has_encrypted_field 0.3.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: e23d1535da69e8fac005471ada8f582d0ca33f156fc13b0cc6849ee57dfa004b
+  data.tar.gz: 417ad4a021cbd01588ae6edf5b9d188b1d0efec26035032eb4dea33bb411e258
+SHA512:
+  metadata.gz: 541ede4b27721ab52d547c6c15cbc8b8bb6303555340d22b62c80ed548e2e3f14a30dff87010b0300ff45bf38620b0e38f1aa4415c890774d7b5290f030ec038
+  data.tar.gz: f99e886a4af47c81693a6149ebc4d4a651aff7fe76cce780a409f5561080e9101fff46f6493bf43dcd4d9b3d0b970f2bc0bb01060b3ede061f28678038834725

data/.gitignore

@@ -0,0 +1,9 @@
+/.bundle/
+/.yardoc
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/
+.ruby-version

data/.rubocop.yml

@@ -0,0 +1,22 @@
+require:
+  - rubocop-performance
+  - rubocop-minitest
+
+AllCops:
+  Exclude:
+  - coverage/**/*
+  - vendor/bundle/**/*
+Layout/LineLength:
+  Max: 140
+Style/GuardClause:
+  Enabled: false
+Style/StringLiterals:
+  EnforcedStyle: double_quotes
+Style/StringLiteralsInInterpolation:
+  Enabled: false
+Style/HashEachMethods:
+  Enabled: true
+Style/HashTransformKeys:
+  Enabled: true
+Style/HashTransformValues:
+  Enabled: true

data/CHANGELOG.md

@@ -0,0 +1,13 @@
+## 0.3.0 ##
+
+* Make it possible to pluck regular fields among encrypted ones ([@vinistock])
+
+## 0.2.0 ##
+
+* Add pluck_decrypted ([@vinistock])
+* Stop overriding original reader and create decrypted_attr instead ([@vinistock])
+* Fix reading secret via masterk.key ([@vinistock])
+
+## 0.1.0 ##
+
+* Add has_encrypted_field ([@vinistock])

data/CONTRIBUTING.md

@@ -0,0 +1,25 @@
+## Contributing
+
+All contributions are greatly appreciated. Be it opening an issue proposing an improvement, submitting a pull request fixing a bug or any other assistance is helpful.
+
+## Issues
+
+If you have found a bug or have a suggestion, please make a brief search in the issues section to check if something similar has not been reported already.
+
+**Bugs**
+
+When describing bugs in the gem, please include steps for reproducing the issue. That makes it easier to identify the problem's source and solve it.
+
+**Suggestions**
+
+These are mostly pretty open, but try to be concise in your explanation of what is being suggested.
+
+## Pull requests
+
+If you're addressing an issue, please refer to it in your pull request's comment for tracking.
+
+1. Fork it (https://github.com/vinistock/has_encrypted_field/fork)
+2. Create your feature branch (git checkout -b my-feature)
+3. Commit your changes (git commit -am 'Add my feature')
+4. Push to the branch (git push origin my-feature)
+5. Create a new Pull Request

data/Gemfile

@@ -0,0 +1,8 @@
+# frozen_string_literal: true
+
+source "https://rubygems.org"
+gemspec
+
+gem "minitest", "~> 5.0"
+gem "rails", (ENV["RAILS_VERSION"] || ">= 5.0.0")
+gem "rake", "~> 12.0"

data/Gemfile.lock

@@ -0,0 +1,181 @@
+PATH
+  remote: .
+  specs:
+    has_encrypted_field (0.3.1)
+      activerecord (>= 5.0.0)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    actioncable (6.1.4.1)
+      actionpack (= 6.1.4.1)
+      activesupport (= 6.1.4.1)
+      nio4r (~> 2.0)
+      websocket-driver (>= 0.6.1)
+    actionmailbox (6.1.4.1)
+      actionpack (= 6.1.4.1)
+      activejob (= 6.1.4.1)
+      activerecord (= 6.1.4.1)
+      activestorage (= 6.1.4.1)
+      activesupport (= 6.1.4.1)
+      mail (>= 2.7.1)
+    actionmailer (6.1.4.1)
+      actionpack (= 6.1.4.1)
+      actionview (= 6.1.4.1)
+      activejob (= 6.1.4.1)
+      activesupport (= 6.1.4.1)
+      mail (~> 2.5, >= 2.5.4)
+      rails-dom-testing (~> 2.0)
+    actionpack (6.1.4.1)
+      actionview (= 6.1.4.1)
+      activesupport (= 6.1.4.1)
+      rack (~> 2.0, >= 2.0.9)
+      rack-test (>= 0.6.3)
+      rails-dom-testing (~> 2.0)
+      rails-html-sanitizer (~> 1.0, >= 1.2.0)
+    actiontext (6.1.4.1)
+      actionpack (= 6.1.4.1)
+      activerecord (= 6.1.4.1)
+      activestorage (= 6.1.4.1)
+      activesupport (= 6.1.4.1)
+      nokogiri (>= 1.8.5)
+    actionview (6.1.4.1)
+      activesupport (= 6.1.4.1)
+      builder (~> 3.1)
+      erubi (~> 1.4)
+      rails-dom-testing (~> 2.0)
+      rails-html-sanitizer (~> 1.1, >= 1.2.0)
+    activejob (6.1.4.1)
+      activesupport (= 6.1.4.1)
+      globalid (>= 0.3.6)
+    activemodel (6.1.4.1)
+      activesupport (= 6.1.4.1)
+    activerecord (6.1.4.1)
+      activemodel (= 6.1.4.1)
+      activesupport (= 6.1.4.1)
+    activestorage (6.1.4.1)
+      actionpack (= 6.1.4.1)
+      activejob (= 6.1.4.1)
+      activerecord (= 6.1.4.1)
+      activesupport (= 6.1.4.1)
+      marcel (~> 1.0.0)
+      mini_mime (>= 1.1.0)
+    activesupport (6.1.4.1)
+      concurrent-ruby (~> 1.0, >= 1.0.2)
+      i18n (>= 1.6, < 2)
+      minitest (>= 5.1)
+      tzinfo (~> 2.0)
+      zeitwerk (~> 2.3)
+    ast (2.4.2)
+    builder (3.2.4)
+    byebug (11.1.3)
+    concurrent-ruby (1.1.9)
+    crass (1.0.6)
+    erubi (1.10.0)
+    globalid (0.5.2)
+      activesupport (>= 5.0)
+    i18n (1.8.10)
+      concurrent-ruby (~> 1.0)
+    loofah (2.12.0)
+      crass (~> 1.0.2)
+      nokogiri (>= 1.5.9)
+    mail (2.7.1)
+      mini_mime (>= 0.1.1)
+    marcel (1.0.2)
+    method_source (1.0.0)
+    mini_mime (1.1.1)
+    mini_portile2 (2.6.1)
+    minitest (5.14.4)
+    mocha (1.13.0)
+    nio4r (2.5.8)
+    nokogiri (1.12.4)
+      mini_portile2 (~> 2.6.1)
+      racc (~> 1.4)
+    parallel (1.21.0)
+    parser (3.0.2.0)
+      ast (~> 2.4.1)
+    racc (1.5.2)
+    rack (2.2.3)
+    rack-test (1.1.0)
+      rack (>= 1.0, < 3)
+    rails (6.1.4.1)
+      actioncable (= 6.1.4.1)
+      actionmailbox (= 6.1.4.1)
+      actionmailer (= 6.1.4.1)
+      actionpack (= 6.1.4.1)
+      actiontext (= 6.1.4.1)
+      actionview (= 6.1.4.1)
+      activejob (= 6.1.4.1)
+      activemodel (= 6.1.4.1)
+      activerecord (= 6.1.4.1)
+      activestorage (= 6.1.4.1)
+      activesupport (= 6.1.4.1)
+      bundler (>= 1.15.0)
+      railties (= 6.1.4.1)
+      sprockets-rails (>= 2.0.0)
+    rails-dom-testing (2.0.3)
+      activesupport (>= 4.2.0)
+      nokogiri (>= 1.6)
+    rails-html-sanitizer (1.4.2)
+      loofah (~> 2.3)
+    railties (6.1.4.1)
+      actionpack (= 6.1.4.1)
+      activesupport (= 6.1.4.1)
+      method_source
+      rake (>= 0.13)
+      thor (~> 1.0)
+    rainbow (3.0.0)
+    rake (12.3.3)
+    regexp_parser (2.1.1)
+    rexml (3.2.5)
+    rubocop (1.21.0)
+      parallel (~> 1.10)
+      parser (>= 3.0.0.0)
+      rainbow (>= 2.2.2, < 4.0)
+      regexp_parser (>= 1.8, < 3.0)
+      rexml
+      rubocop-ast (>= 1.9.1, < 2.0)
+      ruby-progressbar (~> 1.7)
+      unicode-display_width (>= 1.4.0, < 3.0)
+    rubocop-ast (1.11.0)
+      parser (>= 3.0.1.1)
+    rubocop-minitest (0.15.0)
+      rubocop (>= 0.90, < 2.0)
+    rubocop-performance (1.11.5)
+      rubocop (>= 1.7.0, < 2.0)
+      rubocop-ast (>= 0.4.0)
+    ruby-progressbar (1.11.0)
+    sprockets (4.0.2)
+      concurrent-ruby (~> 1.0)
+      rack (> 1, < 3)
+    sprockets-rails (3.2.2)
+      actionpack (>= 4.0)
+      activesupport (>= 4.0)
+      sprockets (>= 3.0.0)
+    sqlite3 (1.4.2)
+    thor (1.1.0)
+    tzinfo (2.0.4)
+      concurrent-ruby (~> 1.0)
+    unicode-display_width (2.1.0)
+    websocket-driver (0.7.5)
+      websocket-extensions (>= 0.1.0)
+    websocket-extensions (0.1.5)
+    zeitwerk (2.4.2)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  byebug
+  has_encrypted_field!
+  minitest (~> 5.0)
+  mocha
+  rails (>= 5.0.0)
+  rake (~> 12.0)
+  rubocop
+  rubocop-minitest
+  rubocop-performance
+  sqlite3
+
+BUNDLED WITH
+   2.2.27

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2020 Vinicius Stock
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,54 @@
+This unfinished experiment is no longer active. It did not work and should not be used.
+
+# HasEncryptedField
+
+This gem provides support for encrypted attributes for models based on activerecord.
+
+It will encrypt the desired values inside model instances and save encrypted values to the database.
+
+## Installation
+
+Not published
+
+## Usage
+
+Include the `HasEncryptedField` module inside the desired models and declare fields.
+
+```ruby
+class User < ApplicationRecord
+  include HasEncryptedField
+
+  has_encrypted_field :email
+end
+
+# The writer encrypts
+user = User.create!(email: "user@example.com")
+p user
+=> #<User id: 1, email: "eXhzeEJ1ejRvOVE2VGFiU0V6Y0NPMWJybjd6a005c1F3RGh0R3...">
+
+# The reader decrypts
+p user.decrypted_email
+=> "user@example.com"
+
+# Pluck decrypted fields
+p User.pluck_decrypted(:email)
+=> ["user@example.com"]
+
+# Pluck including encrypted and regular fields
+p User.pluck_decrypted(:id, :email)
+=> [[1, "user@example.com"]]
+```
+
+### Available configuration and defaults
+
+```ruby
+HasEncryptedField.configure do |config|
+  config.secret_key = ENV["RAILS_MASTER_KEY"] || contents of master.key
+end
+```
+
+### Warning
+
+Remember that using this gem to save encrypted fields to the database will always require the original master key in order to decrypt data.
+
+It will not be possible to recover data encrypted if the original master key is lost.

data/Rakefile

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+require "bundler/gem_tasks"
+require "rake/testtask"
+
+Rake::TestTask.new(:test) do |t|
+  t.libs << "test"
+  t.libs << "lib"
+  t.test_files = FileList["test/**/*_test.rb"]
+end
+
+task default: :test

data/bin/console

@@ -0,0 +1,8 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+require "bundler/setup"
+require "has_encrypted_field"
+
+require "irb"
+IRB.start(__FILE__)

data/bin/setup

@@ -0,0 +1,6 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+set -vx
+
+bundle install

data/has_encrypted_field.gemspec

@@ -0,0 +1,37 @@
+# frozen_string_literal: true
+
+require_relative "lib/has_encrypted_field/version"
+
+Gem::Specification.new do |spec|
+  spec.name          = "has_encrypted_field"
+  spec.version       = HasEncryptedField::VERSION
+  spec.authors       = ["Vinicius Stock"]
+  spec.email         = ["vinicius.stock@shopify.com"]
+
+  spec.summary       = "Encrypted attributes for Rails models."
+  spec.description   = "Encrypted attributes for Rails models."
+  spec.homepage      = "https://github.com/vinistock/has_encrypted_field"
+  spec.license       = "MIT"
+  spec.required_ruby_version = Gem::Requirement.new(">= 2.3.0")
+
+  spec.metadata["homepage_uri"] = spec.homepage
+  spec.metadata["source_code_uri"] = "https://github.com/vinistock/has_encrypted_field"
+  spec.metadata["changelog_uri"] = "https://github.com/vinistock/has_encrypted_field/blob/master/CHANGELOG.md"
+
+  spec.files = Dir.chdir(File.expand_path(__dir__)) do
+    `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
+  end
+
+  spec.bindir        = "exe"
+  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.require_paths = ["lib"]
+
+  spec.add_dependency "activerecord", ">= 5.0.0"
+
+  spec.add_development_dependency "byebug"
+  spec.add_development_dependency "mocha"
+  spec.add_development_dependency "rubocop"
+  spec.add_development_dependency "rubocop-minitest"
+  spec.add_development_dependency "rubocop-performance"
+  spec.add_development_dependency "sqlite3"
+end

data/lib/has_encrypted_field/accessors.rb

@@ -0,0 +1,27 @@
+# frozen_string_literal: true
+
+module HasEncryptedField # :nodoc:
+  extend ActiveSupport::Concern
+
+  # ClassMethods
+  #
+  # These methods are added to classes that include
+  # the HasEncryptedField module.
+  module ClassMethods
+    # rubocop:disable Naming/PredicateName
+    def has_encrypted_field(attribute)
+      class_eval(<<~ACCESSORS, __FILE__, __LINE__ + 1)
+        def decrypted_#{attribute}
+          HasEncryptedField.encryptor.decrypt_and_verify(self[:#{attribute}])
+        end
+
+        def #{attribute}=(value)
+          self[:#{attribute}] = HasEncryptedField.encryptor.encrypt_and_sign(value)
+        end
+      ACCESSORS
+
+      HasEncryptedField.register(to_s, attribute)
+    end
+    # rubocop:enable Naming/PredicateName
+  end
+end

data/lib/has_encrypted_field/configuration.rb

@@ -0,0 +1,27 @@
+# frozen_string_literal: true
+
+module HasEncryptedField
+  # Configuration
+  #
+  # This class holds all initializer configuration
+  # for the gem.
+  class Configuration
+    attr_accessor :secret_key
+
+    def initialize
+      @secret_key = initialize_secret_key
+    end
+
+    private
+
+    def initialize_secret_key
+      ENV["RAILS_MASTER_KEY"] || read_key_from_file
+    end
+
+    def read_key_from_file
+      path = Rails.root.join("config/master.key")
+
+      File.binread(path).strip
+    end
+  end
+end

data/lib/has_encrypted_field/query_methods.rb

@@ -0,0 +1,36 @@
+# frozen_string_literal: true
+
+module HasEncryptedField # :nodoc:
+  extend ActiveSupport::Concern
+
+  # ClassMethods
+  #
+  # These methods are added to classes that include
+  # the HasEncryptedField module.
+  module ClassMethods
+    def pluck_decrypted(*attributes)
+      attributes.length == 1 ? decrypt_simple(attributes) : decrypt_nested(attributes)
+    end
+
+    private
+
+    def decrypt_nested(attributes)
+      encrypted_fields = HasEncryptedField.registered_fields[to_s]
+
+      pluck(*attributes).map! do |tuple|
+        tuple.map!.with_index do |attr, index|
+          if encrypted_fields.include?(attributes[index])
+            HasEncryptedField.encryptor.decrypt_and_verify(attr)
+          else
+            attr
+          end
+        end
+      end
+    end
+
+    def decrypt_simple(attributes)
+      pluck(*attributes)
+        .map! { |attr| HasEncryptedField.encryptor.decrypt_and_verify(attr) }
+    end
+  end
+end

data/lib/has_encrypted_field/version.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+module HasEncryptedField
+  VERSION = "0.3.1"
+end

data/lib/has_encrypted_field.rb

@@ -0,0 +1,35 @@
+# frozen_string_literal: true
+
+require "active_support/concern"
+require "active_support/message_encryptor"
+require "has_encrypted_field/version"
+require "has_encrypted_field/configuration"
+require "has_encrypted_field/accessors"
+require "has_encrypted_field/query_methods"
+
+module HasEncryptedField # :nodoc:
+  class << self
+    attr_writer :configuration
+
+    def encryptor
+      @encryptor ||= ActiveSupport::MessageEncryptor.new(configuration.secret_key)
+    end
+
+    def configuration
+      @configuration ||= Configuration.new
+    end
+
+    def configure
+      yield(configuration)
+    end
+
+    def registered_fields
+      @registered_fields ||= {}
+    end
+
+    def register(class_name, field)
+      registered_fields[class_name] ||= []
+      registered_fields[class_name] << field
+    end
+  end
+end

metadata

@@ -0,0 +1,161 @@
+--- !ruby/object:Gem::Specification
+name: has_encrypted_field
+version: !ruby/object:Gem::Version
+  version: 0.3.1
+platform: ruby
+authors:
+- Vinicius Stock
+autorequire:
+bindir: exe
+cert_chain: []
+date: 2021-09-25 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: activerecord
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 5.0.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 5.0.0
+- !ruby/object:Gem::Dependency
+  name: byebug
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: mocha
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rubocop-minitest
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rubocop-performance
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: sqlite3
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Encrypted attributes for Rails models.
+email:
+- vinicius.stock@shopify.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".rubocop.yml"
+- CHANGELOG.md
+- CONTRIBUTING.md
+- Gemfile
+- Gemfile.lock
+- LICENSE.txt
+- README.md
+- Rakefile
+- bin/console
+- bin/setup
+- has_encrypted_field.gemspec
+- lib/has_encrypted_field.rb
+- lib/has_encrypted_field/accessors.rb
+- lib/has_encrypted_field/configuration.rb
+- lib/has_encrypted_field/query_methods.rb
+- lib/has_encrypted_field/version.rb
+homepage: https://github.com/vinistock/has_encrypted_field
+licenses:
+- MIT
+metadata:
+  homepage_uri: https://github.com/vinistock/has_encrypted_field
+  source_code_uri: https://github.com/vinistock/has_encrypted_field
+  changelog_uri: https://github.com/vinistock/has_encrypted_field/blob/master/CHANGELOG.md
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 2.3.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.2.27
+signing_key:
+specification_version: 4
+summary: Encrypted attributes for Rails models.
+test_files: []