encrypted_attributes 0.0.2 → 0.1.0

data/CHANGELOG

@@ -1,5 +1,15 @@
 *SVN*
 
+*0.1.0* (May 5th, 2008)
+
+* Don't extend encrypted_string's encryptors, instead creating subclasses
+
+* Don't assume anything about attribute confirmations
+
+* Support storing the salt for SHA encryption in the same string as the original value
+
+* Update documentation
+
 *0.0.2* (September 26th, 2007)
 
 * Move test fixtures out of the test application root directory

data/MIT-LICENSE

@@ -1,4 +1,4 @@
-Copyright (c) 2006-2007 Aaron Pfeifer & Neil Abraham
+Copyright (c) 2006-2008 Aaron Pfeifer
 
 Permission is hereby granted, free of charge, to any person obtaining
 a copy of this software and associated documentation files (the
@@ -17,4 +17,4 @@ MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
 NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
 LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
 OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
-WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README

@@ -5,25 +5,21 @@ attributes.
 
 == Resources
 
-API
-
-* http://api.pluginaweek.org/encrypted_attributes
-
 Wiki
 
 * http://wiki.pluginaweek.org/Encrypted_attributes
 
-Announcement
+API
 
-* http://www.pluginaweek.org
+* http://api.pluginaweek.org/encrypted_attributes
 
-Source
+Development
 
-* http://svn.pluginaweek.org/trunk/plugins/active_record/miscellaneous/encrypted_attributes
+* http://dev.pluginaweek.org/browser/trunk/encrypted_attributes
 
-Development
+Source
 
-* http://dev.pluginaweek.org/browser/trunk/plugins/active_record/miscellaneous/encrypted_attributes
+* http://svn.pluginaweek.org/trunk/encrypted_attributes
 
 == Description
 
@@ -42,9 +38,7 @@ into the +encrypts+ method.  Examples of this are show in the Usage section.
 === SHA Encryption
 
 For SHA encryption, you can either use the default salt, a custom salt, or
-generate one based on the attributes of the model.  If the latter option is
-being used, a column in the table should be created to store the salt that is
-generated.
+generate one based on the attributes of the model.
 
 With the default salt:
   class User < ActiveRecord::Base
@@ -53,13 +47,18 @@ With the default salt:
 
 With a custom salt:
   class User < ActiveRecord::Base
-    encrypts :password, :salt => true
+    encrypts :password, :salt => :create_salt
     
-    def create_salt
-      "#{login}_salt"
-    end
+    private
+      def create_salt
+        "#{login}_salt"
+      end
   end
 
+The salt and password values are combined and stored in the attributed being
+encrypted.  Therefore, there's no need to add a second column for storing the
+salt value.
+
 === Symmetric Encryption
 
 With the default key:
@@ -84,19 +83,23 @@ With custom key files:
     encrypts :password, :mode => :asymmetric, :public_key_file => '/keys/public', :private_key_file => '/keys/private'
   end
 
-=== The crypted attribute
 
-The attribute which stores the unencrypted value is a "virtual" attribute.
-This means that there is no column with the same name in the database.
-Instead, the encrypted value is stored in the crypted attributed.  By default,
-this is assumed to be +crypted_#{attr_name}+.  Therefore, if you are encrypting
-the "password" attribute, the encrypted value would be stored in
-+crypted_password+.
+=== Targeted Encryption
+
+If you want to store the encrypted value in a different attribute than the
+attribute being encrypted, you can do so like so:
+
+  class User < ActiveRecord::Base
+    encrypts :password, :to => :crypted_password
+  end
+
+=== Conditional Encryption
 
-The crypted attribute name can be customized like so:
+Like ActiveRecord validations, +encrypts+ can take <tt>:if</tt> and <tt>:unless</tt>
+parameters that determine whether the encryption should occur.  For example,
 
   class User < ActiveRecord::Base
-    encrypts :password, :crypted_name => 'protected_password'
+    encrypts :password, :if => Proc.new {Rails.env != 'development'}
   end
 
 === Additional information
@@ -112,5 +115,4 @@ Before you can run any tests, the following gem must be installed:
 
 == Dependencies
 
-This plugin depends on the presence of the following plugins:
 * encrypted_strings[http://wiki.pluginaweek.org/Encrypted_strings]

data/Rakefile

@@ -4,7 +4,7 @@ require 'rake/gempackagetask'
 require 'rake/contrib/sshpublisher'
 
 PKG_NAME           = 'encrypted_attributes'
-PKG_VERSION        = '0.0.2'
+PKG_VERSION        = '0.1.0'
 PKG_FILE_NAME      = "#{PKG_NAME}-#{PKG_VERSION}"
 RUBY_FORGE_PROJECT = 'pluginaweek'
 
@@ -40,8 +40,8 @@ spec = Gem::Specification.new do |s|
   s.test_files      = Dir['test/**/*_test.rb']
   s.add_dependency  'encrypted_strings', '>= 0.0.1'
   
-  s.author          = 'Aaron Pfeifer, Neil Abraham'
-  s.email           = 'info@pluginaweek.org'
+  s.author          = 'Aaron Pfeifer'
+  s.email           = 'aaron@pluginaweek.org'
   s.homepage        = 'http://www.pluginaweek.org'
 end
   
@@ -53,12 +53,12 @@ end
 
 desc 'Publish the beta gem'
 task :pgem => [:package] do
-  Rake::SshFilePublisher.new('pluginaweek@pluginaweek.org', '/home/pluginaweek/gems.pluginaweek.org/gems', 'pkg', "#{PKG_FILE_NAME}.gem").upload
+  Rake::SshFilePublisher.new('aaron@pluginaweek.org', '/home/aaron/gems.pluginaweek.org/public/gems', 'pkg', "#{PKG_FILE_NAME}.gem").upload
 end
 
 desc 'Publish the API documentation'
 task :pdoc => [:rdoc] do
-  Rake::SshDirPublisher.new('pluginaweek@pluginaweek.org', "/home/pluginaweek/api.pluginaweek.org/#{PKG_NAME}", 'rdoc').upload
+  Rake::SshDirPublisher.new('aaron@pluginaweek.org', "/home/aaron/api.pluginaweek.org/public/#{PKG_NAME}", 'rdoc').upload
 end
 
 desc 'Publish the API docs and gem'
@@ -70,7 +70,7 @@ task :release => [:gem, :package] do
   
   ruby_forge = RubyForge.new
   ruby_forge.login
-
+  
   %w( gem tgz zip ).each do |ext|
     file = "pkg/#{PKG_FILE_NAME}.#{ext}"
     puts "Releasing #{File.basename(file)}..."

data/lib/encrypted_attributes/sha_encryptor.rb

@@ -0,0 +1,42 @@
+module PluginAWeek #:nodoc:
+  module EncryptedAttributes
+    # Supports encryption for ActiveRecord models by adding dynamically generated
+    # salts
+    class ShaEncryptor < PluginAWeek::EncryptedStrings::ShaEncryptor
+      def initialize(record, value, operation, options = {}) #:nodoc:
+        if operation == :write
+          # Figure out the actual salt value
+          if salt = options[:salt]
+            options[:salt] =
+              case salt
+              when Symbol
+                record.send(salt).to_s
+              when Proc
+                salt.call(record).to_s
+              else
+                salt
+              end
+          end
+          
+          @dynamic_salt = salt != options[:salt]
+          super(options)
+        else
+          # The salt is in the value if it's dynamic
+          salt = value[40..-1]
+          if @dynamic_salt = !salt.blank?
+            options.merge!(:salt => salt) 
+          end
+          
+          super(options)
+        end
+      end
+      
+      # Encrypts the data, appending the salt to the end of the string
+      def encrypt(data)
+        encrypted_data = Digest::SHA1.hexdigest(data + salt)
+        encrypted_data << salt if @dynamic_salt
+        encrypted_data
+      end
+    end
+  end
+end

data/lib/encrypted_attributes.rb

@@ -1,6 +1,5 @@
 require 'encrypted_strings'
-require 'encrypted_attributes/extensions/encryptor'
-require 'encrypted_attributes/extensions/sha_encryptor'
+require 'encrypted_attributes/sha_encryptor'
 
 module PluginAWeek #:nodoc:
   module EncryptedAttributes
@@ -13,55 +12,62 @@ module PluginAWeek #:nodoc:
       # 
       # Configuration options:
       # * +mode+ - The mode of encryption to use.  Default is sha.
-      # * +crypted_name+ - The name of the attribute to store the crypted value in.  Default is "crypted_#{attr_name}".
+      # * +to+ - The attribute to write the encrypted value. Default is the same attribute being encryupted.
+      # * +if+ - Specifies a method, proc or string to call to determine if the encryption should occur. The method, proc or string should return or evaluate to a true or false value.
+      # * +unless+ - Specifies a method, proc or string to call to determine if the encryption should not occur. The method, proc or string should return or evaluate to a true or false value. 
       # 
       # For additional configuration options, see the individual encryptor class.
       def encrypts(attr_name, options = {})
-        mode = options.delete(:mode) || :sha
-        encryptor_class = "PluginAWeek::EncryptedStrings::#{mode.to_s.classify}Encryptor".constantize
-        
-        options.reverse_merge!(
-          :crypted_name => "crypted_#{attr_name}"
-        )
-        crypted_attr_name = options.delete(:crypted_name)
-        raise ArgumentError, 'Attribute name cannot be same as crypted name' if attr_name == crypted_attr_name
+        attr_name = attr_name.to_s
+        to_attr_name = options.delete(:to) || attr_name
         
-        # Creator accessor for the virtual attribute
-        attr_accessor attr_name
-        
-        # Define the reader when reading the crypted value from the db
-        crypted_var_name = "@#{crypted_attr_name}"
-        define_method(crypted_attr_name) do
-          if (value = read_attribute(crypted_attr_name)) && !value.encrypted?
-            encryptor_options = options.dup
-            encryptor_class.process_options(self, :read, encryptor_options)
-            value.encryptor = encryptor_class.new(encryptor_options)
-          end
-          
-          value
+        mode = options.delete(:mode) || :sha
+        if mode == :sha
+          encryptor_class = "PluginAWeek::EncryptedAttributes::#{mode.to_s.classify}Encryptor".constantize
+        else
+          encryptor_class = "PluginAWeek::EncryptedStrings::#{mode.to_s.classify}Encryptor".constantize
         end
         
         # Set the value immediately before validation takes place
-        before_validation do |model|
-          value = model.send(attr_name)
+        before_validation(:if => options.delete(:if), :unless => options.delete(:unless)) do |record|
+          value = record.send(attr_name)
           
-          if !value.blank?
-            unless value.encrypted?
-              encryptor_options = options.dup
-              encryptor_class.process_options(model, :write, encryptor_options)
-              value = value.encrypt(mode, encryptor_options)
-            end
+          unless value.blank? || value.encrypted?
+            # Add contextual information for this plugin's encryptors
+            encryptor =
+              if encryptor_class.parent == PluginAWeek::EncryptedAttributes
+                encryptor_class.new(record, value, :write, options.dup)
+              else
+                encryptor_class.new(options.dup)
+              end
             
-            model.send("#{crypted_attr_name}=", value)
+            # Encrypt the value and then track the encryptor used
+            value = encryptor.encrypt(value)
+            value.encryptor = encryptor
+            
+            record.send("#{to_attr_name}=", value)
           end
+          
+          true
         end
         
-        # After saving, be sure to reset the virtual attribute value.  This also
-        # supported resetting the confirmation field if, for example, the plugin
-        # is being used for passwords
-        after_save do |model|
-          model.send("#{attr_name}=", nil)
-          model.send("#{attr_name}_confirmation=", nil) if model.respond_to?("#{attr_name}_confirmation=")
+        # Define the reader when reading the crypted attribute from the db
+        define_method(to_attr_name) do
+          value = read_attribute(to_attr_name)
+          
+          # Make sure we set the encryptor for equality comparison when reading
+          # from the database
+          unless value.blank? || value.encrypted? || attribute_changed?(to_attr_name)
+            # Add contextual information for this plugin's encryptors
+            value.encryptor =
+              if encryptor_class.parent == PluginAWeek::EncryptedAttributes
+                encryptor_class.new(self, value, :read, options.dup)
+              else
+                encryptor_class.new(options.dup)
+              end
+          end
+          
+          value
         end
       end
     end

data/test/app_root/config/environment.rb

@@ -0,0 +1,8 @@
+require 'config/boot'
+
+Rails::Initializer.run do |config|
+  config.plugin_paths << '..'
+  config.plugins = %w(encrypted_strings encrypted_attributes)
+  config.cache_classes = false
+  config.whiny_nils = true
+end

data/test/app_root/db/migrate/001_create_users.rb

@@ -1,16 +1,13 @@
 class CreateUsers < ActiveRecord::Migration
   def self.up
-    create_table :users, :force => true do |t|
-      t.column :protected_password, :string, :limit => 255
-      t.column :crypted_password,   :string, :limit => 255
-      t.column :salt,               :string, :limit => 50
-      t.column :salt_value,         :string, :limit => 50
-      t.column :login,              :string, :limit => 50
-      t.column :type,               :string, :limit => 20
+    create_table :users do |t|
+      t.string :login
+      t.string :password
+      t.string :crypted_password
     end
   end
   
   def self.down
     drop_table :users
   end
-end
+end

data/test/factory.rb

@@ -0,0 +1,31 @@
+module Factory
+  # Build actions for the class
+  def self.build(klass, &block)
+    name = klass.to_s.underscore
+    define_method("#{name}_attributes", block)
+    
+    module_eval <<-end_eval
+      def valid_#{name}_attributes(attributes = {})
+        #{name}_attributes(attributes)
+        attributes
+      end
+      
+      def new_#{name}(attributes = {})
+        #{klass}.new(valid_#{name}_attributes(attributes))
+      end
+      
+      def create_#{name}(*args)
+        record = new_#{name}(*args)
+        record.save!
+        record.reload
+        record
+      end
+    end_eval
+  end
+  
+  build User do |attributes|
+    attributes.reverse_merge!(
+      :login => 'admin'
+    )
+  end
+end

data/test/test_helper.rb

@@ -1,10 +1,13 @@
-# Load local repository plugin paths
-$:.unshift("#{File.dirname(__FILE__)}/../../../../ruby/string/encrypted_strings/lib")
-
 # Load the plugin testing framework
-$:.unshift("#{File.dirname(__FILE__)}/../../../../test/plugin_test_helper/lib")
+$:.unshift("#{File.dirname(__FILE__)}/../../plugin_test_helper/lib")
 require 'rubygems'
 require 'plugin_test_helper'
 
 # Run the migrations
-ActiveRecord::Migrator.migrate("#{RAILS_ROOT}/db/migrate")
+ActiveRecord::Migrator.migrate("#{RAILS_ROOT}/db/migrate")
+
+# Mixin the factory helper
+require File.expand_path("#{File.dirname(__FILE__)}/factory")
+class Test::Unit::TestCase #:nodoc:
+  include Factory
+end

data/test/unit/encrypted_attributes_test.rb

@@ -2,129 +2,276 @@ require File.dirname(__FILE__) + '/../test_helper'
 
 class EncryptedAttributesTest < Test::Unit::TestCase
   def setup
-    PluginAWeek::EncryptedStrings::AsymmetricEncryptor.default_private_key_file = File.join(File.dirname(__FILE__), '..', 'keys', 'private')
-    PluginAWeek::EncryptedStrings::AsymmetricEncryptor.default_public_key_file = File.join(File.dirname(__FILE__), '..', 'keys', 'public')
-    
-    PluginAWeek::EncryptedStrings::SymmetricEncryptor.default_key = 'key'
-  end
-  
-  def test_encryption_with_default_options
-    {
-      ShaUser => PluginAWeek::EncryptedStrings::ShaEncryptor,
-      AsymmetricUser => PluginAWeek::EncryptedStrings::AsymmetricEncryptor,
-      SymmetricUser => PluginAWeek::EncryptedStrings::SymmetricEncryptor
-    }.each do |user_class, encryptor_class|
-      user = user_class.new
-      user.login = 'john doe'
-      user.password = 'secret'
-      
-      assert user.save
-      assert_not_nil user.crypted_password
-      assert user.crypted_password.encrypted?
-      assert_instance_of encryptor_class, user.crypted_password.encryptor
-    end
+    User.encrypts :password
   end
   
-  def test_encryption_with_custom_crypted_attribute
-    user = ShaUserWithCustomCryptedAttr.new
-    user.login = 'john doe'
-    user.password = 'secret'
-    
-    assert user.save
-    assert_nil user.crypted_password
-    assert_not_nil user.protected_password
-    assert user.protected_password.encrypted?
-    assert_instance_of PluginAWeek::EncryptedStrings::ShaEncryptor, user.protected_password.encryptor
+  def test_should_use_sha_by_default
+    user = create_user(:login => 'admin', :password => 'secret')
+    assert_equal '8152bc582f58c854f580cb101d3182813dec4afe', "#{user.password}"
   end
   
   def test_should_encrypt_on_invalid_model
-    user = ShaUser.new
-    user.login = nil
-    user.password = 'secret'
-    
-    assert !user.save
-    assert_not_nil user.password
-    assert_not_nil user.crypted_password
-    assert user.crypted_password.encrypted?
-    assert_instance_of PluginAWeek::EncryptedStrings::ShaEncryptor, user.crypted_password.encryptor
+    user = new_user(:login => nil, :password => 'secret')
+    assert !user.valid?
+    assert_equal '8152bc582f58c854f580cb101d3182813dec4afe', "#{user.password}"
+  end
+  
+  def test_should_not_encrypt_if_attribute_is_nil
+    user = create_user(:login => 'admin', :password => nil)
+    assert_nil user.password
   end
   
   def test_should_not_encrypt_if_attribute_is_blank
-    user = ShaUser.new
-    user.login = 'john doe'
-    user.password = nil
-    user.save
-    assert_nil user.crypted_password
-    
-    user.password = ''
-    assert user.save
-    assert_nil user.crypted_password
+    user = create_user(:login => 'admin', :password => '')
+    assert_equal '', user.password
   end
   
   def test_should_not_encrypt_if_already_encrypted
-    encrypted_password = 'secret'.encrypt
-    
-    user = ShaUser.new
-    user.login = 'john doe'
-    user.password = encrypted_password
-    
-    assert user.save
-    assert_equal encrypted_password, user.crypted_password
-  end
-  
-  def test_should_hide_attribute_after_save
-    user = ShaUser.new
-    user.login = 'john doe'
-    user.password = 'secret'
-    
-    assert user.save
-    assert_nil user.password
+    user = create_user(:login => 'admin', :password => 'secret'.encrypt)
+    assert_equal '8152bc582f58c854f580cb101d3182813dec4afe', "#{user.password}"
+  end
+  
+  def test_should_return_encrypted_attribute_for_saved_record
+    user = create_user(:login => 'admin', :password => 'secret')
+    user = User.find(user.id)
+    assert user.password.encrypted?
+    assert_equal '8152bc582f58c854f580cb101d3182813dec4afe', "#{user.password}"
   end
   
-  def test_should_hide_confirmation_attribute_after_save
-    user = ConfirmedShaUser.new
-    user.login = 'john doe'
-    user.password = 'secret'
-    user.password_confirmation = 'secret'
-    
-    assert user.save
+  def test_should_not_encrypt_attribute_if_updating_without_any_changes
+    user = create_user(:login => 'admin', :password => 'secret')
+    user.login = 'Administrator'
+    user.save!
+    assert user.password.encrypted?
+    assert_equal '8152bc582f58c854f580cb101d3182813dec4afe', "#{user.password}"
+  end
+  
+  def test_should_encrypt_attribute_if_updating_with_changes
+    user = create_user(:login => 'admin', :password => 'secret')
+    user.password = 'shhh'
+    user.save!
+    assert user.password.encrypted?
+    assert_equal '162cf5debf84cbc2af13da848544c3e2c515b4d3', "#{user.password}"
+  end
+  
+  def teardown
+    User.class_eval do
+      @before_validation_callbacks = nil
+    end
+  end
+end
+
+class EncryptedAttributesWithDifferentTargetTest < Test::Unit::TestCase
+  def setup
+    User.encrypts :password, :to => :crypted_password
+  end
+  
+  def test_should_not_encrypt_if_attribute_is_nil
+    user = create_user(:login => 'admin', :password => nil)
     assert_nil user.password
-    assert_nil user.password_confirmation
+    assert_nil user.crypted_password
   end
   
-  def test_sha_encryption_with_generated_salt
-    user = ShaUserWithSalt.new
-    user.login = 'john doe'
-    user.password = 'secret'
-    
-    assert user.save
-    assert_not_nil user.salt
-    assert_equal 'john doe_salt', user.salt
-    assert_equal 'secret', user.crypted_password
+  def test_should_not_encrypt_if_attribute_is_blank
+    user = create_user(:login => 'admin', :password => '')
+    assert_equal '', user.password
+    assert_nil user.crypted_password
   end
   
-  def test_sha_encryption_with_custom_generated_salt
-    user = ShaUserWithCustomSalt.new
-    user.login = 'john doe'
-    user.password = 'secret'
-    
-    assert user.save
-    assert_not_nil user.salt_value
-    assert_equal 'john doe_salt_value', user.salt_value
-    assert_equal 'secret', user.crypted_password
+  def test_should_not_encrypt_if_already_encrypted
+    user = create_user(:login => 'admin', :crypted_password => 'secret'.encrypt)
+    assert_equal '8152bc582f58c854f580cb101d3182813dec4afe', "#{user.crypted_password}"
   end
   
   def test_should_return_encrypted_attribute_for_saved_record
-    user = ShaUser.new
-    user.login = 'john doe'
-    user.password = 'secret'
-    
-    assert user.save
-    
-    user = ShaUser.find(user.id)
-    assert_nil user.password
-    assert_not_nil user.crypted_password
+    user = create_user(:login => 'admin', :password => 'secret')
+    user = User.find(user.id)
+    assert user.crypted_password.encrypted?
+    assert_equal '8152bc582f58c854f580cb101d3182813dec4afe', "#{user.crypted_password}"
+  end
+  
+  def test_should_not_encrypt_attribute_if_updating_without_any_changes
+    user = create_user(:login => 'admin', :password => 'secret')
+    user.login = 'Administrator'
+    user.save!
+    assert user.crypted_password.encrypted?
+    assert_equal '8152bc582f58c854f580cb101d3182813dec4afe', "#{user.crypted_password}"
+  end
+  
+  def test_should_encrypt_attribute_if_updating_with_changes
+    user = create_user(:login => 'admin', :password => 'secret')
+    user.password = 'shhh'
+    user.save!
     assert user.crypted_password.encrypted?
-    assert_instance_of PluginAWeek::EncryptedStrings::ShaEncryptor, user.crypted_password.encryptor
+    assert_equal '162cf5debf84cbc2af13da848544c3e2c515b4d3', "#{user.crypted_password}"
+  end
+  
+  def teardown
+    User.class_eval do
+      @before_validation_callbacks = nil
+    end
+  end
+end
+
+class EncryptedAttributesWithConditionalsTest < Test::Unit::TestCase
+  def test_should_not_encrypt_if_if_conditional_is_false
+    User.encrypts :password, :if => Proc.new {false}
+    user = create_user(:login => 'admin', :password => 'secret')
+    assert_equal 'secret', user.password
+  end
+  
+  def test_should_encrypt_if_if_conditional_is_true
+    User.encrypts :password, :if => Proc.new {true}
+    user = create_user(:login => 'admin', :password => 'secret')
+    assert_equal '8152bc582f58c854f580cb101d3182813dec4afe', "#{user.password}"
+  end
+  
+  def test_should_not_encrypt_if_unless_conditional_is_true
+    User.encrypts :password, :unless => Proc.new {true}
+    user = create_user(:login => 'admin', :password => 'secret')
+    assert_equal 'secret', user.password
+  end
+  
+  def test_should_encrypt_if_unless_conditional_is_false
+    User.encrypts :password, :unless => Proc.new {false}
+    user = create_user(:login => 'admin', :password => 'secret')
+    assert_equal '8152bc582f58c854f580cb101d3182813dec4afe', "#{user.password}"
+  end
+  
+  def teardown
+    User.class_eval do
+      @before_validation_callbacks = nil
+    end
+  end
+end
+
+class ShaEncryptionTest < Test::Unit::TestCase
+  def setup
+    User.encrypts :password, :mode => :sha
+    @user = create_user(:login => 'admin', :password => 'secret')
+  end
+  
+  def test_should_encrypt_password
+    assert_equal '8152bc582f58c854f580cb101d3182813dec4afe', "#{@user.password}"
+  end
+  
+  def test_should_be_encrypted
+    assert @user.password.encrypted?
+  end
+  
+  def test_should_use_sha_encryptor
+    assert_instance_of PluginAWeek::EncryptedAttributes::ShaEncryptor, @user.password.encryptor
+  end
+  
+  def test_should_use_default_salt
+    assert_equal 'salt', @user.password.encryptor.salt
+  end
+  
+  def test_should_be_able_to_check_password
+    assert_equal 'secret', @user.password
+  end
+  
+  def teardown
+    User.class_eval do
+      @before_validation_callbacks = nil
+    end
+  end
+end
+
+class ShaWithCustomSaltEncryptionTest < Test::Unit::TestCase
+  def setup
+    User.encrypts :password, :mode => :sha, :salt => :login
+    @user = create_user(:login => 'admin', :password => 'secret')
+  end
+  
+  def test_should_encrypt_password
+    assert_equal 'a55d037f385cad22efe7862e07b805938d150154admin', "#{@user.password}"
+  end
+  
+  def test_should_be_encrypted
+    assert @user.password.encrypted?
+  end
+  
+  def test_should_use_sha_encryptor
+    assert_instance_of PluginAWeek::EncryptedAttributes::ShaEncryptor, @user.password.encryptor
+  end
+  
+  def test_should_use_custom_salt
+    assert_equal 'admin', @user.password.encryptor.salt
+  end
+  
+  def test_should_be_able_to_check_password
+    assert_equal 'secret', @user.password
+  end
+  
+  def teardown
+    User.class_eval do
+      @before_validation_callbacks = nil
+    end
+  end
+end
+
+class SymmetricEncryptionTest < Test::Unit::TestCase
+  def setup
+    User.encrypts :password, :mode => :symmetric, :key => 'key'
+    @user = create_user(:login => 'admin', :password => 'secret')
+  end
+  
+  def test_should_encrypt_password
+    assert_equal "+YVKcPbqSWo=\n", @user.password
+  end
+  
+  def test_should_be_encrypted
+    assert @user.password.encrypted?
+  end
+  
+  def test_should_use_sha_encryptor
+    assert_instance_of PluginAWeek::EncryptedStrings::SymmetricEncryptor, @user.password.encryptor
+  end
+  
+  def test_should_use_custom_key
+    assert_equal 'key', @user.password.encryptor.key
+  end
+  
+  def test_should_be_able_to_check_password
+    assert_equal 'secret', @user.password
+  end
+  
+  def teardown
+    User.class_eval do
+      @before_validation_callbacks = nil
+    end
+  end
+end
+
+class AsymmetricEncryptionTest < Test::Unit::TestCase
+  def setup
+    User.encrypts :password, :mode => :asymmetric,
+      :private_key_file => File.dirname(__FILE__) + '/../keys/private',
+      :public_key_file => File.dirname(__FILE__) + '/../keys/public'
+    @user = create_user(:login => 'admin', :password => 'secret')
+  end
+  
+  def test_should_encrypt_password
+    assert_not_equal 'secret', "#{@user.password}"
+    assert_equal 90, @user.password.length
+  end
+  
+  def test_should_be_encrypted
+    assert @user.password.encrypted?
+  end
+  
+  def test_should_use_sha_encryptor
+    assert_instance_of PluginAWeek::EncryptedStrings::AsymmetricEncryptor, @user.password.encryptor
+  end
+  
+  def test_should_be_able_to_check_password
+    assert_equal 'secret', @user.password
+  end
+  
+  def teardown
+    User.class_eval do
+      @before_validation_callbacks = nil
+    end
   end
 end

data/test/unit/sha_encryptor_test.rb

@@ -1,64 +1,56 @@
 require File.dirname(__FILE__) + '/../test_helper'
 
-class ShaEncryptorTest < Test::Unit::TestCase
-  def test_should_respond_to_process_options
-    assert PluginAWeek::EncryptedStrings::ShaEncryptor.respond_to?(:process_options)
+class ShaEncryptorOnWriteTest < Test::Unit::TestCase
+  def setup
+    @user = create_user(:login => 'admin')
   end
   
-  def test_process_options_should_not_make_changes_for_salt_string
-    options = {:salt => 'my_salt_value'}
-    expected_options = {:salt => 'my_salt_value'}
-    PluginAWeek::EncryptedStrings::ShaEncryptor.process_options(User.new, :read, options)
-    PluginAWeek::EncryptedStrings::ShaEncryptor.process_options(User.new, :write, options)
-    
-    assert_equal expected_options, options
+  def test_should_allow_symbolic_salt
+    encryptor = PluginAWeek::EncryptedAttributes::ShaEncryptor.new(@user, 'password', :write, :salt => :login)
+    assert_equal 'admin', encryptor.salt
   end
   
-  def test_process_options_should_use_salt_attribute_for_salt_on_read
-    user = ShaUserWithSalt.new
-    user.login = 'test'
-    user.salt = 'existing_salt'
-    
-    options = {:salt => true}
-    expected_options = {:salt => 'existing_salt'}
-    PluginAWeek::EncryptedStrings::ShaEncryptor.process_options(user, :read, options)
-    
-    assert_equal expected_options, options
+  def test_should_allow_stringified_salt
+    encryptor = PluginAWeek::EncryptedAttributes::ShaEncryptor.new(@user, 'password', :write, :salt => 'custom_salt')
+    assert_equal 'custom_salt', encryptor.salt
   end
   
-  def test_process_options_should_generate_new_salt_on_write
-    user = ShaUserWithSalt.new
-    user.login = 'test'
-    user.salt = 'existing_salt'
-    
-    options = {:salt => true}
-    expected_options = {:salt => 'test_salt'}
-    PluginAWeek::EncryptedStrings::ShaEncryptor.process_options(user, :write, options)
-    
-    assert_equal expected_options, options
+  def test_should_allow_block_salt
+    dynamic_salt = Proc.new {|user| user.login}
+    encryptor = PluginAWeek::EncryptedAttributes::ShaEncryptor.new(@user, 'password', :write, :salt => dynamic_salt)
+    assert_equal 'admin', encryptor.salt
   end
   
-  def test_process_options_should_use_custom_attribute_for_salt_on_read
-    user = ShaUserWithCustomSalt.new
-    user.login = 'test'
-    user.salt_value = 'existing_salt_value'
-    
-    options = {:salt => :salt_value}
-    expected_options = {:salt => 'existing_salt_value'}
-    PluginAWeek::EncryptedStrings::ShaEncryptor.process_options(user, :read, options)
-    
-    assert_equal expected_options, options
+  def test_should_allow_dynamic_nil_salt
+    dynamic_salt = Proc.new {|user| nil}
+    encryptor = PluginAWeek::EncryptedAttributes::ShaEncryptor.new(@user, 'password', :write, :salt => dynamic_salt)
+    assert_equal '', encryptor.salt
   end
   
-  def test_process_options_should_generate_new_salt_from_custom_method_on_write
-    user = ShaUserWithCustomSalt.new
-    user.login = 'test'
-    user.salt_value = 'existing_salt_value'
-    
-    options = {:salt => :salt_value}
-    expected_options = {:salt => 'test_salt_value'}
-    PluginAWeek::EncryptedStrings::ShaEncryptor.process_options(user, :write, options)
-    
-    assert_equal expected_options, options
+  def test_should_append_salt_to_encrypted_value_if_dynamic
+    encryptor = PluginAWeek::EncryptedAttributes::ShaEncryptor.new(@user, 'password', :write, :salt => :login)
+    assert_equal 'a55d037f385cad22efe7862e07b805938d150154admin', encryptor.encrypt('secret')
+  end
+  
+  def test_should_not_append_salt_to_encrypted_value_if_static
+    encryptor = PluginAWeek::EncryptedAttributes::ShaEncryptor.new(@user, 'password', :write, :salt => 'custom_salt')
+    assert_equal 'dc0fc7c07bba982a8d8f18fe138dbea912df5e0e', encryptor.encrypt('secret')
+  end
+end
+
+class ShaEncryptorOnReadTest < Test::Unit::TestCase
+  def setup
+    @user = create_user(:login => 'admin')
+    @encryptor = PluginAWeek::EncryptedAttributes::ShaEncryptor.new(@user, 'dc0fc7c07bba982a8d8f18fe138dbea912df5e0ecustom_salt', :read)
+  end
+  
+  def test_should_should_use_remaining_characters_after_password_for_salt
+    assert_equal 'custom_salt', @encryptor.salt
+  end
+  
+  def test_should_be_able_to_perform_equality_on_encrypted_strings
+    password = 'dc0fc7c07bba982a8d8f18fe138dbea912df5e0ecustom_salt'
+    password.encryptor = @encryptor
+    assert_equal 'secret', password
   end
 end

metadata

@@ -1,89 +1,86 @@
 --- !ruby/object:Gem::Specification 
-rubygems_version: 0.9.4
-specification_version: 1
 name: encrypted_attributes
 version: !ruby/object:Gem::Version 
-  version: 0.0.2
-date: 2007-09-26 00:00:00 -04:00
-summary: Adds support for automatically encrypting ActiveRecord attributes
-require_paths: 
-- lib
-email: info@pluginaweek.org
-homepage: http://www.pluginaweek.org
-rubyforge_project: 
-description: 
-autorequire: encrypted_attributes
-default_executable: 
-bindir: bin
-has_rdoc: true
-required_ruby_version: !ruby/object:Gem::Version::Requirement 
-  requirements: 
-  - - ">"
-    - !ruby/object:Gem::Version 
-      version: 0.0.0
-  version: 
+  version: 0.1.0
 platform: ruby
-signing_key: 
-cert_chain: 
-post_install_message: 
 authors: 
-- Aaron Pfeifer, Neil Abraham
+- Aaron Pfeifer
+autorequire: encrypted_attributes
+bindir: bin
+cert_chain: []
+
+date: 2008-05-05 00:00:00 -04:00
+default_executable: 
+dependencies: 
+- !ruby/object:Gem::Dependency 
+  name: encrypted_strings
+  version_requirement: 
+  version_requirements: !ruby/object:Gem::Requirement 
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        version: 0.0.1
+    version: 
+description: 
+email: aaron@pluginaweek.org
+executables: []
+
+extensions: []
+
+extra_rdoc_files: []
+
 files: 
-- lib/encrypted_attributes.rb
 - lib/encrypted_attributes
-- lib/encrypted_attributes/extensions
-- lib/encrypted_attributes/extensions/sha_encryptor.rb
-- lib/encrypted_attributes/extensions/encryptor.rb
-- test/test_helper.rb
-- test/fixtures
-- test/app_root
+- lib/encrypted_attributes/sha_encryptor.rb
+- lib/encrypted_attributes.rb
 - test/keys
-- test/unit
-- test/fixtures/users.yml
-- test/app_root/app
+- test/keys/private
+- test/keys/public
+- test/factory.rb
+- test/app_root
 - test/app_root/db
-- test/app_root/app/models
-- test/app_root/app/models/sha_user_with_salt.rb
-- test/app_root/app/models/confirmed_sha_user.rb
-- test/app_root/app/models/asymmetric_user.rb
-- test/app_root/app/models/sha_user.rb
-- test/app_root/app/models/sha_user_with_custom_crypted_attr.rb
-- test/app_root/app/models/user.rb
-- test/app_root/app/models/sha_user_with_custom_salt.rb
-- test/app_root/app/models/symmetric_user.rb
 - test/app_root/db/migrate
 - test/app_root/db/migrate/001_create_users.rb
-- test/keys/private
-- test/keys/public
-- test/unit/encrypted_attributes_test.rb
+- test/app_root/config
+- test/app_root/config/environment.rb
+- test/app_root/app
+- test/app_root/app/models
+- test/app_root/app/models/user.rb
+- test/test_helper.rb
+- test/unit
 - test/unit/sha_encryptor_test.rb
-- test/unit/encryptor_test.rb
+- test/unit/encrypted_attributes_test.rb
 - CHANGELOG
 - init.rb
 - MIT-LICENSE
 - Rakefile
 - README
-test_files: 
-- test/unit/encrypted_attributes_test.rb
-- test/unit/sha_encryptor_test.rb
-- test/unit/encryptor_test.rb
+has_rdoc: true
+homepage: http://www.pluginaweek.org
+post_install_message: 
 rdoc_options: []
 
-extra_rdoc_files: []
-
-executables: []
-
-extensions: []
-
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      version: "0"
+  version: 
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      version: "0"
+  version: 
 requirements: []
 
-dependencies: 
-- !ruby/object:Gem::Dependency 
-  name: encrypted_strings
-  version_requirement: 
-  version_requirements: !ruby/object:Gem::Version::Requirement 
-    requirements: 
-    - - ">="
-      - !ruby/object:Gem::Version 
-        version: 0.0.1
-    version: 
+rubyforge_project: 
+rubygems_version: 1.1.0
+signing_key: 
+specification_version: 2
+summary: Adds support for automatically encrypting ActiveRecord attributes
+test_files: 
+- test/unit/sha_encryptor_test.rb
+- test/unit/encrypted_attributes_test.rb

data/lib/encrypted_attributes/extensions/encryptor.rb

@@ -1,14 +0,0 @@
-module PluginAWeek #:nodoc:
-  module EncryptedAttributes
-    module Extensions #:nodoc:
-      module Encryptor #:nodoc:
-        def process_options(model, operation, options)
-        end
-      end
-    end
-  end
-end
-
-PluginAWeek::EncryptedStrings::Encryptor.class_eval do
-  extend PluginAWeek::EncryptedAttributes::Extensions::Encryptor
-end

data/lib/encrypted_attributes/extensions/sha_encryptor.rb

@@ -1,28 +0,0 @@
-module PluginAWeek #:nodoc:
-  module EncryptedAttributes
-    module Extensions #:nodoc:
-      module ShaEncryptor
-        # Adds support for using a salt that is generated based on the model and
-        # stored in an attribute.
-        def process_options(model, operation, options)
-          if (salt_attr_name = options[:salt]) && (salt_attr_name == true || salt_attr_name.is_a?(Symbol))
-            salt_attr_name = 'salt' if salt_attr_name == true
-            
-            if operation == :write
-              salt_value = model.send("create_#{salt_attr_name}").to_s
-              model.send("#{salt_attr_name}=", salt_value)
-            else
-              salt_value = model.send(salt_attr_name)
-            end
-            
-            options[:salt] = salt_value
-          end
-        end
-      end
-    end
-  end
-end
-
-PluginAWeek::EncryptedStrings::ShaEncryptor.class_eval do
-  extend PluginAWeek::EncryptedAttributes::Extensions::ShaEncryptor
-end

data/test/app_root/app/models/asymmetric_user.rb

@@ -1,3 +0,0 @@
-class AsymmetricUser < User
-  encrypts :password, :mode => :asymmetric
-end

data/test/app_root/app/models/confirmed_sha_user.rb

@@ -1,13 +0,0 @@
-class ConfirmedShaUser < ShaUser
-  with_options(:if => :password_required?) do |klass|
-    validates_presence_of     :password,
-                              :crypted_password
-    validates_length_of       :password,
-                                :in => 4..40
-    validates_confirmation_of :password
-  end
-  
-  def password_required?
-    crypted_password.blank? || !password.blank?
-  end
-end

data/test/app_root/app/models/sha_user.rb

@@ -1,3 +0,0 @@
-class ShaUser < User
-  encrypts :password
-end

data/test/app_root/app/models/sha_user_with_custom_crypted_attr.rb

@@ -1,3 +0,0 @@
-class ShaUserWithCustomCryptedAttr < User
-  encrypts :password, :crypted_name => 'protected_password'
-end

data/test/app_root/app/models/sha_user_with_custom_salt.rb

@@ -1,7 +0,0 @@
-class ShaUserWithCustomSalt < User
-  encrypts :password, :salt => :salt_value
-  
-  def create_salt_value
-    "#{login}_salt_value"
-  end
-end

data/test/app_root/app/models/sha_user_with_salt.rb

@@ -1,7 +0,0 @@
-class ShaUserWithSalt < User
-  encrypts :password, :salt => true
-  
-  def create_salt
-    "#{login}_salt"
-  end
-end

data/test/app_root/app/models/symmetric_user.rb

@@ -1,3 +0,0 @@
-class SymmetricUser < User
-  encrypts :password, :mode => :symmetric
-end

data/test/fixtures/users.yml

@@ -1,8 +0,0 @@
-bob:
-  id: 1
-  login: bob
-  crypted_password: "0XlmUuNpE2k=\n"
-  type: SymmetricUser
-fred:
-  id: 2
-  login: fred

data/test/unit/encryptor_test.rb

@@ -1,13 +0,0 @@
-require File.dirname(__FILE__) + '/../test_helper'
-
-class EncryptorTest < Test::Unit::TestCase
-  def test_should_not_make_any_changes_on_process_options
-    assert PluginAWeek::EncryptedStrings::Encryptor.respond_to?(:process_options)
-    
-    options = {:salt => 'test'}
-    expected_options = options.dup
-    PluginAWeek::EncryptedStrings::Encryptor.process_options(User.new, :read, options)
-    
-    assert_equal expected_options, options
-  end
-end