attr_encryption 0.1.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: acd5e4eab70392658a813fc269594f9172725646
+  data.tar.gz: b517d95ae98b5cd7537ff0cf40ed52275c632b85
+SHA512:
+  metadata.gz: caf52c3ef1935397886f25c58290c78a3344632c8373bd223a9cbd5d1398a87ed1be5351fbd4fb33142f892ff7c86761a50fc57b935e9f1c61a0026ee0a2373c
+  data.tar.gz: 87e5a93df2785e93b0d83af5bee82808cff9753f755ff8e27fbb3fe3083751070752c9adafa5f6f8d7a1f27d0a4220493244378cb797440e026aa811b966c36b

data/.document

@@ -0,0 +1,5 @@
+lib/**/*.rb
+bin/*
+- 
+features/**/*.feature
+LICENSE.txt

data/.rspec

@@ -0,0 +1 @@
+--color

data/Gemfile

@@ -0,0 +1,13 @@
+source "http://rubygems.org"
+# Add dependencies required to use your gem here.
+# Example:
+gem "activesupport", ">= 3.2.14"
+
+# Add dependencies to develop your gem here.
+# Include everything needed to run rake, tests, features, etc.
+group :development do
+  gem "rspec"
+  gem "rdoc", "~> 3.12"
+  gem "bundler", "~> 1.0"
+  gem "jeweler", "~> 1.8.7"
+end

data/Gemfile.lock

@@ -0,0 +1,68 @@
+GEM
+  remote: http://rubygems.org/
+  specs:
+    activesupport (3.2.14)
+      i18n (~> 0.6, >= 0.6.4)
+      multi_json (~> 1.0)
+    addressable (2.3.5)
+    builder (3.2.2)
+    diff-lcs (1.2.4)
+    faraday (0.8.8)
+      multipart-post (~> 1.2.0)
+    git (1.2.6)
+    github_api (0.10.1)
+      addressable
+      faraday (~> 0.8.1)
+      hashie (>= 1.2)
+      multi_json (~> 1.4)
+      nokogiri (~> 1.5.2)
+      oauth2
+    hashie (2.0.5)
+    highline (1.6.19)
+    httpauth (0.2.0)
+    i18n (0.6.5)
+    jeweler (1.8.7)
+      builder
+      bundler (~> 1.0)
+      git (>= 1.2.5)
+      github_api (= 0.10.1)
+      highline (>= 1.6.15)
+      nokogiri (= 1.5.10)
+      rake
+      rdoc
+    json (1.8.0)
+    jwt (0.1.8)
+      multi_json (>= 1.5)
+    multi_json (1.8.0)
+    multi_xml (0.5.5)
+    multipart-post (1.2.0)
+    nokogiri (1.5.10)
+    oauth2 (0.9.2)
+      faraday (~> 0.8)
+      httpauth (~> 0.2)
+      jwt (~> 0.1.4)
+      multi_json (~> 1.0)
+      multi_xml (~> 0.5)
+      rack (~> 1.2)
+    rack (1.5.2)
+    rake (10.1.0)
+    rdoc (3.12.2)
+      json (~> 1.4)
+    rspec (2.14.1)
+      rspec-core (~> 2.14.0)
+      rspec-expectations (~> 2.14.0)
+      rspec-mocks (~> 2.14.0)
+    rspec-core (2.14.5)
+    rspec-expectations (2.14.3)
+      diff-lcs (>= 1.1.3, < 2.0)
+    rspec-mocks (2.14.3)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  activesupport (>= 3.2.14)
+  bundler (~> 1.0)
+  jeweler (~> 1.8.7)
+  rdoc (~> 3.12)
+  rspec

data/LICENSE.txt

@@ -0,0 +1,20 @@
+Copyright (c) 2013 Dave
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.rdoc

@@ -0,0 +1,34 @@
+= attr_encryption
+
+This gem enhances ActiveRecord models with the ability to quickly and easily
+define which attributes of the model are to be encrypted. Once the attributes
+have been identified, the gem takes care of all the details.
+
+For example, if you want to encrypt the card number of a CreditCard model, you
+would simply code the following:
+
+  class CreditCard < ActiveRecord::Base
+    attr_encrypted :card_number
+  end
+
+All that is required at this point is a column on the 'credit_cards' table named
+'card_number_enc'.
+
+There are a variety of options that can be applied to the attr_encrypted call to customize
+how the encryption proceeds, but more on that later.
+
+== Contributing to attr_encryption
+ 
+* Check out the latest master to make sure the feature hasn't been implemented or the bug hasn't been fixed yet.
+* Check out the issue tracker to make sure someone already hasn't requested it and/or contributed it.
+* Fork the project.
+* Start a feature/bugfix branch.
+* Commit and push until you are happy with your contribution.
+* Make sure to add tests for it. This is important so I don't break it in a future version unintentionally.
+* Please try not to mess with the Rakefile, version, or history. If you want to have your own version, or is otherwise necessary, that is fine, but please isolate to its own commit so I can cherry-pick around it.
+
+== Copyright
+
+Copyright (c) 2013 Providigm. See LICENSE.txt for
+further details.
+

data/Rakefile

@@ -0,0 +1,49 @@
+# encoding: utf-8
+
+require 'rubygems'
+require 'bundler'
+begin
+  Bundler.setup(:default, :development)
+rescue Bundler::BundlerError => e
+  $stderr.puts e.message
+  $stderr.puts "Run `bundle install` to install missing gems"
+  exit e.status_code
+end
+require 'rake'
+
+require 'jeweler'
+Jeweler::Tasks.new do |gem|
+  # gem is a Gem::Specification... see http://docs.rubygems.org/read/chapter/20 for more options
+  gem.name = "attr_encryption"
+  gem.homepage = "http://github.com/GitHubAdmin/attr_encryption"
+  gem.license = "MIT"
+  gem.summary = %Q{Extends Object and ActiveRecord::Base objects to support encrypted attributes}
+  gem.description = %Q{Provides an extension for Ruby and rails object to support a flexible means of encrypting attributes.}
+  gem.email = "dave.sieh@providigm.com"
+  gem.authors = ["Dave Sieh"]
+  # dependencies defined in Gemfile
+end
+Jeweler::RubygemsDotOrgTasks.new
+
+require 'rspec/core'
+require 'rspec/core/rake_task'
+RSpec::Core::RakeTask.new(:spec) do |spec|
+  spec.pattern = FileList['spec/**/*_spec.rb']
+end
+
+RSpec::Core::RakeTask.new(:rcov) do |spec|
+  spec.pattern = 'spec/**/*_spec.rb'
+  spec.rcov = true
+end
+
+task :default => :spec
+
+require 'rdoc/task'
+Rake::RDocTask.new do |rdoc|
+  version = File.exist?('VERSION') ? File.read('VERSION') : ""
+
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title = "attr_encryption #{version}"
+  rdoc.rdoc_files.include('README*')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end

data/VERSION

@@ -0,0 +1 @@
+0.1.1

data/lib/attr_encryption.rb

@@ -0,0 +1,345 @@
+require 'singleton'
+require 'attr_encryption/date_extensions'
+require 'attr_encryption/mysql_encryption'
+require 'attr_encryption/mysql_encryptor'
+
+# Adds attr_accessors that encrypt and decrypt an object's attributes
+module AttrEncryption
+
+  def self.extended(base) # :nodoc:
+    base.class_eval do
+      include InstanceMethods
+      attr_writer :attr_encrypted_options
+      @attr_encrypted_options, @encrypted_attributes = {}, {}
+    end
+  end
+
+  # Generates attr_accessors that encrypt and decrypt attributes transparently
+  #
+  # Options (any other options you specify are passed to the encryptor's encrypt and decrypt methods)
+  #
+  #   :attribute        => The name of the referenced encrypted attribute. For example
+  #                        <tt>attr_accessor :email, :attribute => :ee</tt> would generate an
+  #                        attribute named 'ee' to store the encrypted email. This is useful when defining
+  #                        one attribute to encrypt at a time or when the :prefix and :suffix options
+  #                        aren't enough. Defaults to nil.
+  #
+  #   :type             => The data type of the value to be encrypted/decrypted. Can be 'date', 'datetime', 'binary' or 'text'.
+  #                        When encrypting, all values will use their string value (value.to_s). When decrypting,
+  #                        the type of the value will determine what is returned. For example:
+  #                 
+  #                          type = 'date': Date.parse(decrypted_value)
+  #                          type = 'time': DateTime.parse(decrypted_value)
+  #                          type = 'binary': decrypted_value
+  #                          type = 'text': decrypted_value.force_encoding('utf-8')
+  #
+  #   :prefix           => A prefix used to generate the name of the referenced encrypted attributes.
+  #                        For example <tt>attr_accessor :email, :password, :prefix => 'crypted_'</tt> would
+  #                        generate attributes named 'crypted_email' and 'crypted_password' to store the
+  #                        encrypted email and password. Defaults to ''.
+  #
+  #   :suffix           => A suffix used to generate the name of the referenced encrypted attributes.
+  #                        For example <tt>attr_accessor :email, :password, :suffix => '_encrypted'</tt>
+  #                        would generate attributes named 'email_encrypted' and 'password_encrypted' to store the
+  #                        encrypted email. Defaults to '_enc'.
+  # 
+  #   :preencrypt       => The symbol identifying a method that should be run on an attribute immediately prior
+  #                        to marshalling and encrypting. This could be used for things like stripping white-space
+  #                        from values or other sorts of pre-processing. Defaults to nil.
+  #
+  #   :key              => The encryption key. This option may not be required if you're using a custom encryptor. If you pass
+  #                        a symbol representing an instance method then the :key option will be replaced with the result of the
+  #                        method before being passed to the encryptor. Objects that respond to :call are evaluated as well (including procs).
+  #                        Any other key types will be passed directly to the encryptor. TODO (DJS): We'll see if we need this.
+  #
+  #   :encode           => If set to true, attributes will be encoded as well as encrypted. This is useful if you're
+  #                        planning on storing the encrypted attributes in a database. The default encoding is 'm' (base64),
+  #                        however this can be overwritten by setting the :encode option to some other encoding string instead of
+  #                        just 'true'. See http://www.ruby-doc.org/core/classes/Array.html#M002245 for more encoding directives.
+  #                        Defaults to false unless you're using it with ActiveRecord, DataMapper, or Sequel. TODO(DJS): We'll see if we need this.
+  #
+  #   :default_encoding => Defaults to 'm' (base64). TODO(DJS): Hmmm. See above
+  #
+  #   :marshal          => If set to true, attributes will be marshaled as well as encrypted. This is useful if you're planning
+  #                        on encrypting something other than a string. Defaults to false unless you're using it with ActiveRecord
+  #                        or DataMapper. TODO(DJS): Don't want to use this by default in our encryption since we want to be able to query...
+  #
+  #   :marshaler        => The object to use for marshaling. Defaults to Marshal.
+  #
+  #   :dump_method      => The dump method name to call on the <tt>:marshaler</tt> object to. Defaults to 'dump'.
+  #
+  #   :load_method      => The load method name to call on the <tt>:marshaler</tt> object. Defaults to 'load'.
+  #
+  #   :encryptor        => The object to use for encrypting. Defaults to Encryptor. TODO(DJS): Need to changed this to indicate our encryptor
+  #
+  #   :encrypt_method   => The encrypt method name to call on the <tt>:encryptor</tt> object. Defaults to 'encrypt'. TODO(DJS): Verify this.
+  #
+  #   :decrypt_method   => The decrypt method name to call on the <tt>:encryptor</tt> object. Defaults to 'decrypt'. TODO(DJS): Verify this.
+  #
+  #   :if               => Attributes are only encrypted if this option evaluates to true. If you pass a symbol representing an instance
+  #                        method then the result of the method will be evaluated. Any objects that respond to <tt>:call</tt> are evaluated as well.
+  #                        Defaults to true.
+  #
+  #   :unless           => Attributes are only encrypted if this option evaluates to false. If you pass a symbol representing an instance
+  #                        method then the result of the method will be evaluated. Any objects that respond to <tt>:call</tt> are evaluated as well.
+  #                        Defaults to false.
+  #
+  # You can specify your own default options
+  #
+  # TODO(DJS): Need to rework the examples.
+  #   class User
+  #     # now all attributes will be encoded and marshaled by default
+  #     attr_encrypted_options.merge!(:encode => true, :marshal => true, :some_other_option => true)
+  #     attr_encrypted :configuration, :key => 'my secret key'
+  #   end
+  #
+  #
+  # Example
+  #
+  #   class User
+  #     attr_encrypted :email, :credit_card, :key => 'some secret key'
+  #     attr_encrypted :configuration, :key => 'some other secret key', :marshal => true
+  #   end
+  #
+  #   @user = User.new
+  #   @user.encrypted_email # nil
+  #   @user.email? # false
+  #   @user.email = 'test@example.com'
+  #   @user.email? # true
+  #   @user.encrypted_email # returns the encrypted version of 'test@example.com'
+  #
+  #   @user.configuration = { :time_zone => 'UTC' }
+  #   @user.encrypted_configuration # returns the encrypted version of configuration
+  #
+  #   See README for more examples
+  def attr_encrypted(*attributes)
+    options = {
+      :prefix           => '',
+      :suffix           => '_enc',
+      :if               => true,
+      :unless           => false,
+      :encode           => false,
+      :key              => $encryption_key,
+      :type             => 'text',
+      :default_encoding => 'm',
+      :preenrypt        => nil,
+      :marshal          => false,
+      :marshaler        => Marshal,
+      :dump_method      => 'dump',
+      :load_method      => 'load',
+      :encryptor        => MySQLEncryptor.instance,
+      :encrypt_method   => 'encrypt',
+      :decrypt_method   => 'decrypt'
+    }.merge!(attr_encrypted_options).merge!(attributes.last.is_a?(Hash) ? attributes.pop : {})
+
+    options[:encode] = options[:default_encoding] if options[:encode] == true
+
+    attributes.each do |attribute|
+      encrypted_attribute_name = (options[:attribute] ? options[:attribute] : [options[:prefix], attribute, options[:suffix]].join).to_sym
+
+      instance_methods_as_symbols = instance_methods.collect { |method| method.to_sym }
+      attr_reader encrypted_attribute_name unless instance_methods_as_symbols.include?(encrypted_attribute_name)
+      attr_writer encrypted_attribute_name unless instance_methods_as_symbols.include?(:"#{encrypted_attribute_name}=")
+
+      define_method(attribute) do
+        cached_value = instance_variable_get("@#{attribute}")
+        value = cached_value && options[:type] == 'date' && cached_value.is_a?(Date) ? cached_value : nil
+        value || instance_variable_set("@#{attribute}", decrypt(attribute, send(encrypted_attribute_name)))
+        # instance_variable_get("@#{attribute}") || instance_variable_set("@#{attribute}", decrypt(attribute, send(encrypted_attribute_name)))
+      end
+
+      define_method("#{attribute}=") do |value|
+        send("#{encrypted_attribute_name}=", encrypt(attribute, value))
+        instance_variable_set("@#{attribute}", value)
+      end
+
+      define_method("#{attribute}?") do
+        value = send(attribute)
+        value.respond_to?(:empty?) ? !value.empty? : !!value
+      end
+
+      encrypted_attributes[attribute.to_sym] = options.merge(:attribute => encrypted_attribute_name)
+    end
+  end
+  alias_method :attr_encryptor, :attr_encrypted
+
+  # Default options to use with calls to <tt>attr_encrypted</tt>
+  #
+  # It will inherit existing options from its superclass
+  def attr_encrypted_options
+    @attr_encrypted_options ||= superclass.attr_encrypted_options.dup
+  end
+
+  # Checks if an attribute is configured with <tt>attr_encrypted</tt>
+  #
+  # Example
+  #
+  #   class User
+  #     attr_accessor :name
+  #     attr_encrypted :email
+  #   end
+  #
+  #   User.attr_encrypted?(:name)  # false
+  #   User.attr_encrypted?(:email) # true
+  def attr_encrypted?(attribute)
+    encrypted_attributes.has_key?(attribute.to_sym)
+  end
+
+  # Decrypts a value for the attribute specified
+  #
+  # Example
+  #
+  #   class User
+  #     attr_encrypted :email
+  #   end
+  #
+  #   email = User.decrypt(:email, 'SOME_ENCRYPTED_EMAIL_STRING')
+  def decrypt(attribute, encrypted_value, options = {})
+    options = encrypted_attributes[attribute.to_sym].merge(options)
+    if options[:if] && !options[:unless] && !encrypted_value.nil? && !(encrypted_value.is_a?(String) && encrypted_value.empty?)
+      encrypted_value = encrypted_value.unpack(options[:encode]).first if options[:encode]
+      value = options[:encryptor].send(options[:decrypt_method], options.merge!(:value => encrypted_value))
+      value = options[:marshaler].send(options[:load_method], value) if options[:marshal]
+      value
+    else
+      encrypted_value
+    end
+  end
+
+  # Encrypts a value for the attribute specified
+  #
+  # Example
+  #
+  #   class User
+  #     attr_encrypted :email
+  #   end
+  #
+  #   encrypted_email = User.encrypt(:email, 'test@example.com')
+  def encrypt(attribute, value, options = {})
+    options = encrypted_attributes[attribute.to_sym].merge(options)
+    if options[:if] && !options[:unless] && !value.nil? && !(value.is_a?(String) && value.empty?)
+      value = options[:preencrypt] ? (value.is_a?(String) ? value.send(options[:preencrypt]) : value) : value
+      value = options[:marshal] ? options[:marshaler].send(options[:dump_method], value) : value.to_s
+      encrypted_value = options[:encryptor].send(options[:encrypt_method], options.merge!(:value => value))
+      encrypted_value = [encrypted_value].pack(options[:encode]) if options[:encode]
+      encrypted_value
+    else
+      cleanse_value value, options
+    end
+  end
+
+  # Cleans up the value to ensure we don't get empty strings the db when we should be getting nils.
+  def cleanse_value(value, options)
+    return nil if value.is_a?(String) && value.empty? && options[:type] == 'date'
+    value
+  end
+
+  # Contains a hash of encrypted attributes with virtual attribute names as keys
+  # and their corresponding options as values
+  #
+  # Example
+  #
+  #   class User
+  #     attr_encrypted :email, :key => 'my secret key'
+  #   end
+  #
+  #   User.encrypted_attributes # { :email => { :attribute => 'encrypted_email', :key => 'my secret key' } }
+  def encrypted_attributes
+    @encrypted_attributes ||= superclass.encrypted_attributes.dup
+  end
+
+  # Forwards calls to :encrypt_#{attribute} or :decrypt_#{attribute} to the corresponding encrypt or decrypt method
+  # if attribute was configured with attr_encrypted
+  #
+  # Example
+  #
+  #   class User
+  #     attr_encrypted :email, :key => 'my secret key'
+  #   end
+  #
+  #   User.encrypt_email('SOME_ENCRYPTED_EMAIL_STRING')
+  def method_missing(method, *arguments, &block)
+    if method.to_s =~ /\A((en|de)crypt)_(.+)\z/ && attr_encrypted?($3)
+      send($1, $3, *arguments)
+    else
+      super
+    end
+  end
+
+  module InstanceMethods
+    # Decrypts a value for the attribute specified using options evaluated in the current object's scope
+    #
+    # Example
+    #
+    #  class User
+    #    attr_accessor :secret_key
+    #    attr_encrypted :email, :key => :secret_key
+    #
+    #    def initialize(secret_key)
+    #      self.secret_key = secret_key
+    #    end
+    #  end
+    #
+    #  @user = User.new('some-secret-key')
+    #  @user.decrypt(:email, 'SOME_ENCRYPTED_EMAIL_STRING')
+    def decrypt(attribute, encrypted_value)
+      self.class.decrypt(attribute, encrypted_value, evaluated_attr_encrypted_options_for(attribute))
+    end
+
+    # Encrypts a value for the attribute specified using options evaluated in the current object's scope
+    #
+    # Example
+    #
+    #  class User
+    #    attr_accessor :secret_key
+    #    attr_encrypted :email, :key => :secret_key
+    #
+    #    def initialize(secret_key)
+    #      self.secret_key = secret_key
+    #    end
+    #  end
+    #
+    #  @user = User.new('some-secret-key')
+    #  @user.encrypt(:email, 'test@example.com')
+    def encrypt(attribute, value)
+      self.class.encrypt(attribute, value, evaluated_attr_encrypted_options_for(attribute))
+    end
+
+    def unencrypted_attributes
+      attributes.each_with_object({}) do |a, new_hash|
+        key = a.first
+        value = a.last
+        if key =~ /\A(.+)_enc\z/
+          key = $1
+          value = decrypt(key.to_sym, value)
+        end
+        new_hash[key] = value
+      end   
+    end
+
+    protected
+
+      # Returns attr_encrypted options evaluated in the current object's scope for the attribute specified
+      def evaluated_attr_encrypted_options_for(attribute)
+        self.class.encrypted_attributes[attribute.to_sym].inject({}) { |hash, (option, value)| hash.merge!(option => (option == :preencrypt) ? value : evaluate_attr_encrypted_option(value)) }
+      end
+
+      # Evaluates symbol (method reference) or proc (responds to call) options
+      #
+      # If the option is not a symbol or proc then the original option is returned
+      def evaluate_attr_encrypted_option(option)
+        if option.is_a?(Symbol) && respond_to?(option)
+          send(option)
+        elsif option.respond_to?(:call)
+          option.call(self)
+        else
+          option
+        end
+      end
+  end
+end
+
+Object.extend AttrEncryption
+
+# require File.expand_path('attr_encryption/adapters/active_record.rb', File.dirname(__FILE__))
+require 'attr_encryption/adapters/active_record.rb'

data/lib/attr_encryption/adapters/active_record.rb

@@ -0,0 +1,58 @@
+if defined?(ActiveRecord::Base)
+  module AttrEncryption
+    module Adapters
+      module ActiveRecord
+        def self.extended(base) # :nodoc:
+          base.class_eval do
+            # TODO(DJS): We don't want encoding by define in OUR ActiveRecord models
+            # attr_encrypted_options[:encode] = true
+            class << self; alias_method_chain :method_missing, :attr_encrypted; end
+          end
+        end
+
+        protected
+
+          # Ensures the attribute methods for db fields have been defined before calling the original 
+          # <tt>attr_encrypted</tt> method
+          def attr_encrypted(*attrs)
+            define_attribute_methods rescue nil
+            super
+            attrs.reject { |attr| attr.is_a?(Hash) }.each { |attr| alias_method "#{attr}_before_type_cast", attr }
+          end
+
+          # Allows you to use dynamic methods like <tt>find_by_email</tt> or <tt>scoped_by_email</tt> for 
+          # encrypted attributes
+          #
+          # NOTE: This only works when the <tt>:key</tt> option is specified as a string (see the README)
+          #
+          # This is useful for encrypting fields like email addresses. Your user's email addresses 
+          # are encrypted in the database, but you can still look up a user by email for logging in
+          #
+          # Example
+          #
+          #   class User < ActiveRecord::Base
+          #     attr_encrypted :email, :key => 'secret key'
+          #   end
+          #
+          #   User.find_by_email_and_password('test@example.com', 'testing')
+          #   # results in a call to
+          #   User.find_by_encrypted_email_and_password('the_encrypted_version_of_test@example.com', 'testing')
+          def method_missing_with_attr_encrypted(method, *args, &block)
+            if match = /\A(find|scoped)_(all_by|by)_([_a-zA-Z]\w*)\z/.match(method.to_s)
+              attribute_names = match.captures.last.split('_and_')
+              attribute_names.each_with_index do |attribute, index|
+                if attr_encrypted?(attribute)
+                  args[index] = send("encrypt_#{attribute}", args[index])
+                  attribute_names[index] = encrypted_attributes[attribute.to_sym][:attribute]
+                end
+              end
+              method = "#{match.captures[0]}_#{match.captures[1]}_#{attribute_names.join('_and_')}".to_sym
+            end
+            method_missing_without_attr_encrypted(method, *args, &block)
+          end
+      end
+    end
+  end
+
+  ActiveRecord::Base.extend AttrEncryption::Adapters::ActiveRecord
+end

data/lib/attr_encryption/date_extensions.rb

@@ -0,0 +1,13 @@
+class Date
+
+  def self.safe_parse(date)
+    return nil if date.blank?
+    return date if date.is_a?(Date) || date.is_a?(Time)
+    begin
+      Date.parse(date);
+    rescue Exception => e;
+      nil
+    end
+  end
+
+end

data/lib/attr_encryption/mysql_encryption.rb

@@ -0,0 +1,73 @@
+module MySQLEncryption
+  # Mimics MySQL's AES_ENCRYPT() and AES_DECRYPT() encryption functions
+  $encryption_key ||= "hzjd88hqxejak31"
+
+  def mysql_encrypt(s, key=$encryption_key)
+    return nil if s.blank?
+    do_encrypt(s, mysql_key(key))
+  end
+  
+  def mysql_decrypt(s, key=$encryption_key)
+    return nil if s.blank?
+    do_decrypt(s, mysql_key(key))
+  end
+  
+  protected
+
+  def aes(m,k,t)
+    (aes = OpenSSL::Cipher::AES128.new("ECB").send(m)).key = k
+    aes.update(t) << aes.final
+  end
+
+  def do_encrypt(text, key)
+    aes(:encrypt, key, text)
+  end
+
+  def do_decrypt(text, key)
+    aes(:decrypt, key, text)
+  end
+
+  #
+  # This method returns a key based on the specified key that is
+  # 16 bytes in length. If the specified key is shorter than 16 bytes
+  # it is zero-padded to 16 bytes. If the specified key is longer
+  # 16 bytes, the bytes of the original key are folded back on itself
+  # using the XOR operator. This ensures that all the bytes in the
+  # original key are used, but the resulting key remains 16 bytes long.
+  #
+  # Sheesh.
+  #
+  def mysql_key(key)
+    return nil if key.nil?
+    final_key = "\0" * 16
+    key.bytes.each_with_index do |b, i|
+      buf = (final_key[i%16].bytes.first ^ b)
+      final_key[i%16] = buf.chr
+    end
+    final_key
+  end
+
+end
+
+=begin
+Copyright (c) 2009 Felipe Coury
+ 
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+ 
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+ 
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+=end

data/lib/attr_encryption/mysql_encryptor.rb

@@ -0,0 +1,33 @@
+class MySQLEncryptor
+  include MySQLEncryption
+  include Singleton
+
+  def encrypt(encrypt_options)
+    value_to_encrypt = encrypt_options[:value].nil? ? nil : encrypt_options[:type] == 'date' ? encrypt_date(encrypt_options[:value]) : encrypt_options[:value].to_s
+    mysql_encrypt(value_to_encrypt, encrypt_options[:key])
+  end
+
+  def decrypt(encrypt_options)
+    decrypted_value = mysql_decrypt(encrypt_options[:value], encrypt_options[:key])
+    return decrypted_value if decrypted_value.nil?
+
+    case encrypt_options[:type]
+    when 'text'
+      decrypted_value.force_encoding('utf-8')
+    when 'date'
+      Date.parse(decrypted_value)
+    when 'datetime'
+      DateTime.parse(decrypted_value)
+    when 'binary'
+      decrypted_value # no processing
+    else
+      raise "Invalid type specified for post-processing decrypted value"
+    end
+  end
+
+  def encrypt_date(value)
+    dt = value.is_a?(String) ? Date.safe_parse(value) : value
+    dt.strftime("%Y%m%d") if dt.present?
+  end
+
+end

data/spec/mysql_encryption_spec.rb

@@ -0,0 +1,109 @@
+require 'spec_helper'
+
+class DummyClass
+  include MySQLEncryption
+end
+
+describe 'MySQLEncryption' do
+
+  before(:each) do
+    @cut = DummyClass.new
+    @key = "eaduccitranatereheenalaistater"
+  end
+
+  context "Public Methods" do
+
+    context '#mysql_encrypt' do
+      
+      it "should return nil if a nil string is specified" do
+        expect(@cut.mysql_encrypt(nil, @key)).to be_nil
+      end
+
+      it "should call do_encrypt with a mysql'ized key and the string" do
+        plain_text = "Plain Text"
+        @cut.should_receive(:do_encrypt).
+          with(plain_text, "abcdefghijklmnop").
+          and_return("encrypted_value")
+        @cut.should_receive(:mysql_key).
+          with("abcdefghijklmnop").
+          and_return("abcdefghijklmnop")
+        expect(@cut.mysql_encrypt(plain_text, "abcdefghijklmnop")).to eq("encrypted_value")
+      end
+
+    end
+
+    context '#mysql_decrypt' do
+      
+      it "should return nil if a nil string is specified" do
+        expect(@cut.mysql_decrypt(nil, @key)).to be_nil
+      end
+
+      it "should call do_decrypt with a mysql'ized key and the string" do
+        plain_text = "Plain Text"
+        @cut.should_receive(:do_decrypt).
+          with(plain_text, "abcdefghijklmnop").
+          and_return("encrypted_value")
+        @cut.should_receive(:mysql_key).
+          with("abcdefghijklmnop").
+          and_return("abcdefghijklmnop")
+        expect(@cut.mysql_decrypt(plain_text, "abcdefghijklmnop")).to eq("encrypted_value")
+      end
+
+    end
+
+  end
+
+  context 'Protected Methods' do
+
+    context '#aes' do
+
+      it "should be able to encrypt, then decrypt a string using a specified key" do
+        plain_text = 'plain text'
+        encrypted_string = @cut.send(:aes, :encrypt, @key, plain_text)
+        unencrypted_string = @cut.send(:aes, :decrypt, @key, encrypted_string)
+        expect(unencrypted_string).to eq(plain_text)
+      end
+
+    end
+
+    context '#do_en/decrypt' do
+      
+      it "should be able to encrypt, then decrypt a string using a specified key" do
+        plain_text = 'plain text'
+        encrypted_string = @cut.send(:do_encrypt, plain_text, @key)
+        unencrypted_string = @cut.send(:do_decrypt, encrypted_string, @key)
+        expect(unencrypted_string).to eq(plain_text)
+      end
+    end
+
+    context '#mysql_key' do
+
+      it "should return nil if a nil key was specified" do
+        expect(@cut.send(:mysql_key, nil)).to be_nil
+      end
+
+      it "should return a final key that is 16 bytes long, each byte being the null-value if a blank key is specified" do
+        expect(@cut.send(:mysql_key, "")).to eq("\0" * 16)
+      end
+
+      it "should right-pad a specified key with null bytes if the specified key is less than 16 bytes" do
+        key = "abcdefghijklmop" # 15-byte key
+        expect(@cut.send(:mysql_key, key)).to eq("abcdefghijklmop\0")
+      end
+
+      it "should simply echo back the same key if the specified key is 16 bytes" do
+        key = "abcdefghijklmopq" # 16-byte key
+        expect(@cut.send(:mysql_key, key)).to eq("abcdefghijklmopq")
+      end
+
+      it "should XOR the leading bytes of the resulting key with the trailing bytes of the specified key over 16 bytes" do
+        key = "abcdefghijklmopqrs" # 18-byte key
+        expect(@cut.send(:mysql_key, key)).to eq(("a".bytes.first ^ "r".bytes.first).chr + 
+                                                 ("b".bytes.first ^ "s".bytes.first).chr + 
+                                                 "cdefghijklmopq")
+      end
+
+    end
+
+  end
+end

data/spec/mysql_encryptor_spec.rb

@@ -0,0 +1,132 @@
+require 'spec_helper'
+
+describe MySQLEncryptor do
+
+  before(:each) do
+    @cut = MySQLEncryptor.instance
+  end
+
+  context '#encrypt' do
+
+    it "should return nil if the value passed in the options is nil" do
+      @cut.should_receive(:mysql_encrypt).
+        with(nil, 'the_key_value').
+        and_return(nil)
+
+      expect(@cut.encrypt(value: nil, key: 'the_key_value')).
+        to be_nil
+    end
+
+    it "should convert the value to a string before having the mysql_encrypt method encrypt it" do
+      @cut.should_receive(:mysql_encrypt).
+        with("12", 'the_key_value').
+        and_return("encrypted_12")
+
+      expect(@cut.encrypt(value: 12, key: 'the_key_value')).
+        to eq("encrypted_12")
+    end
+
+    it "should convert the value to a date string before encryption when the type is specified as a 'date'" do
+      date = Date.today
+      date_str = date.strftime("%Y%m%d")
+      @cut.should_receive(:encrypt_date).
+        with(date).and_return(date_str)
+      @cut.should_receive(:mysql_encrypt).
+        with(date_str, 'the_key_value').
+        and_return("encrypted_date")
+
+      expect(@cut.encrypt(value: date, key: 'the_key_value', type: 'date')).
+        to eq("encrypted_date")
+    end
+
+  end
+
+  context '#decrypt' do
+
+    it "should return nil if mysql_decrypt returns a nil" do
+      @cut.should_receive(:mysql_decrypt).
+        with(nil, 'the_key').
+        and_return(nil)
+
+      expect(@cut.decrypt(value: nil, key: 'the_key')).
+        to be_nil
+    end
+
+    it "should force the encoding of the decrypted string if the type is 'text'" do
+      decrypted_value = 'decrypted_value'
+      decrypted_value.should_receive(:force_encoding).
+        with('utf-8').
+        and_return(decrypted_value)
+
+      @cut.should_receive(:mysql_decrypt).
+        with('encrypted_value', 'the_key').
+        and_return(decrypted_value)
+
+      expect(@cut.decrypt(value: 'encrypted_value', key: 'the_key', type: 'text')).
+        to eq(decrypted_value)
+    end
+
+    it "should return a Date object if the type of the encrypted value is 'date'" do
+      date = Date.today
+      date_str = date.strftime("%Y%m%d")
+
+      @cut.should_receive(:mysql_decrypt).
+        with('encrypted_date', 'the_key').
+        and_return(date_str)
+
+      expect(@cut.decrypt(value: 'encrypted_date', key: 'the_key', type: 'date')).
+        to eq(date)
+    end
+
+    it "should return a DateTime object if the type of the encrypted value is 'datetime'" do
+      date = DateTime.now.utc
+      date_str = date.strftime("%Y-%m-%d %H:%M:%S")
+
+      @cut.should_receive(:mysql_decrypt).
+        with('encrypted_datetime', 'the_key').
+        and_return(date_str)
+
+      expect(@cut.decrypt(value: 'encrypted_datetime', key: 'the_key', type: 'datetime').strftime("%Y-%m-%d %H:%M:%S")).
+        to eq(date_str)
+    end
+
+    it "should return the raw-unprocessed encrypted data if the value is binary" do
+      @cut.should_receive(:mysql_decrypt).
+        with('encrypted_binary', 'the_key').
+        and_return("unencrypted_binary")
+
+      expect(@cut.decrypt(value: 'encrypted_binary', key: 'the_key', type: 'binary')).
+        to eq("unencrypted_binary")
+    end
+
+    it "should raise a runtime exception if the specified data type is not recognized" do
+      @cut.should_receive(:mysql_decrypt).
+        with('value', 'the_key').
+        and_return("unencrypted_binary")
+      expect { @cut.decrypt(value: 'value', key: 'the_key', type: 'bad_type') }.
+        to raise_error(RuntimeError)
+    end
+
+  end
+
+  context '#encrypt_date' do
+
+    it "should return nil if a nil value is specified" do
+      expect(@cut.encrypt_date(nil)).
+        to be_nil
+    end
+
+    it "should parse specified value as a date if a string is specified, then format it appropriately" do
+      expect(@cut.encrypt_date("2013/09/08")).
+        to eq("20130908")
+    end
+
+    it "should use the date specified and format it appropriately" do
+      date = Date.today
+      date_str = date.strftime("%Y%m%d")
+      expect(@cut.encrypt_date(date)).
+        to eq(date_str)
+    end
+
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,14 @@
+$LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
+$LOAD_PATH.unshift(File.dirname(__FILE__))
+require 'rspec'
+require 'active_support/core_ext/object'
+require 'attr_encryption'
+require 'openssl'
+
+# Requires supporting files with custom matchers and macros, etc,
+# in ./support/ and its subdirectories.
+Dir["#{File.dirname(__FILE__)}/support/**/*.rb"].each {|f| require f}
+
+RSpec.configure do |config|
+  
+end

metadata

@@ -0,0 +1,132 @@
+--- !ruby/object:Gem::Specification
+name: attr_encryption
+version: !ruby/object:Gem::Version
+  version: 0.1.1
+platform: ruby
+authors:
+- Dave Sieh
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2014-01-08 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: activesupport
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: 3.2.14
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: 3.2.14
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rdoc
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '3.12'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '3.12'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.0'
+- !ruby/object:Gem::Dependency
+  name: jeweler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 1.8.7
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 1.8.7
+description: Provides an extension for Ruby and rails object to support a flexible
+  means of encrypting attributes.
+email: dave.sieh@providigm.com
+executables: []
+extensions: []
+extra_rdoc_files:
+- LICENSE.txt
+- README.rdoc
+files:
+- .document
+- .rspec
+- Gemfile
+- Gemfile.lock
+- LICENSE.txt
+- README.rdoc
+- Rakefile
+- VERSION
+- lib/attr_encryption.rb
+- lib/attr_encryption/adapters/active_record.rb
+- lib/attr_encryption/date_extensions.rb
+- lib/attr_encryption/mysql_encryption.rb
+- lib/attr_encryption/mysql_encryptor.rb
+- spec/mysql_encryption_spec.rb
+- spec/mysql_encryptor_spec.rb
+- spec/spec_helper.rb
+homepage: http://github.com/GitHubAdmin/attr_encryption
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.3.0
+signing_key: 
+specification_version: 4
+summary: Extends Object and ActiveRecord::Base objects to support encrypted attributes
+test_files: []