attr_encrypted 1.4.0 → 3.0.3

data/test/attr_encrypted_test.rb

@@ -1,5 +1,5 @@
 # encoding: UTF-8
-require File.expand_path('../test_helper', __FILE__)
+require_relative 'test_helper'
 
 class SillyEncryptor
   def self.silly_encrypt(options)
@@ -12,6 +12,7 @@ class SillyEncryptor
 end
 
 class User
+  extend AttrEncrypted
   self.attr_encrypted_options[:key] = Proc.new { |user| SECRET_KEY } # default key
   self.attr_encrypted_options[:mode] = :per_attribute_iv_and_salt
 
@@ -33,7 +34,8 @@ class User
   attr_accessor :salt
   attr_accessor :should_encrypt
 
-  def initialize
+  def initialize(email: nil)
+    self.email = email
     self.salt = Time.now.to_i.to_s
     self.should_encrypt = true
   end
@@ -48,19 +50,40 @@ class Admin < User
 end
 
 class SomeOtherClass
+  extend AttrEncrypted
   def self.call(object)
     object.class
   end
 end
 
+class YetAnotherClass
+  extend AttrEncrypted
+  self.attr_encrypted_options[:encode_iv] = false
+
+  attr_encrypted :email, :key => SECRET_KEY
+  attr_encrypted :phone_number, :key => SECRET_KEY, mode: Proc.new { |thing| thing.mode }, encode_iv: Proc.new { |thing| thing.encode_iv }, encode_salt: Proc.new { |thing| thing.encode_salt }
+
+  def initialize(email: nil, encode_iv: 'm', encode_salt: 'm', mode: :per_attribute_iv_and_salt)
+    self.email = email
+    @encode_iv = encode_iv
+    @encode_salt = encode_salt
+    @mode = mode
+  end
+
+  attr_reader :encode_iv, :encode_salt, :mode
+end
+
 class AttrEncryptedTest < Minitest::Test
+  def setup
+    @iv = SecureRandom.random_bytes(12)
+  end
 
   def test_should_store_email_in_encrypted_attributes
     assert User.encrypted_attributes.include?(:email)
   end
 
   def test_should_not_store_salt_in_encrypted_attributes
-    assert !User.encrypted_attributes.include?(:salt)
+    refute User.encrypted_attributes.include?(:salt)
   end
 
   def test_attr_encrypted_should_return_true_for_email
@@ -88,16 +111,16 @@ class AttrEncryptedTest < Minitest::Test
   end
 
   def test_should_not_encrypt_nil_value
-    assert_nil User.encrypt_email(nil)
+    assert_nil User.encrypt_email(nil, iv: @iv)
   end
 
   def test_should_not_encrypt_empty_string
-    assert_equal '', User.encrypt_email('')
+    assert_equal '', User.encrypt_email('', iv: @iv)
   end
 
   def test_should_encrypt_email
-    refute_nil User.encrypt_email('test@example.com')
-    refute_equal 'test@example.com', User.encrypt_email('test@example.com')
+    refute_nil User.encrypt_email('test@example.com', iv: @iv)
+    refute_equal 'test@example.com', User.encrypt_email('test@example.com', iv: @iv)
   end
 
   def test_should_encrypt_email_when_modifying_the_attr_writer
@@ -105,48 +128,52 @@ class AttrEncryptedTest < Minitest::Test
     assert_nil @user.encrypted_email
     @user.email = 'test@example.com'
     refute_nil @user.encrypted_email
-    assert_equal User.encrypt_email('test@example.com'), @user.encrypted_email
+    iv = @user.encrypted_email_iv.unpack('m').first
+    salt = @user.encrypted_email_salt[1..-1].unpack('m').first
+    assert_equal User.encrypt_email('test@example.com', iv: iv, salt: salt), @user.encrypted_email
   end
 
   def test_should_not_decrypt_nil_value
-    assert_nil User.decrypt_email(nil)
+    assert_nil User.decrypt_email(nil, iv: @iv)
   end
 
   def test_should_not_decrypt_empty_string
-    assert_equal '', User.decrypt_email('')
+    assert_equal '', User.decrypt_email('', iv: @iv)
   end
 
   def test_should_decrypt_email
-    encrypted_email = User.encrypt_email('test@example.com')
+    encrypted_email = User.encrypt_email('test@example.com', iv: @iv)
     refute_equal 'test@test.com', encrypted_email
-    assert_equal 'test@example.com', User.decrypt_email(encrypted_email)
+    assert_equal 'test@example.com', User.decrypt_email(encrypted_email, iv: @iv)
   end
 
   def test_should_decrypt_email_when_reading
     @user = User.new
     assert_nil @user.email
-    @user.encrypted_email = User.encrypt_email('test@example.com')
+    iv = @user.encrypted_email_iv.unpack('m').first
+    salt = @user.encrypted_email_salt[1..-1].unpack('m').first
+    @user.encrypted_email = User.encrypt_email('test@example.com', iv: iv, salt: salt)
     assert_equal 'test@example.com', @user.email
   end
 
   def test_should_encrypt_with_encoding
-    assert_equal User.encrypt_with_encoding('test'), [User.encrypt_without_encoding('test')].pack('m')
+    assert_equal User.encrypt_with_encoding('test', iv: @iv), [User.encrypt_without_encoding('test', iv: @iv)].pack('m')
   end
 
   def test_should_decrypt_with_encoding
-    encrypted = User.encrypt_with_encoding('test')
-    assert_equal 'test', User.decrypt_with_encoding(encrypted)
-    assert_equal User.decrypt_with_encoding(encrypted), User.decrypt_without_encoding(encrypted.unpack('m').first)
+    encrypted = User.encrypt_with_encoding('test', iv: @iv)
+    assert_equal 'test', User.decrypt_with_encoding(encrypted, iv: @iv)
+    assert_equal User.decrypt_with_encoding(encrypted, iv: @iv), User.decrypt_without_encoding(encrypted.unpack('m').first, iv: @iv)
   end
 
   def test_should_encrypt_with_custom_encoding
-    assert_equal User.encrypt_with_encoding('test'), [User.encrypt_without_encoding('test')].pack('m')
+    assert_equal User.encrypt_with_encoding('test', iv: @iv), [User.encrypt_without_encoding('test', iv: @iv)].pack('m')
   end
 
   def test_should_decrypt_with_custom_encoding
-    encrypted = User.encrypt_with_encoding('test')
-    assert_equal 'test', User.decrypt_with_encoding(encrypted)
-    assert_equal User.decrypt_with_encoding(encrypted), User.decrypt_without_encoding(encrypted.unpack('m').first)
+    encrypted = User.encrypt_with_encoding('test', iv: @iv)
+    assert_equal 'test', User.decrypt_with_encoding(encrypted, iv: @iv)
+    assert_equal User.decrypt_with_encoding(encrypted, iv: @iv), User.decrypt_without_encoding(encrypted.unpack('m').first, iv: @iv)
   end
 
   def test_should_encrypt_with_marshaling
@@ -164,7 +191,7 @@ class AttrEncryptedTest < Minitest::Test
     assert_nil @user.ssn_encrypted
     @user.ssn = 'testing'
     refute_nil @user.ssn_encrypted
-    encrypted =  Encryptor.encrypt(:value => 'testing', :key => SECRET_KEY, :iv => @user.ssn_encrypted_iv.unpack("m").first, :salt => @user.ssn_encrypted_salt )
+    encrypted =  Encryptor.encrypt(:value => 'testing', :key => SECRET_KEY, :iv => @user.ssn_encrypted_iv.unpack("m").first, :salt => @user.ssn_encrypted_salt.unpack("m").first )
     assert_equal encrypted, @user.ssn_encrypted
   end
 
@@ -173,7 +200,7 @@ class AttrEncryptedTest < Minitest::Test
     assert_nil @user.crypted_password_test
     @user.password = 'testing'
     refute_nil @user.crypted_password_test
-    encrypted = Encryptor.encrypt(:value => 'testing', :key => SECRET_KEY, :iv => @user.crypted_password_test_iv.unpack("m").first, :salt =>  @user.crypted_password_test_salt)
+    encrypted = Encryptor.encrypt(:value => 'testing', :key => SECRET_KEY, :iv => @user.crypted_password_test_iv.unpack("m").first, :salt =>  @user.crypted_password_test_salt.unpack("m").first)
     assert_equal encrypted, @user.crypted_password_test
   end
 
@@ -182,7 +209,7 @@ class AttrEncryptedTest < Minitest::Test
     assert_nil @user.crypted_password_test
     @user.password = 'testing'
     refute_nil @user.crypted_password_test
-    encrypted = Encryptor.encrypt(:value => 'testing', :key => SECRET_KEY, :iv => @user.crypted_password_test_iv.unpack("m").first, :salt => @user.crypted_password_test_salt)
+    encrypted = Encryptor.encrypt(:value => 'testing', :key => SECRET_KEY, :iv => @user.crypted_password_test_iv.unpack("m").first, :salt => @user.crypted_password_test_salt.unpack("m").first)
     assert_equal encrypted, @user.crypted_password_test
   end
 
@@ -201,23 +228,24 @@ class AttrEncryptedTest < Minitest::Test
   end
 
   def test_should_evaluate_a_symbol_option
-    assert_equal Object, Object.new.send(:evaluate_attr_encrypted_option, :class)
+    assert_equal SomeOtherClass, SomeOtherClass.new.send(:evaluate_attr_encrypted_option, :class)
   end
 
   def test_should_evaluate_a_proc_option
-    assert_equal Object, Object.new.send(:evaluate_attr_encrypted_option, proc { |object| object.class })
+    assert_equal SomeOtherClass, SomeOtherClass.new.send(:evaluate_attr_encrypted_option, proc { |object| object.class })
   end
 
   def test_should_evaluate_a_lambda_option
-    assert_equal Object, Object.new.send(:evaluate_attr_encrypted_option, lambda { |object| object.class })
+    assert_equal SomeOtherClass, SomeOtherClass.new.send(:evaluate_attr_encrypted_option, lambda { |object| object.class })
   end
 
   def test_should_evaluate_a_method_option
-    assert_equal Object, Object.new.send(:evaluate_attr_encrypted_option, SomeOtherClass.method(:call))
+    assert_equal SomeOtherClass, SomeOtherClass.new.send(:evaluate_attr_encrypted_option, SomeOtherClass.method(:call))
   end
 
   def test_should_return_a_string_option
-    assert_equal 'Object', Object.new.send(:evaluate_attr_encrypted_option, 'Object')
+    class_string = 'SomeOtherClass'
+    assert_equal class_string, SomeOtherClass.new.send(:evaluate_attr_encrypted_option, class_string)
   end
 
   def test_should_encrypt_with_true_if
@@ -225,7 +253,7 @@ class AttrEncryptedTest < Minitest::Test
     assert_nil @user.encrypted_with_true_if
     @user.with_true_if = 'testing'
     refute_nil @user.encrypted_with_true_if
-    encrypted = Encryptor.encrypt(:value => 'testing', :key => SECRET_KEY, :iv => @user.encrypted_with_true_if_iv.unpack("m").first, :salt => @user.encrypted_with_true_if_salt)
+    encrypted = Encryptor.encrypt(:value => 'testing', :key => SECRET_KEY, :iv => @user.encrypted_with_true_if_iv.unpack("m").first, :salt => @user.encrypted_with_true_if_salt.unpack("m").first)
     assert_equal encrypted, @user.encrypted_with_true_if
   end
 
@@ -242,7 +270,7 @@ class AttrEncryptedTest < Minitest::Test
     assert_nil @user.encrypted_with_false_unless
     @user.with_false_unless = 'testing'
     refute_nil @user.encrypted_with_false_unless
-    encrypted = Encryptor.encrypt(:value => 'testing', :key => SECRET_KEY, :iv => @user.encrypted_with_false_unless_iv.unpack("m").first, :salt => @user.encrypted_with_false_unless_salt)
+    encrypted = Encryptor.encrypt(:value => 'testing', :key => SECRET_KEY, :iv => @user.encrypted_with_false_unless_iv.unpack("m").first, :salt => @user.encrypted_with_false_unless_salt.unpack("m").first)
     assert_equal encrypted,  @user.encrypted_with_false_unless
   end
 
@@ -261,11 +289,6 @@ class AttrEncryptedTest < Minitest::Test
   def test_should_always_reset_options
     @user = User.new
     @user.with_if_changed = "encrypt_stuff"
-    @user.stubs(:instance_variable_get).returns(nil)
-    @user.stubs(:instance_variable_set).raises("BadStuff")
-    assert_raises RuntimeError do
-      @user.with_if_changed
-    end
 
     @user = User.new
     @user.should_encrypt = false
@@ -275,9 +298,9 @@ class AttrEncryptedTest < Minitest::Test
   end
 
   def test_should_cast_values_as_strings_before_encrypting
-    string_encrypted_email = User.encrypt_email('3')
-    assert_equal string_encrypted_email, User.encrypt_email(3)
-    assert_equal '3', User.decrypt_email(string_encrypted_email)
+    string_encrypted_email = User.encrypt_email('3', iv: @iv)
+    assert_equal string_encrypted_email, User.encrypt_email(3, iv: @iv)
+    assert_equal '3', User.decrypt_email(string_encrypted_email, iv: @iv)
   end
 
   def test_should_create_query_accessor
@@ -296,12 +319,18 @@ class AttrEncryptedTest < Minitest::Test
     refute_equal @user.encrypted_email_iv, @user.crypted_password_test_iv
   end
 
+  def test_should_generate_iv_per_attribute_by_default
+    thing = YetAnotherClass.new(email: 'thing@thing.com')
+    refute_nil thing.encrypted_email_iv
+  end
+
   def test_should_vary_iv_per_instance
     @user1 = User.new
     @user1.email = 'email@example.com'
     @user2 = User.new
     @user2.email = 'email@example.com'
     refute_equal @user1.encrypted_email_iv, @user2.encrypted_email_iv
+    refute_equal @user1.encrypted_email, @user2.encrypted_email
   end
 
   def test_should_vary_salt_per_attribute
@@ -319,6 +348,11 @@ class AttrEncryptedTest < Minitest::Test
     refute_equal @user1.encrypted_email_salt, @user2.encrypted_email_salt
   end
 
+  def test_should_not_generate_salt_per_attribute_by_default
+    thing = YetAnotherClass.new(email: 'thing@thing.com')
+    assert_nil thing.encrypted_email_salt
+  end
+
   def test_should_decrypt_second_record
     @user1 = User.new
     @user1.email = 'test@example.com'
@@ -328,4 +362,32 @@ class AttrEncryptedTest < Minitest::Test
 
     assert_equal 'test@example.com', @user1.decrypt(:email, @user1.encrypted_email)
   end
+
+  def test_should_specify_the_default_algorithm
+    assert YetAnotherClass.encrypted_attributes[:email][:algorithm]
+    assert_equal YetAnotherClass.encrypted_attributes[:email][:algorithm], 'aes-256-gcm'
+  end
+
+  def test_should_not_encode_iv_when_encode_iv_is_false
+    email = 'thing@thing.com'
+    thing = YetAnotherClass.new(email: email)
+    refute thing.encrypted_email_iv =~ base64_encoding_regex
+    assert_equal thing.email, email
+  end
+
+  def test_should_base64_encode_iv_by_default
+    phone_number = '555-555-5555'
+    thing = YetAnotherClass.new
+    thing.phone_number = phone_number
+    assert thing.encrypted_phone_number_iv =~ base64_encoding_regex
+    assert_equal thing.phone_number, phone_number
+  end
+
+  def test_should_generate_unique_iv_for_every_encrypt_operation
+    user = User.new
+    user.email = 'initial_value@test.com'
+    original_iv = user.encrypted_email_iv
+    user.email = 'revised_value@test.com'
+    refute_equal original_iv, user.encrypted_email_iv
+  end
 end

data/test/compatibility_test.rb

@@ -1,5 +1,5 @@
 # -*- encoding: utf-8 -*-
-require File.expand_path('../test_helper', __FILE__)
+require_relative 'test_helper'
 
 # Test to ensure that existing representations in database do not break on
 # migrating to new versions of this gem. This ensures that future versions of
@@ -13,11 +13,13 @@ class CompatibilityTest < Minitest::Test
     PET_BIRTHDATE_KEY = 'my-really-really-secret-pet-birthdate-key'
 
     self.attr_encrypted_options[:mode] = :per_attribute_iv_and_salt
+    self.attr_encrypted_options[:algorithm] = 'aes-256-cbc'
+    self.attr_encrypted_options[:insecure_mode] = true
 
     attr_encrypted :nickname,
-      :key => proc { Encryptor.encrypt(:value => PET_NICKNAME_SALT, :key => PET_NICKNAME_KEY) }
+      :key => proc { Encryptor.encrypt(:value => PET_NICKNAME_SALT, :key => PET_NICKNAME_KEY, insecure_mode: true, algorithm: 'aes-256-cbc') }
     attr_encrypted :birthdate,
-      :key => proc { Encryptor.encrypt(:value => PET_BIRTHDATE_SALT, :key => PET_BIRTHDATE_KEY) }
+      :key => proc { Encryptor.encrypt(:value => PET_BIRTHDATE_SALT, :key => PET_BIRTHDATE_KEY, insecure_mode: true, algorithm: 'aes-256-cbc') }
   end
 
   class MarshallingPet < ActiveRecord::Base
@@ -27,12 +29,14 @@ class CompatibilityTest < Minitest::Test
     PET_BIRTHDATE_KEY = 'my-really-really-secret-pet-birthdate-key'
 
     self.attr_encrypted_options[:mode] = :per_attribute_iv_and_salt
+    self.attr_encrypted_options[:algorithm] = 'aes-256-cbc'
+    self.attr_encrypted_options[:insecure_mode] = true
 
     attr_encrypted :nickname,
-      :key => proc { Encryptor.encrypt(:value => PET_NICKNAME_SALT, :key => PET_NICKNAME_KEY) },
+      :key => proc { Encryptor.encrypt(:value => PET_NICKNAME_SALT, :key => PET_NICKNAME_KEY, insecure_mode: true, algorithm: 'aes-256-cbc') },
       :marshal => true
     attr_encrypted :birthdate,
-      :key => proc { Encryptor.encrypt(:value => PET_BIRTHDATE_SALT, :key => PET_BIRTHDATE_KEY) },
+      :key => proc { Encryptor.encrypt(:value => PET_BIRTHDATE_SALT, :key => PET_BIRTHDATE_KEY, insecure_mode: true, algorithm: 'aes-256-cbc') },
       :marshal => true
   end
 
@@ -58,69 +62,46 @@ class CompatibilityTest < Minitest::Test
   end
 
   def test_marshalling_backwards_compatibility
-    # Marshalling formats changed significantly from Ruby 1.8.7 to 1.9.3.
-    # Also, Date class did not correctly support marshalling pre-1.9.3, so here
-    # we just marshal it as a string in the Ruby 1.8.7 case.
-    if RUBY_VERSION < '1.9.3'
-      pet = MarshallingPet.create!(
-        :name => 'Fido',
-        :encrypted_nickname => 'NhpLBIp3aKRzNZrUgUfVuceYi4x+8lE3wUsVCSI9BcU=',
-        :encrypted_nickname_iv => 'wpQqrj3KN16fN6PsAerUTA==',
-        :encrypted_nickname_salt => '8f1a62d274ca8a3a',
-        :encrypted_birthdate => '4nbCEzcj6CjLd3B9liKm9Q==',
-        :encrypted_birthdate_iv => 'Vt10PQZMrbamh/gmjSLdkQ==',
-        :encrypted_birthdate_salt => 'cfb245a3df76404f'
-      )
-    else
-      pet = MarshallingPet.create!(
-        :name => 'Fido',
-        :encrypted_nickname => 'EsQScJYkPw80vVGvKWkE37Px99HHpXPFjoEPTNa4rbs=',
-        :encrypted_nickname_iv => 'fNq1OZcGvty4KfcvGTcFSw==',
-        :encrypted_nickname_salt => '733b459b7d34c217',
-        :encrypted_birthdate => '+VUlKQGfNWkOgCwI4hv+3qlGIwh9h6cJ/ranJlaxvU+xxQdL3H3cOzTcI2rkYkdR',
-        :encrypted_birthdate_iv => 'Ka+zF/SwEYZKwVa24lvFfA==',
-        :encrypted_birthdate_salt => 'd5e892d5bbd81566'
-      )
-    end
+    pet = MarshallingPet.create!(
+      :name => 'Fido',
+      :encrypted_nickname => 'EsQScJYkPw80vVGvKWkE37Px99HHpXPFjoEPTNa4rbs=',
+      :encrypted_nickname_iv => 'fNq1OZcGvty4KfcvGTcFSw==',
+      :encrypted_nickname_salt => '733b459b7d34c217',
+      :encrypted_birthdate => '+VUlKQGfNWkOgCwI4hv+3qlGIwh9h6cJ/ranJlaxvU+xxQdL3H3cOzTcI2rkYkdR',
+      :encrypted_birthdate_iv => 'Ka+zF/SwEYZKwVa24lvFfA==',
+      :encrypted_birthdate_salt => 'd5e892d5bbd81566'
+    )
 
     assert_equal 'Fido', pet.name
     assert_equal 'Mummy\'s little helper', pet.nickname
 
-    # See earlier comment.
-    if RUBY_VERSION < '1.9.3'
-      assert_equal '2011-07-09', pet.birthdate
-    else
-      assert_equal Date.new(2011, 7, 9), pet.birthdate
-    end
+    assert_equal Date.new(2011, 7, 9), pet.birthdate
   end
 
   private
 
   def create_tables
-    silence_stream(STDOUT) do
-      ActiveRecord::Schema.define(:version => 1) do
-        create_table :nonmarshalling_pets do |t|
-          t.string :name
-          t.string :encrypted_nickname
-          t.string :encrypted_nickname_iv
-          t.string :encrypted_nickname_salt
-          t.string :encrypted_birthdate
-          t.string :encrypted_birthdate_iv
-          t.string :encrypted_birthdate_salt
-        end
-        create_table :marshalling_pets do |t|
-          t.string :name
-          t.string :encrypted_nickname
-          t.string :encrypted_nickname_iv
-          t.string :encrypted_nickname_salt
-          t.string :encrypted_birthdate
-          t.string :encrypted_birthdate_iv
-          t.string :encrypted_birthdate_salt
-        end
+    ActiveRecord::Schema.define(:version => 1) do
+      create_table :nonmarshalling_pets do |t|
+        t.string :name
+        t.string :encrypted_nickname
+        t.string :encrypted_nickname_iv
+        t.string :encrypted_nickname_salt
+        t.string :encrypted_birthdate
+        t.string :encrypted_birthdate_iv
+        t.string :encrypted_birthdate_salt
+      end
+      create_table :marshalling_pets do |t|
+        t.string :name
+        t.string :encrypted_nickname
+        t.string :encrypted_nickname_iv
+        t.string :encrypted_nickname_salt
+        t.string :encrypted_birthdate
+        t.string :encrypted_birthdate_iv
+        t.string :encrypted_birthdate_salt
       end
     end
   end
 end
 
 ActiveRecord::Base.establish_connection :adapter => 'sqlite3', :database => ':memory:'
-

data/test/data_mapper_test.rb

@@ -1,4 +1,4 @@
-require File.expand_path('../test_helper', __FILE__)
+require_relative 'test_helper'
 
 DataMapper.setup(:default, 'sqlite3::memory:')
 

data/test/legacy_active_record_test.rb

@@ -1,17 +1,15 @@
 # -*- encoding: utf-8 -*-
-require File.expand_path('../test_helper', __FILE__)
+require_relative 'test_helper'
 
 ActiveRecord::Base.establish_connection :adapter => 'sqlite3', :database => ':memory:'
 
 def create_people_table
-  silence_stream(STDOUT) do
-    ActiveRecord::Schema.define(:version => 1) do
-      create_table :legacy_people do |t|
-        t.string   :encrypted_email
-        t.string   :password
-        t.string   :encrypted_credentials
-        t.string   :salt
-      end
+  ActiveRecord::Schema.define(:version => 1) do
+    create_table :legacy_people do |t|
+      t.string   :encrypted_email
+      t.string   :password
+      t.string   :encrypted_credentials
+      t.string   :salt
     end
   end
 end
@@ -22,8 +20,12 @@ create_people_table
 ActiveRecord::MissingAttributeError = ActiveModel::MissingAttributeError unless defined?(ActiveRecord::MissingAttributeError)
 
 class LegacyPerson < ActiveRecord::Base
+  self.attr_encrypted_options[:insecure_mode] = true
+  self.attr_encrypted_options[:algorithm] = 'aes-256-cbc'
+  self.attr_encrypted_options[:mode] = :single_iv_and_salt
+
   attr_encrypted :email, :key => 'a secret key'
-  attr_encrypted :credentials, :key => Proc.new { |user| Encryptor.encrypt(:value => user.salt, :key => 'some private key') }, :marshal => true
+  attr_encrypted :credentials, :key => Proc.new { |user| Encryptor.encrypt(:value => user.salt, :key => 'some private key', insecure_mode: true, algorithm: 'aes-256-cbc') }, :marshal => true
 
   ActiveSupport::Deprecation.silenced = true
   def after_initialize; end
@@ -55,7 +57,7 @@ class LegacyActiveRecordTest < Minitest::Test
   def test_should_decrypt_with_correct_encoding
     if defined?(Encoding)
       @person = LegacyPerson.create :email => 'test@example.com'
-      assert_equal 'UTF-8', LegacyPerson.find(:first).email.encoding.name
+      assert_equal 'UTF-8', LegacyPerson.first.email.encoding.name
     end
   end
 
@@ -63,14 +65,14 @@ class LegacyActiveRecordTest < Minitest::Test
     @person = LegacyPerson.create :email => 'test@example.com'
     refute_nil @person.encrypted_email
     refute_equal @person.email, @person.encrypted_email
-    assert_equal @person.email, LegacyPerson.find(:first).email
+    assert_equal @person.email, LegacyPerson.first.email
   end
 
   def test_should_marshal_and_encrypt_credentials
     @person = LegacyPerson.create
     refute_nil @person.encrypted_credentials
     refute_equal @person.credentials, @person.encrypted_credentials
-    assert_equal @person.credentials, LegacyPerson.find(:first).credentials
+    assert_equal @person.credentials, LegacyPerson.first.credentials
   end
 
   def test_should_find_by_email
@@ -86,13 +88,13 @@ class LegacyActiveRecordTest < Minitest::Test
 
   def test_should_scope_by_email
     @person = LegacyPerson.create(:email => 'test@example.com')
-    assert_equal @person, LegacyPerson.scoped_by_email('test@example.com').find(:first) rescue NoMethodError
+    assert_equal @person, LegacyPerson.scoped_by_email('test@example.com').first rescue NoMethodError
   end
 
   def test_should_scope_by_email_and_password
     LegacyPerson.create(:email => 'test@example.com', :password => 'invalid')
     @person = LegacyPerson.create(:email => 'test@example.com', :password => 'test')
-    assert_equal @person, LegacyPerson.scoped_by_email_and_password('test@example.com', 'test').find(:first) rescue NoMethodError
+    assert_equal @person, LegacyPerson.scoped_by_email_and_password('test@example.com', 'test').first rescue NoMethodError
   end
 
   def test_should_encode_by_default

data/test/legacy_attr_encrypted_test.rb

@@ -1,5 +1,5 @@
 # -*- encoding: utf-8 -*-
-require File.expand_path('../test_helper', __FILE__)
+require_relative 'test_helper'
 
 class LegacySillyEncryptor
   def self.silly_encrypt(options)
@@ -12,7 +12,11 @@ class LegacySillyEncryptor
 end
 
 class LegacyUser
+  extend AttrEncrypted
   self.attr_encrypted_options[:key] = Proc.new { |user| user.class.to_s } # default key
+  self.attr_encrypted_options[:insecure_mode] = true
+  self.attr_encrypted_options[:algorithm] = 'aes-256-cbc'
+  self.attr_encrypted_options[:mode] = :single_iv_and_salt
 
   attr_encrypted :email, :without_encoding, :key => 'secret key'
   attr_encrypted :password, :prefix => 'crypted_', :suffix => '_test'
@@ -43,6 +47,7 @@ class LegacyAdmin < LegacyUser
 end
 
 class LegacySomeOtherClass
+  extend AttrEncrypted
   def self.call(object)
     object.class
   end
@@ -174,7 +179,7 @@ class LegacyAttrEncryptedTest < Minitest::Test
     assert_nil @user.ssn_encrypted
     @user.ssn = 'testing'
     refute_nil @user.ssn_encrypted
-    assert_equal Encryptor.encrypt(:value => 'testing', :key => @user.salt), @user.ssn_encrypted
+    assert_equal Encryptor.encrypt(:value => 'testing', :key => @user.salt, insecure_mode: true, algorithm: 'aes-256-cbc'), @user.ssn_encrypted
   end
 
   def test_should_evaluate_a_key_passed_as_a_proc
@@ -182,7 +187,7 @@ class LegacyAttrEncryptedTest < Minitest::Test
     assert_nil @user.crypted_password_test
     @user.password = 'testing'
     refute_nil @user.crypted_password_test
-    assert_equal Encryptor.encrypt(:value => 'testing', :key => 'LegacyUser'), @user.crypted_password_test
+    assert_equal Encryptor.encrypt(:value => 'testing', :key => 'LegacyUser', insecure_mode: true, algorithm: 'aes-256-cbc'), @user.crypted_password_test
   end
 
   def test_should_use_options_found_in_the_attr_encrypted_options_attribute
@@ -190,7 +195,7 @@ class LegacyAttrEncryptedTest < Minitest::Test
     assert_nil @user.crypted_password_test
     @user.password = 'testing'
     refute_nil @user.crypted_password_test
-    assert_equal Encryptor.encrypt(:value => 'testing', :key => 'LegacyUser'), @user.crypted_password_test
+    assert_equal Encryptor.encrypt(:value => 'testing', :key => 'LegacyUser', insecure_mode: true, algorithm: 'aes-256-cbc'), @user.crypted_password_test
   end
 
   def test_should_inherit_encrypted_attributes
@@ -208,23 +213,24 @@ class LegacyAttrEncryptedTest < Minitest::Test
   end
 
   def test_should_evaluate_a_symbol_option
-    assert_equal Object, Object.new.send(:evaluate_attr_encrypted_option, :class)
+    assert_equal LegacySomeOtherClass, LegacySomeOtherClass.new.send(:evaluate_attr_encrypted_option, :class)
   end
 
   def test_should_evaluate_a_proc_option
-    assert_equal Object, Object.new.send(:evaluate_attr_encrypted_option, proc { |object| object.class })
+    assert_equal LegacySomeOtherClass, LegacySomeOtherClass.new.send(:evaluate_attr_encrypted_option, proc { |object| object.class })
   end
 
   def test_should_evaluate_a_lambda_option
-    assert_equal Object, Object.new.send(:evaluate_attr_encrypted_option, lambda { |object| object.class })
+    assert_equal LegacySomeOtherClass, LegacySomeOtherClass.new.send(:evaluate_attr_encrypted_option, lambda { |object| object.class })
   end
 
   def test_should_evaluate_a_method_option
-    assert_equal Object, Object.new.send(:evaluate_attr_encrypted_option, LegacySomeOtherClass.method(:call))
+    assert_equal LegacySomeOtherClass, LegacySomeOtherClass.new.send(:evaluate_attr_encrypted_option, LegacySomeOtherClass.method(:call))
   end
 
   def test_should_return_a_string_option
-    assert_equal 'Object', Object.new.send(:evaluate_attr_encrypted_option, 'Object')
+    class_string = 'LegacySomeOtherClass'
+    assert_equal class_string, LegacySomeOtherClass.new.send(:evaluate_attr_encrypted_option, class_string)
   end
 
   def test_should_encrypt_with_true_if
@@ -232,7 +238,7 @@ class LegacyAttrEncryptedTest < Minitest::Test
     assert_nil @user.encrypted_with_true_if
     @user.with_true_if = 'testing'
     refute_nil @user.encrypted_with_true_if
-    assert_equal Encryptor.encrypt(:value => 'testing', :key => 'secret key'), @user.encrypted_with_true_if
+    assert_equal Encryptor.encrypt(:value => 'testing', :key => 'secret key', insecure_mode: true, algorithm: 'aes-256-cbc'), @user.encrypted_with_true_if
   end
 
   def test_should_not_encrypt_with_false_if
@@ -248,7 +254,7 @@ class LegacyAttrEncryptedTest < Minitest::Test
     assert_nil @user.encrypted_with_false_unless
     @user.with_false_unless = 'testing'
     refute_nil @user.encrypted_with_false_unless
-    assert_equal Encryptor.encrypt(:value => 'testing', :key => 'secret key'), @user.encrypted_with_false_unless
+    assert_equal Encryptor.encrypt(:value => 'testing', :key => 'secret key', insecure_mode: true, algorithm: 'aes-256-cbc'), @user.encrypted_with_false_unless
   end
 
   def test_should_not_encrypt_with_true_unless
@@ -266,11 +272,6 @@ class LegacyAttrEncryptedTest < Minitest::Test
   def test_should_always_reset_options
     @user = LegacyUser.new
     @user.with_if_changed = "encrypt_stuff"
-    @user.stubs(:instance_variable_get).returns(nil)
-    @user.stubs(:instance_variable_set).raises("BadStuff")
-    assert_raises RuntimeError do
-      @user.with_if_changed
-    end
 
     @user = LegacyUser.new
     @user.should_encrypt = false