attr_encrypted 3.0.0 → 3.0.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 7818979e143dc8810acdc45dfe6ae67273be455d
-  data.tar.gz: 734c97e4b7d4109b40f4f6bdf7c34aace6e3be3b
+  metadata.gz: 5c1a2bcf5e2b7fc8937e96cb0fcd99926bd98d1e
+  data.tar.gz: 40112aef07bda5ba8145b2fb634a9bdbfea34d7a
 SHA512:
-  metadata.gz: 6d8458d63ccd20fbeb9ae4d79689e0a90d3007bd0a212c428c9b95b44d20f39c5e038215bac1e5c7af1138f2517faf7a96973167b213be289a6b5fc7c1b75918
-  data.tar.gz: 57201322d4c3dcbf30bf5c74f931b47bf6478626e925620497fc842d87c393aeb507d277c92f524ff233d515acafad1d367ecb3427250ace7d125a9e3ecb1ab8
+  metadata.gz: cbb4fb1d4fa7e22f791139ab1b9a96324cbb8e07f7e8472561a3dd0ce1fcb0a7c048c0ba413b5bccb876dade09f9528ccc7d23caa4378de3da8ef2c540ba76ad
+  data.tar.gz: ef6b487235f2f92ccdf73de3c806b3b3f9161c2ebcd78b2102e1975edc3150cda28a7b458136a051100e939a271b2e92ca690cd38360ec5c43c9c33db22dc1f4

data/.travis.yml

@@ -4,7 +4,7 @@ cache: bundler
 rvm:
   - 2.0
   - 2.1
-  - 2.2
+  - 2.2.2
   - 2.3.0
   - rbx
 env:
@@ -14,8 +14,15 @@ env:
   - ACTIVERECORD=4.0.0
   - ACTIVERECORD=4.1.0
   - ACTIVERECORD=4.2.0
+  - ACTIVERECORD=5.0.0
 matrix:
   exclude:
+    - rvm: 2.0
+      env: ACTIVERECORD=5.0.0
+    - rvm: 2.1
+      env: ACTIVERECORD=5.0.0
+    - rvm: rbx
+      env: ACTIVERECORD=5.0.0
   allow_failures:
     - rvm: rbx
   fast_finish: true

data/CHANGELOG.md

@@ -1,5 +1,16 @@
 # attr_encrypted #
 
+## 3.0.3 ##
+* Fixed: attr_was would decrypt the attribute upon every call. This is inefficient and introduces problems when the options change between decrypting an old value and encrypting a new value; for example, when rotating the encryption key. As such, the new approach caches the decrypted value of the old encrypted value such that the old options are no longer needed. (@johnny-lai) (@saghaulor)
+
+## 3.0.2 ##
+* Changed: Removed alias_method_chain for compatibility with Rails v5.x (@grosser)
+* Changed: Updated Travis build matrix to include Rails 5. (@saghaulor) (@connorshea)
+* Changed: Removed `.silence_stream` from tests as it has been removed from Rails 5. (@sblackstone)
+
+## 3.0.1 ##
+* Fixed: attr_was method no longer calls undefined methods. (@saghaulor)
+
 ## 3.0.0 ##
 * Changed: Updated gemspec to use Encryptor v3.0.0. (@saghaulor)
 * Changed: Updated README with instructions related to moving from v2.0.0 to v3.0.0. (@saghaulor)

data/README.md

@@ -403,7 +403,7 @@ It is recommended that you implement a strategy to insure that you do not mix th
     attr_encrypted :ssn, key: :encryption_key, v2_gcm_iv: :is_decrypting?(:ssn)
 
     def is_decrypting?(attribute)
-      encrypted_atributes[attribute][operation] == :decrypting
+      encrypted_attributes[attribute][:operation] == :decrypting
     end
   end
 

data/checksum/attr_encrypted-3.0.0.gem.sha256

@@ -0,0 +1 @@
+845fc3cb09a19c3ac76192aba443788f92c880744617bca99b16fd31ce843e07

data/checksum/attr_encrypted-3.0.0.gem.sha512

@@ -0,0 +1 @@
+81a065442258cc3702aab62c7b2307a48ed3e0deb803600d11a7480cce0db7c43fd9929acd2755081042f8989236553fd694b6cb62776bbfc53f9165a22cbca1

data/checksum/attr_encrypted-3.0.1.gem.sha256

@@ -0,0 +1 @@
+33140af4b223177db7a19efb2fa38472a299a745b29ca1c5ba9d3fa947390b77

data/checksum/attr_encrypted-3.0.1.gem.sha512

@@ -0,0 +1 @@
+0c467cab98b9b2eb331f9818323a90ae01392d6cb03cf1f32faccc954d0fc54be65f0fc7bf751b0fce57925eef1c9e2af90181bc40d81ad93e21d15a001c53c6

data/checksum/attr_encrypted-3.0.2.gem.sha256

@@ -0,0 +1 @@
+c1256b459336d4a2012a0d0c70ce5cd3dac46acb5e78da6f77f6f104cb1e8b7b

data/checksum/attr_encrypted-3.0.2.gem.sha512

@@ -0,0 +1 @@
+dca0c8a729974c0e26fde4cd4216c7d0f66d9eca9f6cf0ccca64999f5180a00bf7c05b630c1d420ec1673141a2923946e8bd28b12e711faf64a4cd42c7a3ac9e

data/lib/attr_encrypted/adapters/active_record.rb

@@ -6,19 +6,20 @@ if defined?(ActiveRecord::Base)
           base.class_eval do
 
             # https://github.com/attr-encrypted/attr_encrypted/issues/68
-            def reload_with_attr_encrypted(*args, &block)
+            alias_method :reload_without_attr_encrypted, :reload
+            def reload(*args, &block)
               result = reload_without_attr_encrypted(*args, &block)
               self.class.encrypted_attributes.keys.each do |attribute_name|
                 instance_variable_set("@#{attribute_name}", nil)
               end
               result
             end
-            alias_method_chain :reload, :attr_encrypted
 
             attr_encrypted_options[:encode] = true
 
             class << self
-              alias_method_chain :method_missing, :attr_encrypted
+              alias_method :method_missing_without_attr_encrypted, :method_missing
+              alias_method :method_missing, :method_missing_with_attr_encrypted
             end
 
             def perform_attribute_assignment(method, new_attributes, *args)
@@ -30,16 +31,16 @@ if defined?(ActiveRecord::Base)
             private :perform_attribute_assignment
 
             if ::ActiveRecord::VERSION::STRING > "3.1"
-              def assign_attributes_with_attr_encrypted(*args)
+              alias_method :assign_attributes_without_attr_encrypted, :assign_attributes
+              def assign_attributes(*args)
                 perform_attribute_assignment :assign_attributes_without_attr_encrypted, *args
               end
-              alias_method_chain :assign_attributes, :attr_encrypted
             end
 
-            def attributes_with_attr_encrypted=(*args)
+            alias_method :attributes_without_attr_encrypted=, :attributes=
+            def attributes=(*args)
               perform_attribute_assignment :attributes_without_attr_encrypted=, *args
             end
-            alias_method_chain :attributes=, :attr_encrypted
           end
         end
 
@@ -52,20 +53,32 @@ if defined?(ActiveRecord::Base)
             attr = attrs.pop
             options.merge! encrypted_attributes[attr]
 
-            define_method("#{attr}_changed?") do
-              if send("#{options[:attribute]}_changed?")
-                send(attr) != send("#{attr}_was")
+            define_method("#{attr}_was") do
+              attribute_was(attr)
+            end
+
+            if ::ActiveRecord::VERSION::STRING >= "4.1"
+              define_method("#{attr}_changed?") do |options = {}|
+                attribute_changed?(attr, options)
+              end
+            else
+              define_method("#{attr}_changed?") do
+                  attribute_changed?(attr)
               end
             end
 
-            define_method("#{attr}_was") do
-              iv_and_salt = { iv: send("#{options[:attribute]}_iv_was"), salt: send("#{options[:attribute]}_salt_was"), operation: :decrypting }
-              encrypted_attributes[attr].merge!(iv_and_salt)
-              evaluated_options = evaluated_attr_encrypted_options_for(attr)
-              [:iv, :salt, :operation].each { |key| encrypted_attributes[attr].delete(key) }
-              self.class.decrypt(attr, send("#{options[:attribute]}_was"), evaluated_options)
+            define_method("#{attr}_change") do
+              attribute_change(attr)
+            end
+
+            define_method("#{attr}_with_dirtiness=") do |value|
+              attribute_will_change!(attr) if value != __send__(attr)
+              __send__("#{attr}_without_dirtiness=", value)
             end
 
+            alias_method "#{attr}_without_dirtiness=", "#{attr}="
+            alias_method "#{attr}=", "#{attr}_with_dirtiness="
+
             alias_method "#{attr}_before_type_cast", attr
           end
 

data/lib/attr_encrypted/version.rb

@@ -3,7 +3,7 @@ module AttrEncrypted
   module Version
     MAJOR = 3
     MINOR = 0
-    PATCH = 0
+    PATCH = 3
 
     # Returns a version string by joining <tt>MAJOR</tt>, <tt>MINOR</tt>, and <tt>PATCH</tt> with <tt>'.'</tt>
     #

data/test/active_record_test.rb

@@ -3,40 +3,39 @@ require_relative 'test_helper'
 ActiveRecord::Base.establish_connection(adapter: 'sqlite3', database: ':memory:')
 
 def create_tables
-  silence_stream(STDOUT) do
-    ActiveRecord::Schema.define(version: 1) do
-      create_table :people do |t|
-        t.string   :encrypted_email
-        t.string   :password
-        t.string   :encrypted_credentials
-        t.binary   :salt
-        t.binary   :key_iv
-        t.string   :encrypted_email_salt
-        t.string   :encrypted_credentials_salt
-        t.string   :encrypted_email_iv
-        t.string   :encrypted_credentials_iv
-      end
-      create_table :accounts do |t|
-        t.string :encrypted_password
-        t.string :encrypted_password_iv
-        t.string :encrypted_password_salt
-      end
-      create_table :users do |t|
-        t.string :login
-        t.string :encrypted_password
-        t.string :encrypted_password_iv
-        t.boolean :is_admin
-      end
-      create_table :prime_ministers do |t|
-        t.string :encrypted_name
-        t.string :encrypted_name_iv
-      end
-      create_table :addresses do |t|
-        t.binary :encrypted_street
-        t.binary :encrypted_street_iv
-        t.binary :encrypted_zipcode
-        t.string :mode
-      end
+  ActiveRecord::Schema.define(version: 1) do
+    create_table :people do |t|
+      t.string   :encrypted_email
+      t.string   :password
+      t.string   :encrypted_credentials
+      t.binary   :salt
+      t.binary   :key_iv
+      t.string   :encrypted_email_salt
+      t.string   :encrypted_credentials_salt
+      t.string   :encrypted_email_iv
+      t.string   :encrypted_credentials_iv
+    end
+    create_table :accounts do |t|
+      t.string :encrypted_password
+      t.string :encrypted_password_iv
+      t.string :encrypted_password_salt
+      t.binary :key
+    end
+    create_table :users do |t|
+      t.string :login
+      t.string :encrypted_password
+      t.string :encrypted_password_iv
+      t.boolean :is_admin
+    end
+    create_table :prime_ministers do |t|
+      t.string :encrypted_name
+      t.string :encrypted_name_iv
+    end
+    create_table :addresses do |t|
+      t.binary :encrypted_street
+      t.binary :encrypted_street_iv
+      t.binary :encrypted_zipcode
+      t.string :mode
     end
   end
 end
@@ -82,8 +81,20 @@ class PersonWithProcMode < Person
 end
 
 class Account < ActiveRecord::Base
-  attr_accessor :key
-  attr_encrypted :password, key: Proc.new {|account| account.key}
+  ACCOUNT_ENCRYPTION_KEY = SecureRandom.base64(32)
+  attr_encrypted :password, key: :password_encryption_key
+
+  def encrypting?(attr)
+    encrypted_attributes[attr][:operation] == :encrypting
+  end
+
+  def password_encryption_key
+    if encrypting?(:password)
+      self.key = ACCOUNT_ENCRYPTION_KEY
+    else
+      self.key
+    end
+  end
 end
 
 class PersonWithSerialization < ActiveRecord::Base
@@ -119,7 +130,6 @@ class ActiveRecordTest < Minitest::Test
   def setup
     ActiveRecord::Base.connection.tables.each { |table| ActiveRecord::Base.connection.drop_table(table) }
     create_tables
-    Account.create!(key: SECRET_KEY, password: "password")
   end
 
   def test_should_encrypt_email
@@ -169,12 +179,6 @@ class ActiveRecordTest < Minitest::Test
     Account.new.attributes = { password: "password", key: SECRET_KEY }
   end
 
-  def test_should_preserve_hash_key_type
-    hash = { foo: 'bar' }
-    account = Account.create!(key: hash)
-    assert_equal account.key, hash
-  end
-
   def test_should_create_changed_predicate
     person = Person.create!(email: 'test@example.com')
     refute person.email_changed?
@@ -192,6 +196,29 @@ class ActiveRecordTest < Minitest::Test
     assert_equal original_email, person.email_was
     person.email = 'test2@example.com'
     assert_equal original_email, person.email_was
+    old_pm_name = "Winston Churchill"
+    pm = PrimeMinister.create!(name: old_pm_name)
+    assert_equal old_pm_name, pm.name_was
+    old_zipcode = "90210"
+    address = Address.create!(zipcode: old_zipcode, mode: "single_iv_and_salt")
+    assert_equal old_zipcode, address.zipcode_was
+  end
+
+  def test_attribute_was_works_when_options_for_old_encrypted_value_are_different_than_options_for_new_encrypted_value
+    pw = 'password'
+    crypto_key = SecureRandom.base64(32)
+    old_iv = SecureRandom.random_bytes(12)
+    account = Account.create
+    encrypted_value = Encryptor.encrypt(value: pw, iv: old_iv, key: crypto_key)
+    Account.where(id: account.id).update_all(key: crypto_key, encrypted_password_iv: [old_iv].pack('m'), encrypted_password: [encrypted_value].pack('m'))
+    account = Account.find(account.id)
+    assert_equal pw, account.password
+    account.password = pw.reverse
+    assert_equal pw, account.password_was
+    account.save
+    account.reload
+    assert_equal Account::ACCOUNT_ENCRYPTION_KEY, account.key
+    assert_equal pw.reverse, account.password
   end
 
   if ::ActiveRecord::VERSION::STRING > "4.0"

data/test/compatibility_test.rb

@@ -81,26 +81,24 @@ class CompatibilityTest < Minitest::Test
   private
 
   def create_tables
-    silence_stream(STDOUT) do
-      ActiveRecord::Schema.define(:version => 1) do
-        create_table :nonmarshalling_pets do |t|
-          t.string :name
-          t.string :encrypted_nickname
-          t.string :encrypted_nickname_iv
-          t.string :encrypted_nickname_salt
-          t.string :encrypted_birthdate
-          t.string :encrypted_birthdate_iv
-          t.string :encrypted_birthdate_salt
-        end
-        create_table :marshalling_pets do |t|
-          t.string :name
-          t.string :encrypted_nickname
-          t.string :encrypted_nickname_iv
-          t.string :encrypted_nickname_salt
-          t.string :encrypted_birthdate
-          t.string :encrypted_birthdate_iv
-          t.string :encrypted_birthdate_salt
-        end
+    ActiveRecord::Schema.define(:version => 1) do
+      create_table :nonmarshalling_pets do |t|
+        t.string :name
+        t.string :encrypted_nickname
+        t.string :encrypted_nickname_iv
+        t.string :encrypted_nickname_salt
+        t.string :encrypted_birthdate
+        t.string :encrypted_birthdate_iv
+        t.string :encrypted_birthdate_salt
+      end
+      create_table :marshalling_pets do |t|
+        t.string :name
+        t.string :encrypted_nickname
+        t.string :encrypted_nickname_iv
+        t.string :encrypted_nickname_salt
+        t.string :encrypted_birthdate
+        t.string :encrypted_birthdate_iv
+        t.string :encrypted_birthdate_salt
       end
     end
   end

data/test/legacy_active_record_test.rb

@@ -4,14 +4,12 @@ require_relative 'test_helper'
 ActiveRecord::Base.establish_connection :adapter => 'sqlite3', :database => ':memory:'
 
 def create_people_table
-  silence_stream(STDOUT) do
-    ActiveRecord::Schema.define(:version => 1) do
-      create_table :legacy_people do |t|
-        t.string   :encrypted_email
-        t.string   :password
-        t.string   :encrypted_credentials
-        t.string   :salt
-      end
+  ActiveRecord::Schema.define(:version => 1) do
+    create_table :legacy_people do |t|
+      t.string   :encrypted_email
+      t.string   :password
+      t.string   :encrypted_credentials
+      t.string   :salt
     end
   end
 end

data/test/legacy_compatibility_test.rb

@@ -73,20 +73,18 @@ class LegacyCompatibilityTest < Minitest::Test
   private
 
   def create_tables
-    silence_stream(STDOUT) do
-      ActiveRecord::Schema.define(:version => 1) do
-        create_table :legacy_nonmarshalling_pets do |t|
-          t.string :name
-          t.string :encrypted_nickname
-          t.string :encrypted_birthdate
-          t.string :salt
-        end
-        create_table :legacy_marshalling_pets do |t|
-          t.string :name
-          t.string :encrypted_nickname
-          t.string :encrypted_birthdate
-          t.string :salt
-        end
+    ActiveRecord::Schema.define(:version => 1) do
+      create_table :legacy_nonmarshalling_pets do |t|
+        t.string :name
+        t.string :encrypted_nickname
+        t.string :encrypted_birthdate
+        t.string :salt
+      end
+      create_table :legacy_marshalling_pets do |t|
+        t.string :name
+        t.string :encrypted_nickname
+        t.string :encrypted_birthdate
+        t.string :salt
       end
     end
   end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: attr_encrypted
 version: !ruby/object:Gem::Version
-  version: 3.0.0
+  version: 3.0.3
 platform: ruby
 authors:
 - Sean Huber
@@ -33,7 +33,7 @@ cert_chain:
   ZjeLmnSDiwL6doiP5IiwALH/dcHU67ck3NGf6XyqNwQrrmtPY0mv1WVVL4Uh+vYE
   kHoFzE2no0BfBg78Re8fY69P5yES5ncC
   -----END CERTIFICATE-----
-date: 2016-03-29 00:00:00.000000000 Z
+date: 2016-07-22 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: encryptor
@@ -222,6 +222,12 @@ files:
 - Rakefile
 - attr_encrypted.gemspec
 - certs/saghaulor.pem
+- checksum/attr_encrypted-3.0.0.gem.sha256
+- checksum/attr_encrypted-3.0.0.gem.sha512
+- checksum/attr_encrypted-3.0.1.gem.sha256
+- checksum/attr_encrypted-3.0.1.gem.sha512
+- checksum/attr_encrypted-3.0.2.gem.sha256
+- checksum/attr_encrypted-3.0.2.gem.sha512
 - lib/attr_encrypted.rb
 - lib/attr_encrypted/adapters/active_record.rb
 - lib/attr_encrypted/adapters/data_mapper.rb