blind_index 2.4.0 → 2.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 4b195e7760fae1745c7040aa94f90ab4b2ec5c57593e6ae3db445d0a45461f8b
4
- data.tar.gz: bf8b47a67e61d433ae430e8d7d4534450917811a96e9ec3b07c30e3e75d67427
3
+ metadata.gz: 291577a62790b52028024d748fc849ccaaeebe73b611969291b07a3eef43fd50
4
+ data.tar.gz: b0775917f436380ead5163519a98f7984ce257db8b664c44f299f1ebbba32934
5
5
  SHA512:
6
- metadata.gz: d06adf905e5a22b54a85bb787a71da0d2e422e395265c2cd1892ef7172fc93a4415ed72607be6ee4fa8886b0286391abaf346e4450f303a8aec711c620924e89
7
- data.tar.gz: 1db6a651cd9fd09f159e09cfb03aed1cd9fea783c55f3a7f2e76bdc1f0a986581ee3b4798857febd51c493273dd1fd9baa83e124f7e8484f29da851eb69d3a79
6
+ metadata.gz: 484dbd052625a14ae883b943d316b3bcf451baf53fb8c67239973c6c7598c50045f3e44af30233424945e427d8e1a43e35dfc3c50884d4567a30d6186cc3aa06
7
+ data.tar.gz: fe2ad8af315478d6baa00be6f97bdead8767866a8efa3c334cc1e66898571e6f7407a04ec8b53c4a61657cd23943ec24593559fe8c913f57ea14c82bd3d51c8a
data/CHANGELOG.md CHANGED
@@ -1,3 +1,13 @@
1
+ ## 2.6.0 (2024-10-07)
2
+
3
+ - Removed dependency on `scrypt` gem for scrypt algorithm
4
+ - Dropped support for Active Record < 7
5
+
6
+ ## 2.5.0 (2024-06-03)
7
+
8
+ - Added support for Mongoid 9
9
+ - Dropped support for Ruby < 3.1
10
+
1
11
  ## 2.4.0 (2023-07-02)
2
12
 
3
13
  - Dropped support for Ruby < 3 and Rails < 6.1
@@ -77,7 +87,7 @@ Breaking changes
77
87
 
78
88
  - Added `size` option
79
89
  - Added sanity checks for Argon2 cost parameters
80
- - Fixed ActiveRecord callback issues introduced in 0.3.3
90
+ - Fixed Active Record callback issues introduced in 0.3.3
81
91
 
82
92
  ## 0.3.3 (2018-11-12)
83
93
 
@@ -106,13 +116,13 @@ Breaking changes
106
116
 
107
117
  ## 0.2.0 (2018-05-11)
108
118
 
109
- - Added support for ActiveRecord 4.2
119
+ - Added support for Active Record 4.2
110
120
  - Improved validation support when multiple blind indexes
111
121
  - Fixed `nil` handling
112
122
 
113
123
  ## 0.1.1 (2018-04-09)
114
124
 
115
- - Added support for ActiveRecord 5.2
125
+ - Added support for Active Record 5.2
116
126
  - Added `callback` option
117
127
  - Added support for `key` proc
118
128
  - Fixed error inheritance
data/LICENSE.txt CHANGED
@@ -1,4 +1,4 @@
1
- Copyright (c) 2017-2023 Andrew Kane
1
+ Copyright (c) 2017-2024 Andrew Kane
2
2
 
3
3
  Permission is hereby granted, free of charge, to any person obtaining a copy
4
4
  of this software and associated documentation files (the "Software"), to deal
data/README.md CHANGED
@@ -6,7 +6,7 @@ Works with [Lockbox](https://github.com/ankane/lockbox) ([full example](https://
6
6
 
7
7
  Learn more about [securing sensitive data in Rails](https://ankane.org/sensitive-data-rails)
8
8
 
9
- [![Build Status](https://github.com/ankane/blind_index/workflows/build/badge.svg?branch=master)](https://github.com/ankane/blind_index/actions)
9
+ [![Build Status](https://github.com/ankane/blind_index/actions/workflows/build.yml/badge.svg)](https://github.com/ankane/blind_index/actions)
10
10
 
11
11
  ## How It Works
12
12
 
@@ -385,16 +385,6 @@ One alternative to blind indexing is to use a deterministic encryption scheme, l
385
385
  1. You can keep encryption consistent for all fields (both searchable and non-searchable)
386
386
  2. Blind indexing supports expressions
387
387
 
388
- ## Upgrading
389
-
390
- ### 2.0.0
391
-
392
- 2.0.0 brings a number of improvements.
393
-
394
- - Blind indexes are updated immediately instead of in a `before_validation` callback
395
- - Better Lockbox integration - no need to generate a separate key
396
- - There’s a new gem for Argon2 that has no dependencies and (officially) supports Windows
397
-
398
388
  ## History
399
389
 
400
390
  View the [changelog](https://github.com/ankane/blind_index/blob/master/CHANGELOG.md)
@@ -4,7 +4,7 @@ module BlindIndex
4
4
 
5
5
  def initialize(relation, batch_size:, columns:)
6
6
  @relation = relation
7
- @transaction = @relation.respond_to?(:transaction)
7
+ @transaction = @relation.respond_to?(:transaction) && !mongoid_relation?(relation.all)
8
8
  @batch_size = batch_size
9
9
  @blind_indexes = @relation.blind_indexes
10
10
  filter_columns!(columns) if columns
@@ -100,6 +100,10 @@ module BlindIndex
100
100
  end
101
101
  end
102
102
 
103
+ def mongoid_relation?(relation)
104
+ defined?(Mongoid::Criteria) && relation.is_a?(Mongoid::Criteria)
105
+ end
106
+
103
107
  def with_transaction
104
108
  if @transaction
105
109
  @relation.transaction do
@@ -23,6 +23,7 @@ module BlindIndex
23
23
 
24
24
  def hkdf(ikm, salt:, info:, length:, hash:)
25
25
  if defined?(OpenSSL::KDF.hkdf)
26
+ # OpenSSL 1.1.0+
26
27
  return OpenSSL::KDF.hkdf(ikm, salt: salt, info: info, length: length, hash: hash)
27
28
  end
28
29
 
@@ -38,7 +38,7 @@ module BlindIndex
38
38
  class_eval do
39
39
  activerecord = defined?(ActiveRecord) && self < ActiveRecord::Base
40
40
 
41
- if activerecord && ActiveRecord::VERSION::MAJOR >= 6
41
+ if activerecord
42
42
  # blind index value isn't really sensitive
43
43
  # but don't need to show it in the Rails console
44
44
  self.filter_attributes += [/\A#{Regexp.escape(bidx_attribute)}\z/]
@@ -1,3 +1,3 @@
1
1
  module BlindIndex
2
- VERSION = "2.4.0"
2
+ VERSION = "2.6.0"
3
3
  end
data/lib/blind_index.rb CHANGED
@@ -51,7 +51,7 @@ module BlindIndex
51
51
 
52
52
  # check size
53
53
  size = (options[:size] || 32).to_i
54
- raise BlindIndex::Error, "Size must be between 1 and 32" unless (1..32).include?(size)
54
+ raise BlindIndex::Error, "Size must be between 1 and 32" unless (1..32).cover?(size)
55
55
 
56
56
  value = value.to_s
57
57
 
@@ -70,7 +70,7 @@ module BlindIndex
70
70
  Argon2::KDF.argon2id(value, salt: key, t: t, m: m, p: 1, length: size)
71
71
  when :pbkdf2_sha256
72
72
  iterations = cost_options[:iterations] || options[:iterations] || (options[:slow] ? 100000 : 10000)
73
- OpenSSL::PKCS5.pbkdf2_hmac(value, key, iterations, size, "sha256")
73
+ OpenSSL::KDF.pbkdf2_hmac(value, salt: key, iterations: iterations, length: size, hash: "sha256")
74
74
  when :argon2i
75
75
  t = (cost_options[:t] || 3).to_i
76
76
  # use same bounds as rbnacl
@@ -86,7 +86,7 @@ module BlindIndex
86
86
  n = cost_options[:n] || 4096
87
87
  r = cost_options[:r] || 8
88
88
  cp = cost_options[:p] || 1
89
- SCrypt::Engine.scrypt(value, key, n, r, cp, size)
89
+ OpenSSL::KDF.scrypt(value, salt: key, N: n, r: r, p: cp, length: size)
90
90
  else
91
91
  raise BlindIndex::Error, "Unknown algorithm"
92
92
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: blind_index
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.4.0
4
+ version: 2.6.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Andrew Kane
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-07-02 00:00:00.000000000 Z
11
+ date: 2024-10-08 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activesupport
@@ -16,28 +16,28 @@ dependencies:
16
16
  requirements:
17
17
  - - ">="
18
18
  - !ruby/object:Gem::Version
19
- version: '6.1'
19
+ version: '7'
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - ">="
25
25
  - !ruby/object:Gem::Version
26
- version: '6.1'
26
+ version: '7'
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: argon2-kdf
29
29
  requirement: !ruby/object:Gem::Requirement
30
30
  requirements:
31
31
  - - ">="
32
32
  - !ruby/object:Gem::Version
33
- version: 0.1.1
33
+ version: '0.2'
34
34
  type: :runtime
35
35
  prerelease: false
36
36
  version_requirements: !ruby/object:Gem::Requirement
37
37
  requirements:
38
38
  - - ">="
39
39
  - !ruby/object:Gem::Version
40
- version: 0.1.1
40
+ version: '0.2'
41
41
  description:
42
42
  email: andrew@ankane.org
43
43
  executables: []
@@ -66,14 +66,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
66
66
  requirements:
67
67
  - - ">="
68
68
  - !ruby/object:Gem::Version
69
- version: '3'
69
+ version: '3.1'
70
70
  required_rubygems_version: !ruby/object:Gem::Requirement
71
71
  requirements:
72
72
  - - ">="
73
73
  - !ruby/object:Gem::Version
74
74
  version: '0'
75
75
  requirements: []
76
- rubygems_version: 3.4.10
76
+ rubygems_version: 3.5.16
77
77
  signing_key:
78
78
  specification_version: 4
79
79
  summary: Securely search encrypted database fields