lockbox 1.0.0 → 1.1.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +8 -0
- data/README.md +1 -61
- data/lib/lockbox/model.rb +46 -0
- data/lib/lockbox/version.rb +1 -1
- data/lib/lockbox.rb +1 -0
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 1a8a7995008cdd49c48d95e0a968e45666276fb095de76954ef949800080d40b
|
|
4
|
+
data.tar.gz: da7d7796776c325ce1871a2755f6cc012c060f16293cbe28a31f2547c92ec0ad
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: d97e45d14fbc7f452eef5e09c2b2d8d3b2c2f5d4b8a42645c0138849b21ef61194f7cf2e36158f4e920b7cc5709cef63a9769310f97cdd40c3f78790415100d0
|
|
7
|
+
data.tar.gz: f04c5264be1ec1e69c406593bdc143f10f846776a34744d38a368ba0e0d2662c874315b9387c5e7c53a47621cbabb2da146114008d1b5963dcc3e8b845a86ff2
|
data/CHANGELOG.md
CHANGED
|
@@ -1,3 +1,11 @@
|
|
|
1
|
+
## 1.1.1 (2022-12-08)
|
|
2
|
+
|
|
3
|
+
- Fixed error when `StringIO` not loaded
|
|
4
|
+
|
|
5
|
+
## 1.1.0 (2022-10-09)
|
|
6
|
+
|
|
7
|
+
- Added support for `insert`, `insert_all`, `insert_all!`, `upsert`, and `upsert_all`
|
|
8
|
+
|
|
1
9
|
## 1.0.0 (2022-06-11)
|
|
2
10
|
|
|
3
11
|
- Deprecated `encrypts` in favor of `has_encrypted` to avoid conflicting with Active Record encryption
|
data/README.md
CHANGED
|
@@ -738,7 +738,7 @@ end
|
|
|
738
738
|
Make it the default with:
|
|
739
739
|
|
|
740
740
|
```ruby
|
|
741
|
-
Lockbox.default_options =
|
|
741
|
+
Lockbox.default_options[:algorithm] = "xsalsa20"
|
|
742
742
|
```
|
|
743
743
|
|
|
744
744
|
You can also pass an algorithm to `previous_versions` for key rotation.
|
|
@@ -1048,66 +1048,6 @@ User.with_attached_license.find_each do |user|
|
|
|
1048
1048
|
end
|
|
1049
1049
|
```
|
|
1050
1050
|
|
|
1051
|
-
### 0.3.6
|
|
1052
|
-
|
|
1053
|
-
0.3.6 makes content type detection more reliable for Active Storage. You can check and update the content type of existing files with:
|
|
1054
|
-
|
|
1055
|
-
```ruby
|
|
1056
|
-
User.with_attached_license.find_each do |user|
|
|
1057
|
-
next unless user.license.attached?
|
|
1058
|
-
|
|
1059
|
-
license = user.license
|
|
1060
|
-
content_type = Marcel::MimeType.for(license.download, name: license.filename.to_s)
|
|
1061
|
-
if content_type != license.content_type
|
|
1062
|
-
license.update!(content_type: content_type)
|
|
1063
|
-
end
|
|
1064
|
-
end
|
|
1065
|
-
```
|
|
1066
|
-
|
|
1067
|
-
### 0.2.0
|
|
1068
|
-
|
|
1069
|
-
0.2.0 brings a number of improvements. Here are a few to be aware of:
|
|
1070
|
-
|
|
1071
|
-
- Added `encrypts` method for database fields
|
|
1072
|
-
- Added support for XSalsa20
|
|
1073
|
-
- `attached_encrypted` is deprecated in favor of `encrypts_attached`.
|
|
1074
|
-
|
|
1075
|
-
#### Optional
|
|
1076
|
-
|
|
1077
|
-
To switch to a master key, generate a key:
|
|
1078
|
-
|
|
1079
|
-
```ruby
|
|
1080
|
-
Lockbox.generate_key
|
|
1081
|
-
```
|
|
1082
|
-
|
|
1083
|
-
And set `ENV["LOCKBOX_MASTER_KEY"]` or `Lockbox.master_key`.
|
|
1084
|
-
|
|
1085
|
-
Update your model:
|
|
1086
|
-
|
|
1087
|
-
```ruby
|
|
1088
|
-
class User < ApplicationRecord
|
|
1089
|
-
encrypts_attached :license, previous_versions: [{key: key}]
|
|
1090
|
-
end
|
|
1091
|
-
```
|
|
1092
|
-
|
|
1093
|
-
New uploads will be encrypted with the new key.
|
|
1094
|
-
|
|
1095
|
-
You can rotate existing records with:
|
|
1096
|
-
|
|
1097
|
-
```ruby
|
|
1098
|
-
User.unscoped.find_each do |user|
|
|
1099
|
-
user.license.rotate_encryption!
|
|
1100
|
-
end
|
|
1101
|
-
```
|
|
1102
|
-
|
|
1103
|
-
Once that’s complete, update your model:
|
|
1104
|
-
|
|
1105
|
-
```ruby
|
|
1106
|
-
class User < ApplicationRecord
|
|
1107
|
-
encrypts_attached :license
|
|
1108
|
-
end
|
|
1109
|
-
```
|
|
1110
|
-
|
|
1111
1051
|
## History
|
|
1112
1052
|
|
|
1113
1053
|
View the [changelog](https://github.com/ankane/lockbox/blob/master/CHANGELOG.md)
|
data/lib/lockbox/model.rb
CHANGED
|
@@ -226,6 +226,52 @@ module Lockbox
|
|
|
226
226
|
|
|
227
227
|
result
|
|
228
228
|
end
|
|
229
|
+
|
|
230
|
+
if ActiveRecord::VERSION::MAJOR >= 6
|
|
231
|
+
def self.insert_all(attributes, **options)
|
|
232
|
+
super(lockbox_map_attributes(attributes), **options)
|
|
233
|
+
end
|
|
234
|
+
|
|
235
|
+
def self.insert_all!(attributes, **options)
|
|
236
|
+
super(lockbox_map_attributes(attributes), **options)
|
|
237
|
+
end
|
|
238
|
+
|
|
239
|
+
def self.upsert_all(attributes, **options)
|
|
240
|
+
super(lockbox_map_attributes(attributes, check_readonly: true), **options)
|
|
241
|
+
end
|
|
242
|
+
|
|
243
|
+
# private
|
|
244
|
+
# does not try to handle :returning option for simplicity
|
|
245
|
+
def self.lockbox_map_attributes(records, check_readonly: false)
|
|
246
|
+
return records unless records.is_a?(Array)
|
|
247
|
+
|
|
248
|
+
records.map do |attributes|
|
|
249
|
+
# transform keys like Active Record
|
|
250
|
+
attributes = attributes.transform_keys do |key|
|
|
251
|
+
n = key.to_s
|
|
252
|
+
attribute_aliases[n] || n
|
|
253
|
+
end
|
|
254
|
+
|
|
255
|
+
lockbox_attributes = self.lockbox_attributes.slice(*attributes.keys.map(&:to_sym))
|
|
256
|
+
lockbox_attributes.each do |key, lockbox_attribute|
|
|
257
|
+
attribute = key.to_s
|
|
258
|
+
# check read only
|
|
259
|
+
# users should mark both plaintext and ciphertext columns
|
|
260
|
+
if check_readonly && readonly_attributes.include?(attribute) && !readonly_attributes.include?(lockbox_attribute[:encrypted_attribute].to_s)
|
|
261
|
+
warn "[lockbox] WARNING: Mark attribute as readonly: #{lockbox_attribute[:encrypted_attribute]}"
|
|
262
|
+
end
|
|
263
|
+
|
|
264
|
+
message = attributes[attribute]
|
|
265
|
+
attributes.delete(attribute) unless lockbox_attribute[:migrating]
|
|
266
|
+
encrypted_attribute = lockbox_attribute[:encrypted_attribute]
|
|
267
|
+
ciphertext = send("generate_#{encrypted_attribute}", message)
|
|
268
|
+
attributes[encrypted_attribute] = ciphertext
|
|
269
|
+
end
|
|
270
|
+
|
|
271
|
+
attributes
|
|
272
|
+
end
|
|
273
|
+
end
|
|
274
|
+
end
|
|
229
275
|
else
|
|
230
276
|
def reload
|
|
231
277
|
self.class.lockbox_attributes.each do |_, v|
|
data/lib/lockbox/version.rb
CHANGED
data/lib/lockbox.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: lockbox
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.
|
|
4
|
+
version: 1.1.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Andrew Kane
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2022-
|
|
11
|
+
date: 2022-12-08 00:00:00.000000000 Z
|
|
12
12
|
dependencies: []
|
|
13
13
|
description:
|
|
14
14
|
email: andrew@ankane.org
|