chamber 2.9.1 → 2.10.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 1ecd2c070d7f7877b3b727f904c140acc8974712
-  data.tar.gz: 79b12b587b92be9f7b177c4ad4349b93a4425610
+  metadata.gz: f64e70d25c37ca329a62d1fb9154e8c20afcb672
+  data.tar.gz: fcd7a592e5200ff1d9cefe0b893eb38a9ee588d1
 SHA512:
-  metadata.gz: 0b6038491608666d4b67b1d4eed6d7c87b8e623d27c09878da29affb9d7b78b4a39a8433584e839926beec8b615dbcadc5c07f7b917a2794c3dbe1d5be2153ea
-  data.tar.gz: 7924650c9d08ecd452b9e89f5b9b592e065678f2b681d040e2ec48b5640727c471f76d442f5a7c60c7c662e1aca4c89e36ca63cabc4fdcdd956b3f27a08d4c5f
+  metadata.gz: 88901e1606334bea29432cc4942029e75f9348481c94583c915244ad5fccdca1fe27560aa74fede87a95d6c95902d238eb5ca11559b004b414f89af8a9dd0e25
+  data.tar.gz: eb9cb535f93b01b1bde53d55e345914a9586aef32ee76d199eb0df9b1dd0810b035cf862854cf22cfa51b928cf8bbbf7c1643632faeea957809bf6a64ebb1831

data/lib/chamber/encryption_methods/ssl.rb

@@ -5,7 +5,7 @@ class   Ssl
 
   def self.encrypt(_key, value, encryption_key)
     value = YAML.dump(value)
-    cipher = OpenSSL::Cipher::Cipher.new('AES-128-CBC')
+    cipher = OpenSSL::Cipher.new('AES-128-CBC')
     cipher.encrypt
     symmetric_key = cipher.random_key
     iv = cipher.random_iv
@@ -34,7 +34,7 @@ class   Ssl
       end
       key = decryption_key.private_decrypt(key)
 
-      cipher_dec = OpenSSL::Cipher::Cipher.new('AES-128-CBC')
+      cipher_dec = OpenSSL::Cipher.new('AES-128-CBC')
 
       cipher_dec.decrypt
 

data/lib/chamber/filters/boolean_conversion_filter.rb

@@ -14,6 +14,7 @@ class   BooleanConversionFilter
 
   attr_accessor :data
 
+  # rubocop:disable Metrics/BlockNesting
   def execute(settings = data)
     settings.each_pair do |key, value|
       if value.respond_to? :each_pair
@@ -34,6 +35,7 @@ class   BooleanConversionFilter
       end
     end
   end
+  # rubocop:enable Metrics/BlockNesting
 end
 end
 end

data/lib/chamber/filters/encryption_filter.rb

@@ -57,7 +57,11 @@ class     EncryptionFilter
   end
 
   def encryption_method(value)
-    if value.respond_to?(:match) && value.match(BASE64_STRING_PATTERN)
+    value_is_encrypted = value.respond_to?(:match) &&
+                           (value.match(BASE64_STRING_PATTERN) ||
+                            value.match(LARGE_DATA_STRING_PATTERN))
+
+    if value_is_encrypted
       EncryptionMethods::None
     else
       serialized_value = YAML.dump(value)

data/lib/chamber/instance.rb

@@ -1,6 +1,7 @@
 # frozen_string_literal: true
 require 'chamber/configuration'
 require 'chamber/file_set'
+require 'chamber/settings'
 
 module  Chamber
 class   Instance
@@ -24,6 +25,37 @@ class   Instance
     files.secure
   end
 
+  def encrypt(data, options = {})
+    config = configuration.to_hash.merge(options)
+
+    Settings.
+    new(
+      config.merge(
+        settings:     data,
+        pre_filters:  [Filters::EncryptionFilter],
+        post_filters: [],
+      ),
+    ).
+    to_hash
+  end
+
+  def decrypt(data, options = {})
+    config = configuration.to_hash.merge(options)
+
+    Settings.
+    new(
+      config.merge(
+        settings:     data,
+        pre_filters:  [Filters::NamespaceFilter],
+        post_filters: [
+                        Filters::DecryptionFilter,
+                        Filters::FailedDecryptionFilter,
+                      ],
+      ),
+    ).
+    to_hash
+  end
+
   def to_s(options = {})
     settings.to_s(options)
   end

data/lib/chamber/types/secured.rb

@@ -0,0 +1,79 @@
+require 'active_support/json'
+require 'chamber'
+
+# rubocop:disable Lint/HandleExceptions, Style/EmptyLinesAroundModuleBody
+module  Chamber
+
+begin
+  require 'active_record/type/value'
+
+  CHAMBER_TYPE_VALUE_SUPERCLASS = ActiveRecord::Type::Value
+rescue LoadError
+end
+
+begin
+  require 'active_model/type/value'
+
+  CHAMBER_TYPE_VALUE_SUPERCLASS = ActiveModel::Type::Value
+rescue LoadError
+end
+
+module  Types
+class   Secured < CHAMBER_TYPE_VALUE_SUPERCLASS
+  attr_accessor :decryption_key,
+                :encryption_key
+
+  def initialize(options = {})
+    self.encryption_key = options.fetch(:encryption_key,
+                                        Chamber.configuration.encryption_key)
+    self.decryption_key = options.fetch(:decryption_key,
+                                        Chamber.configuration.decryption_key)
+  end
+
+  def type
+    :jsonb
+  end
+
+  def cast(value)
+    case value
+    when Hash
+      value
+    when String
+      ::ActiveSupport::JSON.decode(value)
+    when NilClass
+      nil
+    else
+      fail ArgumentError, 'Any attributes encrypted with Chamber must be either a Hash or a valid JSON string'
+    end
+  end
+  alias type_cast_from_user cast
+
+  def deserialize(value)
+    value = cast(value)
+
+    return if value.nil?
+
+    Chamber.decrypt(value,
+                    decryption_key: decryption_key,
+                    encryption_key: encryption_key)
+  end
+  alias type_cast_from_database deserialize
+
+  def serialize(value)
+    fail ArgumentError, 'Any attributes encrypted with Chamber must be a Hash' unless value.is_a?(Hash)
+
+    ::ActiveSupport::JSON.encode(
+      Chamber.encrypt(value,
+                      decryption_key: decryption_key,
+                      encryption_key: encryption_key),
+    )
+  end
+  alias type_cast_for_database serialize
+
+  def changed_in_place?(raw_old_value, new_value)
+    deserialize(raw_old_value) == new_value
+  end
+end
+end
+end
+# rubocop:enable Lint/HandleExceptions, Style/EmptyLinesAroundModuleBody

data/lib/chamber/version.rb

@@ -1,4 +1,4 @@
 # frozen_string_literal: true
 module Chamber
-  VERSION = '2.9.1'.freeze
+  VERSION = '2.10.0'.freeze
 end

data/spec/lib/chamber/filters/encryption_filter_spec.rb

@@ -61,7 +61,7 @@ describe  EncryptionFilter do
       EncryptionFilter::BASE64_STRING_PATTERN
   end
 
-  it 'will not attempt to encrypt values if it guesses that they are already encrypted' do
+  it 'will not attempt to encrypt normal values if it guesses that they are already encrypted' do
     filtered_settings = EncryptionFilter.execute(
       data:           {
         _secure_my_secure_setting: 'fNI5wlBniNhEU4396pmhWwx+A09bRAMJOUASuP7PzprewBX8C' \
@@ -87,6 +87,55 @@ describe  EncryptionFilter do
                                      'uF3CDIKRIC6U+mnM5SRMO4Dzysw=='
   end
 
+  it 'will not attempt to encrypt large values if it guesses that they are already encrypted' do
+    filtered_settings = EncryptionFilter.execute(
+      data:           {
+        _secure_my_secure_setting: 'AcMY7ALLoGZRakL3ibyo2WB438ipdMDIjsa4SCDBP2saOY63A' \
+                                   'D3C/SZanexlYDQoYoYC0V5J5EvKHgGMDAU8qnp9LjzU5VCwJ3' \
+                                   'SVRGz3J0c7LXgTlC585Lgy8LX+/yjYFm4D13hlMvvsoI35Bo8' \
+                                   'EVkTSU2+0gRSjRpQJeK1o7az5+fBuNmFipevA4YfLnarnpwo2' \
+                                   'd2oO+BqStI2QQI1UWwN2R04rvOdHoEzA6DLsdvYX+QTKDk4K5' \
+                                   'oSKXfuMBvzOCaCGT75cmt85ZY7XZnwbKi6c4mtL1ajrCr8sQF' \
+                                   'TA/GyG1EiYLFp1uQco0m2/S9yFf26REjax4ZE6O/ilXgT6xg=' \
+                                   '=#YAm25swWRQx4ip1RjVzpGQ==#vRGvgjErI+dATM4UOtFkkg' \
+                                   'efFpFTvxGpHN0gRbf1VCO4K07eqAQPb46BDI67a8iNum9cBph' \
+                                   'es7oGmuNnUvBg4JiZhKsXnolcRWdITDVh/XYNioXRmesvj4x+' \
+                                   'tY0FVhkLV2zubRVfC7CDJgin6wRHP+bcZhICDD2YqB+XRS4ou' \
+                                   '66UeaiGA4eV4G6sPIo+DPjDM3m8JFnuRFMvGk73wthbN4MdAp' \
+                                   '9xONt5wfobJUiUR11k2iAqwhx7Wyj0imz/afI8goDTdMfQt3V' \
+                                   'DOYqYG3y2AcYOfsOL6m0GtQRlKvtsvw+m8/ICwSGiL2Loup0j' \
+                                   '/jDGhFi1lwf4ded8aSwyS+2/Ks9C008dsJwpR1SxJ59z1KSzd' \
+                                   'QcTcrJTnxd+2qpOVVIoaRGud2tSV+5wKXy9dWRflLsjEtBRFR' \
+                                   'eFurTVQPodjDy+Lhs452/O/+KAJOXMKeYegCGOe8z9tLD3tel' \
+                                   'jjTyJPeW/1FE3+tP3G3HJAV4sgoO0YwhNY1Nji56igCl3UvEP' \
+                                   'nEQcJgu0w/+dqSreqwp6TqaqXY3lzr8vi733lti4nss=',
+      },
+      encryption_key: './spec/spec_key.pub',
+    )
+
+    my_secure_setting = filtered_settings._secure_my_secure_setting
+
+    expect(my_secure_setting).to eql 'AcMY7ALLoGZRakL3ibyo2WB438ipdMDIjsa4SCDBP2saOY63A' \
+                                     'D3C/SZanexlYDQoYoYC0V5J5EvKHgGMDAU8qnp9LjzU5VCwJ3' \
+                                     'SVRGz3J0c7LXgTlC585Lgy8LX+/yjYFm4D13hlMvvsoI35Bo8' \
+                                     'EVkTSU2+0gRSjRpQJeK1o7az5+fBuNmFipevA4YfLnarnpwo2' \
+                                     'd2oO+BqStI2QQI1UWwN2R04rvOdHoEzA6DLsdvYX+QTKDk4K5' \
+                                     'oSKXfuMBvzOCaCGT75cmt85ZY7XZnwbKi6c4mtL1ajrCr8sQF' \
+                                     'TA/GyG1EiYLFp1uQco0m2/S9yFf26REjax4ZE6O/ilXgT6xg=' \
+                                     '=#YAm25swWRQx4ip1RjVzpGQ==#vRGvgjErI+dATM4UOtFkkg' \
+                                     'efFpFTvxGpHN0gRbf1VCO4K07eqAQPb46BDI67a8iNum9cBph' \
+                                     'es7oGmuNnUvBg4JiZhKsXnolcRWdITDVh/XYNioXRmesvj4x+' \
+                                     'tY0FVhkLV2zubRVfC7CDJgin6wRHP+bcZhICDD2YqB+XRS4ou' \
+                                     '66UeaiGA4eV4G6sPIo+DPjDM3m8JFnuRFMvGk73wthbN4MdAp' \
+                                     '9xONt5wfobJUiUR11k2iAqwhx7Wyj0imz/afI8goDTdMfQt3V' \
+                                     'DOYqYG3y2AcYOfsOL6m0GtQRlKvtsvw+m8/ICwSGiL2Loup0j' \
+                                     '/jDGhFi1lwf4ded8aSwyS+2/Ks9C008dsJwpR1SxJ59z1KSzd' \
+                                     'QcTcrJTnxd+2qpOVVIoaRGud2tSV+5wKXy9dWRflLsjEtBRFR' \
+                                     'eFurTVQPodjDy+Lhs452/O/+KAJOXMKeYegCGOe8z9tLD3tel' \
+                                     'jjTyJPeW/1FE3+tP3G3HJAV4sgoO0YwhNY1Nji56igCl3UvEP' \
+                                     'nEQcJgu0w/+dqSreqwp6TqaqXY3lzr8vi733lti4nss='
+  end
+
   it 'can encrypt long multiline strings' do
     filtered_settings = EncryptionFilter.execute(
       data:           {

data/spec/lib/chamber/types/secured_spec.rb

@@ -0,0 +1,70 @@
+require 'rspectacular'
+require 'active_support/hash_with_indifferent_access'
+require 'chamber/types/secured'
+
+module    Chamber
+module    Types
+describe  Secured do
+  BASE64_STRING_PATTERN = %r{[A-Za-z0-9\+/]{342}==}
+
+  subject do
+    Secured.new(decryption_key: './spec/spec_key',
+                encryption_key: './spec/spec_key.pub')
+  end
+
+  it 'allows strings to be cast from the user' do
+    json_string = '{ "hello": "there", "whatever": 3 }'
+    secured     = subject.cast(json_string)
+
+    expect(secured).to eql('hello' => 'there', 'whatever' => 3)
+  end
+
+  it 'allows hashes to be cast from a user' do
+    json_hash = { 'hello' => 'there', 'whatever' => 3 }
+    secured   = subject.cast(json_hash)
+
+    expect(secured).to eql('hello' => 'there', 'whatever' => 3)
+  end
+
+  it 'allows nils to be cast from a user' do
+    secured = subject.cast(nil)
+
+    expect(secured).to be_nil
+  end
+
+  it 'fails if passed something that it cannot be cast' do
+    expect { subject.cast(3) }.to \
+    raise_error(ArgumentError).
+    with_message('Any attributes encrypted with Chamber must ' \
+                 'be either a Hash or a valid JSON string')
+  end
+
+  it 'can deserialize a hash' do
+    json_string = '{' \
+                    '"_secure_hello":"cpsTajQ/28E0YLQBpJ2tORnLSc6wliCqrmMzU0QfQZJlUWf' \
+                                     'Q1yuev2xLsX56o5QkuJiqaspH9W68qXDC17UqcV0pB0y75d' \
+                                     '6ttQZbk3p9QbYgWGZOVlHEA8eJIqDUzisShrrOo+nSin6QK' \
+                                     'UqizSjqhQC3Ii7CjTpMOK5RVc2y34vsVvYoJaqz5IYUEatA' \
+                                     'XxzHsQ5tkcqy++a9LTJVFOt+ug+mTCstNJHW2sUK9L1XrbD' \
+                                     '2+KwUNkImCbhl6qeA+4CeVXMFgcpxjaawg5cQCgfSPj8gSy' \
+                                     'pisbID59P0QVXRDQTdncrRv7q16RLmTqKI0xhNGevreFkNG' \
+                                     'LAtSQjFRYfAQA==",' \
+                    '"whatever":3' \
+                  '}'
+    secured     = subject.deserialize(json_string)
+
+    expect(secured).to eql('_secure_hello' => 'there', 'whatever' => 3)
+  end
+
+  # rubocop:disable Metrics/LineLength
+  it 'can serialize a hash' do
+    json_hash = { '_secure_hello' => 'there', 'whatever' => 3 }
+    secured   = subject.serialize(json_hash)
+
+    expect(secured).to be_a String
+    expect(secured).to match(/{\"_secure_hello\":\"#{BASE64_STRING_PATTERN}\",\"whatever\":3}/)
+  end
+  # rubocop:enable Metrics/LineLength
+end
+end
+end

data/spec/lib/chamber_spec.rb

@@ -3,7 +3,6 @@ require 'rspectacular'
 require 'chamber'
 require 'fileutils'
 
-# rubocop:disable Metrics/LineLength
 FileUtils.mkdir_p '/tmp/chamber/settings' unless File.exist? '/tmp/chamber/settings'
 
 File.open('/tmp/chamber/settings.yml', 'w+') do |file|
@@ -313,4 +312,3 @@ describe 'Chamber' do
     expect(Chamber.test.my_encrpyted_setting).to eql 'hello'
   end
 end
-# rubocop:enable Metrics/LineLength

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: chamber
 version: !ruby/object:Gem::Version
-  version: 2.9.1
+  version: 2.10.0
 platform: ruby
 authors:
 - thekompanee
@@ -34,7 +34,7 @@ cert_chain:
   QwSfDGz6+zsImi5N3UT71+mk7YcviQSgvMRl3VkAv8MZ6wcJ5SQRpf9w0OeFH6Ln
   nNbCoHiYeXX/lz/M6AIbxDIZZTwxcyvF7bdrQ2fbH5MsfQ==
   -----END CERTIFICATE-----
-date: 2016-08-23 00:00:00.000000000 Z
+date: 2017-02-04 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: thor
@@ -92,6 +92,34 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '0.46'
+- !ruby/object:Gem::Dependency
+  name: activemodel
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '5.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '5.0'
+- !ruby/object:Gem::Dependency
+  name: activesupport
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '5.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '5.0'
 description: "\n                          Chamber lets you source your Settings from
   an arbitrary number of YAML files and\n                          provides a simple
   mechanism for overriding settings from the ENV, which is\n                          friendly
@@ -149,6 +177,7 @@ files:
 - lib/chamber/rails/railtie.rb
 - lib/chamber/rubinius_fix.rb
 - lib/chamber/settings.rb
+- lib/chamber/types/secured.rb
 - lib/chamber/version.rb
 - spec/fixtures/settings.yml
 - spec/lib/chamber/commands/files_spec.rb
@@ -172,6 +201,7 @@ files:
 - spec/lib/chamber/filters/translate_secure_keys_filter_spec.rb
 - spec/lib/chamber/namespace_set_spec.rb
 - spec/lib/chamber/settings_spec.rb
+- spec/lib/chamber/types/secured_spec.rb
 - spec/lib/chamber_spec.rb
 - spec/rails-2-test/config.ru
 - spec/rails-2-test/config/application.rb
@@ -209,7 +239,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.5.1
+rubygems_version: 2.6.8
 signing_key: 
 specification_version: 4
 summary: A surprisingly configurable convention-based approach to managing your application's
@@ -237,6 +267,7 @@ test_files:
 - spec/lib/chamber/filters/translate_secure_keys_filter_spec.rb
 - spec/lib/chamber/namespace_set_spec.rb
 - spec/lib/chamber/settings_spec.rb
+- spec/lib/chamber/types/secured_spec.rb
 - spec/lib/chamber_spec.rb
 - spec/rails-2-test/config/application.rb
 - spec/rails-2-test/config.ru
@@ -252,4 +283,3 @@ test_files:
 - spec/rails-engine-test/spec/dummy/script/rails
 - spec/spec_key
 - spec/spec_key.pub
-has_rdoc: