lockbox 1.2.0 → 1.3.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +9 -0
- data/LICENSE.txt +1 -1
- data/README.md +15 -7
- data/lib/lockbox/carrier_wave_extensions.rb +1 -1
- data/lib/lockbox/model.rb +20 -6
- data/lib/lockbox/version.rb +1 -1
- data/lib/lockbox.rb +14 -14
- metadata +3 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: abb80e6c644b820a341291fe3aeddf0779c216cf24bd4a3af47e16a204cb8af1
|
4
|
+
data.tar.gz: 7c7f698ff608746a2bea81fadcb69251e6ef705a7dae7b1f5d9df87321f959db
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 87507b0a931adb08a59c530e73776adb59568560d4cb792e668a3688ede13d7f210015e78e086b2109aed5e577e434f9e0d79c7f86e9cbbb447714e42e8bcad7
|
7
|
+
data.tar.gz: 5f078ed8ad8e0b4bed5dacf0d0a01295a34ce994159559aad0bdc2576c5885c979f32174a1cd4cb03e942b6850053c7117acc7e2c630ace333f9178a9fcace80
|
data/CHANGELOG.md
CHANGED
@@ -1,3 +1,12 @@
|
|
1
|
+
## 1.3.1 (2024-01-06)
|
2
|
+
|
3
|
+
- Fixed error with `array` and `hash` types and no default column serializer with Rails 7.1
|
4
|
+
- Fixed Action Text deserialization with Rails 7.1
|
5
|
+
|
6
|
+
## 1.3.0 (2023-07-02)
|
7
|
+
|
8
|
+
- Added support for CarrierWave 3
|
9
|
+
|
1
10
|
## 1.2.0 (2023-03-20)
|
2
11
|
|
3
12
|
- Made it easier to rotate master key
|
data/LICENSE.txt
CHANGED
data/README.md
CHANGED
@@ -9,7 +9,7 @@
|
|
9
9
|
|
10
10
|
Learn [the principles behind it](https://ankane.org/modern-encryption-rails), [how to secure emails with Devise](https://ankane.org/securing-user-emails-lockbox), and [how to secure sensitive data in Rails](https://ankane.org/sensitive-data-rails).
|
11
11
|
|
12
|
-
[![Build Status](https://github.com/ankane/lockbox/workflows/build/badge.svg
|
12
|
+
[![Build Status](https://github.com/ankane/lockbox/actions/workflows/build.yml/badge.svg)](https://github.com/ankane/lockbox/actions)
|
13
13
|
|
14
14
|
## Installation
|
15
15
|
|
@@ -72,7 +72,7 @@ Then follow the instructions below for the data you want to encrypt.
|
|
72
72
|
Create a migration with:
|
73
73
|
|
74
74
|
```ruby
|
75
|
-
class AddEmailCiphertextToUsers < ActiveRecord::Migration[7.
|
75
|
+
class AddEmailCiphertextToUsers < ActiveRecord::Migration[7.1]
|
76
76
|
def change
|
77
77
|
add_column :users, :email_ciphertext, :text
|
78
78
|
end
|
@@ -249,7 +249,7 @@ User.decrypt_email_ciphertext(user.email_ciphertext)
|
|
249
249
|
Create a migration with:
|
250
250
|
|
251
251
|
```ruby
|
252
|
-
class AddBodyCiphertextToRichTexts < ActiveRecord::Migration[7.
|
252
|
+
class AddBodyCiphertextToRichTexts < ActiveRecord::Migration[7.1]
|
253
253
|
def change
|
254
254
|
add_column :action_text_rich_texts, :body_ciphertext, :text
|
255
255
|
end
|
@@ -380,7 +380,7 @@ Encryption is applied to all versions after processing.
|
|
380
380
|
You can mount the uploader [as normal](https://github.com/carrierwaveuploader/carrierwave#activerecord). With Active Record, this involves creating a migration:
|
381
381
|
|
382
382
|
```ruby
|
383
|
-
class AddLicenseToUsers < ActiveRecord::Migration[7.
|
383
|
+
class AddLicenseToUsers < ActiveRecord::Migration[7.1]
|
384
384
|
def change
|
385
385
|
add_column :users, :license, :string
|
386
386
|
end
|
@@ -895,12 +895,20 @@ lockbox.decrypt(ciphertext, associated_data: "somecontext") # success
|
|
895
895
|
lockbox.decrypt(ciphertext, associated_data: "othercontext") # fails
|
896
896
|
```
|
897
897
|
|
898
|
+
You can also use it with database fields and files.
|
899
|
+
|
900
|
+
```ruby
|
901
|
+
class User < ApplicationRecord
|
902
|
+
has_encrypted :email, associated_data: -> { code }
|
903
|
+
end
|
904
|
+
```
|
905
|
+
|
898
906
|
## Binary Columns
|
899
907
|
|
900
908
|
You can use `binary` columns for the ciphertext instead of `text` columns.
|
901
909
|
|
902
910
|
```ruby
|
903
|
-
class AddEmailCiphertextToUsers < ActiveRecord::Migration[7.
|
911
|
+
class AddEmailCiphertextToUsers < ActiveRecord::Migration[7.1]
|
904
912
|
def change
|
905
913
|
add_column :users, :email_ciphertext, :binary
|
906
914
|
end
|
@@ -951,7 +959,7 @@ end
|
|
951
959
|
Create a migration with:
|
952
960
|
|
953
961
|
```ruby
|
954
|
-
class MigrateToLockbox < ActiveRecord::Migration[7.
|
962
|
+
class MigrateToLockbox < ActiveRecord::Migration[7.1]
|
955
963
|
def change
|
956
964
|
add_column :users, :name_ciphertext, :text
|
957
965
|
add_column :users, :email_ciphertext, :text
|
@@ -984,7 +992,7 @@ end
|
|
984
992
|
Then remove the previous gem from your Gemfile and drop its columns.
|
985
993
|
|
986
994
|
```ruby
|
987
|
-
class RemovePreviousEncryptedColumns < ActiveRecord::Migration[7.
|
995
|
+
class RemovePreviousEncryptedColumns < ActiveRecord::Migration[7.1]
|
988
996
|
def change
|
989
997
|
remove_column :users, :encrypted_name, :text
|
990
998
|
remove_column :users, :encrypted_name_iv, :text
|
@@ -105,7 +105,7 @@ module Lockbox
|
|
105
105
|
end
|
106
106
|
end
|
107
107
|
|
108
|
-
if CarrierWave::VERSION.to_i >
|
108
|
+
if CarrierWave::VERSION.to_i > 3
|
109
109
|
raise Lockbox::Error, "CarrierWave #{CarrierWave::VERSION} not supported in this version of Lockbox"
|
110
110
|
elsif CarrierWave::VERSION.to_i < 1
|
111
111
|
raise Lockbox::Error, "CarrierWave #{CarrierWave::VERSION} not supported"
|
data/lib/lockbox/model.rb
CHANGED
@@ -324,13 +324,23 @@ module Lockbox
|
|
324
324
|
attribute name, attribute_type
|
325
325
|
|
326
326
|
if ActiveRecord::VERSION::STRING.to_f >= 7.1
|
327
|
-
|
328
|
-
|
329
|
-
|
327
|
+
case options[:type]
|
328
|
+
when :json
|
329
|
+
serialize name, coder: JSON
|
330
|
+
when :hash
|
331
|
+
serialize name, type: Hash, coder: default_column_serializer || YAML
|
332
|
+
when :array
|
333
|
+
serialize name, type: Array, coder: default_column_serializer || YAML
|
334
|
+
end
|
330
335
|
else
|
331
|
-
|
332
|
-
|
333
|
-
|
336
|
+
case options[:type]
|
337
|
+
when :json
|
338
|
+
serialize name, JSON
|
339
|
+
when :hash
|
340
|
+
serialize name, Hash
|
341
|
+
when :array
|
342
|
+
serialize name, Array
|
343
|
+
end
|
334
344
|
end
|
335
345
|
elsif !attributes_to_define_after_schema_loads.key?(name.to_s)
|
336
346
|
# when migrating it's best to specify the type directly
|
@@ -615,6 +625,10 @@ module Lockbox
|
|
615
625
|
else
|
616
626
|
# use original name for serialized attributes if no type specified
|
617
627
|
type = (try(:attribute_types) || {})[(options[:type] ? name : original_name).to_s]
|
628
|
+
# for Action Text
|
629
|
+
if activerecord && type.is_a?(ActiveRecord::Type::Serialized) && defined?(ActionText::Content) && type.coder == ActionText::Content
|
630
|
+
message.force_encoding(Encoding::UTF_8)
|
631
|
+
end
|
618
632
|
message = type.deserialize(message) if type
|
619
633
|
message.force_encoding(Encoding::UTF_8) if !type || type.is_a?(ActiveModel::Type::String)
|
620
634
|
end
|
data/lib/lockbox/version.rb
CHANGED
data/lib/lockbox.rb
CHANGED
@@ -5,17 +5,17 @@ require "securerandom"
|
|
5
5
|
require "stringio"
|
6
6
|
|
7
7
|
# modules
|
8
|
-
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
8
|
+
require_relative "lockbox/aes_gcm"
|
9
|
+
require_relative "lockbox/box"
|
10
|
+
require_relative "lockbox/calculations"
|
11
|
+
require_relative "lockbox/encryptor"
|
12
|
+
require_relative "lockbox/key_generator"
|
13
|
+
require_relative "lockbox/io"
|
14
|
+
require_relative "lockbox/migrator"
|
15
|
+
require_relative "lockbox/model"
|
16
|
+
require_relative "lockbox/padding"
|
17
|
+
require_relative "lockbox/utils"
|
18
|
+
require_relative "lockbox/version"
|
19
19
|
|
20
20
|
module Lockbox
|
21
21
|
class Error < StandardError; end
|
@@ -88,11 +88,11 @@ module Lockbox
|
|
88
88
|
end
|
89
89
|
|
90
90
|
# integrations
|
91
|
-
|
92
|
-
|
91
|
+
require_relative "lockbox/carrier_wave_extensions" if defined?(CarrierWave)
|
92
|
+
require_relative "lockbox/railtie" if defined?(Rails)
|
93
93
|
|
94
94
|
if defined?(ActiveSupport::LogSubscriber)
|
95
|
-
|
95
|
+
require_relative "lockbox/log_subscriber"
|
96
96
|
Lockbox::LogSubscriber.attach_to :lockbox
|
97
97
|
end
|
98
98
|
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: lockbox
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.3.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Andrew Kane
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2024-01-06 00:00:00.000000000 Z
|
12
12
|
dependencies: []
|
13
13
|
description:
|
14
14
|
email: andrew@ankane.org
|
@@ -58,7 +58,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
58
58
|
- !ruby/object:Gem::Version
|
59
59
|
version: '0'
|
60
60
|
requirements: []
|
61
|
-
rubygems_version: 3.
|
61
|
+
rubygems_version: 3.5.3
|
62
62
|
signing_key:
|
63
63
|
specification_version: 4
|
64
64
|
summary: Modern encryption for Ruby and Rails
|