attr_masker 0.1.0

data/lib/attr_masker.rb

@@ -0,0 +1,227 @@
+# (c) 2017 Ribose Inc.
+#
+
+# Adds attr_accessors that mask an object's attributes
+module AttrMasker
+  autoload :Version, "attr_masker/version"
+
+  autoload :Error, "attr_masker/error"
+  autoload :Performer, "attr_masker/performer"
+
+  module Maskers
+    autoload :Replacing, "attr_masker/maskers/replacing"
+    autoload :SIMPLE, "attr_masker/maskers/simple"
+  end
+
+  require "attr_masker/railtie" if defined?(Rails)
+  def self.extended(base) # :nodoc:
+    base.class_eval do
+
+      # Only include the dangerous instance methods during the Rake task!
+      include InstanceMethods
+      attr_writer :attr_masker_options
+      @attr_masker_options, @masker_attributes = {}, {}
+    end
+  end
+
+  # Generates attr_accessors that mask attributes transparently
+  #
+  # Options (any other options you specify are passed to the masker's mask
+  # methods)
+  #
+  #   :marshal          => If set to true, attributes will be marshaled as well as masker. This is useful if you're planning
+  #                        on masking something other than a string. Defaults to false unless you're using it with ActiveRecord
+  #                        or DataMapper.
+  #
+  #   :marshaler        => The object to use for marshaling. Defaults to Marshal.
+  #
+  #   :dump_method      => The dump method name to call on the <tt>:marshaler</tt> object to. Defaults to 'dump'.
+  #
+  #   :load_method      => The load method name to call on the <tt>:marshaler</tt> object. Defaults to 'load'.
+  #
+  #   :masker           => The object to use for masking. It must respond to +#mask+. Defaults to AttrMasker::Maskers::Simple.
+  #
+  #   :if               => Attributes are only masker if this option evaluates to true. If you pass a symbol representing an instance
+  #                        method then the result of the method will be evaluated. Any objects that respond to <tt>:call</tt> are evaluated as well.
+  #                        Defaults to true.
+  #
+  #   :unless           => Attributes are only masker if this option evaluates to false. If you pass a symbol representing an instance
+  #                        method then the result of the method will be evaluated. Any objects that respond to <tt>:call</tt> are evaluated as well.
+  #                        Defaults to false.
+  #
+  # You can specify your own default options
+  #
+  #   class User
+  #     # now all attributes will be encoded and marshaled by default
+  #     attr_masker_options.merge!(:marshal => true, :some_other_option => true)
+  #     attr_masker :configuration
+  #   end
+  #
+  #
+  # Example
+  #
+  #   class User
+  #     attr_masker :email, :credit_card
+  #     attr_masker :configuration, :marshal => true
+  #   end
+  #
+  #   @user = User.new
+  #   @user.masker_email # nil
+  #   @user.email? # false
+  #   @user.email = 'test@example.com'
+  #   @user.email? # true
+  #   @user.masker_email # returns the masker version of 'test@example.com'
+  #
+  #   @user.configuration = { :time_zone => 'UTC' }
+  #   @user.masker_configuration # returns the masker version of configuration
+  #
+  #   See README for more examples
+  def attr_masker(*attributes)
+    options = {
+      :if               => true,
+      :unless           => false,
+      :column_name      => nil,
+      :marshal          => false,
+      :marshaler        => Marshal,
+      :dump_method      => "dump",
+      :load_method      => "load",
+      :masker           => AttrMasker::Maskers::SIMPLE,
+    }.merge!(attr_masker_options).merge!(attributes.last.is_a?(Hash) ? attributes.pop : {})
+
+    attributes.each do |attribute|
+      masker_attributes[attribute.to_sym] = options.merge(attribute: attribute.to_sym)
+    end
+  end
+
+  # Default options to use with calls to <tt>attr_masker</tt>
+  # XXX:Keep
+  #
+  # It will inherit existing options from its superclass
+  def attr_masker_options
+    @attr_masker_options ||= superclass.attr_masker_options.dup
+  end
+
+  # Checks if an attribute is configured with <tt>attr_masker</tt>
+  # XXX:Keep
+  #
+  # Example
+  #
+  #   class User
+  #     attr_accessor :name
+  #     attr_masker :email
+  #   end
+  #
+  #   User.attr_masker?(:name)  # false
+  #   User.attr_masker?(:email) # true
+  def attr_masker?(attribute)
+    masker_attributes.has_key?(attribute.to_sym)
+  end
+
+  # masks a value for the attribute specified
+  # XXX:modify
+  #
+  # Example
+  #
+  #   class User
+  #     attr_masker :email
+  #   end
+  #
+  #   masker_email = User.mask(:email, 'test@example.com')
+  def mask(attribute, value, options = {})
+    options = masker_attributes[attribute.to_sym].merge(options)
+    # if options[:if] && !options[:unless] && !value.nil? && !(value.is_a?(String) && value.empty?)
+    if options[:if] && !options[:unless]
+      value = options[:marshal] ? options[:marshaler].send(options[:dump_method], value) : value.to_s
+      masker_value = options[:masker].call(options.merge!(value: value))
+      masker_value
+    else
+      value
+    end
+  end
+
+  # Contains a hash of masker attributes with virtual attribute names as keys
+  # and their corresponding options as values
+  # XXX:Keep
+  #
+  # Example
+  #
+  #   class User
+  #     attr_masker :email
+  #   end
+  #
+  #   User.masker_attributes # { :email => { :attribute => 'masker_email' } }
+  def masker_attributes
+    @masker_attributes ||= superclass.masker_attributes.dup
+  end
+
+  # Forwards calls to :mask_#{attribute} to the corresponding mask method
+  # if attribute was configured with attr_masker
+  #
+  # Example
+  #
+  #   class User
+  #     attr_masker :email
+  #   end
+  #
+  #   User.mask_email('SOME_masker_EMAIL_STRING')
+  def method_missing(method, *arguments, &block)
+    if method.to_s =~ /^mask_(.+)$/ && attr_masker?($1)
+      send(:mask, $1, *arguments)
+    else
+      super
+    end
+  end
+
+  module InstanceMethods
+
+    # masks a value for the attribute specified using options evaluated in the current object's scope
+    #
+    # Example
+    #
+    #  class User
+    #    attr_accessor :secret_key
+    #    attr_masker :email
+    #
+    #    def initialize(secret_key)
+    #      self.secret_key = secret_key
+    #    end
+    #  end
+    #
+    #  @user = User.new('some-secret-key')
+    #  @user.mask(:email, 'test@example.com')
+    def mask(attribute, value=nil)
+      value = self.send(attribute) if value.nil?
+      self.class.mask(attribute, value, evaluated_attr_masker_options_for(attribute))
+    end
+
+    protected
+
+      # Returns attr_masker options evaluated in the current object's scope for the attribute specified
+      # XXX:Keep
+      def evaluated_attr_masker_options_for(attribute)
+        self.class.masker_attributes[attribute.to_sym].inject({}) do |hash, (option, value)|
+          if %i[if unless].include?(option)
+            hash.merge!(option => evaluate_attr_masker_option(value))
+          else
+            hash.merge!(option => value)
+          end
+        end
+      end
+
+      # Evaluates symbol (method reference) or proc (responds to call) options
+      # XXX:Keep
+      #
+      # If the option is not a symbol or proc then the original option is returned
+      def evaluate_attr_masker_option(option)
+        if option.is_a?(Symbol) && respond_to?(option)
+          send(option)
+        elsif option.respond_to?(:call)
+          option.call(self)
+        else
+          option
+        end
+      end
+  end
+end
+
+Object.extend AttrMasker

data/lib/tasks/db.rake

@@ -0,0 +1,21 @@
+# (c) 2017 Ribose Inc.
+#
+
+# Hashrocket style looks better when describing task dependencies.
+# rubocop:disable Style/HashSyntax
+
+namespace :db do
+  desc "Mask every DB record according to rules set up in the respective " \
+  "ActiveRecord"
+
+  # If just:
+  #   task :mask do ... end,
+  # then connection won't be established.  Will need the '=> :environment'.
+  #
+  # URL:
+  # http://stackoverflow.com/questions/14163938/activerecordconnectionnotestablished-within-a-rake-task
+  #
+  task :mask => :environment do
+    AttrMasker::Performer::ActiveRecord.new.mask
+  end
+end

data/spec/dummy/config/database.yml

@@ -0,0 +1,3 @@
+test:
+  adapter:  sqlite3
+  database: ":memory:"

data/spec/dummy/config/routes.rb

@@ -0,0 +1,3 @@
+Rails.application.routes.draw do
+  #
+end

data/spec/dummy/db/schema.rb

@@ -0,0 +1,8 @@
+ActiveRecord::Schema.define do
+  create_table(:users, force: true) do |t|
+    t.string :first_name
+    t.string :last_name
+    t.string :email
+    t.timestamps null: false
+  end
+end

data/spec/features_spec.rb

@@ -0,0 +1,203 @@
+# (c) 2017 Ribose Inc.
+#
+
+# No point in using ApplicationRecord here.
+# rubocop:disable Rails/ApplicationRecord
+
+# No point in ensuring a trailing comma in multiline argument lists here.
+# rubocop:disable Style/TrailingCommaInArguments
+
+require "spec_helper"
+
+RSpec.describe "Attr Masker gem", :suppress_progressbar do
+  before do
+    stub_const "User", Class.new(ActiveRecord::Base)
+
+    User.class_eval do
+      def jedi?
+        email.ends_with? "@jedi.example.test"
+      end
+    end
+
+    allow(ActiveRecord::Base).to receive(:descendants).
+      and_return([ActiveRecord::SchemaMigration, User])
+  end
+
+  let!(:han) do
+    User.create!(
+      first_name: "Han",
+      last_name: "Solo",
+      email: "han@example.test",
+    )
+  end
+
+  let!(:luke) do
+    User.create!(
+      first_name: "Luke",
+      last_name: "Skywalker",
+      email: "luke@jedi.example.test",
+    )
+  end
+
+  example "Masking a single text attribute with default options" do
+    User.class_eval do
+      attr_masker :last_name
+    end
+
+    expect { run_rake_task }.not_to(change { User.count })
+
+    [han, luke].each do |record|
+      expect { record.reload }.to(
+        change { record.last_name }.to("(redacted)") &
+        preserve { record.first_name } &
+        preserve { record.email }
+      )
+    end
+  end
+
+  example "Specifying multiple attributes in an attr_masker declaration" do
+    User.class_eval do
+      attr_masker :first_name, :last_name
+    end
+
+    expect { run_rake_task }.not_to(change { User.count })
+
+    [han, luke].each do |record|
+      expect { record.reload }.to(
+        change { record.first_name }.to("(redacted)") &
+        change { record.last_name }.to("(redacted)") &
+        preserve { record.email }
+      )
+    end
+  end
+
+  example "Skipping some records when a symbol is passed to :if option" do
+    User.class_eval do
+      attr_masker :first_name, :last_name, if: :jedi?
+    end
+
+    expect { run_rake_task }.not_to(change { User.count })
+
+    expect { han.reload }.to(
+      preserve { han.first_name } &
+      preserve { han.last_name } &
+      preserve { han.email }
+    )
+
+    expect { luke.reload }.to(
+      change { luke.first_name }.to("(redacted)") &
+      change { luke.last_name }.to("(redacted)") &
+      preserve { luke.email }
+    )
+  end
+
+  example "Skipping some records when a lambda is passed to :if option" do
+    User.class_eval do
+      attr_masker :first_name, :last_name, if: ->(r) { r.jedi? }
+    end
+
+    expect { run_rake_task }.not_to(change { User.count })
+
+    expect { han.reload }.to(
+      preserve { han.first_name } &
+      preserve { han.last_name } &
+      preserve { han.email }
+    )
+
+    expect { luke.reload }.to(
+      change { luke.first_name }.to("(redacted)") &
+      change { luke.last_name }.to("(redacted)") &
+      preserve { luke.email }
+    )
+  end
+
+  example "Skipping some records when a symbol is passed to :unless option" do
+    User.class_eval do
+      attr_masker :first_name, :last_name, unless: :jedi?
+    end
+
+    expect { run_rake_task }.not_to(change { User.count })
+
+    expect { han.reload }.to(
+      change { han.first_name }.to("(redacted)") &
+      change { han.last_name }.to("(redacted)") &
+      preserve { han.email }
+    )
+
+    expect { luke.reload }.to(
+      preserve { luke.first_name } &
+      preserve { luke.last_name } &
+      preserve { luke.email }
+    )
+  end
+
+  example "Skipping some records when a lambda is passed to :unless option" do
+    User.class_eval do
+      attr_masker :first_name, :last_name, unless: ->(r) { r.jedi? }
+    end
+
+    expect { run_rake_task }.not_to(change { User.count })
+
+    expect { han.reload }.to(
+      change { han.first_name }.to("(redacted)") &
+      change { han.last_name }.to("(redacted)") &
+      preserve { han.email }
+    )
+
+    expect { luke.reload }.to(
+      preserve { luke.first_name } &
+      preserve { luke.last_name } &
+      preserve { luke.email }
+    )
+  end
+
+  example "Using a custom masker" do
+    reverse_masker = ->(value:, **_) do
+      value.reverse
+    end
+
+    upcase_masker = ->(value:, **_) do
+      value.upcase
+    end
+
+    User.class_eval do
+      attr_masker :first_name, masker: reverse_masker
+      attr_masker :last_name, masker: upcase_masker
+    end
+
+    expect { run_rake_task }.not_to(change { User.count })
+
+    expect { han.reload }.to(
+      change { han.first_name }.to("naH") &
+      change { han.last_name }.to("SOLO") &
+      preserve { han.email }
+    )
+
+    expect { luke.reload }.to(
+      change { luke.first_name }.to("ekuL") &
+      change { luke.last_name }.to("SKYWALKER") &
+      preserve { luke.email }
+    )
+  end
+
+  example "It is disabled in production environment" do
+    allow(Rails).to receive(:env) { "production".inquiry }
+
+    User.class_eval do
+      attr_masker :last_name
+    end
+
+    expect { run_rake_task }.to(
+      preserve { User.count } &
+      raise_exception(AttrMasker::Error)
+    )
+
+    [han, luke].each do |record|
+      expect { record.reload }.not_to(change { record })
+    end
+  end
+
+  def run_rake_task
+    Rake::Task["db:mask"].execute
+  end
+end

data/spec/maskers/replacing_spec.rb

@@ -0,0 +1,48 @@
+# (c) 2017 Ribose Inc.
+#
+
+# No point in using ApplicationRecord here.
+
+require "spec_helper"
+
+RSpec.describe AttrMasker::Maskers::Replacing do
+  subject { described_class.new **options }
+
+  let(:address) { "1 Pedder Street, Hong Kong" }
+
+  shared_examples "AttrMasker::Maskers::Replacing examples" do
+    example { expect(subject.(value: address)).to eq(expected_masked_address) }
+    example { expect(subject.(value: Math::PI)).to eq(Math::PI) }
+    example { expect(subject.(value: nil)).to eq(nil) }
+  end
+
+  context "with default options" do
+    let(:options) { {} }
+    let(:expected_masked_address) { "**************************" }
+    include_examples "AttrMasker::Maskers::Replacing examples"
+  end
+
+  context "with alphanum_only option set to true" do
+    let(:options) { { alphanum_only: true } }
+    let(:expected_masked_address) { "* ****** ******, **** ****" }
+    include_examples "AttrMasker::Maskers::Replacing examples"
+  end
+
+  context "with a custom replacement string" do
+    let(:options) { { replacement: "X" } }
+    let(:expected_masked_address) { "XXXXXXXXXXXXXXXXXXXXXXXXXX" }
+    include_examples "AttrMasker::Maskers::Replacing examples"
+  end
+
+  context "with an empty replacement string" do
+    let(:options) { { replacement: "" } }
+    let(:expected_masked_address) { "" }
+    include_examples "AttrMasker::Maskers::Replacing examples"
+  end
+
+  context "with alphanum_only and replacement options combined" do
+    let(:options) { { alphanum_only: true, replacement: "X" } }
+    let(:expected_masked_address) { "X XXXXXX XXXXXX, XXXX XXXX" }
+    include_examples "AttrMasker::Maskers::Replacing examples"
+  end
+end

data/spec/maskers/simple_spec.rb

@@ -0,0 +1,14 @@
+# (c) 2017 Ribose Inc.
+#
+
+# No point in using ApplicationRecord here.
+
+require "spec_helper"
+
+RSpec.describe AttrMasker::Maskers::SIMPLE do
+  subject { described_class }
+
+  example { expect(subject.(value: "Solo")).to eq("(redacted)") }
+  example { expect(subject.(value: Math::PI)).to eq("(redacted)") }
+  example { expect(subject.(value: nil)).to eq("(redacted)") }
+end

data/spec/spec_helper.rb

@@ -0,0 +1,21 @@
+# (c) 2017 Ribose Inc.
+#
+
+require "bundler"
+Bundler.require :default, :development
+
+Dir[File.expand_path "../support/**/*.rb", __FILE__].each { |f| require f }
+
+RSpec.configure do |config|
+  # Enable flags like --only-failures and --next-failure
+  config.example_status_persistence_file_path = ".rspec_status"
+
+  # Disable RSpec exposing methods globally on `Module` and `main`
+  config.disable_monkey_patching!
+
+  config.expect_with :rspec do |c|
+    c.syntax = :expect
+  end
+end
+
+require "rails/all"

data/spec/support/0_combustion.rb

@@ -0,0 +1,5 @@
+# (c) 2017 Ribose Inc.
+#
+
+Combustion.path = "spec/dummy"
+Combustion.initialize! :all

data/spec/support/db_cleaner.rb

@@ -0,0 +1,15 @@
+require "database_cleaner"
+
+RSpec.configure do |config|
+  config.before(:suite) do
+    DatabaseCleaner.clean_with(:truncation)
+
+    DatabaseCleaner.strategy = :truncation
+  end
+
+  config.around(:each) do |example|
+    DatabaseCleaner.cleaning do
+      example.run
+    end
+  end
+end

data/spec/support/matchers.rb

@@ -0,0 +1,2 @@
+RSpec::Matchers.define_negated_matcher :exclude, :include
+RSpec::Matchers.define_negated_matcher :preserve, :change

data/spec/support/rake.rb

@@ -0,0 +1,6 @@
+# (c) 2017 Ribose Inc.
+#
+
+require "rake"
+Rails.application.load_tasks
+load File.expand_path("../../../lib/tasks/db.rake", __FILE__)

data/spec/support/silence_stdout.rb

@@ -0,0 +1,8 @@
+RSpec.configure do |config|
+  config.before(:each, suppress_progressbar: true) do
+    stub_const(
+      "::ProgressBar::Output::DEFAULT_OUTPUT_STREAM",
+      StringIO.new,
+    )
+  end
+end