encrypt_attr 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 7d7a8ac4f58ba91632d01b7380b19c5c5f16bfce
+  data.tar.gz: f6b3c3b8d5ee257415283fd5865e6be0e215b328
+SHA512:
+  metadata.gz: 98ca694d0fafbfa8a42ccb317c1cf39109869a1e1c7f0c1c1ece4a6e0d1769a3cb92b92d3307e233ae34595f58bcafabe126bc5c9ead60ae05ad38af264415cb
+  data.tar.gz: 4b26149a8078efce5c4b56b79413f1ebe077c7742244701a6de97b8021886f80edaacca7025965a9d8548ee5d9d9d9000de5cf98c1335f567f9d5a2f04280374

data/.gitignore

@@ -0,0 +1,9 @@
+/.bundle/
+/.yardoc
+/Gemfile.lock
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/

data/.travis.yml

@@ -0,0 +1,11 @@
+language: ruby
+cache: bundler
+sudo: false
+rvm:
+  - '2.0'
+  - '2.1'
+  - '2.2'
+addons:
+  code_climate:
+    repo_token:
+      secure: "4vr2TYLMkquEL3/7mnnmE9diuQ98ug3iNw3eXB69JCC5OIW8DGRlL20/44+dh6xEImkkvp6bKQQrikvYTMpqrDi4MeAYFHzAWw2p7Oc+A5bGERamByTakM0wyl9ypnwHGzpleBoHShk7TP/Dpl6w25ME1QPb67qF8uPeeIQJQzE="

data/CHANGELOG.md

@@ -0,0 +1,5 @@
+# Changelog
+
+## v0.1.0
+
+- Initial release.

data/CODE_OF_CONDUCT.md

@@ -0,0 +1,13 @@
+# Contributor Code of Conduct
+
+As contributors and maintainers of this project, we pledge to respect all people who contribute through reporting issues, posting feature requests, updating documentation, submitting pull requests or patches, and other activities.
+
+We are committed to making participation in this project a harassment-free experience for everyone, regardless of level of experience, gender, gender identity and expression, sexual orientation, disability, personal appearance, body size, race, age, or religion.
+
+Examples of unacceptable behavior by participants include the use of sexual language or imagery, derogatory comments or personal attacks, trolling, public or private harassment, insults, or other unprofessional conduct.
+
+Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct. Project maintainers who do not follow the Code of Conduct may be removed from the project team.
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by opening an issue or contacting one or more of the project maintainers.
+
+This Code of Conduct is adapted from the [Contributor Covenant](http://contributor-covenant.org), version 1.0.0, available at [http://contributor-covenant.org/version/1/0/0/](http://contributor-covenant.org/version/1/0/0/)

data/Gemfile

@@ -0,0 +1,2 @@
+source 'https://rubygems.org'
+gemspec

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2015 Nando Vieira
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,146 @@
+# EncryptAttr
+
+[![Build Status](https://travis-ci.org/fnando/encrypt_attr.svg)](https://travis-ci.org/fnando/encrypt_attr)
+[![Code Climate](https://codeclimate.com/github/fnando/encrypt_attr/badges/gpa.svg)](https://codeclimate.com/github/fnando/encrypt_attr)
+[![Test Coverage](https://codeclimate.com/github/fnando/encrypt_attr/badges/coverage.svg)](https://codeclimate.com/github/fnando/encrypt_attr)
+
+Encrypt attributes using AES-256-CBC (or your custom encryption algorithm). Works with and without ActiveRecord.
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'encrypt_attr'
+```
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install encrypt_attr
+
+## Usage
+
+The most basic usage is including the `EncryptAttr` module.
+
+```ruby
+class User
+  include EncryptAttr
+  attr_accessor :encrypted_api_key
+  encrypt_attr :api_key
+end
+```
+
+The `encrypt_attr` method has some aliases, so you can also use any of these:
+
+- `attr_encrypt`
+- `attr_encrypted`
+- `attr_vault`
+- `encrypt_attr`
+- `encrypt_attribute`
+- `encrypted_attr`
+- `encrypted_attribute`
+
+This assumes that you have a `encrypted_api_key` attribute. By default, the value is encrypted using a global secret token. You can set a custom token by setting `EncryptAttr.secret_token`; you have that use 100 characters or more (e.g. `$ openssl rand -hex 50`).
+
+```ruby
+EncryptAttr.secret_token = 'abc123'
+```
+
+You can also set the secret token per attribute basis.
+
+```ruby
+class User
+  include EncryptAttr
+  attr_accessor :encrypted_api_key
+  encrypt_attr :api_key, secret: USER_SECRET_TOKEN
+end
+```
+
+To access the decrypted value, just use the method with the same name.
+
+```ruby
+user = User.new
+user.api_key = 'abc123'
+user.api_key                #=> abc123
+user.encrypted_api_key      #=> UcnhbnAl1Rmvt1mkG0m1FA...
+
+user.api_key = 'newsecret'
+user.api_key                #=> newsecret
+user.encrypted_api_key      #=> JgH5dFGl8HnJNEloXZ6qSg...
+```
+
+You encrypt multiple attributes at once.
+
+```ruby
+class User
+  include EncryptAttr
+  attr_accessor :encrypted_api_key
+  encrypt_attr :api_key, :api_client_id
+end
+```
+
+### ActiveRecord integration
+
+You can also use encrypted attributes with ActiveRecord. If ActiveRecord is available, it's included automatically. You can also manually include `EncryptAttr::Base` or require `encrypt_attr/activerecord`.
+
+```ruby
+class User < ActiveRecord::Base
+  encrypt_attr :api_key
+end
+```
+
+The usage is pretty much the same, and you can set a secret for each attribute. The example above will require a column name `encrypted_api_key`.
+
+```ruby
+class AddEncryptedApiKeyToUsers < ActiveRecord::Base
+  def change
+    add_column :users, :encrypted_api_key, :text, null: false
+  end
+end
+```
+
+### Using a custom encryption
+
+You can define your encryption engine by defining an object that responds to `encrypt(secret_token, value)` and `decrypt(secret_token, value)`. Here's an example:
+
+```ruby
+module ReverseEncryptor
+  def self.encrypt(secret_token, value)
+    value.to_s.reverse
+  end
+
+  def self.decrypt(secret_token, value)
+    value.to_s.reverse
+  end
+end
+
+EncryptAttr.encryptor = ReverseEncryptor
+
+class User
+  include EncryptAttr
+  attr_accessor :encrypted_api_key
+  attr_encrypted :api_key
+end
+
+user = User.new
+user.api_key = 'API_KEY'
+user.encrypted_api_key #=> 'YEK_IPA'
+```
+
+## Development
+
+After checking out the repo, run `bin/setup` to install dependencies. Then, run `bin/console` for an interactive prompt that will allow you to experiment.
+
+To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release` to create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
+
+## Contributing
+
+1. Fork it ( https://github.com/fnando/encrypt_attr/fork )
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create a new Pull Request

data/Rakefile

@@ -0,0 +1,11 @@
+require 'bundler/gem_tasks'
+require 'rake/testtask'
+
+Rake::TestTask.new(:spec) do |t|
+  t.libs << 'spec'
+  t.libs << 'lib'
+  t.test_files = FileList['spec/**/*_spec.rb']
+end
+
+task :default => :spec
+

data/encrypt_attr.gemspec

@@ -0,0 +1,26 @@
+require './lib/encrypt_attr/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = 'encrypt_attr'
+  spec.version       = EncryptAttr::VERSION
+  spec.authors       = ['Nando Vieira']
+  spec.email         = ['fnando.vieira@gmail.com']
+  spec.summary       = 'Encrypt attributes using AES-256-CBC (or your custom encryption algorithm). Works with and without ActiveRecord.'
+  spec.description   = spec.summary
+  spec.homepage      = 'http://rubygems.org/gems/encrypt_attr'
+  spec.license       = 'MIT'
+
+  spec.files         = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
+  spec.bindir        = 'exe'
+  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.require_paths = ['lib']
+
+  spec.add_development_dependency 'bundler'
+  spec.add_development_dependency 'rake'
+  spec.add_development_dependency 'minitest'
+  spec.add_development_dependency 'minitest-reporters'
+  spec.add_development_dependency 'sqlite3'
+  spec.add_development_dependency 'activerecord'
+  spec.add_development_dependency 'pry-meta'
+  spec.add_development_dependency 'codeclimate-test-reporter'
+end

data/lib/encrypt_attr.rb

@@ -0,0 +1,19 @@
+require 'forwardable'
+
+module EncryptAttr
+  require 'encrypt_attr/version'
+  require 'encrypt_attr/encryptor'
+  require 'encrypt_attr/base'
+  require 'encrypt_attr/active_record' if defined?(ActiveRecord)
+
+  class << self
+    extend Forwardable
+    def_delegators Base,  :secret_token, :secret_token=,
+                          :encryptor, :encryptor=,
+                          :validate_secret_token
+  end
+
+  def self.included(target)
+    target.send :include, Base
+  end
+end

data/lib/encrypt_attr/active_record.rb

@@ -0,0 +1,2 @@
+require 'encrypt_attr'
+ActiveRecord::Base.send :include, EncryptAttr::Base

data/lib/encrypt_attr/base.rb

@@ -0,0 +1,69 @@
+module EncryptAttr
+  module Base
+    def self.included(target)
+      target.extend(ClassMethods)
+    end
+
+    class << self
+      # Define the object that will encrypt/decrypt values.
+      # By default, it's EncryptAttr::Encryptor
+      attr_accessor :encryptor
+    end
+
+    def self.secret_token
+      @secret_token
+    end
+
+    def self.secret_token=(secret_token)
+      validate_secret_token(secret_token.to_s)
+      @secret_token = secret_token.to_s
+    end
+
+    def self.validate_secret_token(secret_token)
+      if secret_token.size < 100
+        offending_line = caller
+                          .reject {|entry| entry.include?(__dir__) || entry.include?('forwardable.rb') }
+                          .first[/^(.*?:\d+)/, 1]
+        warn "[encrypt_attribute] secret token must have at least 100 characters (called from #{offending_line})"
+      end
+    end
+
+    # Set initial token value to empty string.
+    # Cannot assign through writer method because of size warning.
+    @secret_token = ''
+
+    # Set initial encryptor engine.
+    self.encryptor = Encryptor
+
+    module ClassMethods
+      def encrypt_attr(*args, secret_token: EncryptAttr.secret_token)
+        EncryptAttr.validate_secret_token(secret_token)
+
+        args.each do |attribute|
+          define_encrypted_attribute(attribute, secret_token)
+        end
+      end
+      alias_method :attr_encrypt, :encrypt_attr
+      alias_method :attr_encrypted, :encrypt_attr
+      alias_method :attr_vault, :encrypt_attr
+      alias_method :encrypt_attr, :encrypt_attr
+      alias_method :encrypt_attribute, :encrypt_attr
+      alias_method :encrypted_attr, :encrypt_attr
+      alias_method :encrypted_attribute, :encrypt_attr
+
+      private
+
+      def define_encrypted_attribute(attribute, secret_token)
+        define_method attribute do
+          instance_variable_get("@#{attribute}")
+        end
+
+        define_method "#{attribute}=" do |value|
+          instance_variable_set("@#{attribute}", value)
+          send("encrypted_#{attribute}=", nil)
+          send("encrypted_#{attribute}=", EncryptAttr.encryptor.encrypt(secret_token, value)) if value
+        end
+      end
+    end
+  end
+end

data/lib/encrypt_attr/encryptor.rb

@@ -0,0 +1,45 @@
+require 'digest/sha2'
+require 'base64'
+require 'openssl'
+
+module EncryptAttr
+  class Encryptor
+    def self.encrypt(secret_token, value)
+      new(secret_token).encrypt(value)
+    end
+
+    def self.decrypt(secret_token, value)
+      new(secret_token).decrypt(value)
+    end
+
+    # Set the encryptor's secret token.
+    attr_reader :secret_token
+
+    def initialize(secret_token)
+      @secret_token = secret_token
+    end
+
+    def encrypt(value)
+      encode cipher(:encrypt, value)
+    end
+
+    def decrypt(value)
+      cipher(:decrypt, decode(value))
+    end
+
+    def cipher(mode, value)
+      cipher = OpenSSL::Cipher.new('AES-256-CBC').public_send(mode)
+      cipher.key = Digest::SHA256.digest(secret_token)
+      cipher.iv = Digest::SHA256.digest(secret_token)
+      cipher.update(value) + cipher.final
+    end
+
+    def encode(value)
+      Base64.encode64(value).chomp
+    end
+
+    def decode(value)
+      Base64.decode64(value)
+    end
+  end
+end

data/lib/encrypt_attr/version.rb

@@ -0,0 +1,3 @@
+module EncryptAttr
+  VERSION = '0.1.0'
+end

metadata

@@ -0,0 +1,172 @@
+--- !ruby/object:Gem::Specification
+name: encrypt_attr
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Nando Vieira
+autorequire: 
+bindir: exe
+cert_chain: []
+date: 2015-03-27 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: minitest
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: minitest-reporters
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: sqlite3
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: activerecord
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: pry-meta
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: codeclimate-test-reporter
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Encrypt attributes using AES-256-CBC (or your custom encryption algorithm).
+  Works with and without ActiveRecord.
+email:
+- fnando.vieira@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".travis.yml"
+- CHANGELOG.md
+- CODE_OF_CONDUCT.md
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- encrypt_attr.gemspec
+- lib/encrypt_attr.rb
+- lib/encrypt_attr/active_record.rb
+- lib/encrypt_attr/base.rb
+- lib/encrypt_attr/encryptor.rb
+- lib/encrypt_attr/version.rb
+homepage: http://rubygems.org/gems/encrypt_attr
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.4.6
+signing_key: 
+specification_version: 4
+summary: Encrypt attributes using AES-256-CBC (or your custom encryption algorithm).
+  Works with and without ActiveRecord.
+test_files: []