attr_encrypted 2.0.0 → 3.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 3a0be3a350e84025ea0cb74994429572c39a46e6
-  data.tar.gz: 9b0fe0406c35007117ed1c0cabca0157410dcc41
+  metadata.gz: 7818979e143dc8810acdc45dfe6ae67273be455d
+  data.tar.gz: 734c97e4b7d4109b40f4f6bdf7c34aace6e3be3b
 SHA512:
-  metadata.gz: 7a6cce9239ecf6143d2280c2a2f2e43b37b0a7c99341934984e80eaedc100b0d0d317b9b87be073d1bfd953e3fb997010f9eb16520d1880f2b3ea161c952829e
-  data.tar.gz: a4aa866eb7607d56b5de2ef238163310ac6fd34e0b3595dd99b6e7a18734d7e4c9addd562fbbcc134d38fab255408fd68d7f0a5bc6f8525e241d68e8bcb35edd
+  metadata.gz: 6d8458d63ccd20fbeb9ae4d79689e0a90d3007bd0a212c428c9b95b44d20f39c5e038215bac1e5c7af1138f2517faf7a96973167b213be289a6b5fc7c1b75918
+  data.tar.gz: 57201322d4c3dcbf30bf5c74f931b47bf6478626e925620497fc842d87c393aeb507d277c92f524ff233d515acafad1d367ecb3427250ace7d125a9e3ecb1ab8

data/CHANGELOG.md

@@ -1,5 +1,10 @@
 # attr_encrypted #
 
+## 3.0.0 ##
+* Changed: Updated gemspec to use Encryptor v3.0.0. (@saghaulor)
+* Changed: Updated README with instructions related to moving from v2.0.0 to v3.0.0. (@saghaulor)
+* Fixed: ActiveModel::Dirty methods in the ActiveRecord adapter. (@saghaulor)
+
 ## 2.0.0 ##
 * Added: Now using Encryptor v2.0.0 (@saghaulor)
 * Added: Options are copied to the instance. (@saghaulor)

data/README.md

@@ -11,7 +11,7 @@ It works with ANY class, however, you get a few extra features when you're using
 Add attr_encrypted to your gemfile:
 
 ```ruby
-  gem attr_encrypted, "~> 2.0.0"
+  gem "attr_encrypted", "~> 3.0.0"
 ```
 
 Then install the gem:
@@ -37,22 +37,22 @@ If you're using a PORO, you have to do a little bit more work by extending the c
     extend AttrEncrypted
     attr_accessor :name
     attr_encrypted :ssn, key: 'This is a key that is 256 bits!!'
-  
+
     def load
       # loads the stored data
     end
-  
+
     def save
       # saves the :name and :encrypted_ssn attributes somewhere (e.g. filesystem, database, etc)
     end
   end
-  
+
   user = User.new
   user.ssn = '123-45-6789'
   user.ssn # returns the unencrypted object ie. '123-45-6789'
   user.encrypted_ssn # returns the encrypted version of :ssn
   user.save
-  
+
   user = User.load
   user.ssn # decrypts :encrypted_ssn and returns '123-45-6789'
 ```
@@ -242,7 +242,7 @@ Lets suppose you'd like to use this custom encryptor class:
     def self.silly_encrypt(options)
       (options[:value] + options[:secret_key]).reverse
     end
-  
+
     def self.silly_decrypt(options)
       options[:value].reverse.gsub(/#{options[:secret_key]}$/, '')
     end
@@ -374,12 +374,12 @@ Backwards compatibility is supported by providing a special option that is passe
 The `:insecure_mode` option will allow encryptor to ignore the new security requirements. It is strongly advised that if you use this older insecure behavior that you migrate to the newer more secure behavior.
 
 
-## Upgrading from attr_encrypted v1.x to v2.x
+## Upgrading from attr_encrypted v1.x to v3.x
 
 Modify your gemfile to include the new version of attr_encrypted:
 
 ```ruby
-  gem attr_encrypted, "~> 2.0.0"
+  gem attr_encrypted, "~> 3.0.0"
 ```
 
 The update attr_encrypted:
@@ -390,6 +390,30 @@ The update attr_encrypted:
 
 Then modify your models using attr\_encrypted to account for the changes in default options. Specifically, pass in the `:mode` and `:algorithm` options that you were using if you had not previously done so. If your key is insufficient length relative to the algorithm that you use, you should also pass in `insecure_mode: true`; this will prevent Encryptor from raising an exception regarding insufficient key length. Please see the Deprecations sections for more details including an example of how to specify your model with default options from attr_encrypted v1.x.
 
+## Upgrading from attr_encrypted v2.x to v3.x
+
+A bug was discovered in Encryptor v2.0.0 that inccorectly set the IV when using an AES-\*-GCM algorithm. Unfornately fixing this major security issue results in the inability to decrypt records encrypted using an AES-*-GCM algorithm from Encryptor v2.0.0. Please see [Upgrading to Encryptor v3.0.0](https://github.com/attr-encrypted/encryptor#upgrading-from-v200-to-v300) for more info.
+
+It is strongly advised that you re-encrypt your data encrypted with Encryptor v2.0.0. However, you'll have to take special care to re-encrypt. To decrypt data encrypted with Encryptor v2.0.0 using an AES-\*-GCM algorithm you can use the `:v2_gcm_iv` option.
+
+It is recommended that you implement a strategy to insure that you do not mix the encryption implementations of Encryptor. One way to do this is to re-encrypt everything while your application is offline.Another way is to add a column that keeps track of what implementation was used. The path that you choose will depend on your situtation. Below is an example of how you might go about re-encrypting your data.
+
+```ruby
+  class User
+    attr_encrypted :ssn, key: :encryption_key, v2_gcm_iv: :is_decrypting?(:ssn)
+
+    def is_decrypting?(attribute)
+      encrypted_atributes[attribute][operation] == :decrypting
+    end
+  end
+
+  User.all.each do |user|
+    old_ssn = user.ssn
+    user.ssn= old_ssn
+    user.save
+  end
+```
+
 ## Things to consider before using attr_encrypted
 
 #### Searching, joining, etc

data/attr_encrypted.gemspec

@@ -28,7 +28,7 @@ Gem::Specification.new do |s|
 
   s.required_ruby_version = '>= 2.0.0'
 
-  s.add_dependency('encryptor', ['~> 2.0.0'])
+  s.add_dependency('encryptor', ['~> 3.0.0'])
   # support for testing with specific active record version
   activerecord_version = if ENV.key?('ACTIVERECORD')
     "~> #{ENV['ACTIVERECORD']}"
@@ -55,6 +55,9 @@ Gem::Specification.new do |s|
   s.cert_chain  = ['certs/saghaulor.pem']
   s.signing_key = File.expand_path("~/.ssh/gem-private_key.pem") if $0 =~ /gem\z/
 
-  s.post_install_message = "\n\n\nWARNING: Several insecure default options and features have been deprecated in attr_encrypted v2.0.0. Please see the README for more details.\n\n\n"
+  s.post_install_message = "\n\n\nWARNING: Several insecure default options and features were deprecated in attr_encrypted v2.0.0.\n
+Additionally, there was a bug in Encryptor v2.0.0 that insecurely encrypted data when using an AES-*-GCM algorithm.\n
+This bug was fixed but introduced breaking changes between v2.x and v3.x.\n
+Please see the README for more information regarding upgrading to attr_encrypted v3.0.0.\n\n\n"
 
 end

data/lib/attr_encrypted.rb

@@ -350,7 +350,7 @@ module AttrEncrypted
       def evaluated_attr_encrypted_options_for(attribute)
         evaluated_options = Hash.new
         attribute_option_value = encrypted_attributes[attribute.to_sym][:attribute]
-        self.class.encrypted_attributes[attribute.to_sym].map do |option, value|
+        encrypted_attributes[attribute.to_sym].map do |option, value|
           evaluated_options[option] = evaluate_attr_encrypted_option(value)
         end
 
@@ -383,7 +383,7 @@ module AttrEncrypted
       def load_iv_for_attribute(attribute, options)
         encrypted_attribute_name = options[:attribute]
         encode_iv = options[:encode_iv]
-        iv = send("#{encrypted_attribute_name}_iv")
+        iv = options[:iv] || send("#{encrypted_attribute_name}_iv")
         if options[:operation] == :encrypting
           begin
             iv = generate_iv(options[:algorithm])
@@ -407,7 +407,7 @@ module AttrEncrypted
       def load_salt_for_attribute(attribute, options)
         encrypted_attribute_name = options[:attribute]
         encode_salt = options[:encode_salt]
-        salt = send("#{encrypted_attribute_name}_salt")
+        salt = options[:salt] || send("#{encrypted_attribute_name}_salt")
         if (salt == nil)
           salt = SecureRandom.random_bytes
           salt = prefix_and_encode_salt(salt, encode_salt) if encode_salt

data/lib/attr_encrypted/adapters/active_record.rb

@@ -53,11 +53,17 @@ if defined?(ActiveRecord::Base)
             options.merge! encrypted_attributes[attr]
 
             define_method("#{attr}_changed?") do
-              send(attr) != decrypt(attr, send("#{options[:attribute]}_was"))
+              if send("#{options[:attribute]}_changed?")
+                send(attr) != send("#{attr}_was")
+              end
             end
 
             define_method("#{attr}_was") do
-              decrypt(attr, send("#{options[:attribute]}_was")) if send("#{attr}_changed?")
+              iv_and_salt = { iv: send("#{options[:attribute]}_iv_was"), salt: send("#{options[:attribute]}_salt_was"), operation: :decrypting }
+              encrypted_attributes[attr].merge!(iv_and_salt)
+              evaluated_options = evaluated_attr_encrypted_options_for(attr)
+              [:iv, :salt, :operation].each { |key| encrypted_attributes[attr].delete(key) }
+              self.class.decrypt(attr, send("#{options[:attribute]}_was"), evaluated_options)
             end
 
             alias_method "#{attr}_before_type_cast", attr

data/lib/attr_encrypted/version.rb

@@ -1,7 +1,7 @@
 module AttrEncrypted
   # Contains information about this gem's version
   module Version
-    MAJOR = 2
+    MAJOR = 3
     MINOR = 0
     PATCH = 0
 

data/test/active_record_test.rb

@@ -1,15 +1,16 @@
 require_relative 'test_helper'
 
-ActiveRecord::Base.establish_connection :adapter => 'sqlite3', :database => ':memory:'
+ActiveRecord::Base.establish_connection(adapter: 'sqlite3', database: ':memory:')
 
 def create_tables
   silence_stream(STDOUT) do
-    ActiveRecord::Schema.define(:version => 1) do
+    ActiveRecord::Schema.define(version: 1) do
       create_table :people do |t|
         t.string   :encrypted_email
         t.string   :password
         t.string   :encrypted_credentials
         t.binary   :salt
+        t.binary   :key_iv
         t.string   :encrypted_email_salt
         t.string   :encrypted_credentials_salt
         t.string   :encrypted_email_iv
@@ -23,10 +24,12 @@ def create_tables
       create_table :users do |t|
         t.string :login
         t.string :encrypted_password
+        t.string :encrypted_password_iv
         t.boolean :is_admin
       end
       create_table :prime_ministers do |t|
         t.string :encrypted_name
+        t.string :encrypted_name_iv
       end
       create_table :addresses do |t|
         t.binary :encrypted_street
@@ -55,16 +58,17 @@ end
 
 class Person < ActiveRecord::Base
   self.attr_encrypted_options[:mode] = :per_attribute_iv_and_salt
-  attr_encrypted :email, :key => SECRET_KEY
-  attr_encrypted :credentials, :key => Proc.new { |user| Encryptor.encrypt(:value => user.salt, :key => SECRET_KEY, iv: SecureRandom.random_bytes(12)) }, :marshal => true
+  attr_encrypted :email, key: SECRET_KEY
+  attr_encrypted :credentials, key: Proc.new { |user| Encryptor.encrypt(value: user.salt, key: SECRET_KEY, iv: user.key_iv) }, marshal: true
 
   after_initialize :initialize_salt_and_credentials
 
   protected
 
   def initialize_salt_and_credentials
+    self.key_iv ||= SecureRandom.random_bytes(12)
     self.salt ||= Digest::SHA256.hexdigest((Time.now.to_i * rand(1000)).to_s)[0..15]
-    self.credentials ||= { :username => 'example', :password => 'test' }
+    self.credentials ||= { username: 'example', password: 'test' }
   end
 end
 
@@ -73,34 +77,34 @@ class PersonWithValidation < Person
 end
 
 class PersonWithProcMode < Person
-  attr_encrypted :email,       :key => SECRET_KEY, :mode => Proc.new { :per_attribute_iv_and_salt }
-  attr_encrypted :credentials, :key => SECRET_KEY, :mode => Proc.new { :single_iv_and_salt }, insecure_mode: true
+  attr_encrypted :email,       key: SECRET_KEY, mode: Proc.new { :per_attribute_iv_and_salt }
+  attr_encrypted :credentials, key: SECRET_KEY, mode: Proc.new { :single_iv_and_salt }, insecure_mode: true
 end
 
 class Account < ActiveRecord::Base
   attr_accessor :key
-  attr_encrypted :password, :key => Proc.new {|account| account.key}
+  attr_encrypted :password, key: Proc.new {|account| account.key}
 end
 
 class PersonWithSerialization < ActiveRecord::Base
   self.table_name = 'people'
-  attr_encrypted :email, :key => SECRET_KEY
+  attr_encrypted :email, key: SECRET_KEY
   serialize :password
 end
 
 class UserWithProtectedAttribute < ActiveRecord::Base
   self.table_name = 'users'
-  attr_encrypted :password, :key => SECRET_KEY
+  attr_encrypted :password, key: SECRET_KEY
   attr_protected :is_admin if ::ActiveRecord::VERSION::STRING < "4.0"
 end
 
 class PersonUsingAlias < ActiveRecord::Base
   self.table_name = 'people'
-  attr_encryptor :email, :key => SECRET_KEY
+  attr_encryptor :email, key: SECRET_KEY
 end
 
 class PrimeMinister < ActiveRecord::Base
-  attr_encrypted :name, :marshal => true, :key => SECRET_KEY
+  attr_encrypted :name, marshal: true, key: SECRET_KEY
 end
 
 class Address < ActiveRecord::Base
@@ -115,11 +119,11 @@ class ActiveRecordTest < Minitest::Test
   def setup
     ActiveRecord::Base.connection.tables.each { |table| ActiveRecord::Base.connection.drop_table(table) }
     create_tables
-    Account.create!(:key => SECRET_KEY, :password => "password")
+    Account.create!(key: SECRET_KEY, password: "password")
   end
 
   def test_should_encrypt_email
-    @person = Person.create :email => 'test@example.com'
+    @person = Person.create(email: 'test@example.com')
     refute_nil @person.encrypted_email
     refute_equal @person.email, @person.encrypted_email
     assert_equal @person.email, Person.first.email
@@ -143,93 +147,97 @@ class ActiveRecordTest < Minitest::Test
   end
 
   def test_should_encrypt_decrypt_with_iv
-    @person = Person.create :email => 'test@example.com'
+    @person = Person.create(email: 'test@example.com')
     @person2 = Person.find(@person.id)
     refute_nil @person2.encrypted_email_iv
     assert_equal 'test@example.com', @person2.email
   end
 
   def test_should_ensure_attributes_can_be_deserialized
-    @person = PersonWithSerialization.new :email => 'test@example.com', :password => %w(an array of strings)
+    @person = PersonWithSerialization.new(email: 'test@example.com', password: %w(an array of strings))
     @person.save
     assert_equal @person.password, %w(an array of strings)
   end
 
   def test_should_create_an_account_regardless_of_arguments_order
-    Account.create!(:key => SECRET_KEY, :password => "password")
-    Account.create!(:password => "password" , :key => SECRET_KEY)
+    Account.create!(key: SECRET_KEY, password: "password")
+    Account.create!(password: "password" , key: SECRET_KEY)
   end
 
   def test_should_set_attributes_regardless_of_arguments_order
     # minitest does not implement `assert_nothing_raised` https://github.com/seattlerb/minitest/issues/112
-    Account.new.attributes = { :password => "password" , :key => SECRET_KEY }
+    Account.new.attributes = { password: "password", key: SECRET_KEY }
   end
 
   def test_should_preserve_hash_key_type
-    hash = { :foo => 'bar' }
-    account = Account.create!(:key => hash)
+    hash = { foo: 'bar' }
+    account = Account.create!(key: hash)
     assert_equal account.key, hash
   end
 
   def test_should_create_changed_predicate
-    person = Person.create!(:email => 'test@example.com')
-    assert !person.email_changed?
+    person = Person.create!(email: 'test@example.com')
+    refute person.email_changed?
+    person.email = 'test@example.com'
+    refute person.email_changed?
+    person.email = nil
+    assert person.email_changed?
     person.email = 'test2@example.com'
     assert person.email_changed?
   end
 
   def test_should_create_was_predicate
     original_email = 'test@example.com'
-    person = Person.create!(:email => original_email)
-    assert !person.email_was
+    person = Person.create!(email: original_email)
+    assert_equal original_email, person.email_was
     person.email = 'test2@example.com'
-    assert_equal person.email_was, original_email
+    assert_equal original_email, person.email_was
   end
 
   if ::ActiveRecord::VERSION::STRING > "4.0"
     def test_should_assign_attributes
-      @user = UserWithProtectedAttribute.new :login => 'login', :is_admin => false
-      @user.attributes = ActionController::Parameters.new(:login => 'modified', :is_admin => true).permit(:login)
+      @user = UserWithProtectedAttribute.new(login: 'login', is_admin: false)
+      @user.attributes = ActionController::Parameters.new(login: 'modified', is_admin: true).permit(:login)
       assert_equal 'modified', @user.login
     end
 
     def test_should_not_assign_protected_attributes
-      @user = UserWithProtectedAttribute.new :login => 'login', :is_admin => false
-      @user.attributes = ActionController::Parameters.new(:login => 'modified', :is_admin => true).permit(:login)
+      @user = UserWithProtectedAttribute.new(login: 'login', is_admin: false)
+      @user.attributes = ActionController::Parameters.new(login: 'modified', is_admin: true).permit(:login)
       assert !@user.is_admin?
     end
 
     def test_should_raise_exception_if_not_permitted
-      @user = UserWithProtectedAttribute.new :login => 'login', :is_admin => false
+      @user = UserWithProtectedAttribute.new(login: 'login', is_admin: false)
       assert_raises ActiveModel::ForbiddenAttributesError do
-        @user.attributes = ActionController::Parameters.new(:login => 'modified', :is_admin => true)
+        @user.attributes = ActionController::Parameters.new(login: 'modified', is_admin: true)
       end
     end
 
     def test_should_raise_exception_on_init_if_not_permitted
       assert_raises ActiveModel::ForbiddenAttributesError do
-        @user = UserWithProtectedAttribute.new ActionController::Parameters.new(:login => 'modified', :is_admin => true)
+        @user = UserWithProtectedAttribute.new ActionController::Parameters.new(login: 'modified', is_admin: true)
       end
     end
   else
     def test_should_assign_attributes
-      @user = UserWithProtectedAttribute.new :login => 'login', :is_admin => false
-      @user.attributes = {:login => 'modified', :is_admin => true}
+      @user = UserWithProtectedAttribute.new(login: 'login', is_admin: false)
+      @user.attributes = { login: 'modified', is_admin: true }
       assert_equal 'modified', @user.login
     end
 
     def test_should_not_assign_protected_attributes
-      @user = UserWithProtectedAttribute.new :login => 'login', :is_admin => false
-      @user.attributes = {:login => 'modified', :is_admin => true}
+      @user = UserWithProtectedAttribute.new(login: 'login', is_admin: false)
+      @user.attributes = { login: 'modified', is_admin: true }
       assert !@user.is_admin?
     end
 
     def test_should_assign_protected_attributes
-      @user = UserWithProtectedAttribute.new :login => 'login', :is_admin => false
+      @user = UserWithProtectedAttribute.new(login: 'login', is_admin: false)
       if ::ActiveRecord::VERSION::STRING > "3.1"
-        @user.send :assign_attributes, {:login => 'modified', :is_admin => true}, :without_protection => true
+        @user.send(:assign_attributes, { login: 'modified', is_admin: true }, without_protection: true)
       else
-        @user.send :attributes=, {:login => 'modified', :is_admin => true}, false
+        @user.send(:attributes=, { login: 'modified', is_admin: true }, false)
       end
       assert @user.is_admin?
     end
@@ -241,7 +249,7 @@ class ActiveRecordTest < Minitest::Test
   end
 
   def test_should_allow_proc_based_mode
-    @person = PersonWithProcMode.create :email => 'test@example.com', :credentials => 'password123'
+    @person = PersonWithProcMode.create(email: 'test@example.com', credentials: 'password123')
 
     # Email is :per_attribute_iv_and_salt
     assert_equal @person.class.encrypted_attributes[:email][:mode].class, Proc
@@ -275,21 +283,21 @@ class ActiveRecordTest < Minitest::Test
 
   # See https://github.com/attr-encrypted/attr_encrypted/issues/68
   def test_should_invalidate_virtual_attributes_on_reload
-    pm = PrimeMinister.new(:name => 'Winston Churchill')
-    pm.save!
-    assert_equal 'Winston Churchill', pm.name
-    pm.name = 'Neville Chamberlain'
-    assert_equal 'Neville Chamberlain', pm.name
+    old_pm_name = 'Winston Churchill'
+    new_pm_name = 'Neville Chamberlain'
+    pm = PrimeMinister.create!(name: old_pm_name)
+    assert_equal old_pm_name, pm.name
+    pm.name = new_pm_name
+    assert_equal new_pm_name, pm.name
 
     result = pm.reload
     assert_equal pm, result
-    assert_equal 'Winston Churchill', pm.name
+    assert_equal old_pm_name, pm.name
   end
 
   def test_should_save_encrypted_data_as_binary
     street = '123 Elm'
-    address = Address.new(street: street)
-    address.save!
+    address = Address.create!(street: street)
     refute_equal address.encrypted_street, street
     assert_equal Address.first.street, street
   end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: attr_encrypted
 version: !ruby/object:Gem::Version
-  version: 2.0.0
+  version: 3.0.0
 platform: ruby
 authors:
 - Sean Huber
@@ -33,7 +33,7 @@ cert_chain:
   ZjeLmnSDiwL6doiP5IiwALH/dcHU67ck3NGf6XyqNwQrrmtPY0mv1WVVL4Uh+vYE
   kHoFzE2no0BfBg78Re8fY69P5yES5ncC
   -----END CERTIFICATE-----
-date: 2016-02-23 00:00:00.000000000 Z
+date: 2016-03-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: encryptor
@@ -41,14 +41,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 2.0.0
+        version: 3.0.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 2.0.0
+        version: 3.0.0
 - !ruby/object:Gem::Dependency
   name: activerecord
   requirement: !ruby/object:Gem::Requirement
@@ -246,7 +246,13 @@ post_install_message: |2+
 
 
 
-  WARNING: Several insecure default options and features have been deprecated in attr_encrypted v2.0.0. Please see the README for more details.
+  WARNING: Several insecure default options and features were deprecated in attr_encrypted v2.0.0.
+
+  Additionally, there was a bug in Encryptor v2.0.0 that insecurely encrypted data when using an AES-*-GCM algorithm.
+
+  This bug was fixed but introduced breaking changes between v2.x and v3.x.
+
+  Please see the README for more information regarding upgrading to attr_encrypted v3.0.0.
 
 
 rdoc_options: