blind_index 1.0.2 → 2.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 2f39918c983140363af00fe1afeda800a7476a5727fd2c676c713b92222c1f35
-  data.tar.gz: b83995b7b33eddacb2988e7fdb8816a1b2fc644161114b5e191f3d9bb2de2bd2
+  metadata.gz: f656fa1765df9bf2bcfa9d994ccb9b5cf0504f27f7524d159323126462d973e0
+  data.tar.gz: 88d5f2cd786f840e75540a204dbe7fbb74794de954978d90cdc69297078cf752
 SHA512:
-  metadata.gz: b2d03f17acbac80b5ecf8ac1f97321f3c68b0c689db1e50d95cc81cb3769086a5d8da6f8f0386325555c8eb715d46555281e00af38804cd240cadbefa45e86a4
-  data.tar.gz: 59092061d3b415d399f1a20232d680591ccc832af79387945d23d9309062bf10a4b8105062ea277af2fa06b454cd75f9ad3d49a44dabac1a990e2856bc700849
+  metadata.gz: 139d3d8f3aca413d0ee5045fe3212e6ed3327cdb6d0c60cb7eb2b314b4eb849abb42dcf17e386e23fb5521db2875b6c502b143fc46dc3305ad38151688b610be
+  data.tar.gz: 0f5df7f99a1b79f2eab0bc9ff959b9fd21c238e772e09265ef88690678134f539968d9aebe508b88e9881657563013cd53031947d6a6322e08c7e29d95f45902

data/CHANGELOG.md

@@ -1,3 +1,10 @@
+## 2.0.0 (2019-02-10)
+
+- Blind indexes are updated immediately instead of in a `before_validation` callback
+- Better Lockbox integration - no need to generate a separate key
+- The `argon2` gem has been replaced with `argon2-kdf` for less dependencies and Windows support
+- Removed deprecated `compute_email_bidx`
+
 ## 1.0.2 (2019-12-26)
 
 - Fixed `OpenSSL::KDF` error on some platforms

data/LICENSE.txt

@@ -1,4 +1,4 @@
-Copyright (c) 2017-2019 Andrew Kane
+Copyright (c) 2017-2020 Andrew Kane
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

data/README.md

@@ -26,37 +26,13 @@ Add this line to your application’s Gemfile:
 gem 'blind_index'
 ```
 
-On Windows, also add:
-
-```ruby
-gem 'argon2', git: 'https://github.com/technion/ruby-argon2.git', submodules: true
-```
-
-Until `argon2 > 2.0.2` is released.
-
 ## Getting Started
 
-> Note: Your model should already be set up with Lockbox or attr_encrypted. The examples are for a `User` model with `encrypts :email` or `attr_encrypted :email`. See the full examples for [Lockbox](https://ankane.org/securing-user-emails-lockbox) and [attr_encrypted](https://ankane.org/securing-user-emails-in-rails) if needed.
-
-First, generate a key
-
-```ruby
-BlindIndex.generate_key
-```
-
-Store the key with your other secrets. This is typically Rails credentials or an environment variable ([dotenv](https://github.com/bkeepers/dotenv) is great for this). Be sure to use different keys in development and production. Keys don’t need to be hex-encoded, but it’s often easier to store them this way.
-
-Set the following environment variable with your key (you can use this one in development)
-
-```sh
-BLIND_INDEX_MASTER_KEY=ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
-```
+Your model should already be set up with Lockbox or attr_encrypted. The examples are for a `User` model with `encrypts :email` or `attr_encrypted :email`. See the full examples for [Lockbox](https://ankane.org/securing-user-emails-lockbox) and [attr_encrypted](https://ankane.org/securing-user-emails-in-rails) if needed.
 
-or create `config/initializers/blind_index.rb` with something like
+Also, if you use attr_encrypted, [generate a key](#key-generation).
 
-```ruby
-BlindIndex.master_key = Rails.application.credentials.blind_index_master_key
-```
+---
 
 Create a migration to add a column for the blind index
 
@@ -169,18 +145,37 @@ You can also use virtual attributes to index data from multiple columns:
 ```ruby
 class User < ApplicationRecord
   attribute :initials, :string
+  blind_index :initials
 
-  # must come before the blind_index method so it runs first
   before_validation :set_initials, if: -> { changes.key?(:first_name) || changes.key?(:last_name) }
 
-  blind_index :initials
-
   def set_initials
     self.initials = "#{first_name[0]}#{last_name[0]}"
   end
 end
 ```
 
+## Migrating Data
+
+If you’re encrypting a column and adding a blind index at the same time, use the `migrating` option.
+
+```ruby
+class User < ApplicationRecord
+  blind_index :email, migrating: true
+end
+```
+
+This allows you to backfill records while still querying the unencrypted field.
+
+```ruby
+User.unscoped.where(email_bidx: nil).find_each do |user|
+  user.compute_migrated_email_bidx
+  user.save(validate: false)
+end
+```
+
+Once that completes, you can remove the `migrating` option.
+
 ## Key Rotation
 
 To rotate keys without downtime, add a new column:
@@ -260,6 +255,30 @@ class User
 end
 ```
 
+## Key Generation
+
+This is optional for Lockbox, as its master key is used by default.
+
+Generate a key with:
+
+```ruby
+BlindIndex.generate_key
+```
+
+Store the key with your other secrets. This is typically Rails credentials or an environment variable ([dotenv](https://github.com/bkeepers/dotenv) is great for this). Be sure to use different keys in development and production. Keys don’t need to be hex-encoded, but it’s often easier to store them this way.
+
+Set the following environment variable with your key (you can use this one in development)
+
+```sh
+BLIND_INDEX_MASTER_KEY=ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
+```
+
+or create `config/initializers/blind_index.rb` with something like
+
+```ruby
+BlindIndex.master_key = Rails.application.credentials.blind_index_master_key
+```
+
 ## Reference
 
 Set default options in an initializer with:
@@ -301,6 +320,14 @@ One alternative to blind indexing is to use a deterministic encryption scheme, l
 
 ## Upgrading
 
+### 2.0.0
+
+2.0.0 brings a number of improvements.
+
+- Blind indexes are updated immediately instead of in a `before_validation` callback
+- Better Lockbox integration - no need to generate a separate key
+- There’s a new gem for Argon2 that has no dependencies and (officially) supports Windows
+
 ### 1.0.0
 
 1.0.0 brings a number of improvements. Here are a few to be aware of:

data/lib/blind_index.rb

@@ -1,7 +1,7 @@
 # dependencies
 require "active_support"
 require "openssl"
-require "argon2"
+require "argon2/kdf"
 
 # modules
 require "blind_index/key_generator"
@@ -18,7 +18,7 @@ module BlindIndex
   self.default_options = {}
 
   def self.master_key
-    @master_key ||= ENV["BLIND_INDEX_MASTER_KEY"]
+    @master_key ||= ENV["BLIND_INDEX_MASTER_KEY"] || (defined?(Lockbox.master_key) && Lockbox.master_key)
   end
 
   def self.generate_bidx(value, key:, **options)
@@ -64,7 +64,7 @@ module BlindIndex
           # use same bounds as rbnacl
           raise BlindIndex::Error, "m must be between 3 and 22" if m < 3 || m > 22
 
-          [Argon2::Engine.hash_argon2id(value, key, t, m, size)].pack("H*")
+          Argon2::KDF.argon2id(value, salt: key, t: t, m: m, p: 1, length: size)
         when :pbkdf2_sha256
           iterations = cost_options[:iterations] || options[:iterations] || (options[:slow] ? 100000 : 10000)
           OpenSSL::PKCS5.pbkdf2_hmac(value, key, iterations, size, "sha256")
@@ -78,7 +78,7 @@ module BlindIndex
           # use same bounds as rbnacl
           raise BlindIndex::Error, "m must be between 3 and 22" if m < 3 || m > 22
 
-          [Argon2::Engine.hash_argon2i(value, key, t, m, size)].pack("H*")
+          Argon2::KDF.argon2i(value, salt: key, t: t, m: m, p: 1, length: size)
         when :scrypt
           n = cost_options[:n] || 4096
           r = cost_options[:r] || 8
@@ -133,12 +133,7 @@ ActiveSupport.on_load(:active_record) do
   require "blind_index/extensions"
   extend BlindIndex::Model
 
-  if defined?(ActiveRecord::TableMetadata)
-    ActiveRecord::TableMetadata.prepend(BlindIndex::Extensions::TableMetadata)
-  else
-    ActiveRecord::PredicateBuilder.singleton_class.prepend(BlindIndex::Extensions::PredicateBuilder)
-  end
-
+  ActiveRecord::TableMetadata.prepend(BlindIndex::Extensions::TableMetadata)
   ActiveRecord::DynamicMatchers::Method.prepend(BlindIndex::Extensions::DynamicMatchers)
 
   unless ActiveRecord::VERSION::STRING.start_with?("5.1.")

data/lib/blind_index/extensions.rb

@@ -1,6 +1,5 @@
 module BlindIndex
   module Extensions
-    # ActiveRecord 5.0+
     module TableMetadata
       def resolve_column_aliases(hash)
         new_hash = super
@@ -29,37 +28,6 @@ module BlindIndex
       end
     end
 
-    # ActiveRecord 4.2
-    module PredicateBuilder
-      def resolve_column_aliases(klass, hash)
-        new_hash = super
-        if has_blind_indexes?(klass)
-          hash.each do |key, _|
-            if key.respond_to?(:to_sym) && (bi = klass.blind_indexes[key.to_sym]) && !new_hash[key].is_a?(ActiveRecord::StatementCache::Substitute)
-              value = new_hash.delete(key)
-              new_hash[bi[:bidx_attribute]] =
-                if value.is_a?(Array)
-                  value.map { |v| BlindIndex.generate_bidx(v, bi) }
-                else
-                  BlindIndex.generate_bidx(value, bi)
-                end
-            end
-          end
-        end
-        new_hash
-      end
-
-      @@blind_index_cache = {}
-
-      # memoize for performance
-      def has_blind_indexes?(klass)
-        if @@blind_index_cache[klass].nil?
-          @@blind_index_cache[klass] = klass.respond_to?(:blind_indexes)
-        end
-        @@blind_index_cache[klass]
-      end
-    end
-
     module UniquenessValidator
       if ActiveRecord::VERSION::STRING >= "5.2"
         def build_relation(klass, attribute, value)

data/lib/blind_index/model.rb

@@ -64,25 +64,30 @@ module BlindIndex
             BlindIndex.generate_bidx(value, **blind_indexes[name])
           end
 
-          define_singleton_method method_name do |value|
-            ActiveSupport::Deprecation.warn("Use #{class_method_name} instead")
-            send(class_method_name, value)
-          end
-
           define_method method_name do
             self.send("#{bidx_attribute}=", self.class.send(class_method_name, send(attribute)))
           end
 
           if callback
-            if defined?(ActiveRecord) && self < ActiveRecord::Base
-              # Active Record
-              # prevent deprecation warnings
-              before_validation method_name, if: -> { changes.key?(attribute.to_s) }
-            else
-              # Mongoid
-              # Lockbox only supports attribute_changed?
-              before_validation method_name, if: -> { send("#{attribute}_changed?") }
+            activerecord = defined?(ActiveRecord) && self < ActiveRecord::Base
+
+            # TODO reuse module
+            m = Module.new do
+              define_method "#{attribute}=" do |value|
+                result = super(value)
+                send(method_name)
+                result
+              end
+
+              unless activerecord
+                define_method "reset_#{attribute}!" do
+                  result = super()
+                  send(method_name)
+                  result
+                end
+              end
             end
+            prepend m
           end
 
           # use include so user can override

data/lib/blind_index/version.rb

@@ -1,3 +1,3 @@
 module BlindIndex
-  VERSION = "1.0.2"
+  VERSION = "2.0.0"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: blind_index
 version: !ruby/object:Gem::Version
-  version: 1.0.2
+  version: 2.0.0
 platform: ruby
 authors:
 - Andrew Kane
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-12-27 00:00:00.000000000 Z
+date: 2020-02-10 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -25,19 +25,19 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '5'
 - !ruby/object:Gem::Dependency
-  name: argon2
+  name: argon2-kdf
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '2'
+        version: 0.1.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '2'
+        version: 0.1.1
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement