RubyGems - encrypted_attributes - Versions diffs - 0.2.0 → 0.3.0 - Mend

encrypted_attributes 0.2.0 → 0.3.0

Files changed (7) hide show

data/CHANGELOG.rdoc +4 -0
data/Rakefile +2 -2
data/lib/encrypted_attributes/sha_cipher.rb +43 -45
data/lib/encrypted_attributes.rb +140 -142
data/test/unit/encrypted_attributes_test.rb +4 -4
data/test/unit/sha_cipher_test.rb +7 -7
metadata +3 -3

data/CHANGELOG.rdoc CHANGED Viewed

@@ -1,5 +1,9 @@
 == master
+== 0.3.0 / 2008-12-14
+* Remove the PluginAWeek namespace
 == 0.2.0 / 2008-12-4
 * Update to be compatible with encrypted_strings 0.2.1

data/Rakefile CHANGED Viewed

@@ -5,7 +5,7 @@ require 'rake/contrib/sshpublisher'
 spec = Gem::Specification.new do |s|
   s.name              = 'encrypted_attributes'
-  s.version           = '0.2.0'
+  s.version           = '0.3.0'
   s.platform          = Gem::Platform::RUBY
   s.summary           = 'Adds support for automatically encrypting ActiveRecord attributes'
@@ -13,7 +13,7 @@ spec = Gem::Specification.new do |s|
   s.require_path      = 'lib'
   s.has_rdoc          = true
   s.test_files        = Dir['test/**/*_test.rb']
-  s.add_dependency    'encrypted_strings', '>= 0.2.1'
+  s.add_dependency    'encrypted_strings', '>= 0.3.0'
   s.author            = 'Aaron Pfeifer'
   s.email             = 'aaron@pluginaweek.org'

data/lib/encrypted_attributes/sha_cipher.rb CHANGED Viewed

@@ -1,50 +1,48 @@
-module PluginAWeek #:nodoc:
-  module EncryptedAttributes
-    # Adds support for dynamically generated salts
-    class ShaCipher < PluginAWeek::EncryptedStrings::ShaCipher
-      # Encrypts a string using a Secure Hash Algorithm (SHA), specifically SHA-1.
-      #
-      # The <tt>:salt</tt> configuration option can be any one of the following types:
-      # * +symbol+ - Calls the method on the object whose value is being encrypted
-      # * +proc+ - A block that will be invoked, providing it with the object whose value is being encrypted
-      # * +string+ - The actual salt value to use
-      def initialize(object, value, operation, options = {}) #:nodoc:
-        if operation == :write
-          # Figure out the actual salt value
-          if salt = options[:salt]
-            options[:salt] =
-              case salt
-              when Symbol
-                object.send(salt)
-              when Proc
-                salt.call(object)
-              else
-                salt
-              end
-          end
-          # Track whether or not the salt was generated dynamically
-          @dynamic_salt = salt != options[:salt]
-          super(options)
-        else
-          # The salt is at the end of the value if it's dynamic
-          salt = value[40..-1]
-          if @dynamic_salt = !salt.blank?
-            options[:salt] = salt
-          end
-          super(options)
+module EncryptedAttributes
+  # Adds support for dynamically generated salts
+  class ShaCipher < EncryptedStrings::ShaCipher
+    # Encrypts a string using a Secure Hash Algorithm (SHA), specifically SHA-1.
+    #
+    # The <tt>:salt</tt> configuration option can be any one of the following types:
+    # * +symbol+ - Calls the method on the object whose value is being encrypted
+    # * +proc+ - A block that will be invoked, providing it with the object whose value is being encrypted
+    # * +string+ - The actual salt value to use
+    def initialize(object, value, operation, options = {}) #:nodoc:
+      if operation == :write
+        # Figure out the actual salt value
+        if salt = options[:salt]
+          options[:salt] =
+            case salt
+            when Symbol
+              object.send(salt)
+            when Proc
+              salt.call(object)
+            else
+              salt
+            end
         end
+        # Track whether or not the salt was generated dynamically
+        @dynamic_salt = salt != options[:salt]
+        super(options)
+      else
+        # The salt is at the end of the value if it's dynamic
+        salt = value[40..-1]
+        if @dynamic_salt = !salt.blank?
+          options[:salt] = salt
+        end
+        super(options)
       end
-      # Encrypts the data, appending the salt to the end of the string if it
-      # was created dynamically
-      def encrypt(data)
-        encrypted_data = super
-        encrypted_data << salt if @dynamic_salt
-        encrypted_data
-      end
+    end
+    # Encrypts the data, appending the salt to the end of the string if it
+    # was created dynamically
+    def encrypt(data)
+      encrypted_data = super
+      encrypted_data << salt if @dynamic_salt
+      encrypted_data
     end
   end
 end

data/lib/encrypted_attributes.rb CHANGED Viewed

@@ -1,158 +1,156 @@
 require 'encrypted_strings'
 require 'encrypted_attributes/sha_cipher'
-module PluginAWeek #:nodoc:
-  module EncryptedAttributes
-    module MacroMethods
-      # Encrypts the specified attribute.
-      #
-      # Configuration options:
-      # * +mode+ - The mode of encryption to use.  Default is sha. See PluginAWeek::EncryptedStrings for other possible modes.
-      # * +to+ - The attribute to write the encrypted value to. Default is the same attribute being encrypted.
-      # * +if+ - Specifies a method, proc or string to call to determine if the encryption should occur. The method, proc or string should return or evaluate to a true or false value.
-      # * +unless+ - Specifies a method, proc or string to call to determine if the encryption should not occur. The method, proc or string should return or evaluate to a true or false value.
-      #
-      # For additional configuration options used during the actual encryption,
-      # see the individual cipher class for the specified mode.
-      #
-      # == Encryption timeline
-      #
-      # Attributes are encrypted immediately before a record is validated.
-      # This means that you can still validate the presence of the encrypted
-      # attribute, but other things like password length cannot be validated
-      # without either (a) decrypting the value first or (b) using a different
-      # encryption target.  For example,
-      #
-      #   class User < ActiveRecord::Base
-      #     encrypts :password, :to => :crypted_password
-      #
-      #     validates_presence_of :password, :crypted_password
-      #     validates_length_of :password, :maximum => 16
-      #   end
-      #
-      # In the above example, the actual encrypted password will be stored in
-      # the +crypted_password+ attribute.  This means that validations can
-      # still run against the model for the original password value.
-      #
-      #   user = User.new(:password => 'secret')
-      #   user.password             # => "secret"
-      #   user.crypted_password     # => nil
-      #   user.valid?               # => true
-      #   user.crypted_password     # => "8152bc582f58c854f580cb101d3182813dec4afe"
-      #
-      #   user = User.new(:password => 'longer_than_the_maximum_allowed')
-      #   user.valid?               # => false
-      #   user.crypted_password     # => "e80a709f25798f87d9ca8005a7f64a645964d7c2"
-      #   user.errors[:password]    # => "is too long (maximum is 16 characters)"
-      #
-      # == Encryption mode examples
-      #
-      # SHA encryption:
-      #
-      #   class User < ActiveRecord::Base
-      #     encrypts :password
-      #     # encrypts :password, :salt => :create_salt
-      #   end
-      #
-      # Symmetric encryption:
-      #
-      #   class User < ActiveRecord::Base
-      #     encrypts :password, :mode => :symmetric
-      #     # encrypts :password, :mode => :symmetric, :key => 'custom'
-      #   end
-      #
-      # Asymmetric encryption:
-      #
-      #   class User < ActiveRecord::Base
-      #     encrypts :password, :mode => :asymmetric
-      #     # encrypts :password, :mode => :asymmetric, :public_key_file => '/keys/public', :private_key_file => '/keys/private'
-      #   end
-      def encrypts(attr_name, options = {})
-        attr_name = attr_name.to_s
-        to_attr_name = options.delete(:to) || attr_name
-        # Figure out what cipher is being configured for the attribute
-        mode = options.delete(:mode) || :sha
-        class_name = "#{mode.to_s.classify}Cipher"
-        if PluginAWeek::EncryptedAttributes.const_defined?(class_name)
-          cipher_class = PluginAWeek::EncryptedAttributes.const_get(class_name)
-        else
-          cipher_class = PluginAWeek::EncryptedStrings.const_get(class_name)
-        end
-        # Set the encrypted value right before validation takes place
-        before_validation(:if => options.delete(:if), :unless => options.delete(:unless)) do |record|
-          record.send(:write_encrypted_attribute, attr_name, to_attr_name, cipher_class, options)
-          true
-        end
-        # Define the reader when reading the encrypted attribute from the database
-        define_method(to_attr_name) do
-          read_encrypted_attribute(to_attr_name, cipher_class, options)
-        end
-        unless included_modules.include?(PluginAWeek::EncryptedAttributes::InstanceMethods)
-          include PluginAWeek::EncryptedAttributes::InstanceMethods
-        end
+module EncryptedAttributes
+  module MacroMethods
+    # Encrypts the specified attribute.
+    #
+    # Configuration options:
+    # * +mode+ - The mode of encryption to use.  Default is sha. See EncryptedStrings for other possible modes.
+    # * +to+ - The attribute to write the encrypted value to. Default is the same attribute being encrypted.
+    # * +if+ - Specifies a method, proc or string to call to determine if the encryption should occur. The method, proc or string should return or evaluate to a true or false value.
+    # * +unless+ - Specifies a method, proc or string to call to determine if the encryption should not occur. The method, proc or string should return or evaluate to a true or false value.
+    #
+    # For additional configuration options used during the actual encryption,
+    # see the individual cipher class for the specified mode.
+    #
+    # == Encryption timeline
+    #
+    # Attributes are encrypted immediately before a record is validated.
+    # This means that you can still validate the presence of the encrypted
+    # attribute, but other things like password length cannot be validated
+    # without either (a) decrypting the value first or (b) using a different
+    # encryption target.  For example,
+    #
+    #   class User < ActiveRecord::Base
+    #     encrypts :password, :to => :crypted_password
+    #
+    #     validates_presence_of :password, :crypted_password
+    #     validates_length_of :password, :maximum => 16
+    #   end
+    #
+    # In the above example, the actual encrypted password will be stored in
+    # the +crypted_password+ attribute.  This means that validations can
+    # still run against the model for the original password value.
+    #
+    #   user = User.new(:password => 'secret')
+    #   user.password             # => "secret"
+    #   user.crypted_password     # => nil
+    #   user.valid?               # => true
+    #   user.crypted_password     # => "8152bc582f58c854f580cb101d3182813dec4afe"
+    #
+    #   user = User.new(:password => 'longer_than_the_maximum_allowed')
+    #   user.valid?               # => false
+    #   user.crypted_password     # => "e80a709f25798f87d9ca8005a7f64a645964d7c2"
+    #   user.errors[:password]    # => "is too long (maximum is 16 characters)"
+    #
+    # == Encryption mode examples
+    #
+    # SHA encryption:
+    #
+    #   class User < ActiveRecord::Base
+    #     encrypts :password
+    #     # encrypts :password, :salt => :create_salt
+    #   end
+    #
+    # Symmetric encryption:
+    #
+    #   class User < ActiveRecord::Base
+    #     encrypts :password, :mode => :symmetric
+    #     # encrypts :password, :mode => :symmetric, :key => 'custom'
+    #   end
+    #
+    # Asymmetric encryption:
+    #
+    #   class User < ActiveRecord::Base
+    #     encrypts :password, :mode => :asymmetric
+    #     # encrypts :password, :mode => :asymmetric, :public_key_file => '/keys/public', :private_key_file => '/keys/private'
+    #   end
+    def encrypts(attr_name, options = {})
+      attr_name = attr_name.to_s
+      to_attr_name = options.delete(:to) || attr_name
+      # Figure out what cipher is being configured for the attribute
+      mode = options.delete(:mode) || :sha
+      class_name = "#{mode.to_s.classify}Cipher"
+      if EncryptedAttributes.const_defined?(class_name)
+        cipher_class = EncryptedAttributes.const_get(class_name)
+      else
+        cipher_class = EncryptedStrings.const_get(class_name)
+      end
+      # Set the encrypted value right before validation takes place
+      before_validation(:if => options.delete(:if), :unless => options.delete(:unless)) do |record|
+        record.send(:write_encrypted_attribute, attr_name, to_attr_name, cipher_class, options)
+        true
+      end
+      # Define the reader when reading the encrypted attribute from the database
+      define_method(to_attr_name) do
+        read_encrypted_attribute(to_attr_name, cipher_class, options)
+      end
+      unless included_modules.include?(EncryptedAttributes::InstanceMethods)
+        include EncryptedAttributes::InstanceMethods
       end
     end
-    module InstanceMethods #:nodoc:
-      private
-        # Encrypts the given attribute to a target location using the encryption
-        # options configured for that attribute
-        def write_encrypted_attribute(attr_name, to_attr_name, cipher_class, options)
-          value = send(attr_name)
-          # Only encrypt values that actually have content and have not already
-          # been encrypted
-          unless value.blank? || value.encrypted?
-            # Create the cipher configured for this attribute
-            cipher = create_cipher(cipher_class, options, :write, value)
-            # Encrypt the value
-            value = cipher.encrypt(value)
-            value.cipher = cipher
-            # Update the value based on the target attribute
-            send("#{to_attr_name}=", value)
-          end
-        end
+  end
+  module InstanceMethods #:nodoc:
+    private
+      # Encrypts the given attribute to a target location using the encryption
+      # options configured for that attribute
+      def write_encrypted_attribute(attr_name, to_attr_name, cipher_class, options)
+        value = send(attr_name)
-        # Reads the given attribute from the database, adding contextual
-        # information about how it was encrypted so that equality comparisons
-        # can be used
-        def read_encrypted_attribute(to_attr_name, cipher_class, options)
-          value = read_attribute(to_attr_name)
+        # Only encrypt values that actually have content and have not already
+        # been encrypted
+        unless value.blank? || value.encrypted?
+          # Create the cipher configured for this attribute
+          cipher = create_cipher(cipher_class, options, :write, value)
-          # Make sure we set the cipher for equality comparison when reading
-          # from the database. This should only be done if the value is *not*
-          # blank, is *not* encrypted, and hasn't changed since it was read from
-          # the database. The dirty checking is important when the encypted value
-          # is written to the same attribute as the unencrypted value (i.e. you
-          # don't want to encrypt when a new value has been set)
-          unless value.blank? || value.encrypted? || attribute_changed?(to_attr_name)
-            # Create the cipher configured for this attribute
-            value.cipher = create_cipher(cipher_class, options, :read, value)
-          end
+          # Encrypt the value
+          value = cipher.encrypt(value)
+          value.cipher = cipher
-          value
+          # Update the value based on the target attribute
+          send("#{to_attr_name}=", value)
         end
+      end
+      # Reads the given attribute from the database, adding contextual
+      # information about how it was encrypted so that equality comparisons
+      # can be used
+      def read_encrypted_attribute(to_attr_name, cipher_class, options)
+        value = read_attribute(to_attr_name)
-        # Creates a new cipher with the given configuration options. The
-        # operator defines the context in which the cipher will be used.
-        def create_cipher(klass, options, operator, value)
-          if klass.parent == PluginAWeek::EncryptedAttributes
-            # Only use the contextual information for ciphers defined in this plugin
-            klass.new(self, value, operator, options.dup)
-          else
-            klass.new(options.dup)
-          end
+        # Make sure we set the cipher for equality comparison when reading
+        # from the database. This should only be done if the value is *not*
+        # blank, is *not* encrypted, and hasn't changed since it was read from
+        # the database. The dirty checking is important when the encypted value
+        # is written to the same attribute as the unencrypted value (i.e. you
+        # don't want to encrypt when a new value has been set)
+        unless value.blank? || value.encrypted? || attribute_changed?(to_attr_name)
+          # Create the cipher configured for this attribute
+          value.cipher = create_cipher(cipher_class, options, :read, value)
         end
-    end
+        value
+      end
+      # Creates a new cipher with the given configuration options. The
+      # operator defines the context in which the cipher will be used.
+      def create_cipher(klass, options, operator, value)
+        if klass.parent == EncryptedAttributes
+          # Only use the contextual information for ciphers defined in this plugin
+          klass.new(self, value, operator, options.dup)
+        else
+          klass.new(options.dup)
+        end
+      end
   end
 end
 ActiveRecord::Base.class_eval do
-  extend PluginAWeek::EncryptedAttributes::MacroMethods
+  extend EncryptedAttributes::MacroMethods
 end

data/test/unit/encrypted_attributes_test.rb CHANGED Viewed

@@ -160,7 +160,7 @@ class ShaEncryptionTest < Test::Unit::TestCase
   end
   def test_should_use_sha_cipher
-    assert_instance_of PluginAWeek::EncryptedAttributes::ShaCipher, @user.password.cipher
+    assert_instance_of EncryptedAttributes::ShaCipher, @user.password.cipher
   end
   def test_should_use_default_salt
@@ -193,7 +193,7 @@ class ShaWithCustomSaltEncryptionTest < Test::Unit::TestCase
   end
   def test_should_use_sha_cipher
-    assert_instance_of PluginAWeek::EncryptedAttributes::ShaCipher, @user.password.cipher
+    assert_instance_of EncryptedAttributes::ShaCipher, @user.password.cipher
   end
   def test_should_use_custom_salt
@@ -226,7 +226,7 @@ class SymmetricEncryptionTest < Test::Unit::TestCase
   end
   def test_should_use_sha_cipher
-    assert_instance_of PluginAWeek::EncryptedStrings::SymmetricCipher, @user.password.cipher
+    assert_instance_of EncryptedStrings::SymmetricCipher, @user.password.cipher
   end
   def test_should_use_custom_password
@@ -262,7 +262,7 @@ class AsymmetricEncryptionTest < Test::Unit::TestCase
   end
   def test_should_use_sha_cipher
-    assert_instance_of PluginAWeek::EncryptedStrings::AsymmetricCipher, @user.password.cipher
+    assert_instance_of EncryptedStrings::AsymmetricCipher, @user.password.cipher
   end
   def test_should_be_able_to_check_password

data/test/unit/sha_cipher_test.rb CHANGED Viewed

@@ -6,34 +6,34 @@ class ShaCipherOnWriteTest < Test::Unit::TestCase
   end
   def test_should_allow_symbolic_salt
-    cipher = PluginAWeek::EncryptedAttributes::ShaCipher.new(@user, 'password', :write, :salt => :login)
+    cipher = EncryptedAttributes::ShaCipher.new(@user, 'password', :write, :salt => :login)
     assert_equal 'admin', cipher.salt
   end
   def test_should_allow_stringified_salt
-    cipher = PluginAWeek::EncryptedAttributes::ShaCipher.new(@user, 'password', :write, :salt => 'custom_salt')
+    cipher = EncryptedAttributes::ShaCipher.new(@user, 'password', :write, :salt => 'custom_salt')
     assert_equal 'custom_salt', cipher.salt
   end
   def test_should_allow_block_salt
     dynamic_salt = lambda {|user| user.login}
-    cipher = PluginAWeek::EncryptedAttributes::ShaCipher.new(@user, 'password', :write, :salt => dynamic_salt)
+    cipher = EncryptedAttributes::ShaCipher.new(@user, 'password', :write, :salt => dynamic_salt)
     assert_equal 'admin', cipher.salt
   end
   def test_should_allow_dynamic_nil_salt
     dynamic_salt = lambda {|user| nil}
-    cipher = PluginAWeek::EncryptedAttributes::ShaCipher.new(@user, 'password', :write, :salt => dynamic_salt)
+    cipher = EncryptedAttributes::ShaCipher.new(@user, 'password', :write, :salt => dynamic_salt)
     assert_equal '', cipher.salt
   end
   def test_should_append_salt_to_encrypted_value_if_dynamic
-    cipher = PluginAWeek::EncryptedAttributes::ShaCipher.new(@user, 'password', :write, :salt => :login)
+    cipher = EncryptedAttributes::ShaCipher.new(@user, 'password', :write, :salt => :login)
     assert_equal 'a55d037f385cad22efe7862e07b805938d150154admin', cipher.encrypt('secret')
   end
   def test_should_not_append_salt_to_encrypted_value_if_static
-    cipher = PluginAWeek::EncryptedAttributes::ShaCipher.new(@user, 'password', :write, :salt => 'custom_salt')
+    cipher = EncryptedAttributes::ShaCipher.new(@user, 'password', :write, :salt => 'custom_salt')
     assert_equal 'dc0fc7c07bba982a8d8f18fe138dbea912df5e0e', cipher.encrypt('secret')
   end
 end
@@ -41,7 +41,7 @@ end
 class ShaCipherOnReadTest < Test::Unit::TestCase
   def setup
     @user = create_user(:login => 'admin')
-    @cipher = PluginAWeek::EncryptedAttributes::ShaCipher.new(@user, 'dc0fc7c07bba982a8d8f18fe138dbea912df5e0ecustom_salt', :read)
+    @cipher = EncryptedAttributes::ShaCipher.new(@user, 'dc0fc7c07bba982a8d8f18fe138dbea912df5e0ecustom_salt', :read)
   end
   def test_should_should_use_remaining_characters_after_password_for_salt

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: encrypted_attributes
 version: !ruby/object:Gem::Version
-  version: 0.2.0
+  version: 0.3.0
 platform: ruby
 authors:
 - Aaron Pfeifer
@@ -9,7 +9,7 @@ autorequire:
 bindir: bin
 cert_chain: []
-date: 2008-12-04 00:00:00 -05:00
+date: 2008-12-14 00:00:00 -05:00
 default_executable:
 dependencies:
 - !ruby/object:Gem::Dependency
@@ -20,7 +20,7 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 0.2.1
+        version: 0.3.0
     version:
 description:
 email: aaron@pluginaweek.org