` (base64). You can change this by setting `:encode => 'some encoding'`. See  [Array#pack](http://www.ruby-doc.org/core/classes/Array.html#M002245) for more encoding options.
-### Marshaling ###
-You may want to encrypt objects other than strings (e.g. hashes, arrays, etc). If this is the case, simply pass the `:marshal` option to automatically marshal
-when encrypting/decrypting.
-	class User
-	  attr_encrypted :credentials, :key => 'some secret key', :marshal => true
-	end
-### Encrypt/decrypt attribute methods ###
-If you use the same key to encrypt every record (per attribute) like this:
-	class User
-	  attr_encrypted :email, :key => 'a secret key'
-	end
-Then you'll have these two class methods available for each attribute: `User.encrypt_email(email_to_encrypt)` and `User.decrypt_email(email_to_decrypt)`. This can
-be useful when you're using ActiveRecord (see below).
-### ActiveRecord ###
-If you're using this gem with ActiveRecord, you get a few extra features:
-#### Default options ####
-For your convenience, the `:encode` option is set to true by default since you'll be storing everything in a database.
-#### Dynamic find\_by\_ and scoped\_by\_ methods ####
-Let's say you'd like to encrypt your user's email addresses, but you also need a way for them to login. Simply set up your class like so:
-	class User < ActiveRecord::Base
-	  attr_encrypted :email, :key => 'a secret key'
-	  attr_encrypted :password, :key => 'some other secret key'
-	end
-You can now lookup and login users like so:
-	User.find_by_email_and_password('test@example.com', 'testing')
-The call to `find_by_email_and_password` is intercepted and modified to `find_by_encrypted_email_and_encrypted_password('ENCRYPTED EMAIL', 'ENCRYPTED PASSWORD')`.
-The dynamic scope methods like `scoped_by_email_and_password` work the same way.
-NOTE: This only works if all records are encrypted with the same encryption key (per attribute).
-### DataMapper and Sequel ###
-Just like the default options for ActiveRecord, the `:encode` option is set to true by default since you'll be storing everything in a database.
-Contact
--------
-Problems, comments, and suggestions all welcome: [shuber@huberry.com](mailto:shuber@huberry.com)