has_secure_attribute 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 791d8b4c2ad53a2ab79fe663e7e6e7e19b355e90
+  data.tar.gz: ecebf104e0f461d50c064d86d9441581f6950b9f
+SHA512:
+  metadata.gz: 758ae145496f31c48766909bffd81d03dd316a458e3bea9d6027061de6bf2b6437d94e58fb6f57db087d9579e003a98b2b70f8760cc74fd9ab37f28eee32e7b1
+  data.tar.gz: 42305c94aede34da459b9f0611ca57a157808c5556027c3225628651485adc5107a9d53893de1d950cf50a46c2daad708120fd88dda4e48ddb6e9ff3f2b45771

data/MIT-LICENSE

@@ -0,0 +1,23 @@
+Copyright (c) 2013 Panayotis Matsinopoulos
+
+Contact: panayotis@matsinopoulos.gr
+Site: http://www.matsinopoulos.gr
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,2 @@
+Under construction
+==================

data/lib/active_model/secure_attribute/has_secure_attribute.rb

@@ -0,0 +1,71 @@
+require 'bcrypt'
+
+module ActiveModel
+  module SecureAttribute
+    extend ActiveSupport::Concern
+
+    class << self
+      attr_accessor :min_cost
+    end
+    self.min_cost = false
+
+    module ClassMethods
+      def method_missing(meth, *args, &block)
+        if meth.to_s =~ /^has_secure_(.+)$/
+          has_secure_attribute($1, *args, &block)
+        else
+          super
+        end
+      end
+
+      def has_secure_attribute(meth, *args, &block)
+        attribute_sym = meth.to_sym
+        attr_reader attribute_sym # setter is defined later on
+        options = {:validations => true, :protect_setter_for_digest => false}
+        options.merge! args[0] unless args.blank?
+        if options[:validations]
+          validates attribute_sym,                          confirmation: true, if: lambda { |m| m.send(attribute_sym).present? }
+          validates attribute_sym,                          presence: true,     on: :create
+          validates "#{attribute_sym}_confirmation".to_sym, presence: true,     if: lambda { |m| m.send(attribute_sym).present? }
+          before_create { raise "#{attribute_sym}_digest missing on new record" if send("#{attribute_sym}_digest").blank? }
+        end
+
+        define_setter(attribute_sym)
+        protect_setter_for_digest(attribute_sym) if options[:protect_setter_for_digest]
+
+        define_authenticate_method(attribute_sym)
+      end
+
+      def define_setter(attribute_sym)
+        define_method "#{attribute_sym.to_s}=" do |unencrypted_value|
+          unless unencrypted_value.blank?
+            instance_variable_set("@#{attribute_sym.to_s}".to_sym, unencrypted_value)
+            cost = ActiveModel::SecureAttribute.min_cost ? BCrypt::Engine::MIN_COST : BCrypt::Engine::DEFAULT_COST
+            send("#{attribute_sym.to_s}_digest=".to_sym, BCrypt::Password.create(unencrypted_value, cost: cost))
+          end
+        end
+      end
+
+      def protect_setter_for_digest(attribute_sym)
+        define_method "#{attribute_sym}_digest=" do |value|
+          write_attribute "#{attribute_sym}_digest".to_sym, value
+        end
+        protected "#{attribute_sym}_digest=".to_sym
+      end
+
+      def define_authenticate_method(attribute_sym)
+        define_method "authenticate_#{attribute_sym}" do |value|
+          BCrypt::Password.new(send("#{attribute_sym}_digest")) == value && self
+        end
+      end
+
+      protected :has_secure_attribute
+      protected :define_setter
+      protected :protect_setter_for_digest
+      protected :define_authenticate_method
+    end
+
+  end
+end
+
+ActiveRecord::Base.send :include, ActiveModel::SecureAttribute

data/lib/has_secure_attribute/version.rb

@@ -0,0 +1,3 @@
+module HasSecureAttribute
+  VERSION = "0.1.0"
+end

data/lib/has_secure_attribute.rb

@@ -0,0 +1 @@
+require 'active_model/secure_attribute/has_secure_attribute'

data/spec/config/database.yml

@@ -0,0 +1,33 @@
+development:
+  adapter: mysql2
+  encoding: utf8
+  reconnect: false
+  database: has_secure_attribute_development
+  pool: 5
+  username: root
+  password:
+  socket: /var/run/mysqld/mysqld.sock
+
+# Warning: The database defined as "test" will be erased and
+# re-generated from your development database when you run "rake".
+# Do not set this db to the same as development or production.
+test:
+  adapter: mysql2
+  encoding: utf8
+  reconnect: false
+  database: has_secure_attribute_test
+  pool: 5
+  username: root
+  password:
+  socket: /var/run/mysqld/mysqld.sock
+
+production:
+  adapter: mysql2
+  encoding: utf8
+  reconnect: false
+  database: has_secure_attribute_production
+  pool: 5
+  username: root
+  password:
+  socket: /var/run/mysqld/mysqld.sock
+

data/spec/db/migrate/create_test_model_with_attributes.rb

@@ -0,0 +1,24 @@
+class CreateTestModelWithAttributes < ActiveRecord::Migration
+  def up
+    HasSecureAttribute::DbHelper.new.connect_to_database
+    return if ActiveRecord::Base.connection.table_exists? :test_model_with_attributes
+    create_table :test_model_with_attributes do |t|
+      t.string :username,               :null => false
+      t.string :password_digest,        :null => false
+      t.string :security_question,      :null => false
+      t.string :security_answer_digest, :null => false
+
+      t.timestamps
+    end
+
+    add_index :test_model_with_attributes, [:username], :unique => true, :name => 'test_model_with_attributes_username_uidx'
+  end
+
+  def down
+    HasSecureAttribute::DbHelper.new.connect_to_database
+    return unless ActiveRecord::Base.connection.table_exists? :test_model_with_attributes
+    drop_table :test_model_with_attributes
+  end
+
+
+end

data/spec/db/migrate/db_helper.rb

@@ -0,0 +1,15 @@
+module HasSecureAttribute
+  class DbHelper
+    def connect_to_database
+      filename = File.expand_path("../../../config/database.yml", __FILE__)
+      database_settings = YAML.load_file(filename)
+      ActiveRecord::Base.establish_connection database_settings['test']
+    end
+
+    def connect_to_server
+      filename = File.expand_path("../../../config/database.yml", __FILE__)
+      database_settings = YAML.load_file(filename)
+      ActiveRecord::Base.establish_connection database_settings['test'].delete_if{|k,v| 'database' == k}
+    end
+  end
+end

data/spec/factories/test_model_with_attributes.rb

@@ -0,0 +1,27 @@
+FactoryGirl.define do
+  factory :test_model_with_attribute do
+    username 'username'
+    password 'password'
+    password_confirmation 'password'
+    security_question 'question'
+    security_answer 'answer'
+    security_answer_confirmation 'answer'
+  end
+
+  factory :test_model_with_attribute_no_validation do
+    username 'username_no_validation'
+    password 'password'
+    password_confirmation 'password'
+    security_question 'question'
+    security_answer 'answer'
+  end
+
+  factory :test_model_with_attribute_protect_setter_for_digest do
+    username 'username_protect'
+    password 'password'
+    password_confirmation 'password'
+    security_question 'question'
+    security_answer 'answer'
+    security_answer_confirmation 'answer'
+  end
+end

data/spec/models/has_secure_attribute_spec.rb

@@ -0,0 +1,165 @@
+require 'spec_helper'
+
+describe TestModelWithAttribute do
+  it { should respond_to(:security_answer)               }
+  it { should respond_to(:security_answer=)              }
+  it { should respond_to(:security_answer_confirmation)  }
+  it { should respond_to(:security_answer_confirmation=) }
+  it { should respond_to(:authenticate_security_answer)  }
+
+  it 'should confirm security answer' do
+    subject.security_answer = 'hello there'
+    subject.security_answer_confirmation = 'there hello'
+    subject.valid?
+    subject.errors[:security_answer_confirmation].should include("doesn't match Security answer")
+  end
+
+  it 'should not confirm security answer if not given' do
+    subject.security_answer = nil
+    subject.security_answer_confirmation = 'there hello'
+    subject.valid?
+    subject.errors[:security_answer_confirmation].should be_blank
+  end
+
+  it 'should require security answer on create' do
+    subject.should be_new_record
+    subject.security_answer = nil
+    subject.valid?
+    subject.errors[:security_answer].should include("can't be blank")
+  end
+
+  it 'should require security answer confirmation if security answer given ' do
+    subject.security_answer = 'hello there'
+    subject.valid?
+    subject.errors[:security_answer_confirmation].should include "can't be blank"
+  end
+
+  it 'should not require security answer confirmation if security answer is not given' do
+    subject.security_answer = ''
+    subject.valid?
+    subject.errors[:security_answer_confirmation].should be_blank
+  end
+
+  it 'should require security answer digest on create' do
+    subject = FactoryGirl.build :test_model_with_attribute
+    subject.should be_new_record
+
+    # change the security_answer_digest to verify the test
+    subject.security_answer_digest = ''
+    lambda do
+      begin
+        subject.save!
+      rescue Exception => ex
+        ex.message.should include("security_answer_digest missing on new record")
+        raise
+      end
+    end.should raise_error RuntimeError
+  end
+
+  it 'should not require security answer digest on update' do
+    subject = FactoryGirl.build :test_model_with_attribute
+    subject.should be_new_record
+
+    subject.save!
+
+    # change the security_answer_digest to verify the test
+    subject.security_answer_digest = ''
+
+    subject.save!
+
+    subject.reload
+    subject.security_answer_digest.should be_blank
+  end
+
+  it 'should allow to call security answer digest directly if protect setter for digest is not given as option' do
+    lambda do
+      subject.security_answer_digest = 'hello'
+    end.should_not raise_error
+  end
+
+  describe "#security_answer=" do
+    it 'should set the security answer and save it encrypted' do
+      tmwa = FactoryGirl.create :test_model_with_attribute, security_answer: 'old answer', security_answer_confirmation: 'old answer'
+      tmwa.security_answer_digest.should_not be_blank
+      old_security_answer_digest = tmwa.security_answer_digest
+
+      tmwa.security_answer = 'new answer'
+      tmwa.security_answer_confirmation = 'new answer'
+      tmwa.instance_variable_get(:@security_answer).should == 'new answer'
+      tmwa.save!
+      tmwa.security_answer_digest.should_not be_blank
+      tmwa.security_answer_digest.should_not == old_security_answer_digest
+    end
+  end
+
+  describe '#authenticate_security_answer' do
+    it 'should return subject if security answer given matches the one stored' do
+      tmwa = FactoryGirl.create :test_model_with_attribute, security_answer: 'some answer', security_answer_confirmation: 'some answer'
+      tmwa.authenticate_security_answer('some answer').should eq tmwa
+    end
+
+    it 'should return false if security answer given does not match the one stored' do
+      tmwa = FactoryGirl.create :test_model_with_attribute, security_answer: 'some answer', security_answer_confirmation: 'some answer'
+      tmwa.authenticate_security_answer('some other answer').should be_false
+    end
+  end
+end
+
+describe TestModelWithAttributeNoValidation do
+  it { should respond_to(:security_answer)               }
+  it { should respond_to(:security_answer=)              }
+  it { should_not respond_to(:security_answer_confirmation)  }
+  it { should_not respond_to(:security_answer_confirmation=) }
+  it { should respond_to(:authenticate_security_answer)  }
+
+  it 'should not require security answer on create' do
+    subject.should be_new_record
+    subject.security_answer = nil
+    subject.valid?
+    subject.errors[:security_answer].should be_blank
+  end
+
+  it 'should not require security answer confirmation if security answer given ' do
+    subject.security_answer = 'hello there'
+    subject.valid?
+    subject.errors[:security_answer_confirmation].should be_blank
+  end
+
+  it 'should not require security answer confirmation if security answer is not given' do
+    subject.security_answer = ''
+    subject.valid?
+    subject.errors[:security_answer_confirmation].should be_blank
+  end
+
+  it 'should not require security answer digest on create' do
+    subject = FactoryGirl.build :test_model_with_attribute_no_validation
+    subject.should be_new_record
+
+    # change the security_answer_digest to verify the test
+    subject.security_answer_digest = ''
+    subject.save!
+  end
+
+  it 'should not require security answer digest on update' do
+    subject = FactoryGirl.build :test_model_with_attribute_no_validation
+    subject.should be_new_record
+
+    subject.save!
+
+    # change the security_answer_digest to verify the test
+    subject.send :security_answer_digest=, ''
+
+    subject.save!
+
+    subject.reload
+    subject.security_answer_digest.should be_blank
+  end
+end
+
+describe TestModelWithAttributeProtectSetterForDigest do
+  it 'should not allow to call security answer digest directly' do
+    lambda do
+      subject.security_answer_digest = 'hello'
+    end.should raise_error NoMethodError
+  end
+end

data/spec/models/test_model_with_attribute.rb

@@ -0,0 +1,7 @@
+class TestModelWithAttribute < ActiveRecord::Base
+  has_secure_password
+  has_secure_security_answer
+
+  validates :username,          :presence => true, :uniqueness => {:case_sensitive => false}
+  validates :security_question, :presence => true
+end

data/spec/models/test_model_with_attribute_no_validation.rb

@@ -0,0 +1,8 @@
+class TestModelWithAttributeNoValidation < ActiveRecord::Base
+  self.table_name = "test_model_with_attributes"
+  has_secure_password
+  has_secure_security_answer :validations => false
+
+  validates :username,          :presence => true, :uniqueness => {:case_sensitive => false}
+  validates :security_question, :presence => true
+end

data/spec/models/test_model_with_attribute_protect_setter_for_digest.rb

@@ -0,0 +1,8 @@
+class TestModelWithAttributeProtectSetterForDigest < ActiveRecord::Base
+  self.table_name = "test_model_with_attributes"
+  has_secure_password
+  has_secure_security_answer :protect_setter_for_digest => true
+
+  validates :username,          :presence => true, :uniqueness => {:case_sensitive => false}
+  validates :security_question, :presence => true
+end

data/spec/spec_helper.rb

@@ -0,0 +1,35 @@
+require 'active_record'
+
+require File.expand_path("../db/migrate/db_helper", __FILE__)
+HasSecureAttribute::DbHelper.new.connect_to_database
+
+require File.expand_path("../../lib/active_model/secure_attribute/has_secure_attribute", __FILE__)
+require File.expand_path("../models/test_model_with_attribute", __FILE__)
+require File.expand_path("../models/test_model_with_attribute_no_validation", __FILE__)
+require File.expand_path("../models/test_model_with_attribute_protect_setter_for_digest", __FILE__)
+
+require 'factory_girl'
+FactoryGirl.find_definitions
+require 'database_cleaner'
+
+RSpec.configure do |config|
+
+  # Run specs in random order to surface order dependencies. If you find an
+  # order dependency and want to debug it, you can fix the order by providing
+  # the seed, which is printed after each run.
+  #     --seed 1234
+  config.order = "random"
+
+  config.before(:suite) do
+    DatabaseCleaner.strategy = :transaction
+    DatabaseCleaner.clean_with(:truncation)
+  end
+
+  config.before(:each) do
+    DatabaseCleaner[:active_record].start
+  end
+
+  config.after(:each) do
+    DatabaseCleaner.clean
+  end
+end

metadata

@@ -0,0 +1,157 @@
+--- !ruby/object:Gem::Specification
+name: has_secure_attribute
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Panayotis Matsinopoulos
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2013-08-15 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: activerecord
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: bcrypt-ruby
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 3.0.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 3.0.0
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: mysql2
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: factory_girl
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: database_cleaner
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Does what `has_secure_password` does, but for any attribute that you
+  want. It does not have to be a `password` attribute. It may be for example `security_answer`
+email:
+- panayotis@matsinopoulos.gr
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- lib/active_model/secure_attribute/has_secure_attribute.rb
+- lib/has_secure_attribute.rb
+- lib/has_secure_attribute/version.rb
+- spec/spec_helper.rb
+- spec/factories/test_model_with_attributes.rb
+- spec/config/database.yml
+- spec/models/has_secure_attribute_spec.rb
+- spec/models/test_model_with_attribute_no_validation.rb
+- spec/models/test_model_with_attribute_protect_setter_for_digest.rb
+- spec/models/test_model_with_attribute.rb
+- spec/db/migrate/db_helper.rb
+- spec/db/migrate/create_test_model_with_attributes.rb
+- README.md
+- MIT-LICENSE
+homepage: https://github.com/pmatsinopoulos/has_secure_attribute
+licenses: []
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.0.3
+signing_key: 
+specification_version: 4
+summary: Allows an ActiveRecord::Base class to declare an attribute that will be saved
+  one-way encrypted and not clear text
+test_files: []