encrypt_attr 0.2.2 → 0.3.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/.travis.yml +12 -9
- data/README.md +18 -0
- data/Rakefile +0 -1
- data/lib/encrypt_attr/base.rb +3 -12
- data/lib/encrypt_attr/encryptor.rb +33 -8
- data/lib/encrypt_attr/version.rb +1 -1
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
|
-
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
2
|
+
SHA256:
|
|
3
|
+
metadata.gz: 0b805ac4e240904c7de37c0d3ed5efbb32412e2f6ee297c89dbd2836b99328b2
|
|
4
|
+
data.tar.gz: 184ff8078f6cecc0fbff2ddde38686776a0259334f31062841290d98554aa5aa
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: f55ea50b43482b30e7d85dc7e2de3acbcc8b53d2c055854a379b81d5ae58eb885eccd025e00f60bccfd6badd87419468ce721f13ee4211bd04783b964608728e
|
|
7
|
+
data.tar.gz: db6b9e840f8631a831b7b35186498bbf78624ddca46cb39d3af85115016c0060765d2004e622d7df6b538b195a6f320892fd4c8f993db29f23f7d713e6d2065b
|
data/.travis.yml
CHANGED
|
@@ -1,13 +1,16 @@
|
|
|
1
1
|
language: ruby
|
|
2
2
|
cache: bundler
|
|
3
3
|
sudo: false
|
|
4
|
+
notifications:
|
|
5
|
+
email: false
|
|
4
6
|
rvm:
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
7
|
+
- 2.5.1
|
|
8
|
+
before_script:
|
|
9
|
+
- curl -L https://codeclimate.com/downloads/test-reporter/test-reporter-latest-linux-amd64 > ./cc-test-reporter
|
|
10
|
+
- chmod +x ./cc-test-reporter
|
|
11
|
+
- "./cc-test-reporter before-build"
|
|
12
|
+
after_script:
|
|
13
|
+
- "./cc-test-reporter after-build --exit-code $TRAVIS_TEST_RESULT"
|
|
14
|
+
env:
|
|
15
|
+
global:
|
|
16
|
+
secure: Qr1hys7KWk6pxd9Vgxuged9iDIEw/UbHPpED4PhI3HLY/cCJF2k3Sr5zGnW4LHfWA3olmI1AlFsCuojul44V+tvb5pNAe7ZnzJp23ikhEFBjBvoJCnYrD01wD96sSD3m5bnT4+I6SEeHdMJwAvqM6bNXQaMJwJLyZHdAYK9DQnY=
|
data/README.md
CHANGED
|
@@ -143,6 +143,24 @@ class User
|
|
|
143
143
|
end
|
|
144
144
|
```
|
|
145
145
|
|
|
146
|
+
Your encryptor may validate the secret token.
|
|
147
|
+
|
|
148
|
+
```ruby
|
|
149
|
+
module ReverseEncryptor
|
|
150
|
+
def self.validate_secret_token(secret_token)
|
|
151
|
+
warn "=> You don't have to define a secret token with ReverseEncryptor" if secret_token
|
|
152
|
+
end
|
|
153
|
+
|
|
154
|
+
def self.encrypt(secret_token, value)
|
|
155
|
+
value.to_s.reverse
|
|
156
|
+
end
|
|
157
|
+
|
|
158
|
+
def self.decrypt(secret_token, value)
|
|
159
|
+
value.to_s.reverse
|
|
160
|
+
end
|
|
161
|
+
end
|
|
162
|
+
```
|
|
163
|
+
|
|
146
164
|
## Development
|
|
147
165
|
|
|
148
166
|
After checking out the repo, run `bin/setup` to install dependencies. Then, run `bin/console` for an interactive prompt that will allow you to experiment.
|
data/Rakefile
CHANGED
data/lib/encrypt_attr/base.rb
CHANGED
|
@@ -15,29 +15,20 @@ module EncryptAttr
|
|
|
15
15
|
end
|
|
16
16
|
|
|
17
17
|
def self.secret_token=(secret_token)
|
|
18
|
-
validate_secret_token(secret_token.to_s)
|
|
18
|
+
encryptor.validate_secret_token(secret_token.to_s) if encryptor.respond_to?(:validate_secret_token)
|
|
19
19
|
@secret_token = secret_token.to_s
|
|
20
20
|
end
|
|
21
21
|
|
|
22
|
-
def self.validate_secret_token(secret_token)
|
|
23
|
-
if secret_token.size < 100
|
|
24
|
-
offending_line = caller
|
|
25
|
-
.reject {|entry| entry.include?(__dir__) || entry.include?("forwardable.rb") }
|
|
26
|
-
.first[/^(.*?:\d+)/, 1]
|
|
27
|
-
warn "[encrypt_attribute] secret token must have at least 100 characters (called from #{offending_line})"
|
|
28
|
-
end
|
|
29
|
-
end
|
|
30
|
-
|
|
31
22
|
# Set initial token value to empty string.
|
|
32
23
|
# Cannot assign through writer method because of size warning.
|
|
33
|
-
@secret_token =
|
|
24
|
+
@secret_token = ""
|
|
34
25
|
|
|
35
26
|
# Set initial encryptor engine.
|
|
36
27
|
self.encryptor = Encryptor
|
|
37
28
|
|
|
38
29
|
module ClassMethods
|
|
39
30
|
def encrypt_attr(*args, secret_token: EncryptAttr.secret_token, encryptor: EncryptAttr.encryptor)
|
|
40
|
-
|
|
31
|
+
encryptor.validate_secret_token(secret_token) if encryptor.respond_to?(:validate_secret_token)
|
|
41
32
|
|
|
42
33
|
args.each do |attribute|
|
|
43
34
|
define_encrypted_attribute(attribute, secret_token, encryptor)
|
|
@@ -2,6 +2,16 @@ module EncryptAttr
|
|
|
2
2
|
class Encryptor
|
|
3
3
|
CIPHER = "AES-256-CBC".freeze
|
|
4
4
|
|
|
5
|
+
def self.validate_secret_token(secret_token)
|
|
6
|
+
return unless secret_token.size < 100
|
|
7
|
+
|
|
8
|
+
offending_line = caller
|
|
9
|
+
.reject {|entry| entry.include?(__dir__) || entry.include?("forwardable.rb") }
|
|
10
|
+
.first[/^(.*?:\d+)/, 1]
|
|
11
|
+
|
|
12
|
+
warn "[encrypt_attribute] secret token must have at least 100 characters (called from #{offending_line})"
|
|
13
|
+
end
|
|
14
|
+
|
|
5
15
|
def self.encrypt(secret_token, value)
|
|
6
16
|
new(secret_token).encrypt(value)
|
|
7
17
|
end
|
|
@@ -18,18 +28,33 @@ module EncryptAttr
|
|
|
18
28
|
end
|
|
19
29
|
|
|
20
30
|
def encrypt(value)
|
|
21
|
-
|
|
31
|
+
cipher = OpenSSL::Cipher.new(CIPHER).encrypt
|
|
32
|
+
key = Digest::SHA256.digest(secret_token)
|
|
33
|
+
iv = SecureRandom.random_bytes(cipher.iv_len).unpack("H*").first[0...cipher.iv_len]
|
|
34
|
+
|
|
35
|
+
cipher.key = key
|
|
36
|
+
cipher.iv = iv
|
|
37
|
+
|
|
38
|
+
iv + ";" + encode(cipher.update(value) + cipher.final)
|
|
22
39
|
end
|
|
23
40
|
|
|
24
41
|
def decrypt(value)
|
|
25
|
-
cipher
|
|
26
|
-
|
|
42
|
+
cipher = OpenSSL::Cipher.new(CIPHER).decrypt
|
|
43
|
+
key = Digest::SHA256.digest(secret_token)
|
|
44
|
+
|
|
45
|
+
parts = value.split(";")
|
|
46
|
+
|
|
47
|
+
if parts.size == 1
|
|
48
|
+
value = decode(value)
|
|
49
|
+
iv = key[0...cipher.iv_len]
|
|
50
|
+
else
|
|
51
|
+
iv = parts.first
|
|
52
|
+
value = decode(parts.last)
|
|
53
|
+
end
|
|
54
|
+
|
|
55
|
+
cipher.key = key
|
|
56
|
+
cipher.iv = iv
|
|
27
57
|
|
|
28
|
-
def cipher(mode, value)
|
|
29
|
-
cipher = OpenSSL::Cipher.new(CIPHER).public_send(mode)
|
|
30
|
-
digest = Digest::SHA256.digest(secret_token)
|
|
31
|
-
cipher.key = digest
|
|
32
|
-
cipher.iv = digest[0...cipher.iv_len]
|
|
33
58
|
cipher.update(value) + cipher.final
|
|
34
59
|
end
|
|
35
60
|
|
data/lib/encrypt_attr/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: encrypt_attr
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.3.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Nando Vieira
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2018-10-03 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|
|
@@ -164,7 +164,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
164
164
|
version: '0'
|
|
165
165
|
requirements: []
|
|
166
166
|
rubyforge_project:
|
|
167
|
-
rubygems_version: 2.
|
|
167
|
+
rubygems_version: 2.7.6
|
|
168
168
|
signing_key:
|
|
169
169
|
specification_version: 4
|
|
170
170
|
summary: Encrypt attributes using AES-256-CBC (or your custom encryption strategy).
|