attr_encrypted 1.0.8

data/CHANGELOG

@@ -0,0 +1,45 @@
+2009-05-20 - Sean Huber (shuber@huberry.com)
+  * Update ActiveRecord tests
+
+2009-01-18 - Sean Huber (shuber@huberry.com)
+  * Don't attempt to encrypt/decrypt empty strings
+
+2009-01-14 - Sean Huber (shuber@huberry.com)
+  * Move Class logic into Object
+
+2009-01-13 - Sean Huber (shuber@huberry.com)
+  * :marshal no longer defaults to true in ORM adapters
+  * Load gem dependencies
+
+2009-01-12 - Sean Huber (shuber@huberry.com)
+  * Remove read_attribute and write_attribute methods - unnecessary
+  * ActiveRecord and DataMapper extensions are now "adapters"
+  * Check for existing reader and writer methods separately before creating default ones for encrypted attributes
+  * Typo: should send(encrypted_attribute_name.to_sym) instead of send(encrypted_attribute_name.to_s)
+  * Add Sequel adapter
+  * Update DataMapper tests
+  * Update README
+  * Set attr_encrypted_options instead of overwriting the attr_encrypted method in adapters
+
+2009-01-11 - Sean Huber (shuber@huberry.com)
+  * Update README
+
+2009-01-10 - Sean Huber (shuber@huberry.com)
+  * Update README
+
+2009-01-08 - Sean Huber (shuber@huberry.com)
+  * Update comments and documentation
+  * Update README
+  * Add gemspec
+  * Add support for data mapper
+  * Attribute methods are now defined before calling attr_encrypted when using active record
+  * Add ability to specify your own encoding directives
+  * Update logic that evaluates symbol and proc options
+  * Add support for :if and :unless options
+  * Add AttrEncrypted namespace
+
+2009-01-07 - Sean Huber (shuber@huberry.com)
+  * Initial commit
+  * Add comments/documentation to the active record related logic
+  * Add more attr_encrypted tests
+  * Update tests and comments

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright (c) 2008 Sean Huber - shuber@huberry.com
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.markdown

@@ -0,0 +1,300 @@
+attr\_encrypted
+===============
+
+Generates attr\_accessors that encrypt and decrypt attributes transparently
+
+It works with ANY class, however, you get a few extra features when you're using it with ActiveRecord, DataMapper, or Sequel
+
+
+Installation
+------------
+
+	gem install shuber-attr_encrypted --source http://gems.github.com
+
+
+Usage
+-----
+
+### Basic ###
+
+Encrypting attributes has never been easier:
+
+	class User
+	  attr_accessor :name
+	  attr_encrypted :ssn, :key => 'a secret key'
+	
+	  def load
+	    # loads the stored data
+	  end
+	
+	  def save
+	    # saves the :name and :encrypted_ssn attributes somewhere (e.g. filesystem, database, etc)
+	  end
+	end
+	
+	@user = User.new
+	@user.ssn = '123-45-6789'
+	@user.encrypted_ssn # returns the encrypted version of :ssn
+	@user.save
+	
+	@user = User.load
+	@user.ssn # decrypts :encrypted_ssn and returns '123-45-6789'
+
+
+### Specifying the encrypted attribute name ###
+
+By default, the encrypted attribute name is `encrypted_#{attribute}` (e.g. `attr_encrypted :email` would create an attribute named `encrypted_email`).
+You have a couple of options if you want to name your attribute something else.
+
+#### The `:attribute` option ####
+
+You can simply pass the name of the encrypted attribute as the `:attribute` option:
+
+	class User
+	  attr_encrypted :email, :key => 'a secret key', :attribute => 'email_encrypted'
+	end
+
+This would generate an attribute named `email_encrypted`
+
+
+#### The `:prefix` and `:suffix` options ####
+
+If you're planning on encrypting a few different attributes and you don't like the `encrypted_#{attribute}` naming convention then you can specify your own:
+
+	class User
+	  attr_encrypted :email, :credit_card, :ssn, :key => 'a secret key', :prefix => 'secret_', :suffix => '_crypted'
+	end
+
+This would generate the following attributes: `secret_email_crypted`, `secret_credit_card_crypted`, and `secret_ssn_crypted`.
+
+
+### Encryption keys ###
+
+Although a `:key` option may not be required (see custom encryptor below), it has a few special features
+
+#### Unique keys for each attribute ####
+
+You can specify unique keys for each attribute if you'd like:
+
+	class User
+	  attr_encrypted :email, :key => 'a secret key'
+	  attr_encrypted :ssn, :key => 'a different secret key'
+	end
+
+
+#### Symbols representing instance methods as keys ####
+
+If your class has an instance method that determines the encryption key to use, simply pass a symbol representing it like so:
+
+	class User
+	  attr_encrypted :email, :key => :encryption_key
+	
+	  def encryption_key
+	    # does some fancy logic and returns an encryption key
+	  end
+	end
+
+
+#### Procs as keys ####
+
+You can pass a proc/lambda object as the `:key` option as well:
+
+	class User
+	  attr_encrypted :email, :key => proc { |user| ... }
+	end
+
+
+### Conditional encrypting ###
+
+There may be times that you want to only encrypt when certain conditions are met. For example maybe you're using rails and you don't want to encrypt 
+attributes when you're in development mode. You can specify conditions like this:
+
+	class User < ActiveRecord::Base
+	  attr_encrypted :email, :key => 'a secret key', :unless => Rails.env.development?
+	end
+
+You can specify both `:if` and `:unless` options. If you pass a symbol representing an instance method then the result of the method will be evaluated. 
+Any objects that respond to `:call` are evaluated as well.
+
+
+### Custom encryptor ###
+
+The [Huberry::Encryptor](http://github.com/shuber/encryptor) class is used by default. You may use your own custom encryptor by specifying
+the `:encryptor`, `:encrypt_method`, and `:decrypt_method` options
+
+Lets suppose you'd like to use this custom encryptor class:
+
+	class SillyEncryptor
+	  def self.silly_encrypt(options)
+	    (options[:value] + options[:secret_key]).reverse
+	  end
+	
+	  def self.silly_decrypt(options)
+	    options[:value].reverse.gsub(/#{options[:secret_key]}$/, '')
+	  end
+	end
+
+Simply set up your class like so:
+
+	class User
+	  attr_encrypted :email, :secret_key => 'a secret key', :encryptor => SillyEncryptor, :encrypt_method => :silly_encrypt, :decrypt_method => :silly_decrypt
+	end
+
+Any options that you pass to `attr_encrypted` will be passed to the encryptor along with the `:value` option which contains the string to encrypt/decrypt.
+Notice it uses `:secret_key` instead of `:key`.
+
+
+### Custom algorithms ###
+
+The default [Huberry::Encryptor](http://github.com/shuber/encryptor) uses the standard ruby OpenSSL library. It's default algorithm is `aes-256-cbc`. You can
+modify this by passing the `:algorithm` option to the `attr_encrypted` call like so:
+
+	class User
+	  attr_encrypted :email, :key => 'a secret key', :algorithm => 'bf'
+	end
+
+Run `openssl list-cipher-commands` to view a list of algorithms supported on your platform. See [http://github.com/shuber/encryptor](http://github.com/shuber/encryptor) for more information.
+
+	aes-128-cbc
+	aes-128-ecb
+	aes-192-cbc
+	aes-192-ecb
+	aes-256-cbc
+	aes-256-ecb
+	base64
+	bf
+	bf-cbc
+	bf-cfb
+	bf-ecb
+	bf-ofb
+	cast
+	cast-cbc
+	cast5-cbc
+	cast5-cfb
+	cast5-ecb
+	cast5-ofb
+	des
+	des-cbc
+	des-cfb
+	des-ecb
+	des-ede
+	des-ede-cbc
+	des-ede-cfb
+	des-ede-ofb
+	des-ede3
+	des-ede3-cbc
+	des-ede3-cfb
+	des-ede3-ofb
+	des-ofb
+	des3
+	desx
+	idea
+	idea-cbc
+	idea-cfb
+	idea-ecb
+	idea-ofb
+	rc2
+	rc2-40-cbc
+	rc2-64-cbc
+	rc2-cbc
+	rc2-cfb
+	rc2-ecb
+	rc2-ofb
+	rc4
+	rc4-40
+
+
+### Default options ###
+
+Let's imagine that you have a few attributes that you want to encrypt with different keys, but you don't like the `encrypted_#{attribute}` naming convention.
+Instead of having to define your class like this:
+
+	class User
+	  attr_encrypted :email, :key => 'a secret key', :prefix => '', :suffix => '_crypted'
+	  attr_encrypted :ssn, :key => 'a different secret key', :prefix => '', :suffix => '_crypted'
+	  attr_encrypted :credit_card, :key => 'another secret key', :prefix => '', :suffix => '_crypted'
+	end
+
+You can simply define some default options like so:
+
+	class User
+	  attr_encrypted_options.merge!(:prefix => '', :suffix => '_crypted')
+	  attr_encrypted :email, :key => 'a secret key'
+	  attr_encrypted :ssn, :key => 'a different secret key'
+	  attr_encrypted :credit_card, :key => 'another secret key'
+	end
+
+This should help keep your classes clean and DRY.
+
+
+### Encoding ###
+
+You're probably going to be storing your encrypted attributes somehow (e.g. filesystem, database, etc) and may run into some issues trying to store a weird
+encrypted string. I've had this problem myself using MySQL. You can simply pass the `:encode` option to automatically encode/decode when encrypting/decrypting.
+
+	class User
+	  attr_encrypted :email, :key => 'some secret key', :encode => true
+	end
+
+The default encoding is `m*` (base64). You can change this by setting `:encode => 'some encoding'`. See  [Array#pack](http://www.ruby-doc.org/core/classes/Array.html#M002245) for more encoding options.
+
+
+### Marshaling ###
+
+You may want to encrypt objects other than strings (e.g. hashes, arrays, etc). If this is the case, simply pass the `:marshal` option to automatically marshal
+when encrypting/decrypting.
+
+	class User
+	  attr_encrypted :credentials, :key => 'some secret key', :marshal => true
+	end
+
+
+### Encrypt/decrypt attribute methods ###
+
+If you use the same key to encrypt every record (per attribute) like this:
+
+	class User
+	  attr_encrypted :email, :key => 'a secret key'
+	end
+
+Then you'll have these two class methods available for each attribute: `User.encrypt_email(email_to_encrypt)` and `User.decrypt_email(email_to_decrypt)`. This can
+be useful when you're using ActiveRecord (see below).
+
+
+### ActiveRecord ###
+
+If you're using this gem with ActiveRecord, you get a few extra features:
+
+#### Default options ####
+
+For your convenience, the `:encode` option is set to true by default since you'll be storing everything in a database.
+
+
+#### Dynamic find\_by\_ and scoped\_by\_ methods ####
+
+Let's say you'd like to encrypt your user's email addresses, but you also need a way for them to login. Simply set up your class like so:
+
+	class User < ActiveRecord::Base
+	  attr_encrypted :email, :key => 'a secret key'
+	  attr_encrypted :password, :key => 'some other secret key'
+	end
+
+You can now lookup and login users like so:
+
+	User.find_by_email_and_password('test@example.com', 'testing')
+
+The call to `find_by_email_and_password` is intercepted and modified to `find_by_encrypted_email_and_encrypted_password('ENCRYPTED EMAIL', 'ENCRYPTED PASSWORD')`.
+The dynamic scope methods like `scoped_by_email_and_password` work the same way.
+
+NOTE: This only works if all records are encrypted with the same encryption key (per attribute).
+
+
+### DataMapper and Sequel ###
+
+Just like the default options for ActiveRecord, the `:encode` option is set to true by default since you'll be storing everything in a database.
+
+
+Contact
+-------
+
+Problems, comments, and suggestions all welcome: [shuber@huberry.com](mailto:shuber@huberry.com)

data/Rakefile

@@ -0,0 +1,22 @@
+require 'rake'
+require 'rake/testtask'
+require 'rake/rdoctask'
+
+desc 'Default: run unit tests.'
+task :default => :test
+
+desc 'Test the attr_encrypted gem.'
+Rake::TestTask.new(:test) do |t|
+  t.libs << 'lib'
+  t.pattern = 'test/**/*_test.rb'
+  t.verbose = true
+end
+
+desc 'Generate documentation for the attr_encrypted gem.'
+Rake::RDocTask.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title    = 'attr_encrypted'
+  rdoc.options << '--line-numbers' << '--inline-source'
+  rdoc.rdoc_files.include('README.markdown')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end

data/lib/attr_encrypted.rb

@@ -0,0 +1,226 @@
+gem 'eigenclass', '>= 1.0.1'
+require 'eigenclass'
+
+gem 'encryptor'
+require 'encryptor'
+
+module Huberry
+  module AttrEncrypted
+    def self.extended(base)
+      base.attr_encrypted_options = {}
+      base.instance_variable_set('@encrypted_attributes', {})
+    end
+    
+    # Default options to use with calls to <tt>attr_encrypted</tt>.
+    #
+    # It will inherit existing options from its parent class
+    def attr_encrypted_options
+      @attr_encrypted_options ||= superclass.attr_encrypted_options.nil? ? {} : superclass.attr_encrypted_options.dup
+    end
+    
+    # Sets default options to use with calls to <tt>attr_encrypted</tt>.
+    def attr_encrypted_options=(options)
+      @attr_encrypted_options = options
+    end
+    
+    # Contains a hash of encrypted attributes with virtual attribute names as keys and real attribute 
+    # names as values
+    #
+    # Example
+    #
+    #   class User
+    #     attr_encrypted :email
+    #   end
+    #
+    #   User.encrypted_attributes # { 'email' => 'encrypted_email' }
+    def encrypted_attributes
+      @encrypted_attributes ||= superclass.encrypted_attributes.nil? ? {} : superclass.encrypted_attributes.dup
+    end
+    
+    # Checks if an attribute has been configured to be encrypted
+    #
+    # Example
+    #
+    #   class User
+    #     attr_accessor :name
+    #     attr_encrypted :email
+    #   end
+    #
+    #   User.attr_encrypted?(:name) # false
+    #   User.attr_encrypted?(:email) # true
+    def attr_encrypted?(attribute)
+      encrypted_attributes.keys.include?(attribute.to_s)
+    end
+    
+    protected
+    
+      # Generates attr_accessors that encrypt and decrypt attributes transparently
+      #
+      # Options (any other options you specify are passed to the encryptor's encrypt and decrypt methods)
+      #
+      #   :attribute      => The name of the referenced encrypted attribute. For example 
+      #                      <tt>attr_accessor :email, :attribute => :ee</tt> would generate an 
+      #                      attribute named 'ee' to store the encrypted email. This is useful when defining
+      #                      one attribute to encrypt at a time or when the :prefix and :suffix options
+      #                      aren't enough. Defaults to nil.
+      #
+      #   :prefix         => A prefix used to generate the name of the referenced encrypted attributes.
+      #                      For example <tt>attr_accessor :email, :password, :prefix => 'crypted_'</tt> would 
+      #                      generate attributes named 'crypted_email' and 'crypted_password' to store the 
+      #                      encrypted email and password. Defaults to 'encrypted_'.
+      #
+      #   :suffix         => A suffix used to generate the name of the referenced encrypted attributes.
+      #                      For example <tt>attr_accessor :email, :password, :prefix => '', :suffix => '_encrypted'</tt>  
+      #                      would generate attributes named 'email_encrypted' and 'password_encrypted' to store the 
+      #                      encrypted email. Defaults to ''.
+      #
+      #   :key            => The encryption key. This option may not be required if you're using a custom encryptor. If you pass 
+      #                      a symbol representing an instance method then the :key option will be replaced with the result of the 
+      #                      method before being passed to the encryptor. Objects that respond to :call are evaluated as well (including procs). 
+      #                      Any other key types will be passed directly to the encryptor.
+      #
+      #   :encode         => If set to true, attributes will be encoded as well as encrypted. This is useful if you're
+      #                      planning on storing the encrypted attributes in a database. The default encoding is 'm*' (base64), 
+      #                      however this can be overwritten by setting the :encode option to some other encoding string instead of
+      #                      just 'true'. See http://www.ruby-doc.org/core/classes/Array.html#M002245 for more encoding directives. 
+      #                      Defaults to false unless you're using it with ActiveRecord or DataMapper.
+      #
+      #   :marshal        => If set to true, attributes will be marshaled as well as encrypted. This is useful if you're planning
+      #                      on encrypting something other than a string. Defaults to false unless you're using it with ActiveRecord 
+      #                      or DataMapper.
+      #
+      #   :encryptor      => The object to use for encrypting. Defaults to Huberry::Encryptor.
+      #
+      #   :encrypt_method => The encrypt method name to call on the <tt>:encryptor</tt> object. Defaults to :encrypt.
+      #
+      #   :decrypt_method => The decrypt method name to call on the <tt>:encryptor</tt> object. Defaults to :decrypt.
+      #
+      #   :if             => Attributes are only encrypted if this option evaluates to true. If you pass a symbol representing an instance 
+      #                      method then the result of the method will be evaluated. Any objects that respond to :call are evaluated as well. 
+      #                      Defaults to true.
+      #
+      #   :unless         => Attributes are only encrypted if this option evaluates to false. If you pass a symbol representing an instance 
+      #                      method then the result of the method will be evaluated. Any objects that respond to :call are evaluated as well. 
+      #                      Defaults to false.
+      #
+      # You can specify your own default options
+      #
+      #   class User
+      #     # now all attributes will be encoded and marshaled by default
+      #     attr_encrypted_options.merge!(:encode => true, :marshal => true, :some_other_option => true)
+      #     attr_encrypted :configuration
+      #   end
+      #
+      #
+      # Example
+      #
+      #   class User
+      #     attr_encrypted :email, :credit_card, :key => 'some secret key'
+      #     attr_encrypted :configuration, :key => 'some other secret key', :marshal => true
+      #   end
+      #
+      #   @user = User.new
+      #   @user.encrypted_email # returns nil
+      #   @user.email = 'test@example.com'
+      #   @user.encrypted_email # returns the encrypted version of 'test@example.com'
+      #
+      #   @user.configuration = { :time_zone => 'UTC' }
+      #   @user.encrypted_configuration # returns the encrypted version of configuration
+      #
+      #   See README for more examples
+      def attr_encrypted(*attrs)
+        options = { 
+          :prefix => 'encrypted_', 
+          :suffix => '', 
+          :encryptor => Huberry::Encryptor, 
+          :encrypt_method => :encrypt,
+          :decrypt_method => :decrypt,
+          :encode => false, 
+          :marshal => false, 
+          :if => true, 
+          :unless => false 
+        }.merge(attr_encrypted_options).merge(attrs.last.is_a?(Hash) ? attrs.pop : {})
+        options[:encode] = 'm*' if options[:encode] == true
+        
+        attrs.each do |attribute|
+          encrypted_attribute_name = options[:attribute].nil? ? options[:prefix].to_s + attribute.to_s + options[:suffix].to_s : options[:attribute].to_s
+          
+          encrypted_attributes[attribute.to_s] = encrypted_attribute_name
+          
+          attr_reader encrypted_attribute_name.to_sym unless instance_methods.include?(encrypted_attribute_name)
+          attr_writer encrypted_attribute_name.to_sym unless instance_methods.include?("#{encrypted_attribute_name}=")
+          
+          define_class_method "encrypt_#{attribute}" do |value|
+            if options[:if] && !options[:unless]
+              if value.nil? || (value.is_a?(String) && value.empty?)
+                encrypted_value = value
+              else
+                value = Marshal.dump(value) if options[:marshal]
+                encrypted_value = options[:encryptor].send options[:encrypt_method], options.merge(:value => value)
+                encrypted_value = [encrypted_value].pack(options[:encode]) if options[:encode]
+              end
+              encrypted_value
+            else
+              value
+            end
+          end
+          
+          define_class_method "decrypt_#{attribute}" do |encrypted_value|
+            if options[:if] && !options[:unless]
+              if encrypted_value.nil? || (encrypted_value.is_a?(String) && encrypted_value.empty?)
+                decrypted_value = encrypted_value
+              else
+                encrypted_value = encrypted_value.unpack(options[:encode]).to_s if options[:encode]
+                decrypted_value = options[:encryptor].send(options[:decrypt_method], options.merge(:value => encrypted_value))
+                decrypted_value = Marshal.load(decrypted_value) if options[:marshal]
+              end
+              decrypted_value
+            else
+              encrypted_value
+            end
+          end
+          
+          define_method "#{attribute}" do
+            value = instance_variable_get("@#{attribute}")
+            encrypted_value = send(encrypted_attribute_name.to_sym)
+            original_options = [:key, :if, :unless].inject({}) do |hash, option|
+              hash[option] = options[option]
+              options[option] = self.class.send :evaluate_attr_encrypted_option, options[option], self
+              hash
+            end
+            value = instance_variable_set("@#{attribute}", self.class.send("decrypt_#{attribute}".to_sym, encrypted_value)) if value.nil? && !encrypted_value.nil?
+            options.merge!(original_options)
+            value
+          end
+          
+          define_method "#{attribute}=" do |value|
+            original_options = [:key, :if, :unless].inject({}) do |hash, option|
+              hash[option] = options[option]
+              options[option] = self.class.send :evaluate_attr_encrypted_option, options[option], self
+              hash
+            end
+            send("#{encrypted_attribute_name}=".to_sym, self.class.send("encrypt_#{attribute}".to_sym, value))
+            options.merge!(original_options)
+            instance_variable_set("@#{attribute}", value)
+          end
+        end
+      end
+      
+      # Evaluates an option specified as a symbol representing an instance method or a proc
+      #
+      # If the option is not a symbol or proc then the original option is returned
+      def evaluate_attr_encrypted_option(option, object)
+        if option.is_a?(Symbol) && object.respond_to?(option)
+          object.send(option)
+        elsif option.respond_to?(:call)
+          option.call(object)
+        else
+          option
+        end
+      end
+  end
+end
+
+Object.extend Huberry::AttrEncrypted
+
+Dir[File.join(File.dirname(__FILE__), 'huberry', 'attr_encrypted', 'adapters', '*.rb')].each { |file| require file }

data/lib/huberry/attr_encrypted/adapters/active_record.rb

@@ -0,0 +1,56 @@
+if defined?(ActiveRecord)
+  module Huberry
+    module AttrEncrypted
+      module Adapters
+        module ActiveRecord
+          def self.extended(base)
+            base.attr_encrypted_options[:encode] = true
+            base.eigenclass_eval { alias_method_chain :method_missing, :attr_encrypted }
+          end
+          
+          protected
+          
+            # Ensures the attribute methods for db fields have been defined before calling the original 
+            # <tt>attr_encrypted</tt> method
+            def attr_encrypted(*attrs)
+              define_attribute_methods
+              super
+            end
+            
+            # Allows you to use dynamic methods like <tt>find_by_email</tt> or <tt>scoped_by_email</tt> for 
+            # encrypted attributes
+            #
+            # NOTE: This only works when the <tt>:key</tt> option is specified as a string (see the README)
+            #
+            # This is useful for encrypting fields like email addresses. Your user's email addresses 
+            # are encrypted in the database, but you can still look up a user by email for logging in
+            #
+            # Example
+            #
+            #   class User < ActiveRecord::Base
+            #     attr_encrypted :email, :key => 'secret key'
+            #   end
+            #
+            #   User.find_by_email_and_password('test@example.com', 'testing')
+            #   # results in a call to
+            #   User.find_by_encrypted_email_and_password('the_encrypted_version_of_test@example.com', 'testing')
+            def method_missing_with_attr_encrypted(method, *args, &block)
+              if match = /^(find|scoped)_(all_by|by)_([_a-zA-Z]\w*)$/.match(method.to_s)
+                attribute_names = match.captures.last.split('_and_')
+                attribute_names.each_with_index do |attribute, index|
+                  if attr_encrypted?(attribute)
+                    args[index] = send("encrypt_#{attribute}", args[index])
+                    attribute_names[index] = encrypted_attributes[attribute]
+                  end
+                end
+                method = "#{match.captures[0]}_#{match.captures[1]}_#{attribute_names.join('_and_')}".to_sym
+              end
+              method_missing_without_attr_encrypted(method, *args, &block)
+            end
+        end
+      end
+    end
+  end
+  
+  ActiveRecord::Base.extend Huberry::AttrEncrypted::Adapters::ActiveRecord
+end

data/lib/huberry/attr_encrypted/adapters/data_mapper.rb

@@ -0,0 +1,23 @@
+if defined?(DataMapper)
+  module Huberry
+    module AttrEncrypted
+      module Adapters
+        module DataMapper
+          def self.extended(base)
+            base.eigenclass_eval do 
+              alias_method :included_without_attr_encrypted, :included
+              alias_method :included, :included_with_attr_encrypted
+            end
+          end
+          
+          def included_with_attr_encrypted(base)
+            included_without_attr_encrypted(base)
+            base.attr_encrypted_options[:encode] = true
+          end
+        end
+      end
+    end
+  end
+  
+  DataMapper::Resource.extend Huberry::AttrEncrypted::Adapters::DataMapper
+end

data/lib/huberry/attr_encrypted/adapters/sequel.rb

@@ -0,0 +1,15 @@
+if defined?(Sequel)
+  module Huberry
+    module AttrEncrypted
+      module Adapters
+        module Sequel
+          def self.extended(base)
+            base.attr_encrypted_options[:encode] = true
+          end
+        end
+      end
+    end
+  end
+  
+  Sequel::Model.extend Huberry::AttrEncrypted::Adapters::Sequel
+end

data/test/active_record_test.rb

@@ -0,0 +1,97 @@
+require File.dirname(__FILE__) + '/test_helper'
+
+ActiveRecord::Base.establish_connection :adapter => 'sqlite3', :database => ':memory:'
+
+def create_people_table
+  silence_stream(STDOUT) do
+    ActiveRecord::Schema.define(:version => 1) do
+      create_table :people do |t|
+        t.string   :encrypted_email
+        t.string   :password
+        t.string   :encrypted_credentials
+        t.string   :salt
+      end
+    end
+  end
+end
+
+# The table needs to exist before defining the class
+create_people_table
+
+class Person < ActiveRecord::Base
+  attr_encrypted :email, :key => 'a secret key'
+  attr_encrypted :credentials, :key => Proc.new { |user| Huberry::Encryptor.encrypt(:value => user.salt, :key => 'some private key') }, :marshal => true
+  
+  def after_initialize
+    self.salt ||= Digest::SHA256.hexdigest((Time.now.to_i * rand(5)).to_s)
+    self.credentials ||= { :username => 'example', :password => 'test' }
+  end
+end
+
+class PersonWithValidation < Person
+  validates_presence_of :email
+  validates_uniqueness_of :encrypted_email
+end
+
+class ActiveRecordTest < Test::Unit::TestCase
+  
+  def setup
+    ActiveRecord::Base.connection.tables.each { |table| ActiveRecord::Base.connection.drop_table(table) }
+    create_people_table
+  end
+  
+  def test_should_encrypt_email
+    @person = Person.create :email => 'test@example.com'
+    assert_not_nil @person.encrypted_email
+    assert_not_equal @person.email, @person.encrypted_email
+    assert_equal @person.email, Person.find(:first).email
+  end
+  
+  def test_should_marshal_and_encrypt_credentials
+    @person = Person.create
+    assert_not_nil @person.encrypted_credentials
+    assert_not_equal @person.credentials, @person.encrypted_credentials
+    assert_equal @person.credentials, Person.find(:first).credentials
+  end
+  
+  def test_should_find_by_email
+    @person = Person.create(:email => 'test@example.com')
+    assert_equal @person, Person.find_by_email('test@example.com')
+  end
+  
+  def test_should_find_by_email_and_password
+    Person.create(:email => 'test@example.com', :password => 'invalid')
+    @person = Person.create(:email => 'test@example.com', :password => 'test')
+    assert_equal @person, Person.find_by_email_and_password('test@example.com', 'test')
+  end
+  
+  def test_should_scope_by_email
+    @person = Person.create(:email => 'test@example.com')
+    assert_equal @person, Person.scoped_by_email('test@example.com').find(:first) rescue NoMethodError
+  end
+  
+  def test_should_scope_by_email_and_password
+    Person.create(:email => 'test@example.com', :password => 'invalid')
+    @person = Person.create(:email => 'test@example.com', :password => 'test')
+    assert_equal @person, Person.scoped_by_email_and_password('test@example.com', 'test').find(:first) rescue NoMethodError
+  end
+  
+  def test_should_encode_by_default
+    assert Person.attr_encrypted_options[:encode]
+  end
+  
+  def test_should_validate_presence_of_email
+    @person = PersonWithValidation.new
+    assert !@person.valid?
+    assert @person.errors.on(:email)
+  end
+  
+  def test_should_validate_uniqueness_of_email
+    @person = PersonWithValidation.new :email => 'test@example.com'
+    assert @person.save
+    @person2 = PersonWithValidation.new :email => @person.email
+    assert !@person2.valid?
+    assert @person2.errors.on(:encrypted_email)
+  end
+  
+end

data/test/attr_encrypted_test.rb

@@ -0,0 +1,245 @@
+require File.dirname(__FILE__) + '/test_helper'
+
+class SillyEncryptor
+  def self.silly_encrypt(options)
+    (options[:value] + options[:some_arg]).reverse
+  end
+  
+  def self.silly_decrypt(options)
+    options[:value].reverse.gsub(/#{options[:some_arg]}$/, '')
+  end
+end
+
+class User
+  self.attr_encrypted_options[:key] = Proc.new { |user| user.class.to_s } # default key
+  
+  attr_encrypted :email, :without_encoding, :key => 'secret key'
+  attr_encrypted :password, :prefix => 'crypted_', :suffix => '_test'
+  attr_encrypted :ssn, :key => :salt, :attribute => 'ssn_encrypted'
+  attr_encrypted :credit_card, :encryptor => SillyEncryptor, :encrypt_method => :silly_encrypt, :decrypt_method => :silly_decrypt, :some_arg => 'test'
+  attr_encrypted :with_encoding, :key => 'secret key', :encode => true
+  attr_encrypted :with_custom_encoding, :key => 'secret key', :encode => 'm'
+  attr_encrypted :with_marshaling, :key => 'secret key', :marshal => true
+  attr_encrypted :with_true_if, :key => 'secret key', :if => true
+  attr_encrypted :with_false_if, :key => 'secret key', :if => false
+  attr_encrypted :with_true_unless, :key => 'secret key', :unless => true
+  attr_encrypted :with_false_unless, :key => 'secret key', :unless => false
+  attr_accessor :salt
+  
+  def initialize
+    self.salt = Time.now.to_i.to_s
+  end
+end
+
+class Admin < User
+  attr_encrypted :testing
+end
+
+class SomeOtherClass
+  def self.call(object)
+    object.class
+  end
+end
+
+class AttrEncryptedTest < Test::Unit::TestCase
+  
+  def test_should_store_email_in_encrypted_attributes
+    assert User.encrypted_attributes.include?('email')
+  end
+  
+  def test_should_not_store_salt_in_encrypted_attributes
+    assert !User.encrypted_attributes.include?('salt')
+  end
+  
+  def test_attr_encrypted_should_return_true_for_email
+    assert User.attr_encrypted?('email')
+  end
+  
+  def test_attr_encrypted_should_return_false_for_salt
+    assert !User.attr_encrypted?('salt')
+  end
+  
+  def test_should_generate_an_encrypted_attribute
+    assert User.new.respond_to?(:encrypted_email)
+  end
+  
+  def test_should_generate_an_encrypted_attribute_with_a_prefix_and_suffix
+    assert User.new.respond_to?(:crypted_password_test)
+  end
+  
+  def test_should_generate_an_encrypted_attribute_with_the_attribute_option
+    assert User.new.respond_to?(:ssn_encrypted)
+  end
+  
+  def test_should_not_encrypt_nil_value
+    assert_nil User.encrypt_email(nil)
+  end
+  
+  def test_should_not_encrypt_empty_string
+    assert_equal '', User.encrypt_email('')
+  end
+  
+  def test_should_encrypt_email
+    assert_not_nil User.encrypt_email('test@example.com')
+    assert_not_equal 'test@example.com', User.encrypt_email('test@example.com')
+  end
+  
+  def test_should_encrypt_email_when_modifying_the_attr_writer
+    @user = User.new
+    assert_nil @user.encrypted_email
+    @user.email = 'test@example.com'
+    assert_not_nil @user.encrypted_email
+    assert_equal User.encrypt_email('test@example.com'), @user.encrypted_email
+  end
+  
+  def test_should_not_decrypt_nil_value
+    assert_nil User.decrypt_email(nil)
+  end
+  
+  def test_should_not_decrypt_empty_string
+    assert_equal '', User.decrypt_email('')
+  end
+  
+  def test_should_decrypt_email
+    encrypted_email = User.encrypt_email('test@example.com')
+    assert_not_equal 'test@test.com', encrypted_email
+    assert_equal 'test@example.com', User.decrypt_email(encrypted_email)
+  end
+  
+  def test_should_decrypt_email_when_reading
+    @user = User.new
+    assert_nil @user.email
+    @user.encrypted_email = User.encrypt_email('test@example.com')
+    assert_equal 'test@example.com', @user.email
+  end
+  
+  def test_should_encrypt_with_encoding
+    assert_equal User.encrypt_with_encoding('test'), [User.encrypt_without_encoding('test')].pack('m*')
+  end
+  
+  def test_should_decrypt_with_encoding
+    encrypted = User.encrypt_with_encoding('test')
+    assert_equal 'test', User.decrypt_with_encoding(encrypted)
+    assert_equal User.decrypt_with_encoding(encrypted), User.decrypt_without_encoding(encrypted.unpack('m*').to_s)
+  end
+  
+  def test_should_encrypt_with_custom_encoding
+    assert_equal User.encrypt_with_encoding('test'), [User.encrypt_without_encoding('test')].pack('m')
+  end
+  
+  def test_should_decrypt_with_custom_encoding
+    encrypted = User.encrypt_with_encoding('test')
+    assert_equal 'test', User.decrypt_with_encoding(encrypted)
+    assert_equal User.decrypt_with_encoding(encrypted), User.decrypt_without_encoding(encrypted.unpack('m').to_s)
+  end
+  
+  def test_should_encrypt_with_marshaling
+    @user = User.new
+    @user.with_marshaling = [1, 2, 3]
+    assert_not_nil @user.encrypted_with_marshaling
+    assert_equal User.encrypt_with_marshaling([1, 2, 3]), @user.encrypted_with_marshaling
+  end
+  
+  def test_should_decrypt_with_marshaling
+    encrypted = User.encrypt_with_marshaling([1, 2, 3])
+    @user = User.new
+    assert_nil @user.with_marshaling
+    @user.encrypted_with_marshaling = encrypted
+    assert_equal [1, 2, 3], @user.with_marshaling
+  end
+  
+  def test_should_use_custom_encryptor_and_crypt_method_names_and_arguments
+    assert_equal SillyEncryptor.silly_encrypt(:value => 'testing', :some_arg => 'test'), User.encrypt_credit_card('testing')
+  end
+  
+  def test_should_evaluate_a_key_passed_as_a_symbol
+    @user = User.new
+    assert_nil @user.ssn_encrypted
+    @user.ssn = 'testing'
+    assert_not_nil @user.ssn_encrypted
+    assert_equal Huberry::Encryptor.encrypt(:value => 'testing', :key => @user.salt), @user.ssn_encrypted
+  end
+  
+  def test_should_evaluate_a_key_passed_as_a_proc
+    @user = User.new
+    assert_nil @user.crypted_password_test
+    @user.password = 'testing'
+    assert_not_nil @user.crypted_password_test
+    assert_equal Huberry::Encryptor.encrypt(:value => 'testing', :key => 'User'), @user.crypted_password_test
+  end
+  
+  def test_should_use_options_found_in_the_attr_encrypted_options_attribute
+    @user = User.new
+    assert_nil @user.crypted_password_test
+    @user.password = 'testing'
+    assert_not_nil @user.crypted_password_test
+    assert_equal Huberry::Encryptor.encrypt(:value => 'testing', :key => 'User'), @user.crypted_password_test
+  end
+  
+  def test_should_inherit_encrypted_attributes
+    assert_equal User.encrypted_attributes.merge('testing' => 'encrypted_testing'), Admin.encrypted_attributes
+  end
+  
+  def test_should_inherit_attr_encrypted_options
+    assert !User.attr_encrypted_options.empty?
+    assert_equal User.attr_encrypted_options, Admin.attr_encrypted_options
+  end
+  
+  def test_should_not_inherit_unrelated_attributes
+    assert SomeOtherClass.attr_encrypted_options.empty?
+    assert SomeOtherClass.encrypted_attributes.empty?
+  end
+  
+  def test_should_evaluate_a_symbol_option
+    assert_equal Object, Object.send(:evaluate_attr_encrypted_option, :class, Object.new)
+  end
+  
+  def test_should_evaluate_a_proc_option
+    assert_equal Object, Object.send(:evaluate_attr_encrypted_option, proc { |object| object.class }, Object.new)
+  end
+  
+  def test_should_evaluate_a_lambda_option
+    assert_equal Object, Object.send(:evaluate_attr_encrypted_option, lambda { |object| object.class }, Object.new)
+  end
+  
+  def test_should_evaluate_a_method_option
+    assert_equal Object, Object.send(:evaluate_attr_encrypted_option, SomeOtherClass.method(:call), Object.new)
+  end
+  
+  def test_should_return_a_string_option
+    assert_equal 'Object', Object.send(:evaluate_attr_encrypted_option, 'Object', Object.new)
+  end
+  
+  def test_should_encrypt_with_true_if
+    @user = User.new
+    assert_nil @user.encrypted_with_true_if
+    @user.with_true_if = 'testing'
+    assert_not_nil @user.encrypted_with_true_if
+    assert_equal Huberry::Encryptor.encrypt(:value => 'testing', :key => 'secret key'), @user.encrypted_with_true_if
+  end
+  
+  def test_should_not_encrypt_with_false_if
+    @user = User.new
+    assert_nil @user.encrypted_with_false_if
+    @user.with_false_if = 'testing'
+    assert_not_nil @user.encrypted_with_false_if
+    assert_equal 'testing', @user.encrypted_with_false_if
+  end
+  
+  def test_should_encrypt_with_false_unless
+    @user = User.new
+    assert_nil @user.encrypted_with_false_unless
+    @user.with_false_unless = 'testing'
+    assert_not_nil @user.encrypted_with_false_unless
+    assert_equal Huberry::Encryptor.encrypt(:value => 'testing', :key => 'secret key'), @user.encrypted_with_false_unless
+  end
+  
+  def test_should_not_encrypt_with_true_unless
+    @user = User.new
+    assert_nil @user.encrypted_with_true_unless
+    @user.with_true_unless = 'testing'
+    assert_not_nil @user.encrypted_with_true_unless
+    assert_equal 'testing', @user.encrypted_with_true_unless
+  end
+  
+end

data/test/data_mapper_test.rb

@@ -0,0 +1,52 @@
+require File.dirname(__FILE__) + '/test_helper'
+
+DataMapper.setup(:default, "sqlite3::memory:")
+
+class Client
+  include DataMapper::Resource
+  
+  property :id, Serial
+  property :encrypted_email, String
+  property :encrypted_credentials, Text
+  property :salt, String
+  
+  attr_encrypted :email, :key => 'a secret key'
+  attr_encrypted :credentials, :key => Proc.new { |client| Huberry::Encryptor.encrypt(:value => client.salt, :key => 'some private key') }, :marshal => true
+  
+  def initialize(attrs = {})
+    super attrs
+    self.salt ||= Digest::SHA1.hexdigest((Time.now.to_i * rand(5)).to_s)
+    self.credentials ||= { :username => 'example', :password => 'test' }
+  end
+end
+
+DataMapper.auto_migrate!
+
+class DataMapperTest < Test::Unit::TestCase
+  
+  def setup
+    Client.all.each(&:destroy)
+  end
+  
+  def test_should_encrypt_email
+    @client = Client.new :email => 'test@example.com'
+    assert @client.save
+    assert_not_nil @client.encrypted_email
+    assert_not_equal @client.email, @client.encrypted_email
+    assert_equal @client.email, Client.first.email
+  end
+  
+  def test_should_marshal_and_encrypt_credentials
+    @client = Client.new
+    assert @client.save
+    assert_not_nil @client.encrypted_credentials
+    assert_not_equal @client.credentials, @client.encrypted_credentials
+    assert_equal @client.credentials, Client.first.credentials
+    assert Client.first.credentials.is_a?(Hash)
+  end
+  
+  def test_should_encode_by_default
+    assert Client.attr_encrypted_options[:encode]
+  end
+  
+end

data/test/sequel_test.rb

@@ -0,0 +1,50 @@
+require File.dirname(__FILE__) + '/test_helper'
+
+DB = Sequel.sqlite
+
+DB.create_table :humans do
+  primary_key :id
+  column :encrypted_email, :string
+  column :password, :string
+  column :encrypted_credentials, :string
+  column :salt, :string
+end
+
+class Human < Sequel::Model(:humans)  
+  attr_encrypted :email, :key => 'a secret key'
+  attr_encrypted :credentials, :key => Proc.new { |human| Huberry::Encryptor.encrypt(:value => human.salt, :key => 'some private key') }, :marshal => true
+  
+  def after_initialize(attrs = {})
+    self.salt ||= Digest::SHA1.hexdigest((Time.now.to_i * rand(5)).to_s)
+    self.credentials ||= { :username => 'example', :password => 'test' }
+  end
+end
+
+class SequelTest < Test::Unit::TestCase
+  
+  def setup
+    Human.all.each(&:destroy)
+  end
+  
+  def test_should_encrypt_email
+    @human = Human.new :email => 'test@example.com'
+    assert @human.save
+    assert_not_nil @human.encrypted_email
+    assert_not_equal @human.email, @human.encrypted_email
+    assert_equal @human.email, Human.first.email
+  end
+  
+  def test_should_marshal_and_encrypt_credentials
+    @human = Human.new
+    assert @human.save
+    assert_not_nil @human.encrypted_credentials
+    assert_not_equal @human.credentials, @human.encrypted_credentials
+    assert_equal @human.credentials, Human.first.credentials
+    assert Human.first.credentials.is_a?(Hash)
+  end
+  
+  def test_should_encode_by_default
+    assert Human.attr_encrypted_options[:encode]
+  end
+  
+end

data/test/test_helper.rb

@@ -0,0 +1,16 @@
+require 'test/unit'
+require 'digest/sha2'
+
+require 'rubygems'
+
+gem 'activerecord'
+gem 'datamapper'
+gem 'sequel'
+
+require 'eigenclass'
+require 'encryptor'
+require 'active_record'
+require 'datamapper'
+require 'sequel'
+
+require File.dirname(__FILE__) + '/../lib/attr_encrypted'

metadata

@@ -0,0 +1,88 @@
+--- !ruby/object:Gem::Specification 
+name: attr_encrypted
+version: !ruby/object:Gem::Version 
+  version: 1.0.8
+platform: ruby
+authors: 
+- Sean Huber
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2009-01-13 00:00:00 -05:00
+default_executable: 
+dependencies: 
+- !ruby/object:Gem::Dependency 
+  name: eigenclass
+  type: :runtime
+  version_requirement: 
+  version_requirements: !ruby/object:Gem::Requirement 
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        version: 1.0.1
+    version: 
+- !ruby/object:Gem::Dependency 
+  name: encryptor
+  type: :runtime
+  version_requirement: 
+  version_requirements: !ruby/object:Gem::Requirement 
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        version: 1.0.0
+    version: 
+description: Generates attr_accessors that encrypt and decrypt attributes transparently
+email: shuber@huberry.com
+executables: []
+
+extensions: []
+
+extra_rdoc_files: []
+
+files: 
+- CHANGELOG
+- lib/attr_encrypted.rb
+- lib/huberry/attr_encrypted/adapters/active_record.rb
+- lib/huberry/attr_encrypted/adapters/data_mapper.rb
+- lib/huberry/attr_encrypted/adapters/sequel.rb
+- MIT-LICENSE
+- Rakefile
+- README.markdown
+- test/test_helper.rb
+has_rdoc: false
+homepage: http://github.com/shuber/attr_encrypted
+licenses: []
+
+post_install_message: 
+rdoc_options: 
+- --line-numbers
+- --inline-source
+- --main
+- README.markdown
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      version: "0"
+  version: 
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      version: "0"
+  version: 
+requirements: []
+
+rubyforge_project: 
+rubygems_version: 1.3.5
+signing_key: 
+specification_version: 3
+summary: Generates attr_accessors that encrypt and decrypt attributes transparently
+test_files: 
+- test/active_record_test.rb
+- test/attr_encrypted_test.rb
+- test/data_mapper_test.rb
+- test/sequel_test.rb