crypt_keeper 0.8.0 → 0.9.0.pre

data/gemfiles/activerecord_3_0.gemfile.lock

@@ -1,5 +1,5 @@
 PATH
-  remote: /Users/justin/work/Personal/crypt_keeper
+  remote: /Users/justin/work/jmazzi/crypt_keeper
   specs:
     crypt_keeper (0.8.0)
       activerecord (>= 3.0)

data/gemfiles/activerecord_3_1.gemfile.lock

@@ -1,5 +1,5 @@
 PATH
-  remote: /Users/justin/work/Personal/crypt_keeper
+  remote: /Users/justin/work/jmazzi/crypt_keeper
   specs:
     crypt_keeper (0.8.0)
       activerecord (>= 3.0)

data/gemfiles/activerecord_3_2.gemfile.lock

@@ -1,5 +1,5 @@
 PATH
-  remote: /Users/justin/work/Personal/crypt_keeper
+  remote: /Users/justin/work/jmazzi/crypt_keeper
   specs:
     crypt_keeper (0.8.0)
       activerecord (>= 3.0)

data/lib/crypt_keeper/model.rb

@@ -17,11 +17,31 @@ module CryptKeeper
 
     private
 
+    # Private: A hash of encrypted attributes with their encrypted values
+    #
+    # Returns a Hash
+    def crypt_keeper_dirty_tracking
+      @crypt_keeper_dirty_tracking ||= HashWithIndifferentAccess.new
+    end
+
+    # Private: Determine if the field's plaintext value changed. It compares
+    # it to the original value that came from the DB before decryption
+    #
+    # Returns boolean
+    def plaintext_changed?(field)
+      new_record? || self[field] != self.class.decrypt(crypt_keeper_dirty_tracking[field])
+    end
+
     # Private: Encrypt each crypt_keeper_fields
     def encrypt_callback
       crypt_keeper_fields.each do |field|
         if !self[field].nil?
-          self[field] = self.class.encrypt read_attribute(field)
+          if plaintext_changed?(field)
+            self[field] = self.class.encrypt read_attribute(field)
+          else
+            self[field] = crypt_keeper_dirty_tracking[field]
+            clear_field_changes! field
+          end
         end
       end
     end
@@ -30,8 +50,11 @@ module CryptKeeper
     def decrypt_callback
       crypt_keeper_fields.each do |field|
         if !self[field].nil?
+          crypt_keeper_dirty_tracking[field] = read_attribute(field)
           self[field] = self.class.decrypt read_attribute(field)
         end
+
+        clear_field_changes! field
       end
     end
 
@@ -42,6 +65,15 @@ module CryptKeeper
       end
     end
 
+    # Private: Removes changes from `#previous_changes` and
+    # `#changed_attributes` so the model isn't considered dirty.
+    #
+    # field - The field to clear
+    def clear_field_changes!(field)
+      previous_changes.delete(field.to_s)
+      changed_attributes.delete(field.to_s)
+    end
+
     module ClassMethods
       # Public: Setup fields for encryption
       #

data/lib/crypt_keeper/provider/aes.rb

@@ -33,9 +33,7 @@ module CryptKeeper
       def encrypt(value)
         aes.encrypt
         aes.key = key
-        iv      = rand.to_s
-        aes.iv  = iv
-        Base64::encode64("#{iv}#{SEPARATOR}#{aes.update(value.to_s) + aes.final}")
+        Base64::encode64("#{aes.random_iv}#{SEPARATOR}#{aes.update(value.to_s) + aes.final}")
       end
 
       # Public: Decrypt a string

data/lib/crypt_keeper/version.rb

@@ -1,3 +1,3 @@
 module CryptKeeper
-  VERSION = "0.8.0"
+  VERSION = "0.9.0.pre"
 end

data/spec/model_spec.rb

@@ -118,6 +118,34 @@ module CryptKeeper
           SensitiveData.crypt_keeper_options.should include(passphrase: 'tool')
         end
       end
+
+      describe "Dirty records" do
+        before do
+          SensitiveData.crypt_keeper :storage, passphrase: 'tool', encryptor: :postgres_pgp
+        end
+
+        let(:record) do
+          SensitiveData.create storage: 'test'
+        end
+
+        specify { record.should_not be_changed }
+
+        it "unchanged plaintext does not trigger a save" do
+          queries = []
+
+          subscriber = ActiveSupport::Notifications.subscribe('sql.active_record')  do |name, started, finished, id, payload|
+            queries << payload[:sql]
+          end
+
+          SensitiveData.find(record.id).save
+          ActiveSupport::Notifications.unsubscribe subscriber
+
+          updates = queries.select { |query| query.match(/^UPDATE /) }
+
+          queries.should_not be_empty
+          updates.should be_empty, "Received #{updates}"
+        end
+      end
     end
   end
 end

data/spec/support/encryptors.rb

@@ -22,7 +22,7 @@ module CryptKeeper
       end
 
       def decrypt(data)
-        data.sub(/^#{@passphrase}/, '').reverse
+        data.to_s.sub(/^#{@passphrase}/, '').reverse
       end
     end
   end

metadata

@@ -1,15 +1,15 @@
 --- !ruby/object:Gem::Specification
 name: crypt_keeper
 version: !ruby/object:Gem::Version
-  version: 0.8.0
-  prerelease: 
+  version: 0.9.0.pre
+  prerelease: 6
 platform: ruby
 authors:
 - Justin Mazzi
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2012-12-24 00:00:00.000000000 Z
+date: 2013-03-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activerecord
@@ -243,16 +243,13 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '0'
       segments:
       - 0
-      hash: 838883882659964076
+      hash: 3463799705679216715
 required_rubygems_version: !ruby/object:Gem::Requirement
   none: false
   requirements:
-  - - ! '>='
+  - - ! '>'
     - !ruby/object:Gem::Version
-      version: '0'
-      segments:
-      - 0
-      hash: 838883882659964076
+      version: 1.3.1
 requirements: []
 rubyforge_project: 
 rubygems_version: 1.8.24