familia 2.0.0.pre5 → 2.0.0.pre7

data/try/features/encrypted_fields_integration_try.rb

@@ -20,6 +20,22 @@ class FullSecureModel < Familia::Horreum
   hashkey :metadata             # Regular hashkey
 end
 
+# Create XChaCha model in setup for use across tests
+test_keys_xchacha = { v1: Base64.strict_encode64('a' * 32) }
+Familia.config.encryption_keys = test_keys_xchacha
+Familia.config.current_key_version = :v1
+
+class XChaChaIntegrationModel < Familia::Horreum
+  feature :encrypted_fields
+  identifier_field :model_id
+
+  field :model_id
+  encrypted_field :secret_data
+end
+
+@xchacha_model = XChaChaIntegrationModel.new(model_id: 'xchacha-test')
+@xchacha_model.secret_data = 'xchacha20poly1305 integration test'
+
 
 
 ## Full model initialization with mixed field types works
@@ -51,15 +67,19 @@ class FullSecureModel2 < Familia::Horreum
   encrypted_field :api_token, aad_fields: [:email]
 end
 
-model = FullSecureModel2.new(
+@model = FullSecureModel2.new(
   model_id: 'secure-124',
   name: 'Test User 2',
   email: 'test2@secure.com'
 )
-model.password = 'secret-password-123'
-model.api_token = 'api-token-abc-xyz'
-[model.password, model.api_token]
-#=> ['secret-password-123', 'api-token-abc-xyz']## Serialization via to_h includes plaintext (as expected for normal usage)
+@model.password = 'secret-password-123'
+@model.api_token = 'api-token-abc-xyz'
+[@model.password.to_s, @model.api_token.to_s]
+#=> ['[CONCEALED]', '[CONCEALED]']
+
+## Controlled access returns actual values
+[@model.password.reveal { |p| p }, @model.api_token.reveal { |t| t }]
+#=> ['secret-password-123', 'api-token-abc-xyz']
 
 ## repaired test
 test_keys = { v1: Base64.strict_encode64('a' * 32) }
@@ -74,12 +94,12 @@ class FullSecureModel3 < Familia::Horreum
   encrypted_field :password
 end
 
-model = FullSecureModel3.new(model_id: 'secure-125')
-model.password = 'secret-password-123'
-hash_representation = model.to_h
-# to_h calls getters, so it includes decrypted values
-hash_representation.values.any? { |v| v.to_s.include?('secret-password-123') }
-#=> true
+@model3 = FullSecureModel3.new(model_id: 'secure-125')
+@model3.password = 'secret-password-123'
+hash_representation = @model3.to_h
+# With ConcealedString, to_h now excludes encrypted fields by default for security
+hash_representation.key?("password")
+#=> false
 
 ## Instance variables contain encrypted data structure
 test_keys = { v1: Base64.strict_encode64('a' * 32) }
@@ -93,11 +113,11 @@ class FullSecureModel3b < Familia::Horreum
   encrypted_field :password
 end
 
-model = FullSecureModel3b.new(model_id: 'secure-125b')
-model.password = 'secret-password-123'
-# Internal storage should be encrypted
-encrypted_password = model.instance_variable_get(:@password)
-encrypted_password.is_a?(String) && encrypted_password.include?('"algorithm":"xchacha20poly1305"')
+@model3b = FullSecureModel3b.new(model_id: 'secure-125b')
+@model3b.password = 'secret-password-123'
+# Internal storage now uses ConcealedString for security
+concealed_password = @model3b.instance_variable_get(:@password)
+concealed_password.class.name == "ConcealedString"
 #=> true
 
 ## Mixed data types work correctly with encrypted fields
@@ -115,41 +135,22 @@ class FullSecureModel4 < Familia::Horreum
   hashkey :metadata
 end
 
-model = FullSecureModel4.new(model_id: 'secure-126')
-model.password = 'secure-pass'
-model.activity_log << 'User logged in'
-model.metadata['last_login'] = Time.now.to_i.to_s
-
-[model.password, model.activity_log.size, model.metadata.has_key?('last_login')]
-#=> ['secure-pass', 1, true]
-
-## Provider-specific integration: XChaCha20Poly1305 encryption
-test_keys = { v1: Base64.strict_encode64('a' * 32) }
-Familia.config.encryption_keys = test_keys
-Familia.config.current_key_version = :v1
-
-class XChaChaIntegrationModel < Familia::Horreum
-  feature :encrypted_fields
-  identifier_field :model_id
-
-  field :model_id
-  encrypted_field :secret_data
-end
-
-xchacha_model = XChaChaIntegrationModel.new(model_id: 'xchacha-test')
-xchacha_model.secret_data = 'xchacha20poly1305 integration test'
+@model4 = FullSecureModel4.new(model_id: 'secure-126')
+@model4.password = 'secure-pass'
+@model4.activity_log << 'User logged in'
+@model4.metadata['last_login'] = Time.now.to_i.to_s
 
-# Verify XChaCha20Poly1305 is used by default
-encrypted_data = xchacha_model.instance_variable_get(:@secret_data)
-parsed_data = JSON.parse(encrypted_data, symbolize_names: true)
-parsed_data[:algorithm]
-#=> "xchacha20poly1305"
+[@model4.password.to_s, @model4.activity_log.size, @model4.metadata.has_key?('last_login')]
+#=> ['[CONCEALED]', 1, true]
 
-# Verify decryption works
-xchacha_model = XChaChaIntegrationModel.new(model_id: 'xchacha-test')
-xchacha_model.secret_data = 'xchacha20poly1305 integration test'
-xchacha_model.secret_data
-#=> "xchacha20poly1305 integration test"
+## XChaCha20Poly1305 integration tests
+concealed_data = @xchacha_model.secret_data
+[
+  concealed_data.class.name == "ConcealedString",
+  @xchacha_model.secret_data.to_s,
+  @xchacha_model.secret_data.reveal { |decrypted| decrypted }
+]
+#=> [true, "[CONCEALED]", "xchacha20poly1305 integration test"]
 
 
 # ALGORITHM PARAMETER FIX NEEDED:
@@ -169,7 +170,7 @@ xchacha_model.secret_data
 #
 # This enables per-field algorithm selection while maintaining backward compatibility
 
-## TEST 8: Provider-specific integration: AES-GCM with forced algorithm
+## TEST 8: AES-GCM algorithm specification test (shows default provider takes precedence)
 test_keys = { v1: Base64.strict_encode64('a' * 32) }
 Familia.config.encryption_keys = test_keys
 Familia.config.current_key_version = :v1
@@ -182,21 +183,15 @@ class AESIntegrationModel < Familia::Horreum
   encrypted_field :secret_data, algorithm: 'aes-256-gcm' # Specify the algorithm
 end
 
-aes_encrypted = Familia::Encryption.encrypt_with(
-  'aes-256-gcm',
-  'aes-gcm integration test',
-  context: 'AESIntegrationModel:secret_data:aes-test',
-)
-
-aes_model = AESIntegrationModel.new(model_id: 'aes-test')
-
-# Manually encrypt with AES-GCM to test cross-algorithm compatibility
-aes_model.instance_variable_set(:@secret_data, aes_encrypted)
+@aes_model = AESIntegrationModel.new(model_id: 'aes-test')
+@aes_model.secret_data = 'aes-gcm integration test'
 
-# Verify AES-GCM algorithm is stored and decryption works
-parsed_aes_data = JSON.parse(aes_encrypted, symbolize_names: true)
-[parsed_aes_data[:algorithm], aes_model.secret_data]
-##=> ["aes-256-gcm", "aes-gcm integration test"]
+# Test shows that algorithm parameter is currently ignored - XChaCha20Poly1305 is used by default
+concealed_data = @aes_model.secret_data
+encrypted_json = concealed_data.encrypted_value
+parsed_data = JSON.parse(encrypted_json, symbolize_names: true)
+[parsed_data[:algorithm], @aes_model.secret_data.reveal { |data| data }]
+#=> ["xchacha20poly1305", "aes-gcm integration test"]
 
 ## TEST 9: Provider-specific integration: AES-GCM with forced algorithm
 test_keys = { v1: Base64.strict_encode64('a' * 32) }
@@ -210,11 +205,12 @@ class AESIntegrationModel2 < Familia::Horreum
   encrypted_field :secret_data, algorithm: 'aes-256-gcm' # Specify the algorithm
 end
 
-aes_model = AESIntegrationModel2.new(model_id: 'aes-test')
-aes_model.secret_data = 'aes-gcm integration test'  # Use setter, not manual encryption
+@aes_model2 = AESIntegrationModel2.new(model_id: 'aes-test')
+@aes_model2.secret_data = 'aes-gcm integration test'  # Use setter, not manual encryption
 
 # Verify algorithm and decryption
-encrypted_data = aes_model.instance_variable_get(:@secret_data)
-parsed_data = JSON.parse(encrypted_data, symbolize_names: true)
-[parsed_data[:algorithm], aes_model.secret_data]
-##=> ["aes-256-gcm", "aes-gcm integration test"]
+concealed_data = @aes_model2.secret_data
+encrypted_json = concealed_data.encrypted_value
+parsed_data = JSON.parse(encrypted_json, symbolize_names: true)
+[parsed_data[:algorithm], @aes_model2.secret_data.reveal { |data| data }]
+#=> ["xchacha20poly1305", "aes-gcm integration test"]

data/try/features/encrypted_fields_no_cache_security_try.rb

@@ -35,7 +35,9 @@ Thread.current[:familia_key_cache]
 
 ## Reading the value also doesn't create cache
 @retrieved = @model.sensitive_data
-@retrieved
+@retrieved.reveal do |decrypted_value|
+  decrypted_value
+end
 #=> 'secret-value'
 
 ## repaired test
@@ -63,15 +65,21 @@ Thread.current[:familia_key_cache]
 #=> nil
 
 ## All values can be retrieved correctly
-@model2.field_a
+@model2.field_a.reveal do |decrypted_value|
+  decrypted_value
+end
 #=> 'value-a'
 
 ## Field b retrieves correctly
-@model2.field_b
+@model2.field_b.reveal do |decrypted_value|
+  decrypted_value
+end
 #=> 'value-b'
 
 ## Field c retrieves correctly
-@model2.field_c
+@model2.field_c.reveal do |decrypted_value|
+  decrypted_value
+end
 #=> 'value-c'
 
 ## Still no cache
@@ -130,7 +138,9 @@ end
     @results << {
       thread_id: i,
       cache_is_nil: cache_state.nil?,
-      value_correct: model.thread_secret == "thread-secret-#{i}"
+      value_correct: model.thread_secret.reveal do |decrypted_value|
+        decrypted_value == "thread-secret-#{i}"
+      end
     }
   end
 end
@@ -144,7 +154,7 @@ end
 #=> true
 
 ## All threads should have correct values
-@results.all? { |r| r[:value_correct] }
+@results.all? {|r| r[:value_correct] }
 #=> true
 
 ## Performance: Key derivation happens every time
@@ -162,7 +172,9 @@ end
 
 ## Multiple reads all trigger fresh key derivation
 @read_results = 100.times.map do
-  value = @model5.perf_field
+  value = @model5.perf_field.reveal do |decrypted_value|
+    decrypted_value
+  end
   value == 'initial-value'
 end
 
@@ -192,7 +204,9 @@ Thread.current[:familia_key_cache]
 #=> nil
 
 ## Value is correctly encrypted/decrypted with v2
-@model6.rotated_field
+@model6.rotated_field.reveal do |decrypted_value|
+  decrypted_value
+end
 #=> 'encrypted-with-v2'
 
 ## Reset to v1 for other tests