lockbox 1.3.0 → 1.3.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +13 -0
  3. data/LICENSE.txt +1 -1
  4. data/README.md +9 -7
  5. data/lib/lockbox/model.rb +28 -6
  6. data/lib/lockbox/version.rb +1 -1
  7. metadata +3 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: db8c162439dc5376d1aabf48af3925fd2d7a5129e3902b49b973dce9eda16a77
4
- data.tar.gz: 2e82dc5026e09fdaee0bb1baddabc9b0f8294f38cf613ee09368d62aa39c4ff4
3
+ metadata.gz: 2a238a9d70f5c46cabf8824957f739beb662730a2039696da29b6bc2f7a23462
4
+ data.tar.gz: eaebb7f1bd209792eee41166c6b5878b99ea0ee9436d030bf76ff13c8c56e4e2
5
5
  SHA512:
6
- metadata.gz: e8d6d9a2c4661767c01ab8874f29c3fd705712d4f3d6d153e09b4c7ad6441bb0812d45c6cf526d3a59177ae23c44289b1aa375e462303c17fcb952edd4641a8e
7
- data.tar.gz: 2e5cd80ddca65447f10a666b5568bbdeff449bf6517c944a67f6fdfdd5ff253e7560569133216a5459d1519ad3bb72b5cabd17065240a2aa1091750e21b4c26c
6
+ metadata.gz: cc5a1953cbc1493d5eba15ef0d0aed760ee6bd5d0f50e9810d522d57e46e2426f1a8573284834b262208fb6b20638ce15f0f52b5eb1c74dd9f5cc79c9124d6d1
7
+ data.tar.gz: ab01a6601a0317e0182f49bff4410ab232f88a88a5e65b68d20c6b761a38c3777a527d66c6c1fc0896ce23fdeacb493ec5487a494bf310760581f0ab511c3be3
data/CHANGELOG.md CHANGED
@@ -1,3 +1,16 @@
1
+ ## 1.3.3 (2024-02-07)
2
+
3
+ - Added warning for encrypting store attributes
4
+
5
+ ## 1.3.2 (2024-01-10)
6
+
7
+ - Fixed issue with serialized attributes
8
+
9
+ ## 1.3.1 (2024-01-06)
10
+
11
+ - Fixed error with `array` and `hash` types and no default column serializer with Rails 7.1
12
+ - Fixed Action Text deserialization with Rails 7.1
13
+
1
14
  ## 1.3.0 (2023-07-02)
2
15
 
3
16
  - Added support for CarrierWave 3
data/LICENSE.txt CHANGED
@@ -1,6 +1,6 @@
1
1
  The MIT License (MIT)
2
2
 
3
- Copyright (c) 2018-2022 Andrew Kane
3
+ Copyright (c) 2018-2024 Andrew Kane
4
4
 
5
5
  Permission is hereby granted, free of charge, to any person obtaining a copy
6
6
  of this software and associated documentation files (the "Software"), to deal
data/README.md CHANGED
@@ -9,7 +9,7 @@
9
9
 
10
10
  Learn [the principles behind it](https://ankane.org/modern-encryption-rails), [how to secure emails with Devise](https://ankane.org/securing-user-emails-lockbox), and [how to secure sensitive data in Rails](https://ankane.org/sensitive-data-rails).
11
11
 
12
- [![Build Status](https://github.com/ankane/lockbox/workflows/build/badge.svg?branch=master)](https://github.com/ankane/lockbox/actions)
12
+ [![Build Status](https://github.com/ankane/lockbox/actions/workflows/build.yml/badge.svg)](https://github.com/ankane/lockbox/actions)
13
13
 
14
14
  ## Installation
15
15
 
@@ -72,7 +72,7 @@ Then follow the instructions below for the data you want to encrypt.
72
72
  Create a migration with:
73
73
 
74
74
  ```ruby
75
- class AddEmailCiphertextToUsers < ActiveRecord::Migration[7.0]
75
+ class AddEmailCiphertextToUsers < ActiveRecord::Migration[7.1]
76
76
  def change
77
77
  add_column :users, :email_ciphertext, :text
78
78
  end
@@ -140,6 +140,8 @@ class User < ApplicationRecord
140
140
  end
141
141
  ```
142
142
 
143
+ For [Active Record Store](https://api.rubyonrails.org/classes/ActiveRecord/Store.html), encrypt the column rather than individual accessors.
144
+
143
145
  For [StoreModel](https://github.com/DmitryTsepelev/store_model), use:
144
146
 
145
147
  ```ruby
@@ -249,7 +251,7 @@ User.decrypt_email_ciphertext(user.email_ciphertext)
249
251
  Create a migration with:
250
252
 
251
253
  ```ruby
252
- class AddBodyCiphertextToRichTexts < ActiveRecord::Migration[7.0]
254
+ class AddBodyCiphertextToRichTexts < ActiveRecord::Migration[7.1]
253
255
  def change
254
256
  add_column :action_text_rich_texts, :body_ciphertext, :text
255
257
  end
@@ -380,7 +382,7 @@ Encryption is applied to all versions after processing.
380
382
  You can mount the uploader [as normal](https://github.com/carrierwaveuploader/carrierwave#activerecord). With Active Record, this involves creating a migration:
381
383
 
382
384
  ```ruby
383
- class AddLicenseToUsers < ActiveRecord::Migration[7.0]
385
+ class AddLicenseToUsers < ActiveRecord::Migration[7.1]
384
386
  def change
385
387
  add_column :users, :license, :string
386
388
  end
@@ -908,7 +910,7 @@ end
908
910
  You can use `binary` columns for the ciphertext instead of `text` columns.
909
911
 
910
912
  ```ruby
911
- class AddEmailCiphertextToUsers < ActiveRecord::Migration[7.0]
913
+ class AddEmailCiphertextToUsers < ActiveRecord::Migration[7.1]
912
914
  def change
913
915
  add_column :users, :email_ciphertext, :binary
914
916
  end
@@ -959,7 +961,7 @@ end
959
961
  Create a migration with:
960
962
 
961
963
  ```ruby
962
- class MigrateToLockbox < ActiveRecord::Migration[7.0]
964
+ class MigrateToLockbox < ActiveRecord::Migration[7.1]
963
965
  def change
964
966
  add_column :users, :name_ciphertext, :text
965
967
  add_column :users, :email_ciphertext, :text
@@ -992,7 +994,7 @@ end
992
994
  Then remove the previous gem from your Gemfile and drop its columns.
993
995
 
994
996
  ```ruby
995
- class RemovePreviousEncryptedColumns < ActiveRecord::Migration[7.0]
997
+ class RemovePreviousEncryptedColumns < ActiveRecord::Migration[7.1]
996
998
  def change
997
999
  remove_column :users, :encrypted_name, :text
998
1000
  remove_column :users, :encrypted_name_iv, :text
data/lib/lockbox/model.rb CHANGED
@@ -289,6 +289,11 @@ module Lockbox
289
289
  @lockbox_attributes[original_name] = options
290
290
 
291
291
  if activerecord
292
+ # warn on store attributes
293
+ if stored_attributes.any? { |k, v| v.include?(name) }
294
+ warn "[lockbox] WARNING: encrypting store accessors is not supported. Encrypt the column instead."
295
+ end
296
+
292
297
  # warn on default attributes
293
298
  if attributes_to_define_after_schema_loads.key?(name.to_s)
294
299
  opt = attributes_to_define_after_schema_loads[name.to_s][1]
@@ -324,13 +329,23 @@ module Lockbox
324
329
  attribute name, attribute_type
325
330
 
326
331
  if ActiveRecord::VERSION::STRING.to_f >= 7.1
327
- serialize name, coder: JSON if options[:type] == :json
328
- serialize name, type: Hash if options[:type] == :hash
329
- serialize name, type: Array if options[:type] == :array
332
+ case options[:type]
333
+ when :json
334
+ serialize name, coder: JSON
335
+ when :hash
336
+ serialize name, type: Hash, coder: default_column_serializer || YAML
337
+ when :array
338
+ serialize name, type: Array, coder: default_column_serializer || YAML
339
+ end
330
340
  else
331
- serialize name, JSON if options[:type] == :json
332
- serialize name, Hash if options[:type] == :hash
333
- serialize name, Array if options[:type] == :array
341
+ case options[:type]
342
+ when :json
343
+ serialize name, JSON
344
+ when :hash
345
+ serialize name, Hash
346
+ when :array
347
+ serialize name, Array
348
+ end
334
349
  end
335
350
  elsif !attributes_to_define_after_schema_loads.key?(name.to_s)
336
351
  # when migrating it's best to specify the type directly
@@ -499,6 +514,9 @@ module Lockbox
499
514
  clear_attribute_change(name)
500
515
  end
501
516
  end
517
+
518
+ # ensure same object is returned as next call
519
+ message = super()
502
520
  else
503
521
  instance_variable_set("@#{name}", message)
504
522
  end
@@ -615,6 +633,10 @@ module Lockbox
615
633
  else
616
634
  # use original name for serialized attributes if no type specified
617
635
  type = (try(:attribute_types) || {})[(options[:type] ? name : original_name).to_s]
636
+ # for Action Text
637
+ if activerecord && type.is_a?(ActiveRecord::Type::Serialized) && defined?(ActionText::Content) && type.coder == ActionText::Content
638
+ message.force_encoding(Encoding::UTF_8)
639
+ end
618
640
  message = type.deserialize(message) if type
619
641
  message.force_encoding(Encoding::UTF_8) if !type || type.is_a?(ActiveModel::Type::String)
620
642
  end
data/lib/lockbox/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Lockbox
2
- VERSION = "1.3.0"
2
+ VERSION = "1.3.3"
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: lockbox
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.3.0
4
+ version: 1.3.3
5
5
  platform: ruby
6
6
  authors:
7
7
  - Andrew Kane
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-07-02 00:00:00.000000000 Z
11
+ date: 2024-02-07 00:00:00.000000000 Z
12
12
  dependencies: []
13
13
  description:
14
14
  email: andrew@ankane.org
@@ -58,7 +58,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
58
58
  - !ruby/object:Gem::Version
59
59
  version: '0'
60
60
  requirements: []
61
- rubygems_version: 3.4.10
61
+ rubygems_version: 3.5.3
62
62
  signing_key:
63
63
  specification_version: 4
64
64
  summary: Modern encryption for Ruby and Rails