RubyGems - attr_encrypted - Versions diffs - 3.0.1 → 3.0.3 - Mend

attr_encrypted 3.0.1 → 3.0.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (18) hide show

checksums.yaml +4 -4
checksums.yaml.gz.sig +0 -0
data/.travis.yml +8 -1
data/CHANGELOG.md +8 -0
data/README.md +1 -1
data/checksum/attr_encrypted-3.0.1.gem.sha256 +1 -0
data/checksum/attr_encrypted-3.0.1.gem.sha512 +1 -0
data/checksum/attr_encrypted-3.0.2.gem.sha256 +1 -0
data/checksum/attr_encrypted-3.0.2.gem.sha512 +1 -0
data/lib/attr_encrypted/adapters/active_record.rb +29 -18
data/lib/attr_encrypted/version.rb +1 -1
data/test/active_record_test.rb +64 -43
data/test/compatibility_test.rb +18 -20
data/test/legacy_active_record_test.rb +6 -8
data/test/legacy_compatibility_test.rb +12 -14
data.tar.gz.sig +0 -0
metadata +6 -2
metadata.gz.sig +0 -0

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: ac79c02884af5b1ee935a1f50d238f17d72346ff
-  data.tar.gz: cfdf773acde0d0b7c752f972064237395ba57071
+  metadata.gz: 5c1a2bcf5e2b7fc8937e96cb0fcd99926bd98d1e
+  data.tar.gz: 40112aef07bda5ba8145b2fb634a9bdbfea34d7a
 SHA512:
-  metadata.gz: 42303b9fe3e46f0ce59c52a6cdcbaf73a3f8b6457f30ab7cbc62c765e9decb2c6b6559fc36135ff81867f5497c7952a1f84d14b1ef70020226dac12bc0f4d68e
-  data.tar.gz: 183ebc248cb0af6a621aa7edd471532634437a6367cc503810cd9409a94a04b60d6c7a186945bb533a3bf16f1e88c39f0e01c3da5e8afd00f95e5ea961b346d1
+  metadata.gz: cbb4fb1d4fa7e22f791139ab1b9a96324cbb8e07f7e8472561a3dd0ce1fcb0a7c048c0ba413b5bccb876dade09f9528ccc7d23caa4378de3da8ef2c540ba76ad
+  data.tar.gz: ef6b487235f2f92ccdf73de3c806b3b3f9161c2ebcd78b2102e1975edc3150cda28a7b458136a051100e939a271b2e92ca690cd38360ec5c43c9c33db22dc1f4

checksums.yaml.gz.sig CHANGED Viewed

Binary file

data/.travis.yml CHANGED Viewed

@@ -4,7 +4,7 @@ cache: bundler
 rvm:
   - 2.0
   - 2.1
-  - 2.2
+  - 2.2.2
   - 2.3.0
   - rbx
 env:
@@ -14,8 +14,15 @@ env:
   - ACTIVERECORD=4.0.0
   - ACTIVERECORD=4.1.0
   - ACTIVERECORD=4.2.0
+  - ACTIVERECORD=5.0.0
 matrix:
   exclude:
+    - rvm: 2.0
+      env: ACTIVERECORD=5.0.0
+    - rvm: 2.1
+      env: ACTIVERECORD=5.0.0
+    - rvm: rbx
+      env: ACTIVERECORD=5.0.0
   allow_failures:
     - rvm: rbx
   fast_finish: true

data/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,13 @@
 # attr_encrypted #
+## 3.0.3 ##
+* Fixed: attr_was would decrypt the attribute upon every call. This is inefficient and introduces problems when the options change between decrypting an old value and encrypting a new value; for example, when rotating the encryption key. As such, the new approach caches the decrypted value of the old encrypted value such that the old options are no longer needed. (@johnny-lai) (@saghaulor)
+## 3.0.2 ##
+* Changed: Removed alias_method_chain for compatibility with Rails v5.x (@grosser)
+* Changed: Updated Travis build matrix to include Rails 5. (@saghaulor) (@connorshea)
+* Changed: Removed `.silence_stream` from tests as it has been removed from Rails 5. (@sblackstone)
 ## 3.0.1 ##
 * Fixed: attr_was method no longer calls undefined methods. (@saghaulor)

data/README.md CHANGED Viewed

@@ -403,7 +403,7 @@ It is recommended that you implement a strategy to insure that you do not mix th
     attr_encrypted :ssn, key: :encryption_key, v2_gcm_iv: :is_decrypting?(:ssn)
     def is_decrypting?(attribute)
-      encrypted_atributes[attribute][operation] == :decrypting
+      encrypted_attributes[attribute][:operation] == :decrypting
     end
   end

data/checksum/attr_encrypted-3.0.1.gem.sha256 ADDED Viewed

	@@ -0,0 +1 @@
1	+ 33140af4b223177db7a19efb2fa38472a299a745b29ca1c5ba9d3fa947390b77

data/checksum/attr_encrypted-3.0.1.gem.sha512 ADDED Viewed

	@@ -0,0 +1 @@
1	+ 0c467cab98b9b2eb331f9818323a90ae01392d6cb03cf1f32faccc954d0fc54be65f0fc7bf751b0fce57925eef1c9e2af90181bc40d81ad93e21d15a001c53c6

data/checksum/attr_encrypted-3.0.2.gem.sha256 ADDED Viewed

	@@ -0,0 +1 @@
1	+ c1256b459336d4a2012a0d0c70ce5cd3dac46acb5e78da6f77f6f104cb1e8b7b

data/checksum/attr_encrypted-3.0.2.gem.sha512 ADDED Viewed

	@@ -0,0 +1 @@
1	+ dca0c8a729974c0e26fde4cd4216c7d0f66d9eca9f6cf0ccca64999f5180a00bf7c05b630c1d420ec1673141a2923946e8bd28b12e711faf64a4cd42c7a3ac9e

data/lib/attr_encrypted/adapters/active_record.rb CHANGED Viewed

@@ -6,19 +6,20 @@ if defined?(ActiveRecord::Base)
           base.class_eval do
             # https://github.com/attr-encrypted/attr_encrypted/issues/68
-            def reload_with_attr_encrypted(*args, &block)
+            alias_method :reload_without_attr_encrypted, :reload
+            def reload(*args, &block)
               result = reload_without_attr_encrypted(*args, &block)
               self.class.encrypted_attributes.keys.each do |attribute_name|
                 instance_variable_set("@#{attribute_name}", nil)
               end
               result
             end
-            alias_method_chain :reload, :attr_encrypted
             attr_encrypted_options[:encode] = true
             class << self
-              alias_method_chain :method_missing, :attr_encrypted
+              alias_method :method_missing_without_attr_encrypted, :method_missing
+              alias_method :method_missing, :method_missing_with_attr_encrypted
             end
             def perform_attribute_assignment(method, new_attributes, *args)
@@ -30,16 +31,16 @@ if defined?(ActiveRecord::Base)
             private :perform_attribute_assignment
             if ::ActiveRecord::VERSION::STRING > "3.1"
-              def assign_attributes_with_attr_encrypted(*args)
+              alias_method :assign_attributes_without_attr_encrypted, :assign_attributes
+              def assign_attributes(*args)
                 perform_attribute_assignment :assign_attributes_without_attr_encrypted, *args
               end
-              alias_method_chain :assign_attributes, :attr_encrypted
             end
-            def attributes_with_attr_encrypted=(*args)
+            alias_method :attributes_without_attr_encrypted=, :attributes=
+            def attributes=(*args)
               perform_attribute_assignment :attributes_without_attr_encrypted=, *args
             end
-            alias_method_chain :attributes=, :attr_encrypted
           end
         end
@@ -52,22 +53,32 @@ if defined?(ActiveRecord::Base)
             attr = attrs.pop
             options.merge! encrypted_attributes[attr]
-            define_method("#{attr}_changed?") do
-              if send("#{options[:attribute]}_changed?")
-                send(attr) != send("#{attr}_was")
+            define_method("#{attr}_was") do
+              attribute_was(attr)
+            end
+            if ::ActiveRecord::VERSION::STRING >= "4.1"
+              define_method("#{attr}_changed?") do |options = {}|
+                attribute_changed?(attr, options)
+              end
+            else
+              define_method("#{attr}_changed?") do
+                  attribute_changed?(attr)
               end
             end
-            define_method("#{attr}_was") do
-              attr_was_options = { operation: :decrypting }
-              attr_was_options[:iv]= send("#{options[:attribute]}_iv_was") if respond_to?("#{options[:attribute]}_iv_was")
-              attr_was_options[:salt]= send("#{options[:attribute]}_salt_was") if respond_to?("#{options[:attribute]}_salt_was")
-              encrypted_attributes[attr].merge!(attr_was_options)
-              evaluated_options = evaluated_attr_encrypted_options_for(attr)
-              [:iv, :salt, :operation].each { |key| encrypted_attributes[attr].delete(key) }
-              self.class.decrypt(attr, send("#{options[:attribute]}_was"), evaluated_options)
+            define_method("#{attr}_change") do
+              attribute_change(attr)
+            end
+            define_method("#{attr}_with_dirtiness=") do |value|
+              attribute_will_change!(attr) if value != __send__(attr)
+              __send__("#{attr}_without_dirtiness=", value)
             end
+            alias_method "#{attr}_without_dirtiness=", "#{attr}="
+            alias_method "#{attr}=", "#{attr}_with_dirtiness="
             alias_method "#{attr}_before_type_cast", attr
           end

data/lib/attr_encrypted/version.rb CHANGED Viewed

@@ -3,7 +3,7 @@ module AttrEncrypted
   module Version
     MAJOR = 3
     MINOR = 0
-    PATCH = 1
+    PATCH = 3
     # Returns a version string by joining <tt>MAJOR</tt>, <tt>MINOR</tt>, and <tt>PATCH</tt> with <tt>'.'</tt>
     #

data/test/active_record_test.rb CHANGED Viewed

@@ -3,40 +3,39 @@ require_relative 'test_helper'
 ActiveRecord::Base.establish_connection(adapter: 'sqlite3', database: ':memory:')
 def create_tables
-  silence_stream(STDOUT) do
-    ActiveRecord::Schema.define(version: 1) do
-      create_table :people do |t|
-        t.string   :encrypted_email
-        t.string   :password
-        t.string   :encrypted_credentials
-        t.binary   :salt
-        t.binary   :key_iv
-        t.string   :encrypted_email_salt
-        t.string   :encrypted_credentials_salt
-        t.string   :encrypted_email_iv
-        t.string   :encrypted_credentials_iv
-      end
-      create_table :accounts do |t|
-        t.string :encrypted_password
-        t.string :encrypted_password_iv
-        t.string :encrypted_password_salt
-      end
-      create_table :users do |t|
-        t.string :login
-        t.string :encrypted_password
-        t.string :encrypted_password_iv
-        t.boolean :is_admin
-      end
-      create_table :prime_ministers do |t|
-        t.string :encrypted_name
-        t.string :encrypted_name_iv
-      end
-      create_table :addresses do |t|
-        t.binary :encrypted_street
-        t.binary :encrypted_street_iv
-        t.binary :encrypted_zipcode
-        t.string :mode
-      end
+  ActiveRecord::Schema.define(version: 1) do
+    create_table :people do |t|
+      t.string   :encrypted_email
+      t.string   :password
+      t.string   :encrypted_credentials
+      t.binary   :salt
+      t.binary   :key_iv
+      t.string   :encrypted_email_salt
+      t.string   :encrypted_credentials_salt
+      t.string   :encrypted_email_iv
+      t.string   :encrypted_credentials_iv
+    end
+    create_table :accounts do |t|
+      t.string :encrypted_password
+      t.string :encrypted_password_iv
+      t.string :encrypted_password_salt
+      t.binary :key
+    end
+    create_table :users do |t|
+      t.string :login
+      t.string :encrypted_password
+      t.string :encrypted_password_iv
+      t.boolean :is_admin
+    end
+    create_table :prime_ministers do |t|
+      t.string :encrypted_name
+      t.string :encrypted_name_iv
+    end
+    create_table :addresses do |t|
+      t.binary :encrypted_street
+      t.binary :encrypted_street_iv
+      t.binary :encrypted_zipcode
+      t.string :mode
     end
   end
 end
@@ -82,8 +81,20 @@ class PersonWithProcMode < Person
 end
 class Account < ActiveRecord::Base
-  attr_accessor :key
-  attr_encrypted :password, key: Proc.new {|account| account.key}
+  ACCOUNT_ENCRYPTION_KEY = SecureRandom.base64(32)
+  attr_encrypted :password, key: :password_encryption_key
+  def encrypting?(attr)
+    encrypted_attributes[attr][:operation] == :encrypting
+  end
+  def password_encryption_key
+    if encrypting?(:password)
+      self.key = ACCOUNT_ENCRYPTION_KEY
+    else
+      self.key
+    end
+  end
 end
 class PersonWithSerialization < ActiveRecord::Base
@@ -119,7 +130,6 @@ class ActiveRecordTest < Minitest::Test
   def setup
     ActiveRecord::Base.connection.tables.each { |table| ActiveRecord::Base.connection.drop_table(table) }
     create_tables
-    Account.create!(key: SECRET_KEY, password: "password")
   end
   def test_should_encrypt_email
@@ -169,12 +179,6 @@ class ActiveRecordTest < Minitest::Test
     Account.new.attributes = { password: "password", key: SECRET_KEY }
   end
-  def test_should_preserve_hash_key_type
-    hash = { foo: 'bar' }
-    account = Account.create!(key: hash)
-    assert_equal account.key, hash
-  end
   def test_should_create_changed_predicate
     person = Person.create!(email: 'test@example.com')
     refute person.email_changed?
@@ -200,6 +204,23 @@ class ActiveRecordTest < Minitest::Test
     assert_equal old_zipcode, address.zipcode_was
   end
+  def test_attribute_was_works_when_options_for_old_encrypted_value_are_different_than_options_for_new_encrypted_value
+    pw = 'password'
+    crypto_key = SecureRandom.base64(32)
+    old_iv = SecureRandom.random_bytes(12)
+    account = Account.create
+    encrypted_value = Encryptor.encrypt(value: pw, iv: old_iv, key: crypto_key)
+    Account.where(id: account.id).update_all(key: crypto_key, encrypted_password_iv: [old_iv].pack('m'), encrypted_password: [encrypted_value].pack('m'))
+    account = Account.find(account.id)
+    assert_equal pw, account.password
+    account.password = pw.reverse
+    assert_equal pw, account.password_was
+    account.save
+    account.reload
+    assert_equal Account::ACCOUNT_ENCRYPTION_KEY, account.key
+    assert_equal pw.reverse, account.password
+  end
   if ::ActiveRecord::VERSION::STRING > "4.0"
     def test_should_assign_attributes
       @user = UserWithProtectedAttribute.new(login: 'login', is_admin: false)

data/test/compatibility_test.rb CHANGED Viewed

@@ -81,26 +81,24 @@ class CompatibilityTest < Minitest::Test
   private
   def create_tables
-    silence_stream(STDOUT) do
-      ActiveRecord::Schema.define(:version => 1) do
-        create_table :nonmarshalling_pets do |t|
-          t.string :name
-          t.string :encrypted_nickname
-          t.string :encrypted_nickname_iv
-          t.string :encrypted_nickname_salt
-          t.string :encrypted_birthdate
-          t.string :encrypted_birthdate_iv
-          t.string :encrypted_birthdate_salt
-        end
-        create_table :marshalling_pets do |t|
-          t.string :name
-          t.string :encrypted_nickname
-          t.string :encrypted_nickname_iv
-          t.string :encrypted_nickname_salt
-          t.string :encrypted_birthdate
-          t.string :encrypted_birthdate_iv
-          t.string :encrypted_birthdate_salt
-        end
+    ActiveRecord::Schema.define(:version => 1) do
+      create_table :nonmarshalling_pets do |t|
+        t.string :name
+        t.string :encrypted_nickname
+        t.string :encrypted_nickname_iv
+        t.string :encrypted_nickname_salt
+        t.string :encrypted_birthdate
+        t.string :encrypted_birthdate_iv
+        t.string :encrypted_birthdate_salt
+      end
+      create_table :marshalling_pets do |t|
+        t.string :name
+        t.string :encrypted_nickname
+        t.string :encrypted_nickname_iv
+        t.string :encrypted_nickname_salt
+        t.string :encrypted_birthdate
+        t.string :encrypted_birthdate_iv
+        t.string :encrypted_birthdate_salt
       end
     end
   end

data/test/legacy_active_record_test.rb CHANGED Viewed

@@ -4,14 +4,12 @@ require_relative 'test_helper'
 ActiveRecord::Base.establish_connection :adapter => 'sqlite3', :database => ':memory:'
 def create_people_table
-  silence_stream(STDOUT) do
-    ActiveRecord::Schema.define(:version => 1) do
-      create_table :legacy_people do |t|
-        t.string   :encrypted_email
-        t.string   :password
-        t.string   :encrypted_credentials
-        t.string   :salt
-      end
+  ActiveRecord::Schema.define(:version => 1) do
+    create_table :legacy_people do |t|
+      t.string   :encrypted_email
+      t.string   :password
+      t.string   :encrypted_credentials
+      t.string   :salt
     end
   end
 end

data/test/legacy_compatibility_test.rb CHANGED Viewed

@@ -73,20 +73,18 @@ class LegacyCompatibilityTest < Minitest::Test
   private
   def create_tables
-    silence_stream(STDOUT) do
-      ActiveRecord::Schema.define(:version => 1) do
-        create_table :legacy_nonmarshalling_pets do |t|
-          t.string :name
-          t.string :encrypted_nickname
-          t.string :encrypted_birthdate
-          t.string :salt
-        end
-        create_table :legacy_marshalling_pets do |t|
-          t.string :name
-          t.string :encrypted_nickname
-          t.string :encrypted_birthdate
-          t.string :salt
-        end
+    ActiveRecord::Schema.define(:version => 1) do
+      create_table :legacy_nonmarshalling_pets do |t|
+        t.string :name
+        t.string :encrypted_nickname
+        t.string :encrypted_birthdate
+        t.string :salt
+      end
+      create_table :legacy_marshalling_pets do |t|
+        t.string :name
+        t.string :encrypted_nickname
+        t.string :encrypted_birthdate
+        t.string :salt
       end
     end
   end

data.tar.gz.sig CHANGED Viewed

Binary file

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: attr_encrypted
 version: !ruby/object:Gem::Version
-  version: 3.0.1
+  version: 3.0.3
 platform: ruby
 authors:
 - Sean Huber
@@ -33,7 +33,7 @@ cert_chain:
   ZjeLmnSDiwL6doiP5IiwALH/dcHU67ck3NGf6XyqNwQrrmtPY0mv1WVVL4Uh+vYE
   kHoFzE2no0BfBg78Re8fY69P5yES5ncC
   -----END CERTIFICATE-----
-date: 2016-04-02 00:00:00.000000000 Z
+date: 2016-07-22 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: encryptor
@@ -224,6 +224,10 @@ files:
 - certs/saghaulor.pem
 - checksum/attr_encrypted-3.0.0.gem.sha256
 - checksum/attr_encrypted-3.0.0.gem.sha512
+- checksum/attr_encrypted-3.0.1.gem.sha256
+- checksum/attr_encrypted-3.0.1.gem.sha512
+- checksum/attr_encrypted-3.0.2.gem.sha256
+- checksum/attr_encrypted-3.0.2.gem.sha512
 - lib/attr_encrypted.rb
 - lib/attr_encrypted/adapters/active_record.rb
 - lib/attr_encrypted/adapters/data_mapper.rb

metadata.gz.sig CHANGED Viewed

Binary file