has_secure_whatever 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 8e5e8bbb64e0a7891303dbc7ee9893aedc797adbd23e451f13b023a4ffe52db2
+  data.tar.gz: 52e1981553fbb20b0270b29e8c370b8546d2358ac8df4c0797ab18accecbd718
+SHA512:
+  metadata.gz: 27b5d00fafaa3374faeeabfec0d2703c6b4000e18d5118debaf9a2d966cbed3372e6d46ade17e16a95f58e88a233de7f6800ae69ec8d6ded4cb984b37dd9a4cb
+  data.tar.gz: 5fbcf9bb11b0e393eff768dd60f33700abbfc12ef560e66f0370c6eafbfcbdd2354462c98c0ad1d9970a6e5ed0c978543785dffa0816850fb97ce9cfdd64bbd7

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright 2018 Arandi Lopez
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,100 @@
+# Has secure... whatever...
+
+Add encrypted attributes to your rails models and keep data safe in database, then get them back as normal text
+
+**WARNING:** THIS PLUGIN IS NOT A REPLACEMENT OF RAILS' `has_secure_password`, THIS PLUGIN MUST NOT BE USED TO AUTHENTICATE USERS, AND/OR SHOULD NOT BE USED TO SAVE USERS PASSWORDS.
+
+## Installation
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'has_secure_whatever'
+```
+
+And then execute:
+```bash
+$ bundle install
+```
+
+Generate a new secret key
+
+```
+$ rails has_secure_whatever:generate_secret_key
+H9dDCsP5hBRCGTuXc7R0CcsHZIX4vakSwCcvpHs1TQA=
+```
+
+Set the secret key in a initializer
+
+```
+# config/application.rb
+# Some code here...
+
+# It's better if you get it from a ENV or from your encrypted credentials
+HasSecureWhatever.config.secret_key = "H9dDCsP5hBRCGTuXc7R0CcsHZIX4vakSwCcvpHs1TQA="
+```
+
+## Usage
+
+Create a model or a migration to add the attributes that will save encrypted text. Convention is to name them as *attribute*\_digest
+
+```
+$ rails generate model message content_digest sender_id_digest
+```
+
+In your model, setup the secure attribute
+
+```ruby
+# app/models/message.rb
+class Message < ApplicationRecord
+  has_secure :content
+  has_secure :sender_id
+end
+```
+
+If you don't want validations:
+
+```ruby
+# app/models/message.rb
+class Message < ApplicationRecord
+  has_secure :content, validations: false
+  has_secure :sender_id
+end
+```
+
+If your encrypted attribute has a different column name:
+
+```ruby
+# app/models/message.rb
+class Message < ApplicationRecord
+  has_secure :content, digest_name: :content_encrypted
+  has_secure :sender_id
+end
+```
+
+Now create and add data
+
+```ruby
+
+message = Message.new
+message.content = "This is a new message. Hello!"
+message.sender_id = "ID-A786252"
+message.save
+
+message.content_digest #=> "RM9Q93FBH+qFRAnR+1AofpMB--BgDpGocU7hv3p+1q--LonJLa5biV6rxFu3z/oJmg=="
+message.content #=> "This is a new message. Hello!"
+```
+
+## Contributing
+
+1. Fork it ( https://github.com/arandilopez/has_secure_whatever/fork )
+2. Create your feature branch (git checkout -b my-new-feature)
+3. Commit your changes (git commit -am 'Add some feature')
+4. Push to the branch (git push origin my-new-feature)
+5. Create a new Pull Request
+
+## Contributors
+
+- [arandilopez](https://github.com/arandilopez) Arandi Lopez - creator, maintainer
+
+## License
+The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).

data/Rakefile

@@ -0,0 +1,27 @@
+begin
+  require 'bundler/setup'
+rescue LoadError
+  puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
+end
+
+require 'rdoc/task'
+
+RDoc::Task.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title    = 'Has Secure Whatever'
+  rdoc.options << '--line-numbers'
+  rdoc.rdoc_files.include('README.md')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end
+
+require 'bundler/gem_tasks'
+
+require 'rake/testtask'
+
+Rake::TestTask.new(:test) do |t|
+  t.libs << 'test'
+  t.pattern = 'test/**/*_test.rb'
+  t.verbose = false
+end
+
+task default: :test

data/lib/has_secure_whatever/configuration.rb

@@ -0,0 +1,17 @@
+module HasSecureWhatever
+  class Configuration
+    attr_accessor :secret_key
+
+    def initialize
+      @secret_key = nil
+    end
+  end
+
+  def self.configure
+    yield config
+  end
+
+  def self.config
+    @configuration ||= Configuration.new
+  end
+end

data/lib/has_secure_whatever/encryptor.rb

@@ -0,0 +1,32 @@
+module HasSecureWhatever
+  class Encryptor
+    KEY_LEN = 32
+    def initialize(key = nil)
+      @key = nil
+      if key
+        @key = key.unpack('m').first
+      else
+        secret_key = HasSecureWhatever.config.secret_key
+        @key = secret_key.unpack('m').first unless secret_key.nil?
+      end
+      if @key.nil?
+        raise "Secret key for has_secure is not set"
+      end
+      @crypt = ActiveSupport::MessageEncryptor.new(@key)
+    end
+
+    def encrypt(unencrypted_value)
+      @crypt.encrypt_and_sign(unencrypted_value)
+    end
+
+    def decrypt(encrypted_value)
+      @crypt.decrypt_and_verify(encrypted_value)
+    end
+
+    def self.generate_secret_key
+      salt = SecureRandom.random_bytes(KEY_LEN)
+      key = ActiveSupport::KeyGenerator.new('password').generate_key(salt, KEY_LEN)
+      [key].pack('m')
+    end
+  end
+end

data/lib/has_secure_whatever/has_secure.rb

@@ -0,0 +1,36 @@
+module HasSecureWhatever
+  module HasSecure
+    extend ActiveSupport::Concern
+
+    module ClassMethods
+      def has_secure(attribute, validations: true, digest_name: nil)
+        digest_attribute = digest_name || "#{attribute}_digest"
+
+        define_method("#{attribute}") do
+          encrypted_value = self.send("#{digest_attribute}")
+          if encrypted_value.nil?
+            return nil
+          else
+            Encryptor.new.decrypt(encrypted_value)
+          end
+        end
+
+        define_method("#{attribute}=") do |unencrypted_value|
+          if unencrypted_value.nil?
+            self.send("#{digest_attribute}=", nil)
+          elsif !unencrypted_value.empty?
+            encrypted_value = Encryptor.new.encrypt(unencrypted_value)
+            self.send("#{digest_attribute}=", encrypted_value)
+          end
+        end
+
+        if validations
+          include ActiveModel::Validations
+          validate do |record|
+            record.errors.add(attribute, :blank) unless record.send(digest_attribute).present?
+          end
+        end
+      end
+    end
+  end
+end

data/lib/has_secure_whatever/railtie.rb

@@ -0,0 +1,7 @@
+module HasSecureWhatever
+  class Railtie < ::Rails::Railtie
+    rake_tasks do
+      load "tasks/has_secure_whatever_tasks.rake"
+    end
+  end
+end

data/lib/has_secure_whatever/version.rb

@@ -0,0 +1,3 @@
+module HasSecureWhatever
+  VERSION = '0.1.0'
+end

data/lib/has_secure_whatever.rb

@@ -0,0 +1,6 @@
+require "has_secure_whatever/configuration"
+require "has_secure_whatever/encryptor"
+require "has_secure_whatever/has_secure"
+require "has_secure_whatever/railtie"
+
+ActiveRecord::Base.include HasSecureWhatever::HasSecure

data/lib/tasks/has_secure_whatever_tasks.rake

@@ -0,0 +1,6 @@
+namespace :has_secure_whatever do
+  desc "Generate new secret key"
+  task :generate_secret_key => :environment do
+    puts HasSecureWhatever::Encryptor.generate_secret_key
+  end
+end

metadata

@@ -0,0 +1,82 @@
+--- !ruby/object:Gem::Specification
+name: has_secure_whatever
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Arandi Lopez
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2018-10-10 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 5.2.1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 5.2.1
+- !ruby/object:Gem::Dependency
+  name: sqlite3
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Add secure encrypted fields to protect sensitive information in database
+email:
+- arandilopez.93@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- MIT-LICENSE
+- README.md
+- Rakefile
+- lib/has_secure_whatever.rb
+- lib/has_secure_whatever/configuration.rb
+- lib/has_secure_whatever/encryptor.rb
+- lib/has_secure_whatever/has_secure.rb
+- lib/has_secure_whatever/railtie.rb
+- lib/has_secure_whatever/version.rb
+- lib/tasks/has_secure_whatever_tasks.rake
+homepage: https://github.com/arandilopez/has_secure_whatever
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.7.3
+signing_key: 
+specification_version: 4
+summary: Add secure encrypted fields to protect sensitive information in database
+test_files: []