RubyGems - attr_secure - Versions diffs - 0.2.0 → 0.3.0 - Mend

attr_secure 0.2.0 → 0.3.0

Files changed (12) hide show

checksums.yaml +4 -4
data/README.md +7 -3
data/attr_secure.gemspec +1 -1
data/lib/attr_secure/adapters/active_record.rb +3 -1
data/lib/attr_secure/adapters/sequel.rb +3 -1
data/lib/attr_secure/secure.rb +15 -4
data/lib/attr_secure/version.rb +1 -1
data/spec/adapters/active_record_spec.rb +5 -0
data/spec/adapters/sequel_spec.rb +5 -0
data/spec/attr_secure_spec.rb +2 -2
data/spec/secure_spec.rb +37 -13
metadata +7 -7

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 3e6810f8e6b2500a0fd71a8d2cd2755bbab0759f
-  data.tar.gz: b9d9017ec05194584f60af544a3564ba1f26cfc1
+  metadata.gz: 823b15116fee5d14b97ae231f81b48e7cb1b304e
+  data.tar.gz: 49b2aefa2a76a6eb4e6cd466320cba879ac88d20
 SHA512:
-  metadata.gz: df04a6247b167ff02122d97de4498cf2c89d2b3277799382985bab5e5a97f920a7b4847fb5ff789513da857a56252b5137145f548affed24fa7afcf1516d011f
-  data.tar.gz: 05418d708166a33ee050a171cdbe422373f54c1130e4f17334c12d5d93dc3fba9291a4052151136617e99457d6cefb5ebc4faddde5ec0b10c92ac0d483b1e49b
+  metadata.gz: 19037e5da221dc532f23f733380f1bf0d10f18fb1b18d1877aa648d32b42262ae42622a9491173be0630979bec41d601a13e9861b778d38b933bcd69f3f7213c
+  data.tar.gz: fd893bd6f3858c51e74c74057fbec4a88c99d588b849d1d42228a2996ad516669e29991f3ba6179bc7eef5cca3eb5800e1b3b083b80955552027444d7b32ab87

data/README.md CHANGED Viewed

@@ -42,22 +42,26 @@ To make an model attribute secure, first you need a secure key:
     dd if=/dev/urandom bs=32 count=1 2>/dev/null | openssl base64
-There's a number of ways of setting a key for a given attribute.  The easiest is to default the key via the environment.
+There's a number of ways of setting a key for a given attribute.  The easiest is to default the key via the environment.
 Setting the environment variable `ATTR_SECURE_SECRET` to a secret value will secure all attributes with the same key.
 Alternatively, if you want to use different keys for different attributes you can do this too:
     attr_secure :my_attribute, :secret => "EKq88AMFeRLqEx5knUcoJ4LOnrv52d7hfAFgEKMoDKzqNei4m7kbu"
 If you would like your key dependent on something else, a lambda is OK too:
     attr_secure :my_attribute, :secret => lambda {|record| record.user.secret }
 Remember kids, it's not a good idea to hard-code secrets.
 Note: You will want to set your table columns for encrypted values to :text or
 similar.  Encrypted values are long.
+## Key rotation
+You can pass a comma delimited list of keys as your secret.  attr_secure will decrypt with each key in turn until it hits a verified value.  Encryption always happens with the newest (leftmost) key.
 ## Contributing
 1. Fork it

data/attr_secure.gemspec CHANGED Viewed

@@ -24,5 +24,5 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency "sequel"
   spec.add_development_dependency "sqlite3"
-  spec.add_dependency 'fernet'
+  spec.add_dependency 'fernet', '1.6'
 end

data/lib/attr_secure/adapters/active_record.rb CHANGED Viewed

@@ -3,7 +3,9 @@ module AttrSecure
     module ActiveRecord
       def self.valid?(object)
-        object.respond_to?(:<) && defined?(ActiveRecord) && object < ::ActiveRecord::Base
+        object.respond_to?(:<) && object < ::ActiveRecord::Base
+      rescue NameError
+        false
       end
       def self.write_attribute(object, attribute, value)

data/lib/attr_secure/adapters/sequel.rb CHANGED Viewed

@@ -3,7 +3,9 @@ module AttrSecure
     module Sequel
       def self.valid?(object)
-        object.respond_to?(:<) && defined?(Sequel) && object < ::Sequel::Model
+        object.respond_to?(:<) && object < ::Sequel::Model
+      rescue NameError
+        false
       end
       def self.write_attribute(object, attribute, value)

data/lib/attr_secure/secure.rb CHANGED Viewed

@@ -9,19 +9,30 @@ module AttrSecure
     attr_reader :secret
     def initialize(secret)
-      @secret = secret
+      @secret = secret.split(",")
+    end
+    def secret=(val)
+      @secret = secret.split(",")
     end
     def encrypt(value)
-      Fernet.generate(secret) do |generator|
+      Fernet.generate([secret].flatten.first) do |generator|
         generator.data = { value: value }
       end
     end
     def decrypt(value)
       return nil if value.nil?
-      verifier = Fernet.verifier(secret, value)
-      verifier.data['value'] if verifier.valid?
+      [secret].flatten.each do |_secret|
+        begin
+          verifier = Fernet.verifier(_secret, value)
+          return verifier.data['value'] if verifier.valid?
+        rescue
+        end
+        raise OpenSSL::Cipher::CipherError
+      end
     end
   end
 end

data/lib/attr_secure/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module AttrSecure
-  VERSION = "0.2.0"
+  VERSION = "0.3.0"
 end

data/spec/adapters/active_record_spec.rb CHANGED Viewed

@@ -16,6 +16,11 @@ describe AttrSecure::Adapters::ActiveRecord do
     it "should not be valid" do
       expect(described_class.valid?(String)).to be_false
     end
+    it "should not be valid if activerecord is not loaded" do
+      hide_const('ActiveRecord')
+      expect(described_class.valid?(described)).to be_false
+    end
   end
   describe "write attribute" do

data/spec/adapters/sequel_spec.rb CHANGED Viewed

@@ -16,6 +16,11 @@ describe AttrSecure::Adapters::Sequel do
     it "should not be valid" do
       expect(described_class.valid?(String)).to be_false
     end
+    it "should not be valid if sequel is not loaded" do
+      hide_const('Sequel')
+      expect(described_class.valid?(described)).to be_false
+    end
   end
   describe "write attribute" do

data/spec/attr_secure_spec.rb CHANGED Viewed

@@ -6,8 +6,8 @@ describe AttrSecure do
     let(:described)   { Class.new }
     let(:secure_mock) { double(AttrSecure::Secure) }
     let(:secret_mock) { double(AttrSecure::Secret) }
-    let(:crypter)     { mock(:secure_crypter) }
-    let(:adapter)     { mock(:adapter) }
+    let(:crypter)     { double(:secure_crypter) }
+    let(:adapter)     { double(:adapter) }
     before do
       described.extend(AttrSecure)

data/spec/secure_spec.rb CHANGED Viewed

@@ -1,22 +1,46 @@
 require 'spec_helper'
 describe AttrSecure::Secure do
-  subject      { described_class.new(secret) }
-  let(:secret) { 'fWSvpC6Eh1/FFE1TUgXpcEzMmmGc9IZSqoexzEslzKI=' }
-  describe 'encrypt' do
-    it "should encrypt a string" do
-      expect(subject.encrypt('encrypted')).to be_a(String)
-      expect(subject.encrypt('encrypted')).to_not be_empty
-      expect(subject.encrypt('encrypted')).to_not eq(subject.encrypt('encrypted'))
+  context "with a simple key" do
+    subject      { described_class.new(secret) }
+    let(:secret) { 'fWSvpC6Eh1/FFE1TUgXpcEzMmmGc9IZSqoexzEslzKI=' }
+    describe '#encrypt' do
+      it "should encrypt a string" do
+        expect(subject.encrypt('encrypted')).to be_a(String)
+        expect(subject.encrypt('encrypted')).to_not be_empty
+        expect(subject.encrypt('encrypted')).to_not eq(subject.encrypt('encrypted'))
+      end
     end
-  end
-  describe 'decrypt' do
-    let(:encrypted_value) { subject.encrypt('decrypted') }
+    describe '#decrypt' do
+      let(:encrypted_value) { subject.encrypt('decrypted') }
-    it "should decrypt a string" do
-      expect(subject.decrypt(encrypted_value)).to eq('decrypted')
+      it "should decrypt a string" do
+        expect(subject.decrypt(encrypted_value)).to eq('decrypted')
+      end
     end
   end
+  # context "with an array of keys" do
+  #   subject      { described_class.new(secret) }
+  #   let(:secret) { 'fWSvpC6Eh1/FFE1TUgXpcEzMmmGc9IZSqoexzEslzKI=,d9ssNmUYn7UpMoSc0eM2glVUG2DPYwXveLTDU7j8pBY=' }
+  #   describe '#encrypt' do
+  #     it "should encrypt a string" do
+  #       expect(subject.encrypt('encrypted')).to be_a(String)
+  #       expect(subject.encrypt('encrypted')).to_not be_empty
+  #       expect(subject.encrypt('encrypted')).to_not eq(subject.encrypt('encrypted'))
+  #     end
+  #   end
+  #   describe '#decrypt' do
+  #     let(:encrypted_value) { subject.encrypt('decrypted') }
+  #     it "should decrypt a string" do
+  #       expect(subject.decrypt(encrypted_value)).to eq('decrypted')
+  #     end
+  #   end
+  # end
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: attr_secure
 version: !ruby/object:Gem::Version
-  version: 0.2.0
+  version: 0.3.0
 platform: ruby
 authors:
 - Neil Middleton
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2013-06-07 00:00:00.000000000 Z
+date: 2013-12-18 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rspec
@@ -84,16 +84,16 @@ dependencies:
   name: fernet
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - '='
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '1.6'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - '='
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '1.6'
 description: Securely stores activerecord model attributes
 email:
 - neil@neilmiddleton.com
@@ -144,7 +144,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project:
-rubygems_version: 2.0.2
+rubygems_version: 2.0.7
 signing_key:
 specification_version: 4
 summary: Securely stores activerecord model attributes