attr_keyring 0.6.1 → 0.7.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: d02280da9cb28259980ea283b6030672957657ead8b895594176eef09d78382b
-  data.tar.gz: 88ddda0bb1d9a85869246e46ab49a8f4889bc0c398d616be9dd162eec239a177
+  metadata.gz: 4a1335e867e0b79f0f8082b6cceaa30e40feeb7a9cb140dbb133989ad47af66f
+  data.tar.gz: fa5803034ce08ff55f515fc87e774eeb16b96597e229f55266bfdafd51225dd0
 SHA512:
-  metadata.gz: 6a3108027fac7dbfee097e7afa3227f58f33560e540f19bc0f0b63cb4e482e8315ffafdbd4360bc31724426c9150109c6b9e46e9ecdf70526ca13cb34a8bee93
-  data.tar.gz: 16a5ca41d03b434dbf2eb4a5751af6595e7d00c93867159c3990a3e1d0a104d170dfd434580eff0420b1b966afe0877ec70362c6d66cad34e89e0f5fed8867d4
+  metadata.gz: 1d2bc02c88a3871191cc41e32707452f1df9c50040991a8b09394d06a7a06d83a84b3574ac2e1e291e41cb8525d190213e31066eb9922440bbbe3426271829eb
+  data.tar.gz: '00086d53fd3bd74cc0ab4a1e5b511b02ddb081dc01531df75999461200c15b5e87069e0b38eb62f5c353ed121cb8f4657ec1e130aebfc0d254528a9365896389'

data/.github/workflows/tests.yml

@@ -4,6 +4,8 @@ name: Tests
 on:
   pull_request:
   push:
+  workflow_dispatch:
+    inputs: {}
 
 jobs:
   build:
@@ -12,9 +14,10 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        ruby: ["2.7", "3.0"]
+        ruby: ["2.7", "3.0", "3.1"]
         gemfile:
           - gemfiles/7_0.gemfile
+          - gemfiles/6_1.gemfile
           - gemfiles/6_0.gemfile
 
     services:
@@ -26,9 +29,9 @@ jobs:
           --health-retries 5
 
     steps:
-      - uses: actions/checkout@v1
+      - uses: actions/checkout@v3.0.2
 
-      - uses: actions/cache@v2
+      - uses: actions/cache@v3.0.1
         with:
           path: vendor/bundle
           key: >

data/README.md

@@ -144,6 +144,21 @@ user.encrypted_email
 #=> WG8Epo0ABz0Z1X5gX7kttc98w9Ei59B5uXGK36Zin9G0VqbxX3naOWOm4RI6w6Uu
 ```
 
+If you want to store a hash, you can use the `encoder:` option.
+
+```ruby
+class User < ApplicationRecord
+  attr_keyring ENV["USER_KEYRING"],
+               digest_salt: "<custom salt>"
+
+  attr_encrypt :data, encoder: JSON
+end
+```
+
+An encoder is just an object that responds to the methods `dump(data)` and
+`parse(data)`, just like the `JSON` interface. Alternatively, you can use
+`AttrKeyring::Encoders::JSON`, which returns hashes with symbolized keys.
+
 ### Encryption
 
 By default, AES-128-CBC is the algorithm used for encryption. This algorithm

data/gemfiles/6_1.gemfile

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+source "https://rubygems.org"
+gemspec path: ".."
+gem "activerecord", "~> 6.1.0"

data/lib/attr_keyring/active_record.rb

@@ -21,7 +21,7 @@ module AttrKeyring
           def reload(options = nil)
             instance = super
 
-            self.class.encrypted_attributes.each do |attribute|
+            self.class.encrypted_attributes.each do |attribute, _options|
               clear_decrypted_column_cache(attribute)
             end
 

data/lib/attr_keyring/encoders/json_encoder.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+module AttrKeyring
+  module Encoders
+    module JSONEncoder
+      def self.dump(data)
+        ::JSON.dump(data)
+      end
+
+      def self.parse(data)
+        ::JSON.parse(data, symbolize_names: true)
+      end
+    end
+  end
+end

data/lib/attr_keyring/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module AttrKeyring
-  VERSION = "0.6.1"
+  VERSION = "0.7.0"
 end

data/lib/attr_keyring.rb

@@ -3,6 +3,7 @@
 module AttrKeyring
   require "attr_keyring/version"
   require "keyring"
+  require "attr_keyring/encoders/json_encoder"
 
   def self.active_record
     require "attr_keyring/active_record"
@@ -23,7 +24,7 @@ module AttrKeyring
         attr_accessor :encrypted_attributes, :keyring, :keyring_column_name
       end
 
-      self.encrypted_attributes = []
+      self.encrypted_attributes = {}
       self.keyring = Keyring.new({}, digest_salt: "")
       self.keyring_column_name = :keyring_id
     end
@@ -42,11 +43,12 @@ module AttrKeyring
       self.keyring = Keyring.new(keyring, options)
     end
 
-    def attr_encrypt(*attributes)
-      self.encrypted_attributes ||= []
-      encrypted_attributes.push(*attributes)
+    def attr_encrypt(*attributes, encoder: nil)
+      self.encrypted_attributes ||= {}
 
       attributes.each do |attribute|
+        encrypted_attributes[attribute.to_sym] = {encoder: encoder}
+
         define_attr_encrypt_writer(attribute)
         define_attr_encrypt_reader(attribute)
       end
@@ -70,6 +72,8 @@ module AttrKeyring
       clear_decrypted_column_cache(attribute)
       return reset_encrypted_column(attribute) unless encryptable_value?(value)
 
+      encoder = self.class.encrypted_attributes[attribute][:encoder]
+      value = encoder.dump(value) if encoder
       value = value.to_s
 
       previous_keyring_id = public_send(self.class.keyring_column_name)
@@ -86,6 +90,7 @@ module AttrKeyring
 
     private def attr_decrypt_column(attribute)
       cache_name = :"@#{attribute}"
+
       if instance_variable_defined?(cache_name)
         return instance_variable_get(cache_name)
       end
@@ -99,6 +104,9 @@ module AttrKeyring
         public_send(self.class.keyring_column_name)
       )
 
+      encoder = self.class.encrypted_attributes[attribute][:encoder]
+      decrypted_value = encoder.parse(decrypted_value) if encoder
+
       instance_variable_set(cache_name, decrypted_value)
     end
 
@@ -123,10 +131,13 @@ module AttrKeyring
 
       keyring_id = self.class.keyring.current_key.id
 
-      self.class.encrypted_attributes.each do |attribute|
+      self.class.encrypted_attributes.each do |attribute, options|
         value = public_send(attribute)
         next unless encryptable_value?(value)
 
+        encoder = options[:encoder]
+        value = encoder.dump(value) if encoder
+
         encrypted_value, _, digest = self.class.keyring.encrypt(value)
 
         public_send("encrypted_#{attribute}=", encrypted_value)

data/lib/keyring/encryptor/aes.rb

@@ -38,7 +38,10 @@ module Keyring
           expected_hmac = hmac_digest(key.signing_key, encrypted_payload)
 
           unless verify_signature(expected_hmac, hmac)
-            raise InvalidAuthentication, "Expected HMAC to be #{Base64.strict_encode64(expected_hmac)}; got #{Base64.strict_encode64(hmac)} instead" # rubocop:disable Layout/LineLength
+            raise InvalidAuthentication,
+                  "Expected HMAC to be " \
+                  "#{Base64.strict_encode64(expected_hmac)}; " \
+                  "got #{Base64.strict_encode64(hmac)} instead"
           end
 
           cipher.iv = iv

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: attr_keyring
 version: !ruby/object:Gem::Version
-  version: 0.6.1
+  version: 0.7.0
 platform: ruby
 authors:
 - Nando Vieira
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2021-12-11 00:00:00.000000000 Z
+date: 2022-07-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activerecord
@@ -204,9 +204,11 @@ files:
 - examples/keyring_sample.rb
 - examples/sequel_sample.rb
 - gemfiles/6_0.gemfile
+- gemfiles/6_1.gemfile
 - gemfiles/7_0.gemfile
 - lib/attr_keyring.rb
 - lib/attr_keyring/active_record.rb
+- lib/attr_keyring/encoders/json_encoder.rb
 - lib/attr_keyring/sequel.rb
 - lib/attr_keyring/version.rb
 - lib/keyring.rb
@@ -231,7 +233,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.2.32
+rubygems_version: 3.3.7
 signing_key:
 specification_version: 4
 summary: Simple encryption-at-rest plugin for ActiveRecord.