attr_encrypted 1.3.3 → 3.0.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- checksums.yaml.gz.sig +1 -0
- data.tar.gz.sig +0 -0
- data/.gitignore +6 -0
- data/.travis.yml +24 -0
- data/CHANGELOG.md +79 -0
- data/Gemfile +3 -0
- data/README.md +444 -0
- data/Rakefile +4 -15
- data/attr_encrypted.gemspec +63 -0
- data/certs/saghaulor.pem +21 -0
- data/checksum/attr_encrypted-3.0.0.gem.sha256 +1 -0
- data/checksum/attr_encrypted-3.0.0.gem.sha512 +1 -0
- data/lib/attr_encrypted.rb +196 -105
- data/lib/attr_encrypted/adapters/active_record.rb +64 -21
- data/lib/attr_encrypted/adapters/data_mapper.rb +1 -0
- data/lib/attr_encrypted/adapters/sequel.rb +1 -0
- data/lib/attr_encrypted/version.rb +3 -3
- data/test/active_record_test.rb +157 -57
- data/test/attr_encrypted_test.rb +117 -55
- data/test/compatibility_test.rb +20 -37
- data/test/data_mapper_test.rb +6 -6
- data/test/legacy_active_record_test.rb +16 -12
- data/test/legacy_attr_encrypted_test.rb +31 -30
- data/test/legacy_compatibility_test.rb +22 -31
- data/test/legacy_data_mapper_test.rb +11 -8
- data/test/legacy_sequel_test.rb +13 -9
- data/test/run.sh +12 -52
- data/test/sequel_test.rb +6 -6
- data/test/test_helper.rb +28 -16
- metadata +121 -70
- metadata.gz.sig +0 -0
- data/README.rdoc +0 -302
data/test/data_mapper_test.rb
CHANGED
@@ -1,4 +1,4 @@
|
|
1
|
-
|
1
|
+
require_relative 'test_helper'
|
2
2
|
|
3
3
|
DataMapper.setup(:default, 'sqlite3::memory:')
|
4
4
|
|
@@ -27,7 +27,7 @@ end
|
|
27
27
|
|
28
28
|
DataMapper.auto_migrate!
|
29
29
|
|
30
|
-
class DataMapperTest < Test
|
30
|
+
class DataMapperTest < Minitest::Test
|
31
31
|
|
32
32
|
def setup
|
33
33
|
Client.all.each(&:destroy)
|
@@ -36,16 +36,16 @@ class DataMapperTest < Test::Unit::TestCase
|
|
36
36
|
def test_should_encrypt_email
|
37
37
|
@client = Client.new :email => 'test@example.com'
|
38
38
|
assert @client.save
|
39
|
-
|
40
|
-
|
39
|
+
refute_nil @client.encrypted_email
|
40
|
+
refute_equal @client.email, @client.encrypted_email
|
41
41
|
assert_equal @client.email, Client.first.email
|
42
42
|
end
|
43
43
|
|
44
44
|
def test_should_marshal_and_encrypt_credentials
|
45
45
|
@client = Client.new
|
46
46
|
assert @client.save
|
47
|
-
|
48
|
-
|
47
|
+
refute_nil @client.encrypted_credentials
|
48
|
+
refute_equal @client.credentials, @client.encrypted_credentials
|
49
49
|
assert_equal @client.credentials, Client.first.credentials
|
50
50
|
assert Client.first.credentials.is_a?(Hash)
|
51
51
|
end
|
@@ -1,5 +1,5 @@
|
|
1
1
|
# -*- encoding: utf-8 -*-
|
2
|
-
|
2
|
+
require_relative 'test_helper'
|
3
3
|
|
4
4
|
ActiveRecord::Base.establish_connection :adapter => 'sqlite3', :database => ':memory:'
|
5
5
|
|
@@ -22,8 +22,12 @@ create_people_table
|
|
22
22
|
ActiveRecord::MissingAttributeError = ActiveModel::MissingAttributeError unless defined?(ActiveRecord::MissingAttributeError)
|
23
23
|
|
24
24
|
class LegacyPerson < ActiveRecord::Base
|
25
|
+
self.attr_encrypted_options[:insecure_mode] = true
|
26
|
+
self.attr_encrypted_options[:algorithm] = 'aes-256-cbc'
|
27
|
+
self.attr_encrypted_options[:mode] = :single_iv_and_salt
|
28
|
+
|
25
29
|
attr_encrypted :email, :key => 'a secret key'
|
26
|
-
attr_encrypted :credentials, :key => Proc.new { |user| Encryptor.encrypt(:value => user.salt, :key => 'some private key') }, :marshal => true
|
30
|
+
attr_encrypted :credentials, :key => Proc.new { |user| Encryptor.encrypt(:value => user.salt, :key => 'some private key', insecure_mode: true, algorithm: 'aes-256-cbc') }, :marshal => true
|
27
31
|
|
28
32
|
ActiveSupport::Deprecation.silenced = true
|
29
33
|
def after_initialize; end
|
@@ -45,7 +49,7 @@ class LegacyPersonWithValidation < LegacyPerson
|
|
45
49
|
validates_uniqueness_of :encrypted_email
|
46
50
|
end
|
47
51
|
|
48
|
-
class LegacyActiveRecordTest < Test
|
52
|
+
class LegacyActiveRecordTest < Minitest::Test
|
49
53
|
|
50
54
|
def setup
|
51
55
|
ActiveRecord::Base.connection.tables.each { |table| ActiveRecord::Base.connection.drop_table(table) }
|
@@ -55,22 +59,22 @@ class LegacyActiveRecordTest < Test::Unit::TestCase
|
|
55
59
|
def test_should_decrypt_with_correct_encoding
|
56
60
|
if defined?(Encoding)
|
57
61
|
@person = LegacyPerson.create :email => 'test@example.com'
|
58
|
-
assert_equal 'UTF-8', LegacyPerson.
|
62
|
+
assert_equal 'UTF-8', LegacyPerson.first.email.encoding.name
|
59
63
|
end
|
60
64
|
end
|
61
65
|
|
62
66
|
def test_should_encrypt_email
|
63
67
|
@person = LegacyPerson.create :email => 'test@example.com'
|
64
|
-
|
65
|
-
|
66
|
-
assert_equal @person.email, LegacyPerson.
|
68
|
+
refute_nil @person.encrypted_email
|
69
|
+
refute_equal @person.email, @person.encrypted_email
|
70
|
+
assert_equal @person.email, LegacyPerson.first.email
|
67
71
|
end
|
68
72
|
|
69
73
|
def test_should_marshal_and_encrypt_credentials
|
70
74
|
@person = LegacyPerson.create
|
71
|
-
|
72
|
-
|
73
|
-
assert_equal @person.credentials, LegacyPerson.
|
75
|
+
refute_nil @person.encrypted_credentials
|
76
|
+
refute_equal @person.credentials, @person.encrypted_credentials
|
77
|
+
assert_equal @person.credentials, LegacyPerson.first.credentials
|
74
78
|
end
|
75
79
|
|
76
80
|
def test_should_find_by_email
|
@@ -86,13 +90,13 @@ class LegacyActiveRecordTest < Test::Unit::TestCase
|
|
86
90
|
|
87
91
|
def test_should_scope_by_email
|
88
92
|
@person = LegacyPerson.create(:email => 'test@example.com')
|
89
|
-
assert_equal @person, LegacyPerson.scoped_by_email('test@example.com').
|
93
|
+
assert_equal @person, LegacyPerson.scoped_by_email('test@example.com').first rescue NoMethodError
|
90
94
|
end
|
91
95
|
|
92
96
|
def test_should_scope_by_email_and_password
|
93
97
|
LegacyPerson.create(:email => 'test@example.com', :password => 'invalid')
|
94
98
|
@person = LegacyPerson.create(:email => 'test@example.com', :password => 'test')
|
95
|
-
assert_equal @person, LegacyPerson.scoped_by_email_and_password('test@example.com', 'test').
|
99
|
+
assert_equal @person, LegacyPerson.scoped_by_email_and_password('test@example.com', 'test').first rescue NoMethodError
|
96
100
|
end
|
97
101
|
|
98
102
|
def test_should_encode_by_default
|
@@ -1,5 +1,5 @@
|
|
1
1
|
# -*- encoding: utf-8 -*-
|
2
|
-
|
2
|
+
require_relative 'test_helper'
|
3
3
|
|
4
4
|
class LegacySillyEncryptor
|
5
5
|
def self.silly_encrypt(options)
|
@@ -12,7 +12,11 @@ class LegacySillyEncryptor
|
|
12
12
|
end
|
13
13
|
|
14
14
|
class LegacyUser
|
15
|
+
extend AttrEncrypted
|
15
16
|
self.attr_encrypted_options[:key] = Proc.new { |user| user.class.to_s } # default key
|
17
|
+
self.attr_encrypted_options[:insecure_mode] = true
|
18
|
+
self.attr_encrypted_options[:algorithm] = 'aes-256-cbc'
|
19
|
+
self.attr_encrypted_options[:mode] = :single_iv_and_salt
|
16
20
|
|
17
21
|
attr_encrypted :email, :without_encoding, :key => 'secret key'
|
18
22
|
attr_encrypted :password, :prefix => 'crypted_', :suffix => '_test'
|
@@ -43,12 +47,13 @@ class LegacyAdmin < LegacyUser
|
|
43
47
|
end
|
44
48
|
|
45
49
|
class LegacySomeOtherClass
|
50
|
+
extend AttrEncrypted
|
46
51
|
def self.call(object)
|
47
52
|
object.class
|
48
53
|
end
|
49
54
|
end
|
50
55
|
|
51
|
-
class LegacyAttrEncryptedTest < Test
|
56
|
+
class LegacyAttrEncryptedTest < Minitest::Test
|
52
57
|
|
53
58
|
def test_should_store_email_in_encrypted_attributes
|
54
59
|
assert LegacyUser.encrypted_attributes.include?(:email)
|
@@ -63,7 +68,7 @@ class LegacyAttrEncryptedTest < Test::Unit::TestCase
|
|
63
68
|
end
|
64
69
|
|
65
70
|
def test_attr_encrypted_should_not_use_the_same_attribute_name_for_two_attributes_in_the_same_line
|
66
|
-
|
71
|
+
refute_equal LegacyUser.encrypted_attributes[:email][:attribute], LegacyUser.encrypted_attributes[:without_encoding][:attribute]
|
67
72
|
end
|
68
73
|
|
69
74
|
def test_attr_encrypted_should_return_false_for_salt
|
@@ -91,15 +96,15 @@ class LegacyAttrEncryptedTest < Test::Unit::TestCase
|
|
91
96
|
end
|
92
97
|
|
93
98
|
def test_should_encrypt_email
|
94
|
-
|
95
|
-
|
99
|
+
refute_nil LegacyUser.encrypt_email('test@example.com')
|
100
|
+
refute_equal 'test@example.com', LegacyUser.encrypt_email('test@example.com')
|
96
101
|
end
|
97
102
|
|
98
103
|
def test_should_encrypt_email_when_modifying_the_attr_writer
|
99
104
|
@user = LegacyUser.new
|
100
105
|
assert_nil @user.encrypted_email
|
101
106
|
@user.email = 'test@example.com'
|
102
|
-
|
107
|
+
refute_nil @user.encrypted_email
|
103
108
|
assert_equal LegacyUser.encrypt_email('test@example.com'), @user.encrypted_email
|
104
109
|
end
|
105
110
|
|
@@ -113,7 +118,7 @@ class LegacyAttrEncryptedTest < Test::Unit::TestCase
|
|
113
118
|
|
114
119
|
def test_should_decrypt_email
|
115
120
|
encrypted_email = LegacyUser.encrypt_email('test@example.com')
|
116
|
-
|
121
|
+
refute_equal 'test@test.com', encrypted_email
|
117
122
|
assert_equal 'test@example.com', LegacyUser.decrypt_email(encrypted_email)
|
118
123
|
end
|
119
124
|
|
@@ -153,7 +158,7 @@ class LegacyAttrEncryptedTest < Test::Unit::TestCase
|
|
153
158
|
def test_should_encrypt_with_marshaling
|
154
159
|
@user = LegacyUser.new
|
155
160
|
@user.with_marshaling = [1, 2, 3]
|
156
|
-
|
161
|
+
refute_nil @user.encrypted_with_marshaling
|
157
162
|
assert_equal LegacyUser.encrypt_with_marshaling([1, 2, 3]), @user.encrypted_with_marshaling
|
158
163
|
end
|
159
164
|
|
@@ -173,24 +178,24 @@ class LegacyAttrEncryptedTest < Test::Unit::TestCase
|
|
173
178
|
@user = LegacyUser.new
|
174
179
|
assert_nil @user.ssn_encrypted
|
175
180
|
@user.ssn = 'testing'
|
176
|
-
|
177
|
-
assert_equal Encryptor.encrypt(:value => 'testing', :key => @user.salt), @user.ssn_encrypted
|
181
|
+
refute_nil @user.ssn_encrypted
|
182
|
+
assert_equal Encryptor.encrypt(:value => 'testing', :key => @user.salt, insecure_mode: true, algorithm: 'aes-256-cbc'), @user.ssn_encrypted
|
178
183
|
end
|
179
184
|
|
180
185
|
def test_should_evaluate_a_key_passed_as_a_proc
|
181
186
|
@user = LegacyUser.new
|
182
187
|
assert_nil @user.crypted_password_test
|
183
188
|
@user.password = 'testing'
|
184
|
-
|
185
|
-
assert_equal Encryptor.encrypt(:value => 'testing', :key => 'LegacyUser'), @user.crypted_password_test
|
189
|
+
refute_nil @user.crypted_password_test
|
190
|
+
assert_equal Encryptor.encrypt(:value => 'testing', :key => 'LegacyUser', insecure_mode: true, algorithm: 'aes-256-cbc'), @user.crypted_password_test
|
186
191
|
end
|
187
192
|
|
188
193
|
def test_should_use_options_found_in_the_attr_encrypted_options_attribute
|
189
194
|
@user = LegacyUser.new
|
190
195
|
assert_nil @user.crypted_password_test
|
191
196
|
@user.password = 'testing'
|
192
|
-
|
193
|
-
assert_equal Encryptor.encrypt(:value => 'testing', :key => 'LegacyUser'), @user.crypted_password_test
|
197
|
+
refute_nil @user.crypted_password_test
|
198
|
+
assert_equal Encryptor.encrypt(:value => 'testing', :key => 'LegacyUser', insecure_mode: true, algorithm: 'aes-256-cbc'), @user.crypted_password_test
|
194
199
|
end
|
195
200
|
|
196
201
|
def test_should_inherit_encrypted_attributes
|
@@ -208,38 +213,39 @@ class LegacyAttrEncryptedTest < Test::Unit::TestCase
|
|
208
213
|
end
|
209
214
|
|
210
215
|
def test_should_evaluate_a_symbol_option
|
211
|
-
assert_equal
|
216
|
+
assert_equal LegacySomeOtherClass, LegacySomeOtherClass.new.send(:evaluate_attr_encrypted_option, :class)
|
212
217
|
end
|
213
218
|
|
214
219
|
def test_should_evaluate_a_proc_option
|
215
|
-
assert_equal
|
220
|
+
assert_equal LegacySomeOtherClass, LegacySomeOtherClass.new.send(:evaluate_attr_encrypted_option, proc { |object| object.class })
|
216
221
|
end
|
217
222
|
|
218
223
|
def test_should_evaluate_a_lambda_option
|
219
|
-
assert_equal
|
224
|
+
assert_equal LegacySomeOtherClass, LegacySomeOtherClass.new.send(:evaluate_attr_encrypted_option, lambda { |object| object.class })
|
220
225
|
end
|
221
226
|
|
222
227
|
def test_should_evaluate_a_method_option
|
223
|
-
assert_equal
|
228
|
+
assert_equal LegacySomeOtherClass, LegacySomeOtherClass.new.send(:evaluate_attr_encrypted_option, LegacySomeOtherClass.method(:call))
|
224
229
|
end
|
225
230
|
|
226
231
|
def test_should_return_a_string_option
|
227
|
-
|
232
|
+
class_string = 'LegacySomeOtherClass'
|
233
|
+
assert_equal class_string, LegacySomeOtherClass.new.send(:evaluate_attr_encrypted_option, class_string)
|
228
234
|
end
|
229
235
|
|
230
236
|
def test_should_encrypt_with_true_if
|
231
237
|
@user = LegacyUser.new
|
232
238
|
assert_nil @user.encrypted_with_true_if
|
233
239
|
@user.with_true_if = 'testing'
|
234
|
-
|
235
|
-
assert_equal Encryptor.encrypt(:value => 'testing', :key => 'secret key'), @user.encrypted_with_true_if
|
240
|
+
refute_nil @user.encrypted_with_true_if
|
241
|
+
assert_equal Encryptor.encrypt(:value => 'testing', :key => 'secret key', insecure_mode: true, algorithm: 'aes-256-cbc'), @user.encrypted_with_true_if
|
236
242
|
end
|
237
243
|
|
238
244
|
def test_should_not_encrypt_with_false_if
|
239
245
|
@user = LegacyUser.new
|
240
246
|
assert_nil @user.encrypted_with_false_if
|
241
247
|
@user.with_false_if = 'testing'
|
242
|
-
|
248
|
+
refute_nil @user.encrypted_with_false_if
|
243
249
|
assert_equal 'testing', @user.encrypted_with_false_if
|
244
250
|
end
|
245
251
|
|
@@ -247,15 +253,15 @@ class LegacyAttrEncryptedTest < Test::Unit::TestCase
|
|
247
253
|
@user = LegacyUser.new
|
248
254
|
assert_nil @user.encrypted_with_false_unless
|
249
255
|
@user.with_false_unless = 'testing'
|
250
|
-
|
251
|
-
assert_equal Encryptor.encrypt(:value => 'testing', :key => 'secret key'), @user.encrypted_with_false_unless
|
256
|
+
refute_nil @user.encrypted_with_false_unless
|
257
|
+
assert_equal Encryptor.encrypt(:value => 'testing', :key => 'secret key', insecure_mode: true, algorithm: 'aes-256-cbc'), @user.encrypted_with_false_unless
|
252
258
|
end
|
253
259
|
|
254
260
|
def test_should_not_encrypt_with_true_unless
|
255
261
|
@user = LegacyUser.new
|
256
262
|
assert_nil @user.encrypted_with_true_unless
|
257
263
|
@user.with_true_unless = 'testing'
|
258
|
-
|
264
|
+
refute_nil @user.encrypted_with_true_unless
|
259
265
|
assert_equal 'testing', @user.encrypted_with_true_unless
|
260
266
|
end
|
261
267
|
|
@@ -266,11 +272,6 @@ class LegacyAttrEncryptedTest < Test::Unit::TestCase
|
|
266
272
|
def test_should_always_reset_options
|
267
273
|
@user = LegacyUser.new
|
268
274
|
@user.with_if_changed = "encrypt_stuff"
|
269
|
-
@user.stubs(:instance_variable_get).returns(nil)
|
270
|
-
@user.stubs(:instance_variable_set).raises("BadStuff")
|
271
|
-
assert_raise RuntimeError do
|
272
|
-
@user.with_if_changed
|
273
|
-
end
|
274
275
|
|
275
276
|
@user = LegacyUser.new
|
276
277
|
@user.should_encrypt = false
|
@@ -1,21 +1,25 @@
|
|
1
1
|
# -*- encoding: utf-8 -*-
|
2
|
-
|
2
|
+
require_relative 'test_helper'
|
3
3
|
|
4
4
|
# Test to ensure that existing representations in database do not break on
|
5
5
|
# migrating to new versions of this gem. This ensures that future versions of
|
6
6
|
# this gem will retain backwards compatibility with data generated by earlier
|
7
7
|
# versions.
|
8
|
-
class LegacyCompatibilityTest < Test
|
8
|
+
class LegacyCompatibilityTest < Minitest::Test
|
9
9
|
class LegacyNonmarshallingPet < ActiveRecord::Base
|
10
10
|
PET_NICKNAME_SALT = Digest::SHA256.hexdigest('my-really-really-secret-pet-nickname-salt')
|
11
11
|
PET_NICKNAME_KEY = 'my-really-really-secret-pet-nickname-key'
|
12
12
|
PET_BIRTHDATE_SALT = Digest::SHA256.hexdigest('my-really-really-secret-pet-birthdate-salt')
|
13
13
|
PET_BIRTHDATE_KEY = 'my-really-really-secret-pet-birthdate-key'
|
14
14
|
|
15
|
+
self.attr_encrypted_options[:insecure_mode] = true
|
16
|
+
self.attr_encrypted_options[:algorithm] = 'aes-256-cbc'
|
17
|
+
self.attr_encrypted_options[:mode] = :single_iv_and_salt
|
18
|
+
|
15
19
|
attr_encrypted :nickname,
|
16
|
-
:key => proc { Encryptor.encrypt(:value => PET_NICKNAME_SALT, :key => PET_NICKNAME_KEY) }
|
20
|
+
:key => proc { Encryptor.encrypt(:value => PET_NICKNAME_SALT, :key => PET_NICKNAME_KEY, insecure_mode: true, algorithm: 'aes-256-cbc') }
|
17
21
|
attr_encrypted :birthdate,
|
18
|
-
:key => proc { Encryptor.encrypt(:value => PET_BIRTHDATE_SALT, :key => PET_BIRTHDATE_KEY) }
|
22
|
+
:key => proc { Encryptor.encrypt(:value => PET_BIRTHDATE_SALT, :key => PET_BIRTHDATE_KEY, insecure_mode: true, algorithm: 'aes-256-cbc') }
|
19
23
|
end
|
20
24
|
|
21
25
|
class LegacyMarshallingPet < ActiveRecord::Base
|
@@ -24,12 +28,16 @@ class LegacyCompatibilityTest < Test::Unit::TestCase
|
|
24
28
|
PET_BIRTHDATE_SALT = Digest::SHA256.hexdigest('my-really-really-secret-pet-birthdate-salt')
|
25
29
|
PET_BIRTHDATE_KEY = 'my-really-really-secret-pet-birthdate-key'
|
26
30
|
|
31
|
+
self.attr_encrypted_options[:insecure_mode] = true
|
32
|
+
self.attr_encrypted_options[:algorithm] = 'aes-256-cbc'
|
33
|
+
self.attr_encrypted_options[:mode] = :single_iv_and_salt
|
34
|
+
|
27
35
|
attr_encrypted :nickname,
|
28
|
-
|
29
|
-
|
36
|
+
:key => proc { Encryptor.encrypt(:value => PET_NICKNAME_SALT, :key => PET_NICKNAME_KEY, insecure_mode: true, algorithm: 'aes-256-cbc') },
|
37
|
+
:marshal => true
|
30
38
|
attr_encrypted :birthdate,
|
31
|
-
|
32
|
-
|
39
|
+
:key => proc { Encryptor.encrypt(:value => PET_BIRTHDATE_SALT, :key => PET_BIRTHDATE_KEY, insecure_mode: true, algorithm: 'aes-256-cbc') },
|
40
|
+
:marshal => true
|
33
41
|
end
|
34
42
|
|
35
43
|
def setup
|
@@ -50,32 +58,16 @@ class LegacyCompatibilityTest < Test::Unit::TestCase
|
|
50
58
|
end
|
51
59
|
|
52
60
|
def test_marshalling_backwards_compatibility
|
53
|
-
|
54
|
-
|
55
|
-
|
56
|
-
|
57
|
-
|
58
|
-
:name => 'Fido',
|
59
|
-
:encrypted_nickname => 'xhayxWxfkfbNyOS2w1qBMPV49Gfvs6dcZFBopMK2zQA=',
|
60
|
-
:encrypted_birthdate => 'f4ufXun4GXzahH4MQ1eTBQ=='
|
61
|
-
)
|
62
|
-
else
|
63
|
-
pet = LegacyMarshallingPet.create!(
|
64
|
-
:name => 'Fido',
|
65
|
-
:encrypted_nickname => '7RwoT64in4H+fGVBPYtRcN0K4RtriIy1EP4nDojUa8g=',
|
66
|
-
:encrypted_birthdate => 'bSp9sJhXQSp2QlNZHiujtcK4lRVBE8HQhn1y7moQ63bGJR20hvRSZ73ePAmm+wc5'
|
67
|
-
)
|
68
|
-
end
|
61
|
+
pet = LegacyMarshallingPet.create!(
|
62
|
+
:name => 'Fido',
|
63
|
+
:encrypted_nickname => '7RwoT64in4H+fGVBPYtRcN0K4RtriIy1EP4nDojUa8g=',
|
64
|
+
:encrypted_birthdate => 'bSp9sJhXQSp2QlNZHiujtcK4lRVBE8HQhn1y7moQ63bGJR20hvRSZ73ePAmm+wc5'
|
65
|
+
)
|
69
66
|
|
70
67
|
assert_equal 'Fido', pet.name
|
71
68
|
assert_equal 'Mummy\'s little helper', pet.nickname
|
72
69
|
|
73
|
-
|
74
|
-
if RUBY_VERSION < '1.9.3'
|
75
|
-
assert_equal '2011-07-09', pet.birthdate
|
76
|
-
else
|
77
|
-
assert_equal Date.new(2011, 7, 9), pet.birthdate
|
78
|
-
end
|
70
|
+
assert_equal Date.new(2011, 7, 9), pet.birthdate
|
79
71
|
end
|
80
72
|
|
81
73
|
private
|
@@ -101,4 +93,3 @@ class LegacyCompatibilityTest < Test::Unit::TestCase
|
|
101
93
|
end
|
102
94
|
|
103
95
|
ActiveRecord::Base.establish_connection :adapter => 'sqlite3', :database => ':memory:'
|
104
|
-
|
@@ -1,17 +1,20 @@
|
|
1
|
-
|
1
|
+
require_relative 'test_helper'
|
2
2
|
|
3
3
|
DataMapper.setup(:default, 'sqlite3::memory:')
|
4
4
|
|
5
5
|
class LegacyClient
|
6
6
|
include DataMapper::Resource
|
7
|
+
self.attr_encrypted_options[:insecure_mode] = true
|
8
|
+
self.attr_encrypted_options[:algorithm] = 'aes-256-cbc'
|
9
|
+
self.attr_encrypted_options[:mode] = :single_iv_and_salt
|
7
10
|
|
8
11
|
property :id, Serial
|
9
12
|
property :encrypted_email, String
|
10
13
|
property :encrypted_credentials, Text
|
11
14
|
property :salt, String
|
12
15
|
|
13
|
-
attr_encrypted :email, :key => 'a secret key'
|
14
|
-
attr_encrypted :credentials, :key => Proc.new { |client| Encryptor.encrypt(:value => client.salt, :key => 'some private key') }, :marshal => true
|
16
|
+
attr_encrypted :email, :key => 'a secret key', mode: :single_iv_and_salt
|
17
|
+
attr_encrypted :credentials, :key => Proc.new { |client| Encryptor.encrypt(:value => client.salt, :key => 'some private key', insecure_mode: true, algorithm: 'aes-256-cbc') }, :marshal => true, mode: :single_iv_and_salt
|
15
18
|
|
16
19
|
def initialize(attrs = {})
|
17
20
|
super attrs
|
@@ -22,7 +25,7 @@ end
|
|
22
25
|
|
23
26
|
DataMapper.auto_migrate!
|
24
27
|
|
25
|
-
class LegacyDataMapperTest < Test
|
28
|
+
class LegacyDataMapperTest < Minitest::Test
|
26
29
|
|
27
30
|
def setup
|
28
31
|
LegacyClient.all.each(&:destroy)
|
@@ -31,16 +34,16 @@ class LegacyDataMapperTest < Test::Unit::TestCase
|
|
31
34
|
def test_should_encrypt_email
|
32
35
|
@client = LegacyClient.new :email => 'test@example.com'
|
33
36
|
assert @client.save
|
34
|
-
|
35
|
-
|
37
|
+
refute_nil @client.encrypted_email
|
38
|
+
refute_equal @client.email, @client.encrypted_email
|
36
39
|
assert_equal @client.email, LegacyClient.first.email
|
37
40
|
end
|
38
41
|
|
39
42
|
def test_should_marshal_and_encrypt_credentials
|
40
43
|
@client = LegacyClient.new
|
41
44
|
assert @client.save
|
42
|
-
|
43
|
-
|
45
|
+
refute_nil @client.encrypted_credentials
|
46
|
+
refute_equal @client.credentials, @client.encrypted_credentials
|
44
47
|
assert_equal @client.credentials, LegacyClient.first.credentials
|
45
48
|
assert LegacyClient.first.credentials.is_a?(Hash)
|
46
49
|
end
|
data/test/legacy_sequel_test.rb
CHANGED
@@ -1,4 +1,4 @@
|
|
1
|
-
|
1
|
+
require_relative 'test_helper'
|
2
2
|
|
3
3
|
DB.create_table :legacy_humans do
|
4
4
|
primary_key :id
|
@@ -8,9 +8,13 @@ DB.create_table :legacy_humans do
|
|
8
8
|
column :salt, :string
|
9
9
|
end
|
10
10
|
|
11
|
-
class LegacyHuman < Sequel::Model(:legacy_humans)
|
12
|
-
|
13
|
-
|
11
|
+
class LegacyHuman < Sequel::Model(:legacy_humans)
|
12
|
+
self.attr_encrypted_options[:insecure_mode] = true
|
13
|
+
self.attr_encrypted_options[:algorithm] = 'aes-256-cbc'
|
14
|
+
self.attr_encrypted_options[:mode] = :single_iv_and_salt
|
15
|
+
|
16
|
+
attr_encrypted :email, :key => 'a secret key', mode: :single_iv_and_salt
|
17
|
+
attr_encrypted :credentials, :key => Proc.new { |human| Encryptor.encrypt(:value => human.salt, :key => 'some private key', insecure_mode: true, algorithm: 'aes-256-cbc') }, :marshal => true, mode: :single_iv_and_salt
|
14
18
|
|
15
19
|
def after_initialize(attrs = {})
|
16
20
|
self.salt ||= Digest::SHA1.hexdigest((Time.now.to_i * rand(5)).to_s)
|
@@ -18,7 +22,7 @@ class LegacyHuman < Sequel::Model(:legacy_humans)
|
|
18
22
|
end
|
19
23
|
end
|
20
24
|
|
21
|
-
class LegacySequelTest < Test
|
25
|
+
class LegacySequelTest < Minitest::Test
|
22
26
|
|
23
27
|
def setup
|
24
28
|
LegacyHuman.all.each(&:destroy)
|
@@ -27,16 +31,16 @@ class LegacySequelTest < Test::Unit::TestCase
|
|
27
31
|
def test_should_encrypt_email
|
28
32
|
@human = LegacyHuman.new :email => 'test@example.com'
|
29
33
|
assert @human.save
|
30
|
-
|
31
|
-
|
34
|
+
refute_nil @human.encrypted_email
|
35
|
+
refute_equal @human.email, @human.encrypted_email
|
32
36
|
assert_equal @human.email, LegacyHuman.first.email
|
33
37
|
end
|
34
38
|
|
35
39
|
def test_should_marshal_and_encrypt_credentials
|
36
40
|
@human = LegacyHuman.new
|
37
41
|
assert @human.save
|
38
|
-
|
39
|
-
|
42
|
+
refute_nil @human.encrypted_credentials
|
43
|
+
refute_equal @human.credentials, @human.encrypted_credentials
|
40
44
|
assert_equal @human.credentials, LegacyHuman.first.credentials
|
41
45
|
assert LegacyHuman.first.credentials.is_a?(Hash)
|
42
46
|
end
|