lockbox 2.0.0 → 2.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +10 -0
- data/LICENSE.txt +1 -1
- data/README.md +6 -6
- data/lib/lockbox/active_storage_extensions.rb +18 -4
- data/lib/lockbox/encryptor.rb +2 -2
- data/lib/lockbox/model.rb +7 -18
- data/lib/lockbox/version.rb +1 -1
- data/lib/lockbox.rb +4 -3
- metadata +4 -8
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 732b29630e94d7e05292a10ff4106f05152418a335fb7a5e7da9b5a632c05856
|
|
4
|
+
data.tar.gz: 8d7d40d7d4f8bb5ecc4737c4664a87bfc33d1f331b0a46d36ebc6a3ce5573ee2
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 11ba243e0e997a3140a5f3682f38023b9dcf29fdd9c181ea9f693404b4204bd7e83a4caef669126ff9fe432882773ff8f52e129117c201f0dc6eae7de9539849
|
|
7
|
+
data.tar.gz: 206197fbff415597cb816f77d9354fc8b2ee0c60ceccfb1b5414a44cf19a14b1b9224e09d1c7b0148a9ecb4b0d6673f70f2f35008b6a105bab8e02a55fdf81ce
|
data/CHANGELOG.md
CHANGED
|
@@ -1,3 +1,13 @@
|
|
|
1
|
+
## 2.1.0 (2025-10-15)
|
|
2
|
+
|
|
3
|
+
- Added warning for `download_chunk` method
|
|
4
|
+
- Fixed error for `download` method with block
|
|
5
|
+
- Dropped support for Active Record < 7.1 and Ruby < 3.2
|
|
6
|
+
|
|
7
|
+
## 2.0.1 (2024-12-29)
|
|
8
|
+
|
|
9
|
+
- Added support for Ruby 3.4
|
|
10
|
+
|
|
1
11
|
## 2.0.0 (2024-10-26)
|
|
2
12
|
|
|
3
13
|
- Improved `attributes`, `attribute_names`, and `has_attribute?` when ciphertext attributes not loaded
|
data/LICENSE.txt
CHANGED
data/README.md
CHANGED
|
@@ -72,7 +72,7 @@ Then follow the instructions below for the data you want to encrypt.
|
|
|
72
72
|
Create a migration with:
|
|
73
73
|
|
|
74
74
|
```ruby
|
|
75
|
-
class AddEmailCiphertextToUsers < ActiveRecord::Migration[
|
|
75
|
+
class AddEmailCiphertextToUsers < ActiveRecord::Migration[8.0]
|
|
76
76
|
def change
|
|
77
77
|
add_column :users, :email_ciphertext, :text
|
|
78
78
|
end
|
|
@@ -251,7 +251,7 @@ User.decrypt_email_ciphertext(user.email_ciphertext)
|
|
|
251
251
|
Create a migration with:
|
|
252
252
|
|
|
253
253
|
```ruby
|
|
254
|
-
class AddBodyCiphertextToRichTexts < ActiveRecord::Migration[
|
|
254
|
+
class AddBodyCiphertextToRichTexts < ActiveRecord::Migration[8.0]
|
|
255
255
|
def change
|
|
256
256
|
add_column :action_text_rich_texts, :body_ciphertext, :text
|
|
257
257
|
end
|
|
@@ -382,7 +382,7 @@ Encryption is applied to all versions after processing.
|
|
|
382
382
|
You can mount the uploader [as normal](https://github.com/carrierwaveuploader/carrierwave#activerecord). With Active Record, this involves creating a migration:
|
|
383
383
|
|
|
384
384
|
```ruby
|
|
385
|
-
class AddLicenseToUsers < ActiveRecord::Migration[
|
|
385
|
+
class AddLicenseToUsers < ActiveRecord::Migration[8.0]
|
|
386
386
|
def change
|
|
387
387
|
add_column :users, :license, :string
|
|
388
388
|
end
|
|
@@ -910,7 +910,7 @@ end
|
|
|
910
910
|
You can use `binary` columns for the ciphertext instead of `text` columns.
|
|
911
911
|
|
|
912
912
|
```ruby
|
|
913
|
-
class AddEmailCiphertextToUsers < ActiveRecord::Migration[
|
|
913
|
+
class AddEmailCiphertextToUsers < ActiveRecord::Migration[8.0]
|
|
914
914
|
def change
|
|
915
915
|
add_column :users, :email_ciphertext, :binary
|
|
916
916
|
end
|
|
@@ -961,7 +961,7 @@ end
|
|
|
961
961
|
Create a migration with:
|
|
962
962
|
|
|
963
963
|
```ruby
|
|
964
|
-
class MigrateToLockbox < ActiveRecord::Migration[
|
|
964
|
+
class MigrateToLockbox < ActiveRecord::Migration[8.0]
|
|
965
965
|
def change
|
|
966
966
|
add_column :users, :name_ciphertext, :text
|
|
967
967
|
add_column :users, :email_ciphertext, :text
|
|
@@ -994,7 +994,7 @@ end
|
|
|
994
994
|
Then remove the previous gem from your Gemfile and drop its columns.
|
|
995
995
|
|
|
996
996
|
```ruby
|
|
997
|
-
class RemovePreviousEncryptedColumns < ActiveRecord::Migration[
|
|
997
|
+
class RemovePreviousEncryptedColumns < ActiveRecord::Migration[8.0]
|
|
998
998
|
def change
|
|
999
999
|
remove_column :users, :encrypted_name, :text
|
|
1000
1000
|
remove_column :users, :encrypted_name_iv, :text
|
|
@@ -80,7 +80,7 @@ module Lockbox
|
|
|
80
80
|
|
|
81
81
|
module Attachment
|
|
82
82
|
def download
|
|
83
|
-
result = super
|
|
83
|
+
result = super(&nil)
|
|
84
84
|
|
|
85
85
|
options = Utils.encrypted_options(record, name)
|
|
86
86
|
# only trust the metadata when migrating
|
|
@@ -91,15 +91,29 @@ module Lockbox
|
|
|
91
91
|
result = Utils.decrypt_result(record, name, options, result)
|
|
92
92
|
end
|
|
93
93
|
|
|
94
|
-
|
|
94
|
+
if block_given?
|
|
95
|
+
io = StringIO.new(result)
|
|
96
|
+
chunk_size = 5.megabytes
|
|
97
|
+
while (chunk = io.read(chunk_size))
|
|
98
|
+
yield chunk
|
|
99
|
+
end
|
|
100
|
+
else
|
|
101
|
+
result
|
|
102
|
+
end
|
|
103
|
+
end
|
|
104
|
+
|
|
105
|
+
def download_chunk(...)
|
|
106
|
+
# TODO raise error in 3.0
|
|
107
|
+
warn "[lockbox] WARNING: download_chunk not supported for encrypted files" if Utils.encrypted_options(record, name)
|
|
108
|
+
super
|
|
95
109
|
end
|
|
96
110
|
|
|
97
|
-
def variant(
|
|
111
|
+
def variant(...)
|
|
98
112
|
raise Lockbox::Error, "Variant not supported for encrypted files" if Utils.encrypted_options(record, name)
|
|
99
113
|
super
|
|
100
114
|
end
|
|
101
115
|
|
|
102
|
-
def preview(
|
|
116
|
+
def preview(...)
|
|
103
117
|
raise Lockbox::Error, "Preview not supported for encrypted files" if Utils.encrypted_options(record, name)
|
|
104
118
|
super
|
|
105
119
|
end
|
data/lib/lockbox/encryptor.rb
CHANGED
|
@@ -15,12 +15,12 @@ module Lockbox
|
|
|
15
15
|
def encrypt(message, **options)
|
|
16
16
|
message = check_string(message)
|
|
17
17
|
ciphertext = @boxes.first.encrypt(message, **options)
|
|
18
|
-
ciphertext =
|
|
18
|
+
ciphertext = [ciphertext].pack("m0") if @encode
|
|
19
19
|
ciphertext
|
|
20
20
|
end
|
|
21
21
|
|
|
22
22
|
def decrypt(ciphertext, **options)
|
|
23
|
-
ciphertext =
|
|
23
|
+
ciphertext = ciphertext.unpack1("m") if @encode
|
|
24
24
|
ciphertext = check_string(ciphertext)
|
|
25
25
|
|
|
26
26
|
# ensure binary
|
data/lib/lockbox/model.rb
CHANGED
|
@@ -377,24 +377,13 @@ module Lockbox
|
|
|
377
377
|
|
|
378
378
|
attribute name, attribute_type
|
|
379
379
|
|
|
380
|
-
|
|
381
|
-
|
|
382
|
-
|
|
383
|
-
|
|
384
|
-
|
|
385
|
-
|
|
386
|
-
|
|
387
|
-
serialize name, type: Array, coder: default_column_serializer || YAML
|
|
388
|
-
end
|
|
389
|
-
else
|
|
390
|
-
case options[:type]
|
|
391
|
-
when :json
|
|
392
|
-
serialize name, JSON
|
|
393
|
-
when :hash
|
|
394
|
-
serialize name, Hash
|
|
395
|
-
when :array
|
|
396
|
-
serialize name, Array
|
|
397
|
-
end
|
|
380
|
+
case options[:type]
|
|
381
|
+
when :json
|
|
382
|
+
serialize name, coder: JSON
|
|
383
|
+
when :hash
|
|
384
|
+
serialize name, type: Hash, coder: default_column_serializer || YAML
|
|
385
|
+
when :array
|
|
386
|
+
serialize name, type: Array, coder: default_column_serializer || YAML
|
|
398
387
|
end
|
|
399
388
|
elsif ActiveRecord::VERSION::STRING.to_f >= 7.2
|
|
400
389
|
decorate_attributes([name]) do |attr_name, cast_type|
|
data/lib/lockbox/version.rb
CHANGED
data/lib/lockbox.rb
CHANGED
|
@@ -1,5 +1,4 @@
|
|
|
1
1
|
# stdlib
|
|
2
|
-
require "base64"
|
|
3
2
|
require "openssl"
|
|
4
3
|
require "securerandom"
|
|
5
4
|
require "stringio"
|
|
@@ -99,8 +98,10 @@ end
|
|
|
99
98
|
if defined?(ActiveSupport.on_load)
|
|
100
99
|
ActiveSupport.on_load(:active_record) do
|
|
101
100
|
ar_version = ActiveRecord::VERSION::STRING.to_f
|
|
102
|
-
if ar_version < 7
|
|
103
|
-
if ar_version >=
|
|
101
|
+
if ar_version < 7.1
|
|
102
|
+
if ar_version >= 7.0
|
|
103
|
+
raise Lockbox::Error, "Active Record #{ActiveRecord::VERSION::STRING} requires Lockbox < 2.1"
|
|
104
|
+
elsif ar_version >= 5.2
|
|
104
105
|
raise Lockbox::Error, "Active Record #{ActiveRecord::VERSION::STRING} requires Lockbox < 2"
|
|
105
106
|
elsif ar_version >= 5
|
|
106
107
|
raise Lockbox::Error, "Active Record #{ActiveRecord::VERSION::STRING} requires Lockbox < 0.7"
|
metadata
CHANGED
|
@@ -1,16 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: lockbox
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.
|
|
4
|
+
version: 2.1.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Andrew Kane
|
|
8
|
-
autorequire:
|
|
9
8
|
bindir: bin
|
|
10
9
|
cert_chain: []
|
|
11
|
-
date:
|
|
10
|
+
date: 1980-01-02 00:00:00.000000000 Z
|
|
12
11
|
dependencies: []
|
|
13
|
-
description:
|
|
14
12
|
email: andrew@ankane.org
|
|
15
13
|
executables: []
|
|
16
14
|
extensions: []
|
|
@@ -43,7 +41,6 @@ homepage: https://github.com/ankane/lockbox
|
|
|
43
41
|
licenses:
|
|
44
42
|
- MIT
|
|
45
43
|
metadata: {}
|
|
46
|
-
post_install_message:
|
|
47
44
|
rdoc_options: []
|
|
48
45
|
require_paths:
|
|
49
46
|
- lib
|
|
@@ -51,15 +48,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
51
48
|
requirements:
|
|
52
49
|
- - ">="
|
|
53
50
|
- !ruby/object:Gem::Version
|
|
54
|
-
version: '3.
|
|
51
|
+
version: '3.2'
|
|
55
52
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
56
53
|
requirements:
|
|
57
54
|
- - ">="
|
|
58
55
|
- !ruby/object:Gem::Version
|
|
59
56
|
version: '0'
|
|
60
57
|
requirements: []
|
|
61
|
-
rubygems_version: 3.
|
|
62
|
-
signing_key:
|
|
58
|
+
rubygems_version: 3.6.9
|
|
63
59
|
specification_version: 4
|
|
64
60
|
summary: Modern encryption for Ruby and Rails
|
|
65
61
|
test_files: []
|