RubyGems - attr_encrypted - Versions diffs - 1.2.1 → 1.3.0 - Mend

attr_encrypted 1.2.1 → 1.3.0

Files changed (17) hide show

data/README.rdoc +2 -2
data/Rakefile +15 -4
data/lib/attr_encrypted.rb +45 -1
data/lib/attr_encrypted/adapters/active_record.rb +9 -0
data/lib/attr_encrypted/version.rb +2 -2
data/test/active_record_test.rb +48 -52
data/test/attr_encrypted_test.rb +33 -38
data/test/compatibility_test.rb +126 -0
data/test/data_mapper_test.rb +10 -5
data/test/legacy_active_record_test.rb +116 -0
data/test/legacy_attr_encrypted_test.rb +297 -0
data/test/legacy_compatibility_test.rb +104 -0
data/test/legacy_data_mapper_test.rb +52 -0
data/test/legacy_sequel_test.rb +48 -0
data/test/sequel_test.rb +12 -9
data/test/test_helper.rb +26 -1
metadata +109 -6

data/test/legacy_compatibility_test.rb ADDED Viewed

@@ -0,0 +1,104 @@
+# -*- encoding: utf-8 -*-
+require File.expand_path('../test_helper', __FILE__)
+# Test to ensure that existing representations in database do not break on
+# migrating to new versions of this gem. This ensures that future versions of
+# this gem will retain backwards compatibility with data generated by earlier
+# versions.
+class LegacyCompatibilityTest < Test::Unit::TestCase
+  class LegacyNonmarshallingPet < ActiveRecord::Base
+    PET_NICKNAME_SALT = Digest::SHA256.hexdigest('my-really-really-secret-pet-nickname-salt')
+    PET_NICKNAME_KEY = 'my-really-really-secret-pet-nickname-key'
+    PET_BIRTHDATE_SALT = Digest::SHA256.hexdigest('my-really-really-secret-pet-birthdate-salt')
+    PET_BIRTHDATE_KEY = 'my-really-really-secret-pet-birthdate-key'
+    attr_encrypted :nickname,
+      :key => proc { Encryptor.encrypt(:value => PET_NICKNAME_SALT, :key => PET_NICKNAME_KEY) }
+    attr_encrypted :birthdate,
+      :key => proc { Encryptor.encrypt(:value => PET_BIRTHDATE_SALT, :key => PET_BIRTHDATE_KEY) }
+  end
+  class LegacyMarshallingPet < ActiveRecord::Base
+    PET_NICKNAME_SALT = Digest::SHA256.hexdigest('my-really-really-secret-pet-nickname-salt')
+    PET_NICKNAME_KEY = 'my-really-really-secret-pet-nickname-key'
+    PET_BIRTHDATE_SALT = Digest::SHA256.hexdigest('my-really-really-secret-pet-birthdate-salt')
+    PET_BIRTHDATE_KEY = 'my-really-really-secret-pet-birthdate-key'
+    attr_encrypted :nickname,
+      :key => proc { Encryptor.encrypt(:value => PET_NICKNAME_SALT, :key => PET_NICKNAME_KEY) },
+      :marshal => true
+    attr_encrypted :birthdate,
+      :key => proc { Encryptor.encrypt(:value => PET_BIRTHDATE_SALT, :key => PET_BIRTHDATE_KEY) },
+      :marshal => true
+  end
+  def setup
+    ActiveRecord::Base.connection.tables.each { |table| ActiveRecord::Base.connection.drop_table(table) }
+    create_tables
+  end
+  def test_nonmarshalling_backwards_compatibility
+    pet = LegacyNonmarshallingPet.create!(
+      :name => 'Fido',
+      :encrypted_nickname => 'uSUB6KGzta87yxesyVc3DA==',
+      :encrypted_birthdate => 'I3d691B2PtFXLx15kO067g=='
+    )
+    assert_equal 'Fido', pet.name
+    assert_equal 'Fido the Dog', pet.nickname
+    assert_equal '2011-07-09', pet.birthdate
+  end
+  def test_marshalling_backwards_compatibility
+    # Marshalling formats changed significantly from Ruby 1.8.7 to 1.9.3.
+    # Also, Date class did not correctly support marshalling pre-1.9.3, so here
+    # we just marshal it as a string in the Ruby 1.8.7 case.
+    if RUBY_VERSION < '1.9.3'
+      pet = LegacyMarshallingPet.create!(
+        :name => 'Fido',
+        :encrypted_nickname => 'xhayxWxfkfbNyOS2w1qBMPV49Gfvs6dcZFBopMK2zQA=',
+        :encrypted_birthdate => 'f4ufXun4GXzahH4MQ1eTBQ=='
+      )
+    else
+      pet = LegacyMarshallingPet.create!(
+        :name => 'Fido',
+        :encrypted_nickname => '7RwoT64in4H+fGVBPYtRcN0K4RtriIy1EP4nDojUa8g=',
+        :encrypted_birthdate => 'bSp9sJhXQSp2QlNZHiujtcK4lRVBE8HQhn1y7moQ63bGJR20hvRSZ73ePAmm+wc5'
+      )
+    end
+    assert_equal 'Fido', pet.name
+    assert_equal 'Mummy\'s little helper', pet.nickname
+    # See earlier comment.
+    if RUBY_VERSION < '1.9.3'
+      assert_equal '2011-07-09', pet.birthdate
+    else
+      assert_equal Date.new(2011, 7, 9), pet.birthdate
+    end
+  end
+  private
+  def create_tables
+    silence_stream(STDOUT) do
+      ActiveRecord::Schema.define(:version => 1) do
+        create_table :legacy_nonmarshalling_pets do |t|
+          t.string :name
+          t.string :encrypted_nickname
+          t.string :encrypted_birthdate
+          t.string :salt
+        end
+        create_table :legacy_marshalling_pets do |t|
+          t.string :name
+          t.string :encrypted_nickname
+          t.string :encrypted_birthdate
+          t.string :salt
+        end
+      end
+    end
+  end
+end
+ActiveRecord::Base.establish_connection :adapter => 'sqlite3', :database => ':memory:'

data/test/legacy_data_mapper_test.rb ADDED Viewed

@@ -0,0 +1,52 @@
+require File.expand_path('../test_helper', __FILE__)
+DataMapper.setup(:default, 'sqlite3::memory:')
+class LegacyClient
+  include DataMapper::Resource
+  property :id, Serial
+  property :encrypted_email, String
+  property :encrypted_credentials, Text
+  property :salt, String
+  attr_encrypted :email, :key => 'a secret key'
+  attr_encrypted :credentials, :key => Proc.new { |client| Encryptor.encrypt(:value => client.salt, :key => 'some private key') }, :marshal => true
+  def initialize(attrs = {})
+    super attrs
+    self.salt ||= Digest::SHA1.hexdigest((Time.now.to_i * rand(5)).to_s)
+    self.credentials ||= { :username => 'example', :password => 'test' }
+  end
+end
+DataMapper.auto_migrate!
+class LegacyDataMapperTest < Test::Unit::TestCase
+  def setup
+    LegacyClient.all.each(&:destroy)
+  end
+  def test_should_encrypt_email
+    @client = LegacyClient.new :email => 'test@example.com'
+    assert @client.save
+    assert_not_nil @client.encrypted_email
+    assert_not_equal @client.email, @client.encrypted_email
+    assert_equal @client.email, LegacyClient.first.email
+  end
+  def test_should_marshal_and_encrypt_credentials
+    @client = LegacyClient.new
+    assert @client.save
+    assert_not_nil @client.encrypted_credentials
+    assert_not_equal @client.credentials, @client.encrypted_credentials
+    assert_equal @client.credentials, LegacyClient.first.credentials
+    assert LegacyClient.first.credentials.is_a?(Hash)
+  end
+  def test_should_encode_by_default
+    assert LegacyClient.attr_encrypted_options[:encode]
+  end
+end

data/test/legacy_sequel_test.rb ADDED Viewed

@@ -0,0 +1,48 @@
+require File.expand_path('../test_helper', __FILE__)
+DB.create_table :legacy_humans do
+  primary_key :id
+  column :encrypted_email, :string
+  column :password, :string
+  column :encrypted_credentials, :string
+  column :salt, :string
+end
+class LegacyHuman < Sequel::Model(:legacy_humans)
+  attr_encrypted :email, :key => 'a secret key'
+  attr_encrypted :credentials, :key => Proc.new { |human| Encryptor.encrypt(:value => human.salt, :key => 'some private key') }, :marshal => true
+  def after_initialize(attrs = {})
+    self.salt ||= Digest::SHA1.hexdigest((Time.now.to_i * rand(5)).to_s)
+    self.credentials ||= { :username => 'example', :password => 'test' }
+  end
+end
+class LegacySequelTest < Test::Unit::TestCase
+  def setup
+    LegacyHuman.all.each(&:destroy)
+  end
+  def test_should_encrypt_email
+    @human = LegacyHuman.new :email => 'test@example.com'
+    assert @human.save
+    assert_not_nil @human.encrypted_email
+    assert_not_equal @human.email, @human.encrypted_email
+    assert_equal @human.email, LegacyHuman.first.email
+  end
+  def test_should_marshal_and_encrypt_credentials
+    @human = LegacyHuman.new
+    assert @human.save
+    assert_not_nil @human.encrypted_credentials
+    assert_not_equal @human.credentials, @human.encrypted_credentials
+    assert_equal @human.credentials, LegacyHuman.first.credentials
+    assert LegacyHuman.first.credentials.is_a?(Hash)
+  end
+  def test_should_encode_by_default
+    assert LegacyHuman.attr_encrypted_options[:encode]
+  end
+end

data/test/sequel_test.rb CHANGED Viewed

@@ -1,21 +1,23 @@
 require File.expand_path('../test_helper', __FILE__)
-DB = Sequel.sqlite
 DB.create_table :humans do
   primary_key :id
   column :encrypted_email, :string
+  column :encrypted_email_salt, String
+  column :encrypted_email_iv, :string
   column :password, :string
   column :encrypted_credentials, :string
-  column :salt, :string
+  column :encrypted_credentials_iv, :string
+  column :encrypted_credentials_salt, String
 end
-class Human < Sequel::Model(:humans)
-  attr_encrypted :email, :key => 'a secret key'
-  attr_encrypted :credentials, :key => Proc.new { |human| Encryptor.encrypt(:value => human.salt, :key => 'some private key') }, :marshal => true
+class Human < Sequel::Model(:humans)
+  self.attr_encrypted_options[:mode] = :per_attribute_iv_and_salt
+  attr_encrypted :email, :key => SECRET_KEY
+  attr_encrypted :credentials, :key => SECRET_KEY, :marshal => true
   def after_initialize(attrs = {})
-    self.salt ||= Digest::SHA1.hexdigest((Time.now.to_i * rand(5)).to_s)
     self.credentials ||= { :username => 'example', :password => 'test' }
   end
 end
@@ -35,7 +37,8 @@ class SequelTest < Test::Unit::TestCase
   end
   def test_should_marshal_and_encrypt_credentials
-    @human = Human.new
+    @human = Human.new :credentials => { :username => 'example', :password => 'test' }
     assert @human.save
     assert_not_nil @human.encrypted_credentials
     assert_not_equal @human.credentials, @human.encrypted_credentials
@@ -47,4 +50,4 @@ class SequelTest < Test::Unit::TestCase
     assert Human.attr_encrypted_options[:encode]
   end
-end
+end

data/test/test_helper.rb CHANGED Viewed

@@ -1,3 +1,17 @@
+if RUBY_VERSION >= '1.9.3'
+  require 'simplecov'
+  require 'simplecov-rcov'
+  SimpleCov.formatter = SimpleCov::Formatter::MultiFormatter[
+    SimpleCov::Formatter::HTMLFormatter,
+    SimpleCov::Formatter::RcovFormatter,
+  ]
+  SimpleCov.start do
+    add_filter 'test'
+  end
+end
 require 'test/unit'
 require 'digest/sha2'
 require 'rubygems'
@@ -11,4 +25,15 @@ $:.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
 $:.unshift(File.dirname(__FILE__))
 require 'attr_encrypted'
-puts "\nTesting with ActiveRecord #{ActiveRecord::VERSION::STRING rescue ENV['ACTIVE_RECORD_VERSION']}"
+puts "\nTesting with ActiveRecord #{ActiveRecord::VERSION::STRING rescue ENV['ACTIVE_RECORD_VERSION']}"
+DB = Sequel.sqlite
+# The :after_initialize hook was removed in Sequel 4.0
+# and had been deprecated for a while before that:
+# http://sequel.rubyforge.org/rdoc-plugins/classes/Sequel/Plugins/AfterInitialize.html
+# This plugin re-enables it.
+Sequel::Model.plugin :after_initialize
+SECRET_KEY = 4.times.map { Digest::SHA256.hexdigest((Time.now.to_i * rand(5)).to_s) }.join

metadata CHANGED Viewed

@@ -1,15 +1,17 @@
 --- !ruby/object:Gem::Specification
 name: attr_encrypted
 version: !ruby/object:Gem::Version
-  version: 1.2.1
+  version: 1.3.0
   prerelease:
 platform: ruby
 authors:
 - Sean Huber
+- S. Brent Faulkner
+- William Monk
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2012-09-11 00:00:00.000000000 Z
+date: 2013-11-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: encryptor
@@ -18,7 +20,7 @@ dependencies:
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
-        version: 1.1.1
+        version: 1.3.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -26,7 +28,7 @@ dependencies:
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
-        version: 1.1.1
+        version: 1.3.0
 - !ruby/object:Gem::Dependency
   name: activerecord
   requirement: !ruby/object:Gem::Requirement
@@ -91,8 +93,91 @@ dependencies:
     - - ! '>='
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: sqlite3
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: dm-sqlite-adapter
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.9.2.2
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.9.2.2
+- !ruby/object:Gem::Dependency
+  name: simplecov
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: simplecov-rcov
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
 description: Generates attr_accessors that encrypt and decrypt attributes transparently
-email: shuber@huberry.com
+email:
+- shuber@huberry.com
+- sbfaulkner@gmail.com
+- billy.monk@gmail.com
 executables: []
 extensions: []
 extra_rdoc_files: []
@@ -107,10 +192,16 @@ files:
 - README.rdoc
 - test/active_record_test.rb
 - test/attr_encrypted_test.rb
+- test/compatibility_test.rb
 - test/data_mapper_test.rb
+- test/legacy_active_record_test.rb
+- test/legacy_attr_encrypted_test.rb
+- test/legacy_compatibility_test.rb
+- test/legacy_data_mapper_test.rb
+- test/legacy_sequel_test.rb
 - test/sequel_test.rb
 - test/test_helper.rb
-homepage: http://github.com/shuber/attr_encrypted
+homepage: http://github.com/attr_encrypted/attr_encrypted
 licenses: []
 post_install_message:
 rdoc_options:
@@ -126,12 +217,18 @@ required_ruby_version: !ruby/object:Gem::Requirement
   - - ! '>='
     - !ruby/object:Gem::Version
       version: '0'
+      segments:
+      - 0
+      hash: -52694865588709361
 required_rubygems_version: !ruby/object:Gem::Requirement
   none: false
   requirements:
   - - ! '>='
     - !ruby/object:Gem::Version
       version: '0'
+      segments:
+      - 0
+      hash: -52694865588709361
 requirements: []
 rubyforge_project:
 rubygems_version: 1.8.23
@@ -141,6 +238,12 @@ summary: Encrypt and decrypt attributes
 test_files:
 - test/active_record_test.rb
 - test/attr_encrypted_test.rb
+- test/compatibility_test.rb
 - test/data_mapper_test.rb
+- test/legacy_active_record_test.rb
+- test/legacy_attr_encrypted_test.rb
+- test/legacy_compatibility_test.rb
+- test/legacy_data_mapper_test.rb
+- test/legacy_sequel_test.rb
 - test/sequel_test.rb
 - test/test_helper.rb