familia 2.0.0.pre5 → 2.0.0.pre7

data/try/debugging/debug_load_path.rb

@@ -0,0 +1,66 @@
+#!/usr/bin/env ruby
+
+$LOAD_PATH.unshift(File.expand_path('lib', __dir__))
+ENV['TEST'] = 'true'  # Mark as test environment
+require 'familia'
+require_relative 'try/helpers/test_helpers'
+
+puts "Testing load path and setter behavior..."
+
+class TestModel < Familia::Horreum
+  feature :encrypted_fields
+  identifier_field :id
+  field :id
+  encrypted_field :secret
+end
+
+test_keys = { v1: Base64.strict_encode64('a' * 32) }
+Familia.config.encryption_keys = test_keys
+Familia.config.current_key_version = :v1
+
+# Clean database
+Familia.dbclient.flushdb
+
+puts "\n=== TRACING THE SETTER DURING LOAD ==="
+
+# First, let's monkey-patch the setter to see what's being called
+original_setter = TestModel.instance_method(:secret=)
+TestModel.define_method(:secret=) do |value|
+  puts "\n--- SETTER CALLED ---"
+  puts "Setting secret to: #{value}"
+  puts "Value class: #{value.class}"
+  puts "Record exists?: #{exists?}"
+  puts "Record identifier: #{identifier}"
+
+  if value.is_a?(String) && !value.nil?
+    puts "Checking if value is encrypted JSON..."
+    field_type = TestModel.field_types[:secret]
+    is_encrypted = field_type.encrypted_json?(value)
+    puts "encrypted_json? result: #{is_encrypted}"
+
+    if is_encrypted
+      puts "Path: Creating ConcealedString WITHOUT re-encryption"
+    else
+      puts "Path: Will ENCRYPT value and create ConcealedString"
+    end
+  end
+  puts "--- END SETTER ---\n"
+
+  # Call original setter
+  original_setter.bind(self).call(value)
+end
+
+puts "\nCreating and saving model..."
+model = TestModel.new(id: 'test1')
+puts "Setting secret on in-memory model..."
+model.secret = 'plaintext-secret'
+
+puts "\nSaving model..."
+model.save
+
+puts "\nRaw data in database:"
+raw_data = Familia.dbclient.hget('testmodel:test1:object', 'secret')
+puts "Raw encrypted in DB: #{raw_data[0..100]}..." # Truncate for readability
+
+puts "\n=== LOADING MODEL ==="
+loaded_model = TestModel.load('test1')

data/try/debugging/debug_method_definition.rb

@@ -0,0 +1,46 @@
+#!/usr/bin/env ruby
+
+$LOAD_PATH.unshift(File.expand_path('lib', __dir__))
+ENV['TEST'] = 'true'
+require 'familia'
+
+puts "Checking method definition..."
+
+field_type = Familia::EncryptedFieldType.new(:test)
+puts "Method source location: #{field_type.method(:encrypted_json?).source_location}"
+
+# Check if the method exists
+puts "Method exists?: #{field_type.respond_to?(:encrypted_json?)}"
+
+# Get the method object and examine it
+method_obj = field_type.method(:encrypted_json?)
+puts "Method object: #{method_obj}"
+puts "Method owner: #{method_obj.owner}"
+
+# Call with debugging
+puts "\nCalling method..."
+result = method_obj.call('{"algorithm":"test"}')
+puts "Result: #{result}"
+
+# Let's also check the class directly
+puts "\nChecking class method..."
+class_result = Familia::EncryptedFieldType.new(:test2).encrypted_json?('{"algorithm":"test"}')
+puts "Class result: #{class_result}"
+
+# Try to define the method inline to see if it works
+puts "\nDefining method inline..."
+field_type.define_singleton_method(:test_encrypted_json?) do |data|
+  puts "Inline method called with: #{data}"
+  begin
+    parsed = JSON.parse(data)
+    result = parsed.is_a?(Hash) && parsed.key?('algorithm')
+    puts "Inline result: #{result}"
+    return result
+  rescue => e
+    puts "Inline error: #{e}"
+    return false
+  end
+end
+
+inline_result = field_type.test_encrypted_json?('{"algorithm":"test"}')
+puts "Inline method result: #{inline_result}"

data/try/debugging/debug_method_resolution.rb

@@ -0,0 +1,41 @@
+#!/usr/bin/env ruby
+
+$LOAD_PATH.unshift(File.expand_path('lib', __dir__))
+ENV['TEST'] = 'true'  # Mark as test environment
+require 'familia'
+require_relative 'try/helpers/test_helpers'
+
+puts "Testing method resolution for encrypted_json?..."
+
+class TestModel < Familia::Horreum
+  feature :encrypted_fields
+  identifier_field :id
+  field :id
+  encrypted_field :secret
+end
+
+test_keys = { v1: Base64.strict_encode64('a' * 32) }
+Familia.config.encryption_keys = test_keys
+Familia.config.current_key_version = :v1
+
+field_type = TestModel.field_types[:secret]
+encrypted_json = '{"algorithm":"xchacha20poly1305","nonce":"test","ciphertext":"test","auth_tag":"test","key_version":"v1"}'
+
+puts "Field type class: #{field_type.class}"
+puts "Field type method location: #{field_type.method(:encrypted_json?).source_location}"
+
+# Test the method directly
+puts "\nDirect method test:"
+puts "Result: #{field_type.encrypted_json?(encrypted_json)}"
+
+# Test with a fresh instance
+puts "\nCreating fresh EncryptedFieldType instance:"
+fresh_field_type = Familia::EncryptedFieldType.new(:test)
+puts "Fresh field type method location: #{fresh_field_type.method(:encrypted_json?).source_location}"
+puts "Fresh instance result: #{fresh_field_type.encrypted_json?(encrypted_json)}"
+
+# Test with simple JSON
+simple_json = '{"algorithm":"test"}'
+puts "\nTesting with simple JSON: #{simple_json}"
+puts "Field type result: #{field_type.encrypted_json?(simple_json)}"
+puts "Fresh instance result: #{fresh_field_type.encrypted_json?(simple_json)}"

data/try/debugging/debug_minimal.rb

@@ -0,0 +1,24 @@
+#!/usr/bin/env ruby
+
+$LOAD_PATH.unshift(File.expand_path('lib', __dir__))
+require 'familia'
+
+# Minimal test
+field_type = Familia::EncryptedFieldType.new(:test)
+json = '{"algorithm":"test"}'
+
+puts "Testing: #{json}"
+puts "Result: #{field_type.encrypted_json?(json)}"
+
+# Manual implementation
+puts "\nManual check:"
+begin
+  parsed = JSON.parse(json)
+  puts "Parsed: #{parsed}"
+  puts "Is hash?: #{parsed.is_a?(Hash)}"
+  puts "Has algorithm?: #{parsed.key?('algorithm')}"
+  result = parsed.is_a?(Hash) && parsed.key?('algorithm')
+  puts "Manual result: #{result}"
+rescue => e
+  puts "Error: #{e}"
+end

data/try/debugging/debug_provider.rb

@@ -0,0 +1,68 @@
+#!/usr/bin/env ruby
+
+$LOAD_PATH.unshift(File.expand_path('lib', __dir__))
+ENV['TEST'] = 'true'  # Mark as test environment
+require 'familia'
+require_relative 'try/helpers/test_helpers'
+
+puts "Testing provider-level decryption..."
+
+# Setup
+test_keys = { v1: Base64.strict_encode64('a' * 32) }
+Familia.config.encryption_keys = test_keys
+Familia.config.current_key_version = :v1
+
+# Simulate the conditions during encryption vs decryption
+class TestModel < Familia::Horreum
+  feature :encrypted_fields
+  identifier_field :id
+  field :id
+  encrypted_field :secret
+end
+
+# Clean database
+Familia.dbclient.flushdb
+
+puts "\n=== DIRECT ENCRYPTION/DECRYPTION TEST ==="
+
+# Test direct encryption/decryption with different AAD values
+plaintext = "test-secret"
+context = "TestModel:secret:test1"
+
+# Scenario 1: Encrypt with AAD = nil (before save)
+puts "Encrypting with AAD = nil..."
+encrypted_json_1 = Familia::Encryption.encrypt(plaintext, context: context, additional_data: nil)
+puts "Encrypted: #{encrypted_json_1}"
+
+# Try to decrypt with AAD = nil
+puts "Decrypting with AAD = nil..."
+decrypted_1 = Familia::Encryption.decrypt(encrypted_json_1, context: context, additional_data: nil)
+puts "Decrypted: #{decrypted_1}"
+
+# Try to decrypt with AAD = "test1" (what happens after load)
+puts "Decrypting with AAD = 'test1'..."
+begin
+  decrypted_2 = Familia::Encryption.decrypt(encrypted_json_1, context: context, additional_data: "test1")
+  puts "Decrypted: #{decrypted_2}"
+rescue => e
+  puts "Decryption failed: #{e.class}: #{e.message}"
+end
+
+# Scenario 2: Encrypt with AAD = "test1" (after save)
+puts "\nEncrypting with AAD = 'test1'..."
+encrypted_json_2 = Familia::Encryption.encrypt(plaintext, context: context, additional_data: "test1")
+puts "Encrypted: #{encrypted_json_2}"
+
+# Try to decrypt with AAD = "test1"
+puts "Decrypting with AAD = 'test1'..."
+decrypted_3 = Familia::Encryption.decrypt(encrypted_json_2, context: context, additional_data: "test1")
+puts "Decrypted: #{decrypted_3}"
+
+# Try to decrypt with AAD = nil
+puts "Decrypting with AAD = nil..."
+begin
+  decrypted_4 = Familia::Encryption.decrypt(encrypted_json_2, context: context, additional_data: nil)
+  puts "Decrypted: #{decrypted_4}"
+rescue => e
+  puts "Decryption failed: #{e.class}: #{e.message}"
+end

data/try/debugging/debug_secure_behavior.rb

@@ -0,0 +1,73 @@
+#!/usr/bin/env ruby
+
+$LOAD_PATH.unshift(File.expand_path('lib', __dir__))
+ENV['TEST'] = 'true'
+require 'familia'
+require_relative 'try/helpers/test_helpers'
+
+puts "Debugging secure_by_default_behavior test failure..."
+
+# Setup encryption keys for testing
+test_keys = { v1: Base64.strict_encode64('a' * 32) }
+Familia.config.encryption_keys = test_keys
+Familia.config.current_key_version = :v1
+
+class DebugSecureUserAccount < Familia::Horreum
+  feature :encrypted_fields
+  identifier_field :id
+  field :id
+  field :username
+  field :email
+  encrypted_field :password_hash
+  encrypted_field :api_secret
+  encrypted_field :recovery_key
+end
+
+# Patch for debugging
+class Familia::EncryptedFieldType
+  alias_method :original_encrypt_value, :encrypt_value
+  alias_method :original_decrypt_value, :decrypt_value
+
+  def encrypt_value(record, value)
+    aad = build_aad(record)
+    puts "[ENCRYPT] #{record.class}##{@name}: exists=#{record.exists?}, AAD=#{aad}"
+    original_encrypt_value(record, value)
+  end
+
+  def decrypt_value(record, encrypted)
+    aad = build_aad(record)
+    puts "[DECRYPT] #{record.class}##{@name}: exists=#{record.exists?}, AAD=#{aad}"
+    original_decrypt_value(record, encrypted)
+  end
+end
+
+# Clean database
+Familia.dbclient.flushdb
+
+puts "\n=== CREATION AND ENCRYPTION ==="
+user = DebugSecureUserAccount.new(id: "user123")
+puts "After new: exists=#{user.exists?}"
+
+user.username = "john_doe"
+user.email = "john@example.com"
+user.password_hash = "bcrypt$2a$12$abcdef..."
+user.api_secret = "secret-api-key-12345"
+
+puts "\n=== SAVE TO DATABASE ==="
+result = user.save
+puts "Save result: #{result}"
+puts "After save: exists=#{user.exists?}"
+
+puts "\n=== FRESH LOAD FROM DATABASE ==="
+fresh_user = DebugSecureUserAccount.load("user123")
+puts "Fresh user loaded: exists=#{fresh_user.exists?}"
+
+puts "\n=== DECRYPTION ATTEMPT ==="
+begin
+  fresh_user.password_hash.reveal do |plaintext|
+    puts "SUCCESS: Decrypted password_hash: #{plaintext}"
+  end
+rescue => e
+  puts "ERROR: #{e.class}: #{e.message}"
+  puts "This suggests AAD mismatch between save and load"
+end

data/try/debugging/debug_string_class.rb

@@ -0,0 +1,46 @@
+#!/usr/bin/env ruby
+
+$LOAD_PATH.unshift(File.expand_path('lib', __dir__))
+ENV['TEST'] = 'true'
+require 'familia'
+
+puts "Investigating the string class issue..."
+
+field_type = Familia::EncryptedFieldType.new(:test)
+json = '{"algorithm":"test"}'
+
+puts "Testing string object:"
+puts "json: #{json}"
+puts "json.class: #{json.class}"
+puts "json.is_a?(String): #{json.is_a?(String)}"
+puts "json.kind_of?(String): #{json.kind_of?(String)}"
+puts "json.class == String: #{json.class == String}"
+puts "json.class.ancestors: #{json.class.ancestors}"
+
+# Let's test with various string types
+frozen_string = '{"algorithm":"test"}'.freeze
+puts "\nTesting frozen string:"
+puts "frozen.class: #{frozen_string.class}"
+puts "frozen.is_a?(String): #{frozen_string.is_a?(String)}"
+
+# Test with different string creation methods
+string_new = String.new('{"algorithm":"test"}')
+puts "\nTesting String.new:"
+puts "string_new.class: #{string_new.class}"
+puts "string_new.is_a?(String): #{string_new.is_a?(String)}"
+
+# Let's inspect what the method actually receives
+puts "\nTesting what the method actually receives..."
+field_type.define_singleton_method(:debug_encrypted_json?) do |data|
+  puts "Received data: #{data.inspect}"
+  puts "Data class: #{data.class}"
+  puts "Data class ancestors: #{data.class.ancestors}"
+  puts "Is String?: #{data.is_a?(String)}"
+  puts "Kind of String?: #{data.kind_of?(String)}"
+  puts "Equals String class?: #{data.class == String}"
+  puts "Responds to string methods?: #{data.respond_to?(:upcase)}"
+  return "debug_complete"
+end
+
+result = field_type.debug_encrypted_json?(json)
+puts "Debug result: #{result}"

data/try/debugging/debug_test.rb

@@ -0,0 +1,46 @@
+#!/usr/bin/env ruby
+
+$LOAD_PATH.unshift(File.expand_path('lib', __dir__))
+ENV['TEST'] = 'true'  # Mark as test environment
+require 'familia'
+require_relative 'try/helpers/test_helpers'
+
+puts "Testing ConcealedString reveal_for_testing method..."
+
+class TestModel < Familia::Horreum
+  feature :encrypted_fields
+  identifier_field :id
+  field :id
+  encrypted_field :secret
+end
+
+Familia.config.encryption_keys = { v1: SecureRandom.hex(32) }
+Familia.config.current_key_version = :v1
+
+model = TestModel.new(id: 'test1')
+model.secret = 'plaintext-secret'
+
+puts "Setting secret to: plaintext-secret"
+puts "Class of secret field: #{model.secret.class}"
+puts "Secret field value: #{model.secret}"
+
+if model.secret.respond_to?(:reveal_for_testing)
+  puts "Attempting reveal_for_testing..."
+  begin
+    decrypted = model.secret.reveal_for_testing
+    puts "reveal_for_testing result: #{decrypted}"
+  rescue => e
+    puts "reveal_for_testing failed: #{e.class}: #{e.message}"
+  end
+end
+
+if model.secret.respond_to?(:reveal)
+  puts "Attempting reveal block..."
+  begin
+    model.secret.reveal do |decrypted|
+      puts "reveal block result: #{decrypted}"
+    end
+  rescue => e
+    puts "reveal block failed: #{e.class}: #{e.message}"
+  end
+end

data/try/debugging/debug_test_design.rb

@@ -0,0 +1,80 @@
+#!/usr/bin/env ruby
+
+$LOAD_PATH.unshift(File.expand_path('lib', __dir__))
+ENV['TEST'] = 'true'
+require 'familia'
+require_relative 'try/helpers/test_helpers'
+
+puts "Understanding the test design and expected behavior..."
+
+# Setup encryption keys
+test_keys = { v1: Base64.strict_encode64('a' * 32) }
+Familia.config.encryption_keys = test_keys
+Familia.config.current_key_version = :v1
+
+class TestModelA < Familia::Horreum
+  feature :encrypted_fields
+  identifier_field :id
+  field :id
+  encrypted_field :api_key
+end
+
+class TestModelB < Familia::Horreum
+  feature :encrypted_fields
+  identifier_field :id
+  field :id
+  encrypted_field :api_key
+end
+
+# Clean database
+Familia.dbclient.flushdb
+
+model_a = TestModelA.new(id: 'same-id')
+model_b = TestModelB.new(id: 'same-id')
+
+model_a.api_key = 'secret-key'
+model_b.api_key = 'secret-key'
+
+cipher_a = model_a.instance_variable_get(:@api_key)
+cipher_b = model_b.instance_variable_get(:@api_key)
+
+puts "cipher_a class: #{cipher_a.class}"
+puts "cipher_b class: #{cipher_b.class}"
+
+# What the current tests do:
+puts "\n=== Current test approach ==="
+model_a.instance_variable_set(:@api_key, cipher_b)
+result = model_a.api_key
+puts "After setting cipher_b into model_a:"
+puts "  api_key returns: #{result.class}"
+puts "  This should be ConcealedString and succeed"
+
+# What would test ACTUAL cross-context isolation:
+puts "\n=== Testing actual cross-context isolation ==="
+puts "The REAL test should be trying to decrypt:"
+begin
+  result.reveal do |plain|
+    puts "  Cross-context decryption succeeded: #{plain} (BAD)"
+  end
+rescue => e
+  puts "  Cross-context decryption failed: #{e.class} (GOOD)"
+end
+
+# Try with raw encrypted JSON to see if that behaves differently:
+puts "\n=== Testing with raw encrypted JSON ==="
+raw_encrypted_b = cipher_b.encrypted_value
+puts "Raw encrypted from B: #{raw_encrypted_b}"
+
+# Try to set raw encrypted JSON and see what happens
+model_a.api_key = raw_encrypted_b  # This should wrap it in ConcealedString
+result2 = model_a.api_key
+puts "After setting raw encrypted JSON:"
+puts "  api_key returns: #{result2.class}"
+
+begin
+  result2.reveal do |plain|
+    puts "  Raw JSON decryption result: #{plain}"
+  end
+rescue => e
+  puts "  Raw JSON decryption failed: #{e.class}: #{e.message}"
+end

data/try/edge_cases/hash_symbolization_try.rb

@@ -61,6 +61,7 @@ end
 @symbol_result[:name]
 #=> "John"
 
+## String keys also work correctly
 @string_result['name']
 #=> "John"
 

data/try/edge_cases/reserved_keywords_try.rb

@@ -6,6 +6,7 @@ require_relative '../helpers/test_helpers'
 TestClass = Class.new(Familia::Horreum) do
   identifier_field :email
   field :email
+  field :ttl  # This should cause an error
   field :default_expiration
 end
 

data/try/edge_cases/string_coercion_try.rb

@@ -39,6 +39,7 @@ end
 #=:> BadIdentifierTest
 
 # Test polymorphic string usage for Familia objects
+## Customer creation with string coercion
 @customer = Customer.new(@customer_id)
 @customer.name = 'John Doe'
 @customer.planid = 'premium'
@@ -86,6 +87,7 @@ session
 @session.to_s
 #=<> @session_id
 
+## Test lookup by ID functionality
 lookup_by_id(@customer)
 #=> @customer_id.upcase
 

data/try/encryption/encryption_core_try.rb

@@ -40,7 +40,9 @@ Familia.config.current_key_version = :v2
 encrypted = Familia::Encryption.encrypt(plaintext, context: context)
 encrypted_data = JSON.parse(encrypted, symbolize_names: true)
 encrypted_data[:key_version]
-#=> "v2"## Nonce is unique - same plaintext encrypts to different ciphertext
+#=> "v2"
+
+## Nonce is unique - same plaintext encrypts to different ciphertext
 test_keys = { v1: Base64.strict_encode64('a' * 32), v2: Base64.strict_encode64('b' * 32) }
 context = "TestModel:secret_field:user123"
 plaintext = "sensitive data here"
@@ -129,7 +131,7 @@ Familia.config.current_key_version = :v1
 
 Familia::Encryption.decrypt("invalid json {", context: context)
 #=!> Familia::EncryptionError
-#==> error.message.include?("Decryption failed")
+#==> error.message.include?("Invalid JSON structure")
 
 ## Invalid base64 nonce raises sanitized error
 test_keys = { v1: Base64.strict_encode64('a' * 32) }
@@ -151,7 +153,7 @@ begin
   Familia::Encryption.decrypt(invalid_encrypted, context: context)
   "should_not_reach_here"
 rescue Familia::EncryptionError => e
-  e.message.include?("Decryption failed")
+  e.message.include?("Invalid Base64 encoding")
 end
 #=> true
 
@@ -175,7 +177,7 @@ begin
   Familia::Encryption.decrypt(invalid_encrypted, context: context)
   "should_not_reach_here"
 rescue Familia::EncryptionError => e
-  e.message.include?("Decryption failed")
+  e.message.include?("Invalid Base64 encoding")
 end
 #=> true