attr_masker 0.2.1 → 0.3.0

data/CHANGELOG.adoc

@@ -1,5 +1,9 @@
 == Not released yet
 
+* Drop support for Rails < 4.2
+* Allow masking attributes which span on more than one column (or field),
+  supersede `column_name` option with `column_names`
+
 == 0.2.1
 
 * Bugfix: preload application to find all models

data/Gemfile

@@ -1,3 +1,8 @@
 source "https://rubygems.org"
 
 gemspec
+
+gem "mongoid", require: false
+
+gem "database_cleaner-active_record", require: false
+gem "database_cleaner-mongoid", require: false

data/README.adoc

@@ -3,18 +3,33 @@
 :pygments-style: native
 :pygments-linenums-mode: inline
 
-image:https://img.shields.io/gem/v/attr_masker.svg["Gem Version", link="https://rubygems.org/gems/attr_masker"]
-image:https://img.shields.io/travis/riboseinc/attr_masker/master.svg["Build Status", link="https://travis-ci.org/riboseinc/attr_masker"]
+ifdef::env-github[]
+image:https://img.shields.io/gem/v/attr_masker[
+	"Gem Version",
+	link="https://rubygems.org/gems/attr_masker"]
+image:https://img.shields.io/github/workflow/status/riboseinc/attr_masker/Tests[
+	"Build Status",
+	link="https://github.com/riboseinc/attr_masker/actions"]
+image:https://img.shields.io/codeclimate/maintainability/riboseinc/attr_masker[
+	"Code Climate",
+	link="https://codeclimate.com/github/riboseinc/attr_masker"]
+image:https://img.shields.io/codecov/c/github/riboseinc/attr_masker[
+	"Test Coverage",
+	link="https://codecov.io/gh/riboseinc/attr_masker"]
+image:https://img.shields.io/badge/documentation-rdoc-informational[
+	"Documentation on RubyDoc.info",
+	link="https://rubydoc.info/gems/attr_masker"]
+endif::[]
 
 Mask ActiveRecord/Mongoid data with ease!
 
 == Introduction
 
 This gem is intended to mask sensitive data so that production database dumps
-can be used in staging or test environments.  It works with Rails 4+ and modern
-Rubies.  It supports Active Record and Mongoid models.
+can be used in staging or test environments.  It works with Rails 4.2+ and
+modern Rubies.  It supports Active Record and Mongoid models.
 
-== Getting started
+== Usage instructions
 
 === Installation
 
@@ -71,31 +86,9 @@ attr_masker :first_name, :if => :tester_user?
 
 The ActiveRecord's `::default_scope` method has no effect on masking.  All
 table records are updated, provided that :if and :unless filters allow that.
-For example, if you're using a Paranoia[https://github.com/rubysherpas/paranoia]
+For example, if you're using a https://github.com/rubysherpas/paranoia[Paranoia]
 gem to soft-delete your data, records marked as deleted will be masked as well.
 
-=== Using custom maskers
-
-By default, data is maksed with `AttrMasker::Maskers::Simple` masker which
-always returns `"(redacted)"` string.  But anything what responds to `#call`
-can be used instead: a lambda, `Method` instance, and more.  You can specify it
-by setting the `:masker` option.
-
-For instance, you may want to use https://github.com/ffaker/ffaker[ffaker] or
-https://github.com/skalee/well_read_faker[Well Read Faker] to generate random
-replacement values:
-
-[source,ruby]
-----
-require "ffaker"
-
-attr_masker :first_name, :masker => ->(_hash) { FFaker::Name.first_name }
-----
-
-A hash is passed as an argument, which includes some information about the
-record being masked and the attribute value.  It can be used to further
-customize masker's behaviour.
-
 === Built-in maskers
 
 Attr Masker comes with several built-in maskers.
@@ -126,7 +119,7 @@ Can be initialized with options.
 |===============================================================================
 |Name|Default|Description
 |`replacement`|`"*"`|Replacement string, can be empty.
-|`alphanum_only`|`false`|When true, only alphanumeric charaters are replaced.
+|`alphanum_only`|`false`|When true, only alphanumeric characters are replaced.
 |===============================================================================
 +
 Example:
@@ -139,7 +132,39 @@ attr_masker :phone, :masker => rm
 +
 Would mask "123-456-7890" as "XXX-XXX-XXXX".
 
+=== Using custom maskers
+
+Apart from built-in maskers, any object which responds to `#call` can be used,
+e.g. some lambda or `Method` instance.  For instance, you may want to produce
+unique values basing on other attributes, to mask selectively, or to use
+tool like https://github.com/skalee/well_read_faker[Well Read Faker] to
+generate random replacement values:
+
+[source,ruby]
+----
+require "well_read_faker"
+
+attr_masker :email, masker: ->(model:, **) { "user#{model.id}@example.com" }
+attr_masker :phone, masker: ->(value:, **) { "******" + value[-3..-1] }
+attr_masker :bio, masker: ->(**) { WellReadFaker.paragraph }
+----
+
+Masker is called with following keyword arguments:
+
+`value`:: Original value of the field which is about to be masked
+
+`model`:: Model instance
+
+`attribute_name`:: Name of the attribute which is about to be masked
+
+`masking_options`:: Hash of options which were passed in `#attr_masker` call
+
+This list is likely to be extended in future versions, and that will not be
+considered a breaking change, therefore it is strongly recommended to always
+use a splat (`**`) at end of argument list of masker's `#call` method.
+
 == Roadmap & TODOs
+
 - documentation
 - spec tests
 - Make the `Rails.env` (in which `db:mask` could be run) configurable

data/attr_masker.gemspec

@@ -1,13 +1,13 @@
 # (c) 2017 Ribose Inc.
 #
 
-lib = File.expand_path("../lib", __FILE__)
+lib = File.expand_path("lib", __dir__)
 $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
 require "attr_masker/version"
 
 Gem::Specification.new do |gem|
   gem.name              = "attr_masker"
-  gem.version           = AttrMasker::Version.string
+  gem.version           = AttrMasker::VERSION
   gem.authors           = ["Ribose Inc."]
   gem.email             = ["open.source@ribose.com"]
   gem.homepage          = "https://github.com/riboseinc/attr_masker"
@@ -17,20 +17,23 @@ Gem::Specification.new do |gem|
                           "of certain models by modifying the database."
 
   gem.files         = `git ls-files`.split($/)
-  gem.executables   = gem.files.grep(%r{^bin/}).map { |f| File.basename(f) }
   gem.test_files    = gem.files.grep(%r{^(test|spec|features)/})
   gem.require_paths = ["lib"]
 
-  gem.add_runtime_dependency("rails", ">= 4.0.0", "< 6.0")
+  gem.add_runtime_dependency("rails", ">= 4.0.0", "< 7")
   gem.add_runtime_dependency("ruby-progressbar", "~> 1.8")
 
-  gem.add_development_dependency("bundler", "~> 1.15")
-  gem.add_development_dependency("combustion", "~> 0.7.0")
-  gem.add_development_dependency("database_cleaner", "~> 1.6")
+  gem.add_development_dependency("bundler", ">= 1.15")
+  gem.add_development_dependency("combustion", "~> 1.0")
+  gem.add_development_dependency("database_cleaner", "~> 1.8")
+  gem.add_development_dependency("database_cleaner-active_record", "~> 1.8")
+  gem.add_development_dependency("database_cleaner-mongoid", "~> 1.8")
   # Older versions aren't needed as we don't support Rails < 4
   gem.add_development_dependency("mongoid", ">= 5")
   gem.add_development_dependency("pry")
-  gem.add_development_dependency("rspec", ">= 3.0")
-  gem.add_development_dependency("rubocop", "~> 0.49.1")
-  gem.add_development_dependency("sqlite3", "~> 1.3.13")
+  gem.add_development_dependency("rspec", "~> 3.0")
+  gem.add_development_dependency("rubocop", "~> 0.54.0")
+  gem.add_development_dependency("simplecov")
+  gem.add_development_dependency("sqlite3", ">= 1.3.13", "< 2")
+  gem.add_development_dependency("warning", "~> 1.1")
 end

data/bin/rake

@@ -12,7 +12,18 @@ require "pathname"
 ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../../Gemfile",
   Pathname.new(__FILE__).realpath)
 
+bundle_binstub = File.expand_path("../bundle", __FILE__)
+
+if File.file?(bundle_binstub)
+  if File.read(bundle_binstub, 300) =~ /This file was generated by Bundler/
+    load(bundle_binstub)
+  else
+    abort("Your `bin/bundle` was not generated by Bundler, so this binstub cannot run.
+Replace `bin/bundle` by running `bundle binstubs bundler --force`, then run this command again.")
+  end
+end
+
 require "rubygems"
 require "bundler/setup"
 
-load Gem.bin_path("rake", "rake")
+load Gem.bin_path("rake", "rake") if File.exists?(Gem.bin_path("rake", "rake"))

data/bin/rspec

@@ -12,6 +12,17 @@ require "pathname"
 ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../../Gemfile",
   Pathname.new(__FILE__).realpath)
 
+bundle_binstub = File.expand_path("../bundle", __FILE__)
+
+if File.file?(bundle_binstub)
+  if File.read(bundle_binstub, 300) =~ /This file was generated by Bundler/
+    load(bundle_binstub)
+  else
+    abort("Your `bin/bundle` was not generated by Bundler, so this binstub cannot run.
+Replace `bin/bundle` by running `bundle binstubs bundler --force`, then run this command again.")
+  end
+end
+
 require "rubygems"
 require "bundler/setup"
 

data/bin/rubocop

@@ -12,6 +12,17 @@ require "pathname"
 ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../../Gemfile",
   Pathname.new(__FILE__).realpath)
 
+bundle_binstub = File.expand_path("../bundle", __FILE__)
+
+if File.file?(bundle_binstub)
+  if File.read(bundle_binstub, 300) =~ /This file was generated by Bundler/
+    load(bundle_binstub)
+  else
+    abort("Your `bin/bundle` was not generated by Bundler, so this binstub cannot run.
+Replace `bin/bundle` by running `bundle binstubs bundler --force`, then run this command again.")
+  end
+end
+
 require "rubygems"
 require "bundler/setup"
 

data/gemfiles/Rails-4.2.gemfile

@@ -1,3 +1,4 @@
-eval File.read "gemfiles/common.gemfile"
+eval_gemfile "common.gemfile"
 
 gem "activerecord", "~> 4.2.0"
+gem "sqlite3", "~> 1.3.13"

data/gemfiles/Rails-5.0.gemfile

@@ -1,3 +1,4 @@
-eval File.read "gemfiles/common.gemfile"
+eval_gemfile "common.gemfile"
 
 gem "activerecord", "~> 5.0.0"
+gem "sqlite3", "~> 1.3.13"

data/gemfiles/Rails-5.1.gemfile

@@ -1,3 +1,4 @@
-eval File.read "gemfiles/common.gemfile"
+eval_gemfile "common.gemfile"
 
 gem "activerecord", "~> 5.1.0"
+gem "sqlite3", "~> 1.3.13"

data/gemfiles/Rails-5.2.gemfile

@@ -0,0 +1,4 @@
+eval_gemfile "common.gemfile"
+
+gem "activerecord", "~> 5.2.0"
+gem "sqlite3", "~> 1.3.13"

data/gemfiles/Rails-6.0.gemfile

@@ -0,0 +1,3 @@
+eval_gemfile "common.gemfile"
+
+gem "activerecord", "~> 6.0.0"

data/gemfiles/Rails-head.gemfile

@@ -1,4 +1,4 @@
-eval File.read "gemfiles/common.gemfile"
+eval_gemfile "common.gemfile"
 
 gem "activerecord", github: "rails/rails"
 gem "arel", github: "rails/arel"

data/gemfiles/common.gemfile

@@ -1,5 +1,4 @@
-source "https://rubygems.org"
+eval_gemfile "../Gemfile"
 
-gemspec path: ".."
-
-gem "mongoid", require: false
+gem "codecov", require: false
+gem "simplecov", require: false

data/lib/attr_masker/attribute.rb

@@ -13,7 +13,7 @@ module AttrMasker
     end
 
     # Evaluates the +:if+ and +:unless+ attribute options on given instance.
-    # Returns +true+ or +fasle+, depending on whether the attribute should be
+    # Returns +true+ or +false+, depending on whether the attribute should be
     # masked for this object or not.
     def should_mask?(model_instance)
       not (
@@ -34,8 +34,16 @@ module AttrMasker
     # returning.
     def mask(model_instance)
       value = unmarshal_data(model_instance.send(name))
-      masker_value = options[:masker].call(options.merge!(value: value))
-      marshal_data(masker_value)
+      masker = options[:masker]
+      masker_value = masker.call(value: value, model: model_instance,
+                                 attribute_name: name, masking_options: options)
+      model_instance.send("#{name}=", marshal_data(masker_value))
+    end
+
+    # Returns a hash of maskable attribute names, and respective attribute
+    # values.  Unchanged attributes are skipped.
+    def masked_attributes_new_values(model_instance)
+      model_instance.changes.slice(*column_names).transform_values(&:second)
     end
 
     # Evaluates option (typically +:if+ or +:unless+) on given model instance.
@@ -55,16 +63,18 @@ module AttrMasker
 
     def marshal_data(data)
       return data unless options[:marshal]
+
       options[:marshaler].send(options[:dump_method], data)
     end
 
     def unmarshal_data(data)
       return data unless options[:marshal]
+
       options[:marshaler].send(options[:load_method], data)
     end
 
-    def column_name
-      options[:column_name] || name
+    def column_names
+      options[:column_names] || [name]
     end
   end
 end

data/lib/attr_masker/maskers/replacing.rb

@@ -2,14 +2,30 @@
 #
 module AttrMasker
   module Maskers
-    # This default masker simply replaces any value with a fixed string.
+    # +Replacing+ masker replaces every character of string which is being
+    # masked with +replacement+ one, preserving the length of the masked string
+    # (provided that a replacement string contains a single character, which is
+    # a typical case). Optionally, non-alphanumeric characters like dashes or
+    # spaces may be left unchanged.
     #
-    # +opts+ is a Hash with the key :value that gives you the current attribute
-    # value.
+    # @example Would mask "Adam West" as "XXXXXXXXX"
+    #   class User < ActiveRecord::Base
+    #     m = AttrMasker::Maskers::Replacing.new(replacement: "X")
+    #     attr_masker :name, :masker => m
+    #   end
     #
+    # @example Would mask "123-456-789" as "XXX-XXX-XXX"
+    #   class User < ActiveRecord::Base
+    #     m = AttrMasker::Maskers::Replacing.new(
+    #         replacement: "X", alphanum_only: true)
+    #     attr_masker :phone, :masker => m
+    #   end
     class Replacing
       attr_reader :replacement, :alphanum_only
 
+      # @param replacement [String] replacement string
+      # @param alphanum_only [Boolean] whether to leave non-alphanumeric
+      #   characters unchanged or not
       def initialize(replacement: "*", alphanum_only: false)
         replacement = "" if replacement.nil?
         @replacement = replacement

data/lib/attr_masker/maskers/simple.rb

@@ -1,12 +1,22 @@
 module AttrMasker
   module Maskers
-    # This default masker simply replaces any value with a fixed string.
+    # +Simple+ masker replaces values with a predefined +(redacted)+ string.
+    # This is a default masker, which is used when no specific +:masker+ is
+    # passed in +attr_masker+ method call.
     #
-    # +opts+ is a Hash with the key :value that gives you the current attribute
-    # value.
+    # @example Would mask "Adam West" as "(redacted)"
+    #   class User < ActiveRecord::Base
+    #     m = AttrMasker::Maskers::Simple.new
+    #     attr_masker :name, :masker => m
+    #   end
     #
+    # @example Would mask "Adam West" as "(redacted)"
+    #   class User < ActiveRecord::Base
+    #     attr_masker :name
+    #   end
     class Simple
-      def call(_opts)
+      # Accepts any keyword arguments, but they all are ignored.
+      def call(**_opts)
         "(redacted)"
       end
     end

data/lib/attr_masker/model.rb

@@ -73,6 +73,8 @@ module AttrMasker
     #   @user.masker_configuration # returns the masker version of configuration
     #
     #   See README for more examples
+    #--
+    # rubocop:disable Metrics/MethodLength
     def attr_masker(*args)
       default_options = {
         if: true,
@@ -94,6 +96,7 @@ module AttrMasker
         masker_attributes[attribute.name] = attribute
       end
     end
+    # rubocop:enable Metrics/MethodLength
 
     # Default options to use with calls to <tt>attr_masker</tt>
     # XXX:Keep

data/lib/attr_masker/performer.rb

@@ -1,5 +1,6 @@
 # (c) 2017 Ribose Inc.
 #
+
 module AttrMasker
   module Performer
     class Base
@@ -7,25 +8,40 @@ module AttrMasker
         # Do not want production environment to be masked!
         #
         if Rails.env.production?
-          raise AttrMasker::Error, "Attempted to run in production environment."
+          unless ENV["FORCE_MASK"]
+            msg = "Attempted to run in production environment."
+            raise AttrMasker::Error, msg
+          end
         end
 
         all_models.each do |klass|
           next if klass.masker_attributes.empty?
+
           mask_class(klass)
         end
       end
 
       private
 
+      # Mask all objects of a class in batches to not run out of memory!
+      #--
+      # rubocop:todo Metrics/MethodLength
       def mask_class(klass)
         progressbar_for_model(klass) do |bar|
-          klass.all.unscoped.each do |model|
-            mask_object model
-            bar.increment
+          if klass.all.unscoped.respond_to?(:find_each)
+            klass.all.unscoped.find_each(batch_size: 1000) do |model|
+              mask_object model
+              bar.increment
+            end
+          else
+            klass.all.unscoped.each do |model|
+              mask_object model
+              bar.increment
+            end
           end
         end
       end
+      # rubocop:enable Metrics/MethodLength
 
       # For each masker attribute, mask it, and save it!
       #
@@ -35,9 +51,8 @@ module AttrMasker
         updates = klass.masker_attributes.values.reduce({}) do |acc, attribute|
           next acc unless attribute.should_mask?(instance)
 
-          column_name = attribute.column_name
-          masker_value = attribute.mask(instance)
-          acc.merge!(column_name => masker_value)
+          attribute.mask(instance)
+          acc.merge! attribute.masked_attributes_new_values(instance)
         end
 
         make_update instance, updates unless updates.empty?
@@ -48,7 +63,7 @@ module AttrMasker
           title: klass.name,
           total: klass.unscoped.count,
           throttle_rate: 0.1,
-          format: %q[%t %c/%C (%j%%) %B %E],
+          format: "%t %c/%C (%j%%) %B %E",
         )
 
         yield bar
@@ -66,9 +81,12 @@ module AttrMasker
         ::ActiveRecord::Base.descendants.select(&:table_exists?)
       end
 
+      #--
+      # rubocop:disable Rails/SkipsModelValidations
       def make_update(instance, updates)
-        instance.class.all.unscoped.update(instance.id, updates)
+        instance.class.all.unscoped.where(id: instance.id).update_all(updates)
       end
+      # rubocop:enable Rails/SkipsModelValidations
     end
 
     class Mongoid < Base