blind_index 2.4.0 → 2.7.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 4b195e7760fae1745c7040aa94f90ab4b2ec5c57593e6ae3db445d0a45461f8b
-  data.tar.gz: bf8b47a67e61d433ae430e8d7d4534450917811a96e9ec3b07c30e3e75d67427
+  metadata.gz: '09a84d8781deda821fd4cb201a99f0817a0138cce41f2b8feee581fc75d7fd4d'
+  data.tar.gz: 257e5c5d3504e90bb2ffa90dca2cdd21c853d0a3708d64b05cf044b324506cbe
 SHA512:
-  metadata.gz: d06adf905e5a22b54a85bb787a71da0d2e422e395265c2cd1892ef7172fc93a4415ed72607be6ee4fa8886b0286391abaf346e4450f303a8aec711c620924e89
-  data.tar.gz: 1db6a651cd9fd09f159e09cfb03aed1cd9fea783c55f3a7f2e76bdc1f0a986581ee3b4798857febd51c493273dd1fd9baa83e124f7e8484f29da851eb69d3a79
+  metadata.gz: d4bb3008b73f2e5587d7655384380b7323b8c73303e1634f1e279c14022728ca77d1b4a4259c5afa1bfd134a0fd69c26035316ac8f3a5b3005b269be617c2de1
+  data.tar.gz: 164b7986d27128b8830dddf90fe4501081da58e4b8995ab2dc6cb57ae697fc33da378824bfcec0d32ae12ded0795b61d2814f45d6af65ecdbbd95179a9a6be03

data/CHANGELOG.md

@@ -1,3 +1,26 @@
+## 2.7.0 (2025-05-04)
+
+- Dropped support for Ruby < 3.2 and Active Record < 7.1
+- Dropped support for Mongoid < 8
+
+## 2.6.2 (2025-02-23)
+
+- Fixed querying with normalized attributes
+
+## 2.6.1 (2024-11-01)
+
+- Fixed issue with `includes` and Active Record 7
+
+## 2.6.0 (2024-10-07)
+
+- Removed dependency on `scrypt` gem for scrypt algorithm
+- Dropped support for Active Record < 7
+
+## 2.5.0 (2024-06-03)
+
+- Added support for Mongoid 9
+- Dropped support for Ruby < 3.1
+
 ## 2.4.0 (2023-07-02)
 
 - Dropped support for Ruby < 3 and Rails < 6.1
@@ -77,7 +100,7 @@ Breaking changes
 
 - Added `size` option
 - Added sanity checks for Argon2 cost parameters
-- Fixed ActiveRecord callback issues introduced in 0.3.3
+- Fixed Active Record callback issues introduced in 0.3.3
 
 ## 0.3.3 (2018-11-12)
 
@@ -106,13 +129,13 @@ Breaking changes
 
 ## 0.2.0 (2018-05-11)
 
-- Added support for ActiveRecord 4.2
+- Added support for Active Record 4.2
 - Improved validation support when multiple blind indexes
 - Fixed `nil` handling
 
 ## 0.1.1 (2018-04-09)
 
-- Added support for ActiveRecord 5.2
+- Added support for Active Record 5.2
 - Added `callback` option
 - Added support for `key` proc
 - Fixed error inheritance

data/LICENSE.txt

@@ -1,4 +1,4 @@
-Copyright (c) 2017-2023 Andrew Kane
+Copyright (c) 2017-2025 Andrew Kane
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

data/README.md

@@ -6,7 +6,7 @@ Works with [Lockbox](https://github.com/ankane/lockbox) ([full example](https://
 
 Learn more about [securing sensitive data in Rails](https://ankane.org/sensitive-data-rails)
 
-[![Build Status](https://github.com/ankane/blind_index/workflows/build/badge.svg?branch=master)](https://github.com/ankane/blind_index/actions)
+[![Build Status](https://github.com/ankane/blind_index/actions/workflows/build.yml/badge.svg)](https://github.com/ankane/blind_index/actions)
 
 ## How It Works
 
@@ -385,16 +385,6 @@ One alternative to blind indexing is to use a deterministic encryption scheme, l
 1. You can keep encryption consistent for all fields (both searchable and non-searchable)
 2. Blind indexing supports expressions
 
-## Upgrading
-
-### 2.0.0
-
-2.0.0 brings a number of improvements.
-
-- Blind indexes are updated immediately instead of in a `before_validation` callback
-- Better Lockbox integration - no need to generate a separate key
-- There’s a new gem for Argon2 that has no dependencies and (officially) supports Windows
-
 ## History
 
 View the [changelog](https://github.com/ankane/blind_index/blob/master/CHANGELOG.md)

data/lib/blind_index/backfill.rb

@@ -4,7 +4,7 @@ module BlindIndex
 
     def initialize(relation, batch_size:, columns:)
       @relation = relation
-      @transaction = @relation.respond_to?(:transaction)
+      @transaction = @relation.respond_to?(:transaction) && !mongoid_relation?(relation.all)
       @batch_size = batch_size
       @blind_indexes = @relation.blind_indexes
       filter_columns!(columns) if columns
@@ -100,6 +100,10 @@ module BlindIndex
       end
     end
 
+    def mongoid_relation?(relation)
+      defined?(Mongoid::Criteria) && relation.is_a?(Mongoid::Criteria)
+    end
+
     def with_transaction
       if @transaction
         @relation.transaction do

data/lib/blind_index/extensions.rb

@@ -14,12 +14,20 @@ module BlindIndex
       # https://github.com/rails/rails/commit/56f30962b84fc53b76001301fb830c1594fd377e
       def build(attribute, value, *args)
         if table.has_blind_indexes? && (bi = table.send(:klass).blind_indexes[attribute.name.to_sym]) && !value.is_a?(ActiveRecord::StatementCache::Substitute)
+          model = table.send(:klass)
+          attribute_name = attribute.name.to_sym
+          cast =
+            if model.respond_to?(:normalized_attributes) && model.normalized_attributes.include?(attribute_name)
+              ->(v) { model.normalize_value_for(attribute_name, v) }
+            else
+              ->(v) { v }
+            end
           attribute = attribute.relation[bi[:bidx_attribute]]
           value =
-            if value.is_a?(Array)
-              value.map { |v| BlindIndex.generate_bidx(v, **bi) }
+            if value.is_a?(Array) || (defined?(Set) && value.is_a?(Set))
+              value.map { |v| BlindIndex.generate_bidx(cast.call(v), **bi) }
             else
-              BlindIndex.generate_bidx(value, **bi)
+              BlindIndex.generate_bidx(cast.call(value), **bi)
             end
         end
 

data/lib/blind_index/key_generator.rb

@@ -23,6 +23,7 @@ module BlindIndex
 
     def hkdf(ikm, salt:, info:, length:, hash:)
       if defined?(OpenSSL::KDF.hkdf)
+        # OpenSSL 1.1.0+
         return OpenSSL::KDF.hkdf(ikm, salt: salt, info: info, length: length, hash: hash)
       end
 

data/lib/blind_index/model.rb

@@ -38,7 +38,7 @@ module BlindIndex
         class_eval do
           activerecord = defined?(ActiveRecord) && self < ActiveRecord::Base
 
-          if activerecord && ActiveRecord::VERSION::MAJOR >= 6
+          if activerecord
             # blind index value isn't really sensitive
             # but don't need to show it in the Rails console
             self.filter_attributes += [/\A#{Regexp.escape(bidx_attribute)}\z/]

data/lib/blind_index/version.rb

@@ -1,3 +1,3 @@
 module BlindIndex
-  VERSION = "2.4.0"
+  VERSION = "2.7.0"
 end

data/lib/blind_index.rb

@@ -51,7 +51,7 @@ module BlindIndex
 
       # check size
       size = (options[:size] || 32).to_i
-      raise BlindIndex::Error, "Size must be between 1 and 32" unless (1..32).include?(size)
+      raise BlindIndex::Error, "Size must be between 1 and 32" unless (1..32).cover?(size)
 
       value = value.to_s
 
@@ -70,7 +70,7 @@ module BlindIndex
           Argon2::KDF.argon2id(value, salt: key, t: t, m: m, p: 1, length: size)
         when :pbkdf2_sha256
           iterations = cost_options[:iterations] || options[:iterations] || (options[:slow] ? 100000 : 10000)
-          OpenSSL::PKCS5.pbkdf2_hmac(value, key, iterations, size, "sha256")
+          OpenSSL::KDF.pbkdf2_hmac(value, salt: key, iterations: iterations, length: size, hash: "sha256")
         when :argon2i
           t = (cost_options[:t] || 3).to_i
           # use same bounds as rbnacl
@@ -86,7 +86,7 @@ module BlindIndex
           n = cost_options[:n] || 4096
           r = cost_options[:r] || 8
           cp = cost_options[:p] || 1
-          SCrypt::Engine.scrypt(value, key, n, r, cp, size)
+          OpenSSL::KDF.scrypt(value, salt: key, N: n, r: r, p: cp, length: size)
         else
           raise BlindIndex::Error, "Unknown algorithm"
         end

metadata

@@ -1,14 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: blind_index
 version: !ruby/object:Gem::Version
-  version: 2.4.0
+  version: 2.7.0
 platform: ruby
 authors:
 - Andrew Kane
-autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-07-02 00:00:00.000000000 Z
+date: 1980-01-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -16,29 +15,28 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '6.1'
+        version: '7.1'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '6.1'
+        version: '7.1'
 - !ruby/object:Gem::Dependency
   name: argon2-kdf
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 0.1.1
+        version: '0.2'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 0.1.1
-description:
+        version: '0.2'
 email: andrew@ankane.org
 executables: []
 extensions: []
@@ -58,7 +56,6 @@ homepage: https://github.com/ankane/blind_index
 licenses:
 - MIT
 metadata: {}
-post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -66,15 +63,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '3'
+      version: '3.2'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.4.10
-signing_key:
+rubygems_version: 3.6.7
 specification_version: 4
 summary: Securely search encrypted database fields
 test_files: []