encrypted_attributes 0.1.3 → 0.2.0

data/CHANGELOG.rdoc

@@ -1,5 +1,9 @@
 == master
 
+== 0.2.0 / 2008-12-4
+
+* Update to be compatible with encrypted_strings 0.2.1
+
 == 0.1.3 / 2008-10-26
 
 * Change how the base module is included to prevent namespacing conflicts

data/README.rdoc

@@ -29,7 +29,7 @@ with the encrypted_strings plugin, helps make encrypting ActiveRecord
 attributes easier by automating the process.
 
 The options that +encrypts+ takes includes all of the encryption options for
-the specific type of encryptor being used from the encrypted_strings plugin.
+the specific type of cipher being used from the encrypted_strings library.
 Therefore, if setting the key for asymmetric encryption, this would be passed
 into the +encrypts+ method.  Examples of this are show in the Usage section.
 
@@ -61,24 +61,12 @@ salt value.
 
 === Symmetric Encryption
 
-With the default key:
   class User < ActiveRecord::Base
-    encrypts :password, :mode => :symmetric
-  end
-
-With a custom key:
-  class User < ActiveRecord::Base
-    encrypts :password, :mode => :symmetric, :key => 'custom'
+    encrypts :password, :mode => :symmetric, :password => 'secret'
   end
 
 === Asymmetric Encryption
 
-With default key files:
-  class User < ActiveRecord::Base
-    encrypts :password, :mode => :asymmetric
-  end
-
-With custom key files:
   class User < ActiveRecord::Base
     encrypts :password, :mode => :asymmetric, :public_key_file => '/keys/public', :private_key_file => '/keys/private'
   end
@@ -98,7 +86,7 @@ Like ActiveRecord validations, +encrypts+ can take <tt>:if</tt> and <tt>:unless<
 parameters that determine whether the encryption should occur.  For example,
 
   class User < ActiveRecord::Base
-    encrypts :password, :if => Proc.new {Rails.env != 'development'}
+    encrypts :password, :if => lambda {Rails.env != 'development'}
   end
 
 === Additional information

data/Rakefile

@@ -5,7 +5,7 @@ require 'rake/contrib/sshpublisher'
 
 spec = Gem::Specification.new do |s|
   s.name              = 'encrypted_attributes'
-  s.version           = '0.1.3'
+  s.version           = '0.2.0'
   s.platform          = Gem::Platform::RUBY
   s.summary           = 'Adds support for automatically encrypting ActiveRecord attributes'
   
@@ -13,7 +13,7 @@ spec = Gem::Specification.new do |s|
   s.require_path      = 'lib'
   s.has_rdoc          = true
   s.test_files        = Dir['test/**/*_test.rb']
-  s.add_dependency    'encrypted_strings', '>= 0.0.5'
+  s.add_dependency    'encrypted_strings', '>= 0.2.1'
   
   s.author            = 'Aaron Pfeifer'
   s.email             = 'aaron@pluginaweek.org'

data/lib/encrypted_attributes/{sha_encryptor.rb → sha_cipher.rb}

@@ -1,10 +1,10 @@
 module PluginAWeek #:nodoc:
   module EncryptedAttributes
     # Adds support for dynamically generated salts
-    class ShaEncryptor < PluginAWeek::EncryptedStrings::ShaEncryptor
+    class ShaCipher < PluginAWeek::EncryptedStrings::ShaCipher
       # Encrypts a string using a Secure Hash Algorithm (SHA), specifically SHA-1.
       # 
-      # The <tt>:start</tt> configuration option can be any one of the following types:
+      # The <tt>:salt</tt> configuration option can be any one of the following types:
       # * +symbol+ - Calls the method on the object whose value is being encrypted
       # * +proc+ - A block that will be invoked, providing it with the object whose value is being encrypted
       # * +string+ - The actual salt value to use
@@ -41,7 +41,7 @@ module PluginAWeek #:nodoc:
       # Encrypts the data, appending the salt to the end of the string if it
       # was created dynamically
       def encrypt(data)
-        encrypted_data = Digest::SHA1.hexdigest(data + salt)
+        encrypted_data = super
         encrypted_data << salt if @dynamic_salt
         encrypted_data
       end

data/lib/encrypted_attributes.rb

@@ -1,5 +1,5 @@
 require 'encrypted_strings'
-require 'encrypted_attributes/sha_encryptor'
+require 'encrypted_attributes/sha_cipher'
 
 module PluginAWeek #:nodoc:
   module EncryptedAttributes
@@ -7,13 +7,13 @@ module PluginAWeek #:nodoc:
       # Encrypts the specified attribute.
       # 
       # Configuration options:
-      # * +mode+ - The mode of encryption to use.  Default is sha. See PluginAWeek::EncryptedStrings for other possible modes
+      # * +mode+ - The mode of encryption to use.  Default is sha. See PluginAWeek::EncryptedStrings for other possible modes.
       # * +to+ - The attribute to write the encrypted value to. Default is the same attribute being encrypted.
       # * +if+ - Specifies a method, proc or string to call to determine if the encryption should occur. The method, proc or string should return or evaluate to a true or false value.
       # * +unless+ - Specifies a method, proc or string to call to determine if the encryption should not occur. The method, proc or string should return or evaluate to a true or false value. 
       # 
       # For additional configuration options used during the actual encryption,
-      # see the individual encryptor class for the specified mode.
+      # see the individual cipher class for the specified mode.
       # 
       # == Encryption timeline
       # 
@@ -48,18 +48,21 @@ module PluginAWeek #:nodoc:
       # == Encryption mode examples
       # 
       # SHA encryption:
+      # 
       #   class User < ActiveRecord::Base
       #     encrypts :password
       #     # encrypts :password, :salt => :create_salt
       #   end
       # 
       # Symmetric encryption:
+      # 
       #   class User < ActiveRecord::Base
       #     encrypts :password, :mode => :symmetric
       #     # encrypts :password, :mode => :symmetric, :key => 'custom'
       #   end
       # 
       # Asymmetric encryption:
+      # 
       #   class User < ActiveRecord::Base
       #     encrypts :password, :mode => :asymmetric
       #     # encrypts :password, :mode => :asymmetric, :public_key_file => '/keys/public', :private_key_file => '/keys/private'
@@ -68,24 +71,24 @@ module PluginAWeek #:nodoc:
         attr_name = attr_name.to_s
         to_attr_name = options.delete(:to) || attr_name
         
-        # Figure out what encryptor is being configured for the attribute
+        # Figure out what cipher is being configured for the attribute
         mode = options.delete(:mode) || :sha
-        class_name = "#{mode.to_s.classify}Encryptor"
+        class_name = "#{mode.to_s.classify}Cipher"
         if PluginAWeek::EncryptedAttributes.const_defined?(class_name)
-          encryptor_class = PluginAWeek::EncryptedAttributes.const_get(class_name)
+          cipher_class = PluginAWeek::EncryptedAttributes.const_get(class_name)
         else
-          encryptor_class = PluginAWeek::EncryptedStrings.const_get(class_name)
+          cipher_class = PluginAWeek::EncryptedStrings.const_get(class_name)
         end
         
         # Set the encrypted value right before validation takes place
         before_validation(:if => options.delete(:if), :unless => options.delete(:unless)) do |record|
-          record.send(:write_encrypted_attribute, attr_name, to_attr_name, encryptor_class, options)
+          record.send(:write_encrypted_attribute, attr_name, to_attr_name, cipher_class, options)
           true
         end
         
         # Define the reader when reading the encrypted attribute from the database
         define_method(to_attr_name) do
-          read_encrypted_attribute(to_attr_name, encryptor_class, options)
+          read_encrypted_attribute(to_attr_name, cipher_class, options)
         end
         
         unless included_modules.include?(PluginAWeek::EncryptedAttributes::InstanceMethods)
@@ -98,18 +101,18 @@ module PluginAWeek #:nodoc:
       private
         # Encrypts the given attribute to a target location using the encryption
         # options configured for that attribute
-        def write_encrypted_attribute(attr_name, to_attr_name, encryptor_class, options)
+        def write_encrypted_attribute(attr_name, to_attr_name, cipher_class, options)
           value = send(attr_name)
           
           # Only encrypt values that actually have content and have not already
           # been encrypted
           unless value.blank? || value.encrypted?
-            # Create the encryptor configured for this attribute
-            encryptor = create_encryptor(encryptor_class, options, :write, value)
+            # Create the cipher configured for this attribute
+            cipher = create_cipher(cipher_class, options, :write, value)
             
             # Encrypt the value
-            value = encryptor.encrypt(value)
-            value.encryptor = encryptor
+            value = cipher.encrypt(value)
+            value.cipher = cipher
             
             # Update the value based on the target attribute
             send("#{to_attr_name}=", value)
@@ -119,28 +122,28 @@ module PluginAWeek #:nodoc:
         # Reads the given attribute from the database, adding contextual
         # information about how it was encrypted so that equality comparisons
         # can be used
-        def read_encrypted_attribute(to_attr_name, encryptor_class, options)
+        def read_encrypted_attribute(to_attr_name, cipher_class, options)
           value = read_attribute(to_attr_name)
           
-          # Make sure we set the encryptor for equality comparison when reading
+          # Make sure we set the cipher for equality comparison when reading
           # from the database. This should only be done if the value is *not*
           # blank, is *not* encrypted, and hasn't changed since it was read from
           # the database. The dirty checking is important when the encypted value
           # is written to the same attribute as the unencrypted value (i.e. you
           # don't want to encrypt when a new value has been set)
           unless value.blank? || value.encrypted? || attribute_changed?(to_attr_name)
-            # Create the encryptor configured for this attribute
-            value.encryptor = create_encryptor(encryptor_class, options, :read, value)
+            # Create the cipher configured for this attribute
+            value.cipher = create_cipher(cipher_class, options, :read, value)
           end
           
           value
         end
         
-        # Creates a new encryptor with the given configuration options. The
-        # operator defines the context in which the encryptor will be used.
-        def create_encryptor(klass, options, operator, value)
+        # Creates a new cipher with the given configuration options. The
+        # operator defines the context in which the cipher will be used.
+        def create_cipher(klass, options, operator, value)
           if klass.parent == PluginAWeek::EncryptedAttributes
-            # Only use the contextual information for encryptors defined in this plugin
+            # Only use the contextual information for ciphers defined in this plugin
             klass.new(self, value, operator, options.dup)
           else
             klass.new(options.dup)

data/test/unit/encrypted_attributes_test.rb

@@ -159,12 +159,12 @@ class ShaEncryptionTest < Test::Unit::TestCase
     assert @user.password.encrypted?
   end
   
-  def test_should_use_sha_encryptor
-    assert_instance_of PluginAWeek::EncryptedAttributes::ShaEncryptor, @user.password.encryptor
+  def test_should_use_sha_cipher
+    assert_instance_of PluginAWeek::EncryptedAttributes::ShaCipher, @user.password.cipher
   end
   
   def test_should_use_default_salt
-    assert_equal 'salt', @user.password.encryptor.salt
+    assert_equal 'salt', @user.password.cipher.salt
   end
   
   def test_should_be_able_to_check_password
@@ -192,12 +192,12 @@ class ShaWithCustomSaltEncryptionTest < Test::Unit::TestCase
     assert @user.password.encrypted?
   end
   
-  def test_should_use_sha_encryptor
-    assert_instance_of PluginAWeek::EncryptedAttributes::ShaEncryptor, @user.password.encryptor
+  def test_should_use_sha_cipher
+    assert_instance_of PluginAWeek::EncryptedAttributes::ShaCipher, @user.password.cipher
   end
   
   def test_should_use_custom_salt
-    assert_equal 'admin', @user.password.encryptor.salt
+    assert_equal 'admin', @user.password.cipher.salt
   end
   
   def test_should_be_able_to_check_password
@@ -213,24 +213,24 @@ end
 
 class SymmetricEncryptionTest < Test::Unit::TestCase
   def setup
-    User.encrypts :password, :mode => :symmetric, :key => 'key'
+    User.encrypts :password, :mode => :symmetric, :password => 'key'
     @user = create_user(:login => 'admin', :password => 'secret')
   end
   
   def test_should_encrypt_password
-    assert_equal "+YVKcPbqSWo=\n", @user.password
+    assert_equal "zfKtnSa33tc=\n", @user.password
   end
   
   def test_should_be_encrypted
     assert @user.password.encrypted?
   end
   
-  def test_should_use_sha_encryptor
-    assert_instance_of PluginAWeek::EncryptedStrings::SymmetricEncryptor, @user.password.encryptor
+  def test_should_use_sha_cipher
+    assert_instance_of PluginAWeek::EncryptedStrings::SymmetricCipher, @user.password.cipher
   end
   
-  def test_should_use_custom_key
-    assert_equal 'key', @user.password.encryptor.key
+  def test_should_use_custom_password
+    assert_equal 'key', @user.password.cipher.password
   end
   
   def test_should_be_able_to_check_password
@@ -261,8 +261,8 @@ class AsymmetricEncryptionTest < Test::Unit::TestCase
     assert @user.password.encrypted?
   end
   
-  def test_should_use_sha_encryptor
-    assert_instance_of PluginAWeek::EncryptedStrings::AsymmetricEncryptor, @user.password.encryptor
+  def test_should_use_sha_cipher
+    assert_instance_of PluginAWeek::EncryptedStrings::AsymmetricCipher, @user.password.cipher
   end
   
   def test_should_be_able_to_check_password

data/test/unit/sha_cipher_test.rb

@@ -0,0 +1,56 @@
+require File.dirname(__FILE__) + '/../test_helper'
+
+class ShaCipherOnWriteTest < Test::Unit::TestCase
+  def setup
+    @user = create_user(:login => 'admin')
+  end
+  
+  def test_should_allow_symbolic_salt
+    cipher = PluginAWeek::EncryptedAttributes::ShaCipher.new(@user, 'password', :write, :salt => :login)
+    assert_equal 'admin', cipher.salt
+  end
+  
+  def test_should_allow_stringified_salt
+    cipher = PluginAWeek::EncryptedAttributes::ShaCipher.new(@user, 'password', :write, :salt => 'custom_salt')
+    assert_equal 'custom_salt', cipher.salt
+  end
+  
+  def test_should_allow_block_salt
+    dynamic_salt = lambda {|user| user.login}
+    cipher = PluginAWeek::EncryptedAttributes::ShaCipher.new(@user, 'password', :write, :salt => dynamic_salt)
+    assert_equal 'admin', cipher.salt
+  end
+  
+  def test_should_allow_dynamic_nil_salt
+    dynamic_salt = lambda {|user| nil}
+    cipher = PluginAWeek::EncryptedAttributes::ShaCipher.new(@user, 'password', :write, :salt => dynamic_salt)
+    assert_equal '', cipher.salt
+  end
+  
+  def test_should_append_salt_to_encrypted_value_if_dynamic
+    cipher = PluginAWeek::EncryptedAttributes::ShaCipher.new(@user, 'password', :write, :salt => :login)
+    assert_equal 'a55d037f385cad22efe7862e07b805938d150154admin', cipher.encrypt('secret')
+  end
+  
+  def test_should_not_append_salt_to_encrypted_value_if_static
+    cipher = PluginAWeek::EncryptedAttributes::ShaCipher.new(@user, 'password', :write, :salt => 'custom_salt')
+    assert_equal 'dc0fc7c07bba982a8d8f18fe138dbea912df5e0e', cipher.encrypt('secret')
+  end
+end
+
+class ShaCipherOnReadTest < Test::Unit::TestCase
+  def setup
+    @user = create_user(:login => 'admin')
+    @cipher = PluginAWeek::EncryptedAttributes::ShaCipher.new(@user, 'dc0fc7c07bba982a8d8f18fe138dbea912df5e0ecustom_salt', :read)
+  end
+  
+  def test_should_should_use_remaining_characters_after_password_for_salt
+    assert_equal 'custom_salt', @cipher.salt
+  end
+  
+  def test_should_be_able_to_perform_equality_on_encrypted_strings
+    password = 'dc0fc7c07bba982a8d8f18fe138dbea912df5e0ecustom_salt'
+    password.cipher = @cipher
+    assert_equal 'secret', password
+  end
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification 
 name: encrypted_attributes
 version: !ruby/object:Gem::Version 
-  version: 0.1.3
+  version: 0.2.0
 platform: ruby
 authors: 
 - Aaron Pfeifer
@@ -9,7 +9,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2008-10-26 00:00:00 -04:00
+date: 2008-12-04 00:00:00 -05:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
@@ -20,7 +20,7 @@ dependencies:
     requirements: 
     - - ">="
       - !ruby/object:Gem::Version 
-        version: 0.0.5
+        version: 0.2.1
     version: 
 description: 
 email: aaron@pluginaweek.org
@@ -31,26 +31,26 @@ extensions: []
 extra_rdoc_files: []
 
 files: 
-- lib/encrypted_attributes
-- lib/encrypted_attributes/sha_encryptor.rb
 - lib/encrypted_attributes.rb
+- lib/encrypted_attributes
+- lib/encrypted_attributes/sha_cipher.rb
+- test/factory.rb
+- test/test_helper.rb
+- test/unit
+- test/unit/sha_cipher_test.rb
+- test/unit/encrypted_attributes_test.rb
+- test/keys
+- test/keys/private
+- test/keys/public
 - test/app_root
-- test/app_root/app
-- test/app_root/app/models
-- test/app_root/app/models/user.rb
-- test/app_root/config
-- test/app_root/config/environment.rb
 - test/app_root/db
 - test/app_root/db/migrate
 - test/app_root/db/migrate/001_create_users.rb
-- test/keys
-- test/keys/private
-- test/keys/public
-- test/test_helper.rb
-- test/factory.rb
-- test/unit
-- test/unit/sha_encryptor_test.rb
-- test/unit/encrypted_attributes_test.rb
+- test/app_root/config
+- test/app_root/config/environment.rb
+- test/app_root/app
+- test/app_root/app/models
+- test/app_root/app/models/user.rb
 - CHANGELOG.rdoc
 - init.rb
 - LICENSE
@@ -83,5 +83,5 @@ signing_key:
 specification_version: 2
 summary: Adds support for automatically encrypting ActiveRecord attributes
 test_files: 
-- test/unit/sha_encryptor_test.rb
+- test/unit/sha_cipher_test.rb
 - test/unit/encrypted_attributes_test.rb

data/test/unit/sha_encryptor_test.rb

@@ -1,56 +0,0 @@
-require File.dirname(__FILE__) + '/../test_helper'
-
-class ShaEncryptorOnWriteTest < Test::Unit::TestCase
-  def setup
-    @user = create_user(:login => 'admin')
-  end
-  
-  def test_should_allow_symbolic_salt
-    encryptor = PluginAWeek::EncryptedAttributes::ShaEncryptor.new(@user, 'password', :write, :salt => :login)
-    assert_equal 'admin', encryptor.salt
-  end
-  
-  def test_should_allow_stringified_salt
-    encryptor = PluginAWeek::EncryptedAttributes::ShaEncryptor.new(@user, 'password', :write, :salt => 'custom_salt')
-    assert_equal 'custom_salt', encryptor.salt
-  end
-  
-  def test_should_allow_block_salt
-    dynamic_salt = lambda {|user| user.login}
-    encryptor = PluginAWeek::EncryptedAttributes::ShaEncryptor.new(@user, 'password', :write, :salt => dynamic_salt)
-    assert_equal 'admin', encryptor.salt
-  end
-  
-  def test_should_allow_dynamic_nil_salt
-    dynamic_salt = lambda {|user| nil}
-    encryptor = PluginAWeek::EncryptedAttributes::ShaEncryptor.new(@user, 'password', :write, :salt => dynamic_salt)
-    assert_equal '', encryptor.salt
-  end
-  
-  def test_should_append_salt_to_encrypted_value_if_dynamic
-    encryptor = PluginAWeek::EncryptedAttributes::ShaEncryptor.new(@user, 'password', :write, :salt => :login)
-    assert_equal 'a55d037f385cad22efe7862e07b805938d150154admin', encryptor.encrypt('secret')
-  end
-  
-  def test_should_not_append_salt_to_encrypted_value_if_static
-    encryptor = PluginAWeek::EncryptedAttributes::ShaEncryptor.new(@user, 'password', :write, :salt => 'custom_salt')
-    assert_equal 'dc0fc7c07bba982a8d8f18fe138dbea912df5e0e', encryptor.encrypt('secret')
-  end
-end
-
-class ShaEncryptorOnReadTest < Test::Unit::TestCase
-  def setup
-    @user = create_user(:login => 'admin')
-    @encryptor = PluginAWeek::EncryptedAttributes::ShaEncryptor.new(@user, 'dc0fc7c07bba982a8d8f18fe138dbea912df5e0ecustom_salt', :read)
-  end
-  
-  def test_should_should_use_remaining_characters_after_password_for_salt
-    assert_equal 'custom_salt', @encryptor.salt
-  end
-  
-  def test_should_be_able_to_perform_equality_on_encrypted_strings
-    password = 'dc0fc7c07bba982a8d8f18fe138dbea912df5e0ecustom_salt'
-    password.encryptor = @encryptor
-    assert_equal 'secret', password
-  end
-end