blind_index 2.4.0 → 2.6.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 4b195e7760fae1745c7040aa94f90ab4b2ec5c57593e6ae3db445d0a45461f8b
-  data.tar.gz: bf8b47a67e61d433ae430e8d7d4534450917811a96e9ec3b07c30e3e75d67427
+  metadata.gz: 291577a62790b52028024d748fc849ccaaeebe73b611969291b07a3eef43fd50
+  data.tar.gz: b0775917f436380ead5163519a98f7984ce257db8b664c44f299f1ebbba32934
 SHA512:
-  metadata.gz: d06adf905e5a22b54a85bb787a71da0d2e422e395265c2cd1892ef7172fc93a4415ed72607be6ee4fa8886b0286391abaf346e4450f303a8aec711c620924e89
-  data.tar.gz: 1db6a651cd9fd09f159e09cfb03aed1cd9fea783c55f3a7f2e76bdc1f0a986581ee3b4798857febd51c493273dd1fd9baa83e124f7e8484f29da851eb69d3a79
+  metadata.gz: 484dbd052625a14ae883b943d316b3bcf451baf53fb8c67239973c6c7598c50045f3e44af30233424945e427d8e1a43e35dfc3c50884d4567a30d6186cc3aa06
+  data.tar.gz: fe2ad8af315478d6baa00be6f97bdead8767866a8efa3c334cc1e66898571e6f7407a04ec8b53c4a61657cd23943ec24593559fe8c913f57ea14c82bd3d51c8a

data/CHANGELOG.md

@@ -1,3 +1,13 @@
+## 2.6.0 (2024-10-07)
+
+- Removed dependency on `scrypt` gem for scrypt algorithm
+- Dropped support for Active Record < 7
+
+## 2.5.0 (2024-06-03)
+
+- Added support for Mongoid 9
+- Dropped support for Ruby < 3.1
+
 ## 2.4.0 (2023-07-02)
 
 - Dropped support for Ruby < 3 and Rails < 6.1
@@ -77,7 +87,7 @@ Breaking changes
 
 - Added `size` option
 - Added sanity checks for Argon2 cost parameters
-- Fixed ActiveRecord callback issues introduced in 0.3.3
+- Fixed Active Record callback issues introduced in 0.3.3
 
 ## 0.3.3 (2018-11-12)
 
@@ -106,13 +116,13 @@ Breaking changes
 
 ## 0.2.0 (2018-05-11)
 
-- Added support for ActiveRecord 4.2
+- Added support for Active Record 4.2
 - Improved validation support when multiple blind indexes
 - Fixed `nil` handling
 
 ## 0.1.1 (2018-04-09)
 
-- Added support for ActiveRecord 5.2
+- Added support for Active Record 5.2
 - Added `callback` option
 - Added support for `key` proc
 - Fixed error inheritance

data/LICENSE.txt

@@ -1,4 +1,4 @@
-Copyright (c) 2017-2023 Andrew Kane
+Copyright (c) 2017-2024 Andrew Kane
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

data/README.md

@@ -6,7 +6,7 @@ Works with [Lockbox](https://github.com/ankane/lockbox) ([full example](https://
 
 Learn more about [securing sensitive data in Rails](https://ankane.org/sensitive-data-rails)
 
-[![Build Status](https://github.com/ankane/blind_index/workflows/build/badge.svg?branch=master)](https://github.com/ankane/blind_index/actions)
+[![Build Status](https://github.com/ankane/blind_index/actions/workflows/build.yml/badge.svg)](https://github.com/ankane/blind_index/actions)
 
 ## How It Works
 
@@ -385,16 +385,6 @@ One alternative to blind indexing is to use a deterministic encryption scheme, l
 1. You can keep encryption consistent for all fields (both searchable and non-searchable)
 2. Blind indexing supports expressions
 
-## Upgrading
-
-### 2.0.0
-
-2.0.0 brings a number of improvements.
-
-- Blind indexes are updated immediately instead of in a `before_validation` callback
-- Better Lockbox integration - no need to generate a separate key
-- There’s a new gem for Argon2 that has no dependencies and (officially) supports Windows
-
 ## History
 
 View the [changelog](https://github.com/ankane/blind_index/blob/master/CHANGELOG.md)

data/lib/blind_index/backfill.rb

@@ -4,7 +4,7 @@ module BlindIndex
 
     def initialize(relation, batch_size:, columns:)
       @relation = relation
-      @transaction = @relation.respond_to?(:transaction)
+      @transaction = @relation.respond_to?(:transaction) && !mongoid_relation?(relation.all)
       @batch_size = batch_size
       @blind_indexes = @relation.blind_indexes
       filter_columns!(columns) if columns
@@ -100,6 +100,10 @@ module BlindIndex
       end
     end
 
+    def mongoid_relation?(relation)
+      defined?(Mongoid::Criteria) && relation.is_a?(Mongoid::Criteria)
+    end
+
     def with_transaction
       if @transaction
         @relation.transaction do

data/lib/blind_index/key_generator.rb

@@ -23,6 +23,7 @@ module BlindIndex
 
     def hkdf(ikm, salt:, info:, length:, hash:)
       if defined?(OpenSSL::KDF.hkdf)
+        # OpenSSL 1.1.0+
         return OpenSSL::KDF.hkdf(ikm, salt: salt, info: info, length: length, hash: hash)
       end
 

data/lib/blind_index/model.rb

@@ -38,7 +38,7 @@ module BlindIndex
         class_eval do
           activerecord = defined?(ActiveRecord) && self < ActiveRecord::Base
 
-          if activerecord && ActiveRecord::VERSION::MAJOR >= 6
+          if activerecord
             # blind index value isn't really sensitive
             # but don't need to show it in the Rails console
             self.filter_attributes += [/\A#{Regexp.escape(bidx_attribute)}\z/]

data/lib/blind_index/version.rb

@@ -1,3 +1,3 @@
 module BlindIndex
-  VERSION = "2.4.0"
+  VERSION = "2.6.0"
 end

data/lib/blind_index.rb

@@ -51,7 +51,7 @@ module BlindIndex
 
       # check size
       size = (options[:size] || 32).to_i
-      raise BlindIndex::Error, "Size must be between 1 and 32" unless (1..32).include?(size)
+      raise BlindIndex::Error, "Size must be between 1 and 32" unless (1..32).cover?(size)
 
       value = value.to_s
 
@@ -70,7 +70,7 @@ module BlindIndex
           Argon2::KDF.argon2id(value, salt: key, t: t, m: m, p: 1, length: size)
         when :pbkdf2_sha256
           iterations = cost_options[:iterations] || options[:iterations] || (options[:slow] ? 100000 : 10000)
-          OpenSSL::PKCS5.pbkdf2_hmac(value, key, iterations, size, "sha256")
+          OpenSSL::KDF.pbkdf2_hmac(value, salt: key, iterations: iterations, length: size, hash: "sha256")
         when :argon2i
           t = (cost_options[:t] || 3).to_i
           # use same bounds as rbnacl
@@ -86,7 +86,7 @@ module BlindIndex
           n = cost_options[:n] || 4096
           r = cost_options[:r] || 8
           cp = cost_options[:p] || 1
-          SCrypt::Engine.scrypt(value, key, n, r, cp, size)
+          OpenSSL::KDF.scrypt(value, salt: key, N: n, r: r, p: cp, length: size)
         else
           raise BlindIndex::Error, "Unknown algorithm"
         end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: blind_index
 version: !ruby/object:Gem::Version
-  version: 2.4.0
+  version: 2.6.0
 platform: ruby
 authors:
 - Andrew Kane
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-07-02 00:00:00.000000000 Z
+date: 2024-10-08 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -16,28 +16,28 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '6.1'
+        version: '7'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '6.1'
+        version: '7'
 - !ruby/object:Gem::Dependency
   name: argon2-kdf
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 0.1.1
+        version: '0.2'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 0.1.1
+        version: '0.2'
 description:
 email: andrew@ankane.org
 executables: []
@@ -66,14 +66,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '3'
+      version: '3.1'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.4.10
+rubygems_version: 3.5.16
 signing_key:
 specification_version: 4
 summary: Securely search encrypted database fields