encrypted_attributes 0.4.0 → 0.4.1

data/CHANGELOG.rdoc

@@ -1,5 +1,12 @@
 == master
 
+== 0.4.1 / 2010-03-07
+
+* Release gems via rake-gemcutter instead of rubyforge
+* Allow an application-wide default be set for :embed_salt in SHA ciphers
+* Add support for embedding the salt using the various SHA ciphers
+* Allow multiple attributes to be encrypted in a single call
+
 == 0.4.0 / 2009-05-02
 
 * Replace dynamic :salt option with :embed_salt option and utilizing the #encrypts block 

data/LICENSE

@@ -1,4 +1,4 @@
-Copyright (c) 2006-2009 Aaron Pfeifer
+Copyright (c) 2006-2010 Aaron Pfeifer
 
 Permission is hereby granted, free of charge, to any person obtaining
 a copy of this software and associated documentation files (the

data/Rakefile

@@ -1,11 +1,12 @@
+require 'rubygems'
+require 'rake'
 require 'rake/testtask'
 require 'rake/rdoctask'
 require 'rake/gempackagetask'
-require 'rake/contrib/sshpublisher'
 
 spec = Gem::Specification.new do |s|
   s.name              = 'encrypted_attributes'
-  s.version           = '0.4.0'
+  s.version           = '0.4.1'
   s.platform          = Gem::Platform::RUBY
   s.summary           = 'Adds support for automatically encrypting ActiveRecord attributes'
   s.description       = s.summary
@@ -14,7 +15,7 @@ spec = Gem::Specification.new do |s|
   s.require_path      = 'lib'
   s.has_rdoc          = true
   s.test_files        = Dir['test/**/*_test.rb']
-  s.add_dependency    'encrypted_strings', '>= 0.3.0'
+  s.add_dependency    'encrypted_strings', '>= 0.3.3'
   
   s.author            = 'Aaron Pfeifer'
   s.email             = 'aaron@pluginaweek.org'
@@ -51,23 +52,30 @@ Rake::RDocTask.new(:rdoc) do |rdoc|
   rdoc.rdoc_dir = 'rdoc'
   rdoc.title    = spec.name
   rdoc.template = '../rdoc_template.rb'
-  rdoc.options << '--line-numbers'
+  rdoc.options << '--line-numbers' << '--inline-source'
   rdoc.rdoc_files.include('README.rdoc', 'CHANGELOG.rdoc', 'LICENSE', 'lib/**/*.rb')
 end
-  
+
+desc 'Generate a gemspec file.'
+task :gemspec do
+  File.open("#{spec.name}.gemspec", 'w') do |f|
+    f.write spec.to_ruby
+  end
+end
+
 Rake::GemPackageTask.new(spec) do |p|
   p.gem_spec = spec
-  p.need_tar = true
-  p.need_zip = true
 end
 
 desc 'Publish the beta gem.'
 task :pgem => [:package] do
+  require 'rake/contrib/sshpublisher'
   Rake::SshFilePublisher.new('aaron@pluginaweek.org', '/home/aaron/gems.pluginaweek.org/public/gems', 'pkg', "#{spec.name}-#{spec.version}.gem").upload
 end
 
 desc 'Publish the API documentation.'
 task :pdoc => [:rdoc] do
+  require 'rake/contrib/sshpublisher'
   Rake::SshDirPublisher.new('aaron@pluginaweek.org', "/home/aaron/api.pluginaweek.org/public/#{spec.name}", 'rdoc').upload
 end
 
@@ -76,15 +84,8 @@ task :publish => [:pgem, :pdoc, :release]
 
 desc 'Publish the release files to RubyForge.'
 task :release => [:gem, :package] do
-  require 'rubyforge'
-  
-  ruby_forge = RubyForge.new.configure
-  ruby_forge.login
+  require 'rake/gemcutter'
   
-  %w(gem tgz zip).each do |ext|
-    file = "pkg/#{spec.name}-#{spec.version}.#{ext}"
-    puts "Releasing #{File.basename(file)}..."
-    
-    ruby_forge.add_release(spec.rubyforge_project, spec.name, spec.version, file)
-  end
+  Rake::Gemcutter::Tasks.new(spec)
+  Rake::Task['gem:push'].invoke
 end

data/lib/encrypted_attributes.rb

@@ -103,45 +103,51 @@ module EncryptedAttributes
     # In the above example, the SHA encryption's <tt>salt</tt> is configured
     # dynamically based on the user's login and the time at which it was
     # encrypted.  This helps improve the security of the user's password.
-    def encrypts(attr_name, options = {}, &config)
-      config ||= options
-      attr_name = attr_name.to_s
-      to_attr_name = (options.delete(:to) || attr_name).to_s
+    def encrypts(*attr_names, &config)
+      base_options = attr_names.last.is_a?(Hash) ? attr_names.pop : {}
       
-      # Figure out what cipher is being configured for the attribute
-      mode = options.delete(:mode) || :sha
-      class_name = "#{mode.to_s.classify}Cipher"
-      if EncryptedAttributes.const_defined?(class_name)
-        cipher_class = EncryptedAttributes.const_get(class_name)
-      else
-        cipher_class = EncryptedStrings.const_get(class_name)
-      end
-      
-      # Define encryption hooks
-      define_callbacks("before_encrypt_#{attr_name}", "after_encrypt_#{attr_name}")
-      send("before_encrypt_#{attr_name}", options.delete(:before)) if options.include?(:before)
-      send("after_encrypt_#{attr_name}", options.delete(:after)) if options.include?(:after)
-      
-      # Set the encrypted value on the configured callback
-      callback = options.delete(:on) || :before_validation
-      send(callback, :if => options.delete(:if), :unless => options.delete(:unless)) do |record|
-        record.send(:write_encrypted_attribute, attr_name, to_attr_name, cipher_class, config)
-        true
-      end
-      
-      # Define virtual source attribute
-      if attr_name != to_attr_name && !column_names.include?(attr_name)
-        attr_reader attr_name unless method_defined?(attr_name)
-        attr_writer attr_name unless method_defined?("#{attr_name}=")
-      end
-      
-      # Define the reader when reading the encrypted attribute from the database
-      define_method(to_attr_name) do
-        read_encrypted_attribute(to_attr_name, cipher_class, config)
-      end
-      
-      unless included_modules.include?(EncryptedAttributes::InstanceMethods)
-        include EncryptedAttributes::InstanceMethods
+      attr_names.each do |attr_name|
+        options = base_options.dup
+        attr_name = attr_name.to_s
+        to_attr_name = (options.delete(:to) || attr_name).to_s
+        
+        # Figure out what cipher is being configured for the attribute
+        mode = options.delete(:mode) || :sha
+        class_name = "#{mode.to_s.classify}Cipher"
+        if EncryptedAttributes.const_defined?(class_name)
+          cipher_class = EncryptedAttributes.const_get(class_name)
+        else
+          cipher_class = EncryptedStrings.const_get(class_name)
+        end
+        
+        # Define encryption hooks
+        define_callbacks("before_encrypt_#{attr_name}", "after_encrypt_#{attr_name}")
+        send("before_encrypt_#{attr_name}", options.delete(:before)) if options.include?(:before)
+        send("after_encrypt_#{attr_name}", options.delete(:after)) if options.include?(:after)
+        
+        # Set the encrypted value on the configured callback
+        callback = options.delete(:on) || :before_validation
+        
+        # Create a callback method to execute on the callback event
+        send(callback, :if => options.delete(:if), :unless => options.delete(:unless)) do |record|
+          record.send(:write_encrypted_attribute, attr_name, to_attr_name, cipher_class, config || options)
+          true
+        end
+        
+        # Define virtual source attribute
+        if attr_name != to_attr_name && !column_names.include?(attr_name)
+          attr_reader attr_name unless method_defined?(attr_name)
+          attr_writer attr_name unless method_defined?("#{attr_name}=")
+        end
+        
+        # Define the reader when reading the encrypted attribute from the database
+        define_method(to_attr_name) do
+          read_encrypted_attribute(to_attr_name, cipher_class, config || options)
+        end
+        
+        unless included_modules.include?(EncryptedAttributes::InstanceMethods)
+          include EncryptedAttributes::InstanceMethods
+        end
       end
     end
   end

data/lib/encrypted_attributes/sha_cipher.rb

@@ -1,6 +1,24 @@
 module EncryptedAttributes
   # Adds support for embedding salts in the encrypted value
   class ShaCipher < EncryptedStrings::ShaCipher
+    class << self
+      # Whether to embed the salt by default
+      attr_accessor :default_embed_salt
+    end
+    
+    # Set defaults
+    @default_embed_salt = false
+    
+    # Tracks the lengths generated for each hashing algorithm
+    @@algorithm_lengths = {
+      'MD5' => 32,
+      'SHA1' => 40,
+      'SHA2' => 64,
+      'SHA256' => 64,
+      'SHA384' => 96,
+      'SHA512' => 128
+    }
+    
     # Encrypts a string using a Secure Hash Algorithm (SHA), specifically SHA-1.
     # 
     # Configuration options:
@@ -10,9 +28,10 @@ module EncryptedAttributes
     #   encrypted value.  Default is false.  This is useful for storing both
     #   the salt and the encrypted value in the same attribute.
     def initialize(value, options = {}) #:nodoc:
-      if @embed_salt = options.delete(:embed_salt)
+      if @embed_salt = options.delete(:embed_salt) || self.class.default_embed_salt
         # The salt is at the end of the value
-        salt = value[40..-1]
+        algorithm = (options[:algorithm] || EncryptedStrings::ShaCipher.default_algorithm).upcase
+        salt = value[@@algorithm_lengths[algorithm]..-1]
         options[:salt] = salt unless salt.blank?
       end
       

data/test/app_root/db/migrate/001_create_users.rb

@@ -1,7 +1,7 @@
 class CreateUsers < ActiveRecord::Migration
   def self.up
     create_table :users do |t|
-      t.string :login, :password, :crypted_password, :salt
+      t.string :login, :password, :crypted_password, :salt, :password_reminder
     end
   end
   

data/test/unit/encrypted_attributes_test.rb

@@ -61,6 +61,82 @@ class EncryptedAttributesTest < ActiveSupport::TestCase
   end
 end
 
+class EncryptedAttributesWithMultipleAttributesTest < ActiveSupport::TestCase
+  def setup
+    User.encrypts :password, :password_reminder
+  end
+  
+  def test_should_both_using_sha
+    user = create_user(:login => 'admin', :password => 'secret', :password_reminder => 'shhh')
+    assert_equal '8152bc582f58c854f580cb101d3182813dec4afe', "#{user.password}"
+    assert_equal '162cf5debf84cbc2af13da848544c3e2c515b4d3', "#{user.password_reminder}"
+  end
+  
+  def test_should_encrypt_on_invalid_model
+    user = new_user(:login => nil, :password => 'secret', :password_reminder => 'shhh')
+    assert !user.valid?
+    assert_equal '8152bc582f58c854f580cb101d3182813dec4afe', "#{user.password}"
+    assert_equal '162cf5debf84cbc2af13da848544c3e2c515b4d3', "#{user.password_reminder}"
+  end
+  
+  def test_should_not_encrypt_if_attributes_are_nil
+    user = create_user(:login => 'admin', :password => nil, :password_reminder => nil)
+    assert_nil user.password
+    assert_nil user.password_reminder
+  end
+  
+  def test_should_not_encrypt_if_attributes_are_blank
+    user = create_user(:login => 'admin', :password => '', :password_reminder => '')
+    assert_equal '', user.password
+    assert_equal '', user.password_reminder
+  end
+  
+  def test_should_not_encrypt_any_if_already_encrypted
+    user = create_user(:login => 'admin', :password => 'secret'.encrypt, :password_reminder => 'shhh'.encrypt)
+    assert_equal '8152bc582f58c854f580cb101d3182813dec4afe', "#{user.password}"
+    assert_equal '162cf5debf84cbc2af13da848544c3e2c515b4d3', "#{user.password_reminder}"
+  end
+  
+  def test_should_return_encrypted_attributes_for_saved_record
+    user = create_user(:login => 'admin', :password => 'secret', :password_reminder => 'shhh')
+    user = User.find(user.id)
+    assert user.password.encrypted?
+    assert_equal '8152bc582f58c854f580cb101d3182813dec4afe', "#{user.password}"
+    
+    assert user.password_reminder.encrypted?
+    assert_equal '162cf5debf84cbc2af13da848544c3e2c515b4d3', "#{user.password_reminder}"
+  end
+  
+  def test_should_not_encrypt_attributes_if_updating_without_any_changes
+    user = create_user(:login => 'admin', :password => 'secret', :password_reminder => 'shhh')
+    user.login = 'Administrator'
+    user.save!
+    assert user.password.encrypted?
+    assert_equal '8152bc582f58c854f580cb101d3182813dec4afe', "#{user.password}"
+    
+    assert user.password_reminder.encrypted?
+    assert_equal '162cf5debf84cbc2af13da848544c3e2c515b4d3', "#{user.password_reminder}"
+  end
+  
+  def test_should_encrypt_attributes_if_updating_with_changes
+    user = create_user(:login => 'admin', :password => 'secret', :password_reminder => 'shhh')
+    user.password = 'shhh'
+    user.password_reminder = 'secret'
+    user.save!
+    assert user.password.encrypted?
+    assert_equal '162cf5debf84cbc2af13da848544c3e2c515b4d3', "#{user.password}"
+    
+    assert user.password_reminder.encrypted?
+    assert_equal '8152bc582f58c854f580cb101d3182813dec4afe', "#{user.password_reminder}"
+  end
+  
+  def teardown
+    User.class_eval do
+      @before_validation_callbacks = nil
+    end
+  end
+end
+
 class EncryptedAttributesWithDifferentTargetTest < ActiveSupport::TestCase
   def setup
     User.encrypts :password, :to => :crypted_password

data/test/unit/sha_cipher_test.rb

@@ -14,6 +14,27 @@ class ShaCipherWithoutEmbeddingTest < Test::Unit::TestCase
   end
 end
 
+class ShaCipherWithCustomDefaultsTest < Test::Unit::TestCase
+  def setup
+    @original_default_embed_salt = EncryptedAttributes::ShaCipher.default_embed_salt
+    
+    EncryptedAttributes::ShaCipher.default_embed_salt = true
+    @cipher = EncryptedAttributes::ShaCipher.new('dc0fc7c07bba982a8d8f18fe138dbea912df5e0ecustom_salt')
+  end
+  
+  def test_should_use_remaining_characters_after_password_for_salt
+    assert_equal 'custom_salt', @cipher.salt
+  end
+  
+  def test_should_embed_salt_in_encrypted_string
+    assert_equal 'dc0fc7c07bba982a8d8f18fe138dbea912df5e0ecustom_salt', @cipher.encrypt('secret')
+  end
+  
+  def teardown
+    EncryptedAttributes::ShaCipher.default_embed_salt = @original_default_embed_salt
+  end
+end
+
 class ShaCipherWithNoSaltEmbeddedTest < Test::Unit::TestCase
   def setup
     @cipher = EncryptedAttributes::ShaCipher.new('dc0fc7c07bba982a8d8f18fe138dbea912df5e0e', :embed_salt => true, :salt => 'custom_salt')
@@ -41,3 +62,35 @@ class ShaCipherWithSaltEmbeddedTest < Test::Unit::TestCase
     assert_equal 'dc0fc7c07bba982a8d8f18fe138dbea912df5e0ecustom_salt', @cipher.encrypt('secret')
   end
 end
+
+class ShaCipherWithSaltEmbeddedAndCustomAlgorithmTest < Test::Unit::TestCase
+  def test_should_support_md5
+    cipher = EncryptedAttributes::ShaCipher.new('3b5ba11611dc1ba8bcdb0ff41aa693dcmd5_salt', :algorithm => 'md5', :embed_salt => true)
+    assert_equal 'md5_salt', cipher.salt
+  end
+  
+  def test_should_support_sha1
+    cipher = EncryptedAttributes::ShaCipher.new('f8f70e06fed41c86c49766e6963ed4544647d638sha1_salt', :algorithm => 'sha1', :embed_salt => true)
+    assert_equal 'sha1_salt', cipher.salt
+  end
+  
+  def test_should_support_sha2
+    cipher = EncryptedAttributes::ShaCipher.new('f2c5bd7ef9317004cca8680e7c12fa8a0b8ea9e7ebab8834ad9d818244d7c1d4sha2_salt', :algorithm => 'sha2', :embed_salt => true)
+    assert_equal 'sha2_salt', cipher.salt
+  end
+  
+  def test_should_support_sha256
+    cipher = EncryptedAttributes::ShaCipher.new('1b75f1ebde621856c036118f296bae779548401566c982f2ec1efc089a587689sha256_salt', :algorithm => 'sha256', :embed_salt => true)
+    assert_equal 'sha256_salt', cipher.salt
+  end
+  
+  def test_should_support_sha384
+    cipher = EncryptedAttributes::ShaCipher.new('d80570a23a1534d6a32201b01fa84b5d433a275f0aecd9cbdca2c726826e9034f90feb76fcdf49b9eafb21973962c75dsha384_salt', :algorithm => 'sha384', :embed_salt => true)
+    assert_equal 'sha384_salt', cipher.salt
+  end
+  
+  def test_should_support_sha512
+    cipher = EncryptedAttributes::ShaCipher.new('44ffca1b3e63f0f1047f42656f43206d7d006c36d44f9f5ffde6c4679dc140f27ff4c8d310bbec902a9231a081e1c9d04236563331df29383e27037bb746df7fsha512_salt', :algorithm => 'sha512', :embed_salt => true)
+    assert_equal 'sha512_salt', cipher.salt
+  end
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification 
 name: encrypted_attributes
 version: !ruby/object:Gem::Version 
-  version: 0.4.0
+  version: 0.4.1
 platform: ruby
 authors: 
 - Aaron Pfeifer
@@ -9,7 +9,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2009-05-02 00:00:00 -04:00
+date: 2010-03-07 00:00:00 -05:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
@@ -20,7 +20,7 @@ dependencies:
     requirements: 
     - - ">="
       - !ruby/object:Gem::Version 
-        version: 0.3.0
+        version: 0.3.3
     version: 
 description: Adds support for automatically encrypting ActiveRecord attributes
 email: aaron@pluginaweek.org
@@ -31,26 +31,17 @@ extensions: []
 extra_rdoc_files: []
 
 files: 
-- lib/encrypted_attributes.rb
-- lib/encrypted_attributes
 - lib/encrypted_attributes/sha_cipher.rb
-- test/factory.rb
-- test/test_helper.rb
-- test/unit
+- lib/encrypted_attributes.rb
 - test/unit/sha_cipher_test.rb
 - test/unit/encrypted_attributes_test.rb
-- test/keys
-- test/keys/private
-- test/keys/public
-- test/app_root
-- test/app_root/db
-- test/app_root/db/migrate
 - test/app_root/db/migrate/001_create_users.rb
-- test/app_root/config
-- test/app_root/config/environment.rb
-- test/app_root/app
-- test/app_root/app/models
 - test/app_root/app/models/user.rb
+- test/app_root/config/environment.rb
+- test/test_helper.rb
+- test/factory.rb
+- test/keys/public
+- test/keys/private
 - CHANGELOG.rdoc
 - init.rb
 - LICENSE
@@ -58,6 +49,8 @@ files:
 - README.rdoc
 has_rdoc: true
 homepage: http://www.pluginaweek.org
+licenses: []
+
 post_install_message: 
 rdoc_options: []
 
@@ -78,9 +71,9 @@ required_rubygems_version: !ruby/object:Gem::Requirement
 requirements: []
 
 rubyforge_project: pluginaweek
-rubygems_version: 1.3.1
+rubygems_version: 1.3.5
 signing_key: 
-specification_version: 2
+specification_version: 3
 summary: Adds support for automatically encrypting ActiveRecord attributes
 test_files: 
 - test/unit/sha_cipher_test.rb