attr_encrypted 1.3.3 → 3.0.1

data/lib/attr_encrypted/adapters/active_record.rb

@@ -4,59 +4,100 @@ if defined?(ActiveRecord::Base)
       module ActiveRecord
         def self.extended(base) # :nodoc:
           base.class_eval do
+
+            # https://github.com/attr-encrypted/attr_encrypted/issues/68
+            def reload_with_attr_encrypted(*args, &block)
+              result = reload_without_attr_encrypted(*args, &block)
+              self.class.encrypted_attributes.keys.each do |attribute_name|
+                instance_variable_set("@#{attribute_name}", nil)
+              end
+              result
+            end
+            alias_method_chain :reload, :attr_encrypted
+
             attr_encrypted_options[:encode] = true
+
             class << self
-              alias_method :attr_encryptor, :attr_encrypted
               alias_method_chain :method_missing, :attr_encrypted
-              alias_method :undefine_attribute_methods, :reset_column_information if ::ActiveRecord::VERSION::STRING < "3"
             end
 
             def perform_attribute_assignment(method, new_attributes, *args)
               return if new_attributes.blank?
-              attributes = new_attributes.respond_to?(:with_indifferent_access) ? new_attributes.with_indifferent_access : new_attributes.symbolize_keys
-              encrypted_attributes = self.class.encrypted_attributes.keys
-              self.send method, attributes.except(*encrypted_attributes), *args
-              self.send method, attributes.slice(*encrypted_attributes), *args
+
+              send method, new_attributes.reject { |k, _|  self.class.encrypted_attributes.key?(k.to_sym) }, *args
+              send method, new_attributes.reject { |k, _| !self.class.encrypted_attributes.key?(k.to_sym) }, *args
             end
             private :perform_attribute_assignment
 
-            if ::ActiveRecord::VERSION::STRING < "3.0" || ::ActiveRecord::VERSION::STRING > "3.1"
+            if ::ActiveRecord::VERSION::STRING > "3.1"
               def assign_attributes_with_attr_encrypted(*args)
                 perform_attribute_assignment :assign_attributes_without_attr_encrypted, *args
               end
               alias_method_chain :assign_attributes, :attr_encrypted
-            else
-              def attributes_with_attr_encrypted=(*args)
-                perform_attribute_assignment :attributes_without_attr_encrypted=, *args
-              end
-              alias_method_chain :attributes=, :attr_encrypted
             end
+
+            def attributes_with_attr_encrypted=(*args)
+              perform_attribute_assignment :attributes_without_attr_encrypted=, *args
+            end
+            alias_method_chain :attributes=, :attr_encrypted
           end
         end
 
         protected
 
-          # Ensures the attribute methods for db fields have been defined before calling the original 
           # <tt>attr_encrypted</tt> method
           def attr_encrypted(*attrs)
-            define_attribute_methods rescue nil
             super
-            undefine_attribute_methods
-            attrs.reject { |attr| attr.is_a?(Hash) }.each { |attr| alias_method "#{attr}_before_type_cast", attr }
+            options = attrs.extract_options!
+            attr = attrs.pop
+            options.merge! encrypted_attributes[attr]
+
+            define_method("#{attr}_changed?") do
+              if send("#{options[:attribute]}_changed?")
+                send(attr) != send("#{attr}_was")
+              end
+            end
+
+            define_method("#{attr}_was") do
+              attr_was_options = { operation: :decrypting }
+              attr_was_options[:iv]= send("#{options[:attribute]}_iv_was") if respond_to?("#{options[:attribute]}_iv_was")
+              attr_was_options[:salt]= send("#{options[:attribute]}_salt_was") if respond_to?("#{options[:attribute]}_salt_was")
+              encrypted_attributes[attr].merge!(attr_was_options)
+              evaluated_options = evaluated_attr_encrypted_options_for(attr)
+              [:iv, :salt, :operation].each { |key| encrypted_attributes[attr].delete(key) }
+              self.class.decrypt(attr, send("#{options[:attribute]}_was"), evaluated_options)
+            end
+
+            alias_method "#{attr}_before_type_cast", attr
+          end
+
+          def attribute_instance_methods_as_symbols
+            # We add accessor methods of the db columns to the list of instance
+            # methods returned to let ActiveRecord define the accessor methods
+            # for the db columns
+
+            # Use with_connection so the connection doesn't stay pinned to the thread.
+            connected = ::ActiveRecord::Base.connection_pool.with_connection(&:active?) rescue false
+
+            if connected && table_exists?
+              columns_hash.keys.inject(super) {|instance_methods, column_name| instance_methods.concat [column_name.to_sym, :"#{column_name}="]}
+            else
+              super
+            end
           end
 
-          # Allows you to use dynamic methods like <tt>find_by_email</tt> or <tt>scoped_by_email</tt> for 
+          # Allows you to use dynamic methods like <tt>find_by_email</tt> or <tt>scoped_by_email</tt> for
           # encrypted attributes
           #
           # NOTE: This only works when the <tt>:key</tt> option is specified as a string (see the README)
           #
-          # This is useful for encrypting fields like email addresses. Your user's email addresses 
+          # This is useful for encrypting fields like email addresses. Your user's email addresses
           # are encrypted in the database, but you can still look up a user by email for logging in
           #
           # Example
           #
           #   class User < ActiveRecord::Base
-          #     attr_encrypted :email, :key => 'secret key'
+          #     attr_encrypted :email, key: 'secret key'
           #   end
           #
           #   User.find_by_email_and_password('test@example.com', 'testing')
@@ -66,8 +107,9 @@ if defined?(ActiveRecord::Base)
             if match = /^(find|scoped)_(all_by|by)_([_a-zA-Z]\w*)$/.match(method.to_s)
               attribute_names = match.captures.last.split('_and_')
               attribute_names.each_with_index do |attribute, index|
-                if attr_encrypted?(attribute)
+                if attr_encrypted?(attribute) && encrypted_attributes[attribute.to_sym][:mode] == :single_iv_and_salt
                   args[index] = send("encrypt_#{attribute}", args[index])
+                  warn "DEPRECATION WARNING: This feature will be removed in the next major release."
                   attribute_names[index] = encrypted_attributes[attribute.to_sym][:attribute]
                 end
               end
@@ -79,5 +121,6 @@ if defined?(ActiveRecord::Base)
     end
   end
 
+  ActiveRecord::Base.extend AttrEncrypted
   ActiveRecord::Base.extend AttrEncrypted::Adapters::ActiveRecord
-end
+end

data/lib/attr_encrypted/adapters/data_mapper.rb

@@ -11,6 +11,7 @@ if defined?(DataMapper)
 
         def included_with_attr_encrypted(base)
           included_without_attr_encrypted(base)
+          base.extend AttrEncrypted
           base.attr_encrypted_options[:encode] = true
         end
       end

data/lib/attr_encrypted/adapters/sequel.rb

@@ -9,5 +9,6 @@ if defined?(Sequel)
     end
   end
 
+  Sequel::Model.extend AttrEncrypted
   Sequel::Model.extend AttrEncrypted::Adapters::Sequel
 end

data/lib/attr_encrypted/version.rb

@@ -1,9 +1,9 @@
 module AttrEncrypted
   # Contains information about this gem's version
   module Version
-    MAJOR = 1
-    MINOR = 3
-    PATCH = 3
+    MAJOR = 3
+    MINOR = 0
+    PATCH = 1
 
     # Returns a version string by joining <tt>MAJOR</tt>, <tt>MINOR</tt>, and <tt>PATCH</tt> with <tt>'.'</tt>
     #

data/test/active_record_test.rb

@@ -1,15 +1,16 @@
-require File.expand_path('../test_helper', __FILE__)
+require_relative 'test_helper'
 
-ActiveRecord::Base.establish_connection :adapter => 'sqlite3', :database => ':memory:'
+ActiveRecord::Base.establish_connection(adapter: 'sqlite3', database: ':memory:')
 
 def create_tables
   silence_stream(STDOUT) do
-    ActiveRecord::Schema.define(:version => 1) do
+    ActiveRecord::Schema.define(version: 1) do
       create_table :people do |t|
         t.string   :encrypted_email
         t.string   :password
         t.string   :encrypted_credentials
         t.binary   :salt
+        t.binary   :key_iv
         t.string   :encrypted_email_salt
         t.string   :encrypted_credentials_salt
         t.string   :encrypted_email_iv
@@ -23,8 +24,19 @@ def create_tables
       create_table :users do |t|
         t.string :login
         t.string :encrypted_password
+        t.string :encrypted_password_iv
         t.boolean :is_admin
       end
+      create_table :prime_ministers do |t|
+        t.string :encrypted_name
+        t.string :encrypted_name_iv
+      end
+      create_table :addresses do |t|
+        t.binary :encrypted_street
+        t.binary :encrypted_street_iv
+        t.binary :encrypted_zipcode
+        t.string :mode
+      end
     end
   end
 end
@@ -33,7 +45,6 @@ end
 create_tables
 
 ActiveRecord::MissingAttributeError = ActiveModel::MissingAttributeError unless defined?(ActiveRecord::MissingAttributeError)
-ActiveRecord::Base.logger = Logger.new(nil) if ::ActiveRecord::VERSION::STRING < "3.0"
 
 if ::ActiveRecord::VERSION::STRING > "4.0"
   module Rack
@@ -47,22 +58,17 @@ end
 
 class Person < ActiveRecord::Base
   self.attr_encrypted_options[:mode] = :per_attribute_iv_and_salt
-  attr_encrypted :email, :key => SECRET_KEY
-  attr_encrypted :credentials, :key => Proc.new { |user| Encryptor.encrypt(:value => user.salt, :key => SECRET_KEY) }, :marshal => true
+  attr_encrypted :email, key: SECRET_KEY
+  attr_encrypted :credentials, key: Proc.new { |user| Encryptor.encrypt(value: user.salt, key: SECRET_KEY, iv: user.key_iv) }, marshal: true
 
-  if ActiveRecord::VERSION::STRING < "3"
-    def after_initialize
-      initialize_salt_and_credentials
-    end
-  else
-    after_initialize :initialize_salt_and_credentials
-  end
+  after_initialize :initialize_salt_and_credentials
 
   protected
 
   def initialize_salt_and_credentials
+    self.key_iv ||= SecureRandom.random_bytes(12)
     self.salt ||= Digest::SHA256.hexdigest((Time.now.to_i * rand(1000)).to_s)[0..15]
-    self.credentials ||= { :username => 'example', :password => 'test' }
+    self.credentials ||= { username: 'example', password: 'test' }
   end
 end
 
@@ -70,48 +76,64 @@ class PersonWithValidation < Person
   validates_presence_of :email
 end
 
+class PersonWithProcMode < Person
+  attr_encrypted :email,       key: SECRET_KEY, mode: Proc.new { :per_attribute_iv_and_salt }
+  attr_encrypted :credentials, key: SECRET_KEY, mode: Proc.new { :single_iv_and_salt }, insecure_mode: true
+end
+
 class Account < ActiveRecord::Base
   attr_accessor :key
-  attr_encrypted :password, :key => Proc.new {|account| account.key}
+  attr_encrypted :password, key: Proc.new {|account| account.key}
 end
 
 class PersonWithSerialization < ActiveRecord::Base
   self.table_name = 'people'
-  attr_encrypted :email, :key => 'a secret key'
+  attr_encrypted :email, key: SECRET_KEY
   serialize :password
 end
 
 class UserWithProtectedAttribute < ActiveRecord::Base
   self.table_name = 'users'
-  attr_encrypted :password, :key => 'a secret key'
+  attr_encrypted :password, key: SECRET_KEY
   attr_protected :is_admin if ::ActiveRecord::VERSION::STRING < "4.0"
 end
 
 class PersonUsingAlias < ActiveRecord::Base
   self.table_name = 'people'
-  attr_encryptor :email, :key => 'a secret key'
+  attr_encryptor :email, key: SECRET_KEY
 end
 
-class ActiveRecordTest < Test::Unit::TestCase
+class PrimeMinister < ActiveRecord::Base
+  attr_encrypted :name, marshal: true, key: SECRET_KEY
+end
+
+class Address < ActiveRecord::Base
+  self.attr_encrypted_options[:marshal] = false
+  self.attr_encrypted_options[:encode] = false
+  attr_encrypted :street, encode_iv: false, key: SECRET_KEY
+  attr_encrypted :zipcode, key: SECRET_KEY, mode: Proc.new { |address| address.mode.to_sym }, insecure_mode: true
+end
+
+class ActiveRecordTest < Minitest::Test
 
   def setup
     ActiveRecord::Base.connection.tables.each { |table| ActiveRecord::Base.connection.drop_table(table) }
     create_tables
-    Account.create!(:key => SECRET_KEY, :password => "password")
+    Account.create!(key: SECRET_KEY, password: "password")
   end
 
   def test_should_encrypt_email
-    @person = Person.create :email => 'test@example.com'
-    assert_not_nil @person.encrypted_email
-    assert_not_equal @person.email, @person.encrypted_email
-    assert_equal @person.email, Person.find(:first).email
+    @person = Person.create(email: 'test@example.com')
+    refute_nil @person.encrypted_email
+    refute_equal @person.email, @person.encrypted_email
+    assert_equal @person.email, Person.first.email
   end
 
   def test_should_marshal_and_encrypt_credentials
     @person = Person.create
-    assert_not_nil @person.encrypted_credentials
-    assert_not_equal @person.credentials, @person.encrypted_credentials
-    assert_equal @person.credentials, Person.find(:first).credentials
+    refute_nil @person.encrypted_credentials
+    refute_equal @person.credentials, @person.encrypted_credentials
+    assert_equal @person.credentials, Person.first.credentials
   end
 
   def test_should_encode_by_default
@@ -125,67 +147,103 @@ class ActiveRecordTest < Test::Unit::TestCase
   end
 
   def test_should_encrypt_decrypt_with_iv
-    @person = Person.create :email => 'test@example.com'
+    @person = Person.create(email: 'test@example.com')
     @person2 = Person.find(@person.id)
-    assert_not_nil @person2.encrypted_email_iv
+    refute_nil @person2.encrypted_email_iv
     assert_equal 'test@example.com', @person2.email
   end
 
   def test_should_ensure_attributes_can_be_deserialized
-    @person = PersonWithSerialization.new :email => 'test@example.com', :password => %w(an array of strings)
+    @person = PersonWithSerialization.new(email: 'test@example.com', password: %w(an array of strings))
     @person.save
     assert_equal @person.password, %w(an array of strings)
   end
 
   def test_should_create_an_account_regardless_of_arguments_order
-    Account.create!(:key => SECRET_KEY, :password => "password")
-    Account.create!(:password => "password" , :key => SECRET_KEY)
+    Account.create!(key: SECRET_KEY, password: "password")
+    Account.create!(password: "password" , key: SECRET_KEY)
+  end
+
+  def test_should_set_attributes_regardless_of_arguments_order
+    # minitest does not implement `assert_nothing_raised` https://github.com/seattlerb/minitest/issues/112
+    Account.new.attributes = { password: "password", key: SECRET_KEY }
+  end
+
+  def test_should_preserve_hash_key_type
+    hash = { foo: 'bar' }
+    account = Account.create!(key: hash)
+    assert_equal account.key, hash
+  end
+
+  def test_should_create_changed_predicate
+    person = Person.create!(email: 'test@example.com')
+    refute person.email_changed?
+    person.email = 'test@example.com'
+    refute person.email_changed?
+    person.email = nil
+    assert person.email_changed?
+    person.email = 'test2@example.com'
+    assert person.email_changed?
+  end
+
+  def test_should_create_was_predicate
+    original_email = 'test@example.com'
+    person = Person.create!(email: original_email)
+    assert_equal original_email, person.email_was
+    person.email = 'test2@example.com'
+    assert_equal original_email, person.email_was
+    old_pm_name = "Winston Churchill"
+    pm = PrimeMinister.create!(name: old_pm_name)
+    assert_equal old_pm_name, pm.name_was
+    old_zipcode = "90210"
+    address = Address.create!(zipcode: old_zipcode, mode: "single_iv_and_salt")
+    assert_equal old_zipcode, address.zipcode_was
   end
 
   if ::ActiveRecord::VERSION::STRING > "4.0"
     def test_should_assign_attributes
-      @user = UserWithProtectedAttribute.new :login => 'login', :is_admin => false
-      @user.attributes = ActionController::Parameters.new(:login => 'modified', :is_admin => true).permit(:login)
+      @user = UserWithProtectedAttribute.new(login: 'login', is_admin: false)
+      @user.attributes = ActionController::Parameters.new(login: 'modified', is_admin: true).permit(:login)
       assert_equal 'modified', @user.login
     end
 
     def test_should_not_assign_protected_attributes
-      @user = UserWithProtectedAttribute.new :login => 'login', :is_admin => false
-      @user.attributes = ActionController::Parameters.new(:login => 'modified', :is_admin => true).permit(:login)
+      @user = UserWithProtectedAttribute.new(login: 'login', is_admin: false)
+      @user.attributes = ActionController::Parameters.new(login: 'modified', is_admin: true).permit(:login)
       assert !@user.is_admin?
     end
 
     def test_should_raise_exception_if_not_permitted
-      @user = UserWithProtectedAttribute.new :login => 'login', :is_admin => false
-      assert_raise ActiveModel::ForbiddenAttributesError do
-        @user.attributes = ActionController::Parameters.new(:login => 'modified', :is_admin => true)
+      @user = UserWithProtectedAttribute.new(login: 'login', is_admin: false)
+      assert_raises ActiveModel::ForbiddenAttributesError do
+        @user.attributes = ActionController::Parameters.new(login: 'modified', is_admin: true)
       end
     end
 
     def test_should_raise_exception_on_init_if_not_permitted
-      assert_raise ActiveModel::ForbiddenAttributesError do
-        @user = UserWithProtectedAttribute.new ActionController::Parameters.new(:login => 'modified', :is_admin => true)
+      assert_raises ActiveModel::ForbiddenAttributesError do
+        @user = UserWithProtectedAttribute.new ActionController::Parameters.new(login: 'modified', is_admin: true)
       end
     end
   else
     def test_should_assign_attributes
-      @user = UserWithProtectedAttribute.new :login => 'login', :is_admin => false
-      @user.attributes = {:login => 'modified', :is_admin => true}
+      @user = UserWithProtectedAttribute.new(login: 'login', is_admin: false)
+      @user.attributes = { login: 'modified', is_admin: true }
       assert_equal 'modified', @user.login
     end
 
     def test_should_not_assign_protected_attributes
-      @user = UserWithProtectedAttribute.new :login => 'login', :is_admin => false
-      @user.attributes = {:login => 'modified', :is_admin => true}
+      @user = UserWithProtectedAttribute.new(login: 'login', is_admin: false)
+      @user.attributes = { login: 'modified', is_admin: true }
       assert !@user.is_admin?
     end
 
     def test_should_assign_protected_attributes
-      @user = UserWithProtectedAttribute.new :login => 'login', :is_admin => false
+      @user = UserWithProtectedAttribute.new(login: 'login', is_admin: false)
       if ::ActiveRecord::VERSION::STRING > "3.1"
-        @user.send :assign_attributes, {:login => 'modified', :is_admin => true}, :without_protection => true
+        @user.send(:assign_attributes, { login: 'modified', is_admin: true }, without_protection: true)
       else
-        @user.send :attributes=, {:login => 'modified', :is_admin => true}, false
+        @user.send(:attributes=, { login: 'modified', is_admin: true }, false)
       end
       assert @user.is_admin?
     end
@@ -196,6 +254,22 @@ class ActiveRecordTest < Test::Unit::TestCase
     assert_nil(@person.attributes = nil)
   end
 
+  def test_should_allow_proc_based_mode
+    @person = PersonWithProcMode.create(email: 'test@example.com', credentials: 'password123')
+
+    # Email is :per_attribute_iv_and_salt
+    assert_equal @person.class.encrypted_attributes[:email][:mode].class, Proc
+    assert_equal @person.class.encrypted_attributes[:email][:mode].call, :per_attribute_iv_and_salt
+    refute_nil @person.encrypted_email_salt
+    refute_nil @person.encrypted_email_iv
+
+    # Credentials is :single_iv_and_salt
+    assert_equal @person.class.encrypted_attributes[:credentials][:mode].class, Proc
+    assert_equal @person.class.encrypted_attributes[:credentials][:mode].call, :single_iv_and_salt
+    assert_nil @person.encrypted_credentials_salt
+    assert_nil @person.encrypted_credentials_iv
+  end
+
   if ::ActiveRecord::VERSION::STRING > "3.1"
     def test_should_allow_assign_attributes_with_nil
       @person = Person.new
@@ -203,15 +277,41 @@ class ActiveRecordTest < Test::Unit::TestCase
     end
   end
 
-  class TestAlias < Test::Unit::TestCase
-    def test_that_alias_encrypts_column
-      user = PersonUsingAlias.new
-      user.email = 'test@example.com'
-      user.save
+  def test_that_alias_encrypts_column
+    user = PersonUsingAlias.new
+    user.email = 'test@example.com'
+    user.save
 
-      assert_not_nil user.encrypted_email
-      assert_not_equal user.email, user.encrypted_email
-      assert_equal user.email, PersonUsingAlias.find(:first).email
-    end
+    refute_nil user.encrypted_email
+    refute_equal user.email, user.encrypted_email
+    assert_equal user.email, PersonUsingAlias.first.email
+  end
+
+  # See https://github.com/attr-encrypted/attr_encrypted/issues/68
+  def test_should_invalidate_virtual_attributes_on_reload
+    old_pm_name = 'Winston Churchill'
+    new_pm_name = 'Neville Chamberlain'
+    pm = PrimeMinister.create!(name: old_pm_name)
+    assert_equal old_pm_name, pm.name
+    pm.name = new_pm_name
+    assert_equal new_pm_name, pm.name
+
+    result = pm.reload
+    assert_equal pm, result
+    assert_equal old_pm_name, pm.name
+  end
+
+  def test_should_save_encrypted_data_as_binary
+    street = '123 Elm'
+    address = Address.create!(street: street)
+    refute_equal address.encrypted_street, street
+    assert_equal Address.first.street, street
+  end
+
+  def test_should_evaluate_proc_based_mode
+    street = '123 Elm'
+    zipcode = '12345'
+    address = Address.new(street: street, zipcode: zipcode, mode: :single_iv_and_salt)
+    assert_nil address.encrypted_zipcode_iv
   end
 end