encrypt_attr 0.2.2 → 0.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +5 -5
- data/.travis.yml +12 -9
- data/README.md +18 -0
- data/Rakefile +0 -1
- data/lib/encrypt_attr/base.rb +3 -12
- data/lib/encrypt_attr/encryptor.rb +33 -8
- data/lib/encrypt_attr/version.rb +1 -1
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
|
-
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
2
|
+
SHA256:
|
|
3
|
+
metadata.gz: 0b805ac4e240904c7de37c0d3ed5efbb32412e2f6ee297c89dbd2836b99328b2
|
|
4
|
+
data.tar.gz: 184ff8078f6cecc0fbff2ddde38686776a0259334f31062841290d98554aa5aa
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: f55ea50b43482b30e7d85dc7e2de3acbcc8b53d2c055854a379b81d5ae58eb885eccd025e00f60bccfd6badd87419468ce721f13ee4211bd04783b964608728e
|
|
7
|
+
data.tar.gz: db6b9e840f8631a831b7b35186498bbf78624ddca46cb39d3af85115016c0060765d2004e622d7df6b538b195a6f320892fd4c8f993db29f23f7d713e6d2065b
|
data/.travis.yml
CHANGED
|
@@ -1,13 +1,16 @@
|
|
|
1
1
|
language: ruby
|
|
2
2
|
cache: bundler
|
|
3
3
|
sudo: false
|
|
4
|
+
notifications:
|
|
5
|
+
email: false
|
|
4
6
|
rvm:
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
7
|
+
- 2.5.1
|
|
8
|
+
before_script:
|
|
9
|
+
- curl -L https://codeclimate.com/downloads/test-reporter/test-reporter-latest-linux-amd64 > ./cc-test-reporter
|
|
10
|
+
- chmod +x ./cc-test-reporter
|
|
11
|
+
- "./cc-test-reporter before-build"
|
|
12
|
+
after_script:
|
|
13
|
+
- "./cc-test-reporter after-build --exit-code $TRAVIS_TEST_RESULT"
|
|
14
|
+
env:
|
|
15
|
+
global:
|
|
16
|
+
secure: Qr1hys7KWk6pxd9Vgxuged9iDIEw/UbHPpED4PhI3HLY/cCJF2k3Sr5zGnW4LHfWA3olmI1AlFsCuojul44V+tvb5pNAe7ZnzJp23ikhEFBjBvoJCnYrD01wD96sSD3m5bnT4+I6SEeHdMJwAvqM6bNXQaMJwJLyZHdAYK9DQnY=
|
data/README.md
CHANGED
|
@@ -143,6 +143,24 @@ class User
|
|
|
143
143
|
end
|
|
144
144
|
```
|
|
145
145
|
|
|
146
|
+
Your encryptor may validate the secret token.
|
|
147
|
+
|
|
148
|
+
```ruby
|
|
149
|
+
module ReverseEncryptor
|
|
150
|
+
def self.validate_secret_token(secret_token)
|
|
151
|
+
warn "=> You don't have to define a secret token with ReverseEncryptor" if secret_token
|
|
152
|
+
end
|
|
153
|
+
|
|
154
|
+
def self.encrypt(secret_token, value)
|
|
155
|
+
value.to_s.reverse
|
|
156
|
+
end
|
|
157
|
+
|
|
158
|
+
def self.decrypt(secret_token, value)
|
|
159
|
+
value.to_s.reverse
|
|
160
|
+
end
|
|
161
|
+
end
|
|
162
|
+
```
|
|
163
|
+
|
|
146
164
|
## Development
|
|
147
165
|
|
|
148
166
|
After checking out the repo, run `bin/setup` to install dependencies. Then, run `bin/console` for an interactive prompt that will allow you to experiment.
|
data/Rakefile
CHANGED
data/lib/encrypt_attr/base.rb
CHANGED
|
@@ -15,29 +15,20 @@ module EncryptAttr
|
|
|
15
15
|
end
|
|
16
16
|
|
|
17
17
|
def self.secret_token=(secret_token)
|
|
18
|
-
validate_secret_token(secret_token.to_s)
|
|
18
|
+
encryptor.validate_secret_token(secret_token.to_s) if encryptor.respond_to?(:validate_secret_token)
|
|
19
19
|
@secret_token = secret_token.to_s
|
|
20
20
|
end
|
|
21
21
|
|
|
22
|
-
def self.validate_secret_token(secret_token)
|
|
23
|
-
if secret_token.size < 100
|
|
24
|
-
offending_line = caller
|
|
25
|
-
.reject {|entry| entry.include?(__dir__) || entry.include?("forwardable.rb") }
|
|
26
|
-
.first[/^(.*?:\d+)/, 1]
|
|
27
|
-
warn "[encrypt_attribute] secret token must have at least 100 characters (called from #{offending_line})"
|
|
28
|
-
end
|
|
29
|
-
end
|
|
30
|
-
|
|
31
22
|
# Set initial token value to empty string.
|
|
32
23
|
# Cannot assign through writer method because of size warning.
|
|
33
|
-
@secret_token =
|
|
24
|
+
@secret_token = ""
|
|
34
25
|
|
|
35
26
|
# Set initial encryptor engine.
|
|
36
27
|
self.encryptor = Encryptor
|
|
37
28
|
|
|
38
29
|
module ClassMethods
|
|
39
30
|
def encrypt_attr(*args, secret_token: EncryptAttr.secret_token, encryptor: EncryptAttr.encryptor)
|
|
40
|
-
|
|
31
|
+
encryptor.validate_secret_token(secret_token) if encryptor.respond_to?(:validate_secret_token)
|
|
41
32
|
|
|
42
33
|
args.each do |attribute|
|
|
43
34
|
define_encrypted_attribute(attribute, secret_token, encryptor)
|
|
@@ -2,6 +2,16 @@ module EncryptAttr
|
|
|
2
2
|
class Encryptor
|
|
3
3
|
CIPHER = "AES-256-CBC".freeze
|
|
4
4
|
|
|
5
|
+
def self.validate_secret_token(secret_token)
|
|
6
|
+
return unless secret_token.size < 100
|
|
7
|
+
|
|
8
|
+
offending_line = caller
|
|
9
|
+
.reject {|entry| entry.include?(__dir__) || entry.include?("forwardable.rb") }
|
|
10
|
+
.first[/^(.*?:\d+)/, 1]
|
|
11
|
+
|
|
12
|
+
warn "[encrypt_attribute] secret token must have at least 100 characters (called from #{offending_line})"
|
|
13
|
+
end
|
|
14
|
+
|
|
5
15
|
def self.encrypt(secret_token, value)
|
|
6
16
|
new(secret_token).encrypt(value)
|
|
7
17
|
end
|
|
@@ -18,18 +28,33 @@ module EncryptAttr
|
|
|
18
28
|
end
|
|
19
29
|
|
|
20
30
|
def encrypt(value)
|
|
21
|
-
|
|
31
|
+
cipher = OpenSSL::Cipher.new(CIPHER).encrypt
|
|
32
|
+
key = Digest::SHA256.digest(secret_token)
|
|
33
|
+
iv = SecureRandom.random_bytes(cipher.iv_len).unpack("H*").first[0...cipher.iv_len]
|
|
34
|
+
|
|
35
|
+
cipher.key = key
|
|
36
|
+
cipher.iv = iv
|
|
37
|
+
|
|
38
|
+
iv + ";" + encode(cipher.update(value) + cipher.final)
|
|
22
39
|
end
|
|
23
40
|
|
|
24
41
|
def decrypt(value)
|
|
25
|
-
cipher
|
|
26
|
-
|
|
42
|
+
cipher = OpenSSL::Cipher.new(CIPHER).decrypt
|
|
43
|
+
key = Digest::SHA256.digest(secret_token)
|
|
44
|
+
|
|
45
|
+
parts = value.split(";")
|
|
46
|
+
|
|
47
|
+
if parts.size == 1
|
|
48
|
+
value = decode(value)
|
|
49
|
+
iv = key[0...cipher.iv_len]
|
|
50
|
+
else
|
|
51
|
+
iv = parts.first
|
|
52
|
+
value = decode(parts.last)
|
|
53
|
+
end
|
|
54
|
+
|
|
55
|
+
cipher.key = key
|
|
56
|
+
cipher.iv = iv
|
|
27
57
|
|
|
28
|
-
def cipher(mode, value)
|
|
29
|
-
cipher = OpenSSL::Cipher.new(CIPHER).public_send(mode)
|
|
30
|
-
digest = Digest::SHA256.digest(secret_token)
|
|
31
|
-
cipher.key = digest
|
|
32
|
-
cipher.iv = digest[0...cipher.iv_len]
|
|
33
58
|
cipher.update(value) + cipher.final
|
|
34
59
|
end
|
|
35
60
|
|
data/lib/encrypt_attr/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: encrypt_attr
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.3.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Nando Vieira
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2018-10-03 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|
|
@@ -164,7 +164,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
164
164
|
version: '0'
|
|
165
165
|
requirements: []
|
|
166
166
|
rubyforge_project:
|
|
167
|
-
rubygems_version: 2.
|
|
167
|
+
rubygems_version: 2.7.6
|
|
168
168
|
signing_key:
|
|
169
169
|
specification_version: 4
|
|
170
170
|
summary: Encrypt attributes using AES-256-CBC (or your custom encryption strategy).
|