lockbox 2.0.1 → 2.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 41d031c1ae819dbf773416fffa04b9fe08abcfe8bd2012dab7a86d9e3046140c
-  data.tar.gz: 2fa33424258e616693caf343f2b7ca054276619bbf14ce7042a892f743c6f139
+  metadata.gz: b3a6c05fd83da2e2fc8474f2daf3b55f27ee61dd8a86ff3264df772816bcf92b
+  data.tar.gz: d269773e126958e5288a2fcb48ee228dbcd3918648e02834057c8be04f36ec45
 SHA512:
-  metadata.gz: bbc879f38246d0dcbc802beee879895f968d677ae895b6f0c7addebefa2ff7306befdd1406a02b24bbb2bec4f12bfb125f67c11c9280ba5e3e0517d67efb6360
-  data.tar.gz: 6d1b6474c2e9859b43ee6a44d7eb12aa5c6cb8657ce3b82abed09b13bd66b6912150823f12e67ca2409a99872b152a5527159843980b2668b39a41db445eb6ce
+  metadata.gz: f05224cd3e90993ba6a5b7cadfd2bdac839e6590ae3a5702935dc1146b1349ce76d41d3de989f9e10b3510cf420a86936d283968cc343a7eaccfa119a4dff1b6
+  data.tar.gz: d185de56bd634a6ba6753d3a1acf91a7f3940edb02ccbcaa89b22839ef4e57e62a5c698074b6cff821bc5869e3b423dee94781fad4a7e0961794982fa2ed1faa

data/CHANGELOG.md

@@ -1,3 +1,13 @@
+## 2.2.0 (2026-04-04)
+
+- Dropped support for Active Record < 7.2 and Ruby < 3.3
+
+## 2.1.0 (2025-10-15)
+
+- Added warning for `download_chunk` method
+- Fixed error for `download` method with block
+- Dropped support for Active Record < 7.1 and Ruby < 3.2
+
 ## 2.0.1 (2024-12-29)
 
 - Added support for Ruby 3.4

data/LICENSE.txt

@@ -1,6 +1,6 @@
 The MIT License (MIT)
 
-Copyright (c) 2018-2024 Andrew Kane
+Copyright (c) 2018-2026 Andrew Kane
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

data/README.md

@@ -72,7 +72,7 @@ Then follow the instructions below for the data you want to encrypt.
 Create a migration with:
 
 ```ruby
-class AddEmailCiphertextToUsers < ActiveRecord::Migration[8.0]
+class AddEmailCiphertextToUsers < ActiveRecord::Migration[8.1]
   def change
     add_column :users, :email_ciphertext, :text
   end
@@ -251,7 +251,7 @@ User.decrypt_email_ciphertext(user.email_ciphertext)
 Create a migration with:
 
 ```ruby
-class AddBodyCiphertextToRichTexts < ActiveRecord::Migration[8.0]
+class AddBodyCiphertextToRichTexts < ActiveRecord::Migration[8.1]
   def change
     add_column :action_text_rich_texts, :body_ciphertext, :text
   end
@@ -382,7 +382,7 @@ Encryption is applied to all versions after processing.
 You can mount the uploader [as normal](https://github.com/carrierwaveuploader/carrierwave#activerecord). With Active Record, this involves creating a migration:
 
 ```ruby
-class AddLicenseToUsers < ActiveRecord::Migration[8.0]
+class AddLicenseToUsers < ActiveRecord::Migration[8.1]
   def change
     add_column :users, :license, :string
   end
@@ -910,7 +910,7 @@ end
 You can use `binary` columns for the ciphertext instead of `text` columns.
 
 ```ruby
-class AddEmailCiphertextToUsers < ActiveRecord::Migration[8.0]
+class AddEmailCiphertextToUsers < ActiveRecord::Migration[8.1]
   def change
     add_column :users, :email_ciphertext, :binary
   end
@@ -961,7 +961,7 @@ end
 Create a migration with:
 
 ```ruby
-class MigrateToLockbox < ActiveRecord::Migration[8.0]
+class MigrateToLockbox < ActiveRecord::Migration[8.1]
   def change
     add_column :users, :name_ciphertext, :text
     add_column :users, :email_ciphertext, :text
@@ -994,7 +994,7 @@ end
 Then remove the previous gem from your Gemfile and drop its columns.
 
 ```ruby
-class RemovePreviousEncryptedColumns < ActiveRecord::Migration[8.0]
+class RemovePreviousEncryptedColumns < ActiveRecord::Migration[8.1]
   def change
     remove_column :users, :encrypted_name, :text
     remove_column :users, :encrypted_name_iv, :text

data/lib/lockbox/active_storage_extensions.rb

@@ -80,7 +80,7 @@ module Lockbox
 
     module Attachment
       def download
-        result = super
+        result = super(&nil)
 
         options = Utils.encrypted_options(record, name)
         # only trust the metadata when migrating
@@ -91,24 +91,31 @@ module Lockbox
           result = Utils.decrypt_result(record, name, options, result)
         end
 
-        result
+        if block_given?
+          io = StringIO.new(result)
+          chunk_size = 5.megabytes
+          while (chunk = io.read(chunk_size))
+            yield chunk
+          end
+        else
+          result
+        end
       end
 
-      def variant(*args)
-        raise Lockbox::Error, "Variant not supported for encrypted files" if Utils.encrypted_options(record, name)
+      def download_chunk(...)
+        # TODO raise error in 3.0
+        warn "[lockbox] WARNING: download_chunk not supported for encrypted files" if Utils.encrypted_options(record, name)
         super
       end
 
-      def preview(*args)
-        raise Lockbox::Error, "Preview not supported for encrypted files" if Utils.encrypted_options(record, name)
+      def variant(...)
+        raise Lockbox::Error, "Variant not supported for encrypted files" if Utils.encrypted_options(record, name)
         super
       end
 
-      if ActiveStorage::VERSION::STRING.to_f == 7.1 && ActiveStorage.version >= "7.1.4"
-        def transform_variants_later
-          blob.instance_variable_set(:@lockbox_encrypted, true) if Utils.encrypted_options(record, name)
-          super
-        end
+      def preview(...)
+        raise Lockbox::Error, "Preview not supported for encrypted files" if Utils.encrypted_options(record, name)
+        super
       end
 
       def open(**options)
@@ -135,12 +142,6 @@ module Lockbox
     end
 
     module Blob
-      if ActiveStorage::VERSION::STRING.to_f == 7.1 && ActiveStorage.version >= "7.1.4"
-        def preview_image_needed_before_processing_variants?
-          !instance_variable_defined?(:@lockbox_encrypted) && super
-        end
-      end
-
       private
 
       def extract_content_type(io)

data/lib/lockbox/model.rb

@@ -259,18 +259,16 @@ module Lockbox
                 result
               end
 
-              if ActiveRecord::VERSION::STRING.to_f >= 7.2
-                def self.insert(attributes, **options)
-                  super(lockbox_map_record_attributes(attributes), **options)
-                end
+              def self.insert(attributes, **options)
+                super(lockbox_map_record_attributes(attributes), **options)
+              end
 
-                def self.insert!(attributes, **options)
-                  super(lockbox_map_record_attributes(attributes), **options)
-                end
+              def self.insert!(attributes, **options)
+                super(lockbox_map_record_attributes(attributes), **options)
+              end
 
-                def self.upsert(attributes, **options)
-                  super(lockbox_map_record_attributes(attributes, check_readonly: true), **options)
-                end
+              def self.upsert(attributes, **options)
+                super(lockbox_map_record_attributes(attributes, check_readonly: true), **options)
               end
 
               def self.insert_all(attributes, **options)
@@ -344,20 +342,9 @@ module Lockbox
             end
 
             # warn on default attributes
-            if ActiveRecord::VERSION::STRING.to_f >= 7.2
-              # TODO improve
-              if pending_attribute_modifications.any? { |v| v.is_a?(ActiveModel::AttributeRegistration::ClassMethods::PendingDefault) && v.name == name.to_s }
-                warn "[lockbox] WARNING: attributes with `:default` option are not supported. Use `after_initialize` instead."
-              end
-            elsif attributes_to_define_after_schema_loads.key?(name.to_s)
-              opt = attributes_to_define_after_schema_loads[name.to_s][1]
-
-              # not ideal, since NO_DEFAULT_PROVIDED is private
-              has_default = opt != ActiveRecord::Attributes::ClassMethods.const_get(:NO_DEFAULT_PROVIDED)
-
-              if has_default
-                warn "[lockbox] WARNING: attributes with `:default` option are not supported. Use `after_initialize` instead."
-              end
+            # TODO improve
+            if pending_attribute_modifications.any? { |v| v.is_a?(ActiveModel::AttributeRegistration::ClassMethods::PendingDefault) && v.name == name.to_s }
+              warn "[lockbox] WARNING: attributes with `:default` option are not supported. Use `after_initialize` instead."
             end
 
             # preference:
@@ -377,26 +364,15 @@ module Lockbox
 
               attribute name, attribute_type
 
-              if ActiveRecord::VERSION::STRING.to_f >= 7.1
-                case options[:type]
-                when :json
-                  serialize name, coder: JSON
-                when :hash
-                  serialize name, type: Hash, coder: default_column_serializer || YAML
-                when :array
-                  serialize name, type: Array, coder: default_column_serializer || YAML
-                end
-              else
-                case options[:type]
-                when :json
-                  serialize name, JSON
-                when :hash
-                  serialize name, Hash
-                when :array
-                  serialize name, Array
-                end
+              case options[:type]
+              when :json
+                serialize name, coder: JSON
+              when :hash
+                serialize name, type: Hash, coder: default_column_serializer || YAML
+              when :array
+                serialize name, type: Array, coder: default_column_serializer || YAML
               end
-            elsif ActiveRecord::VERSION::STRING.to_f >= 7.2
+            else
               decorate_attributes([name]) do |attr_name, cast_type|
                 if cast_type.instance_of?(ActiveRecord::Type::Value)
                   original_type = pending_attribute_modifications.find { |v| v.is_a?(ActiveModel::AttributeRegistration::ClassMethods::PendingType) && v.name == original_name.to_s && !v.type.nil? }&.type
@@ -416,27 +392,6 @@ module Lockbox
                   cast_type
                 end
               end
-            elsif !attributes_to_define_after_schema_loads.key?(name.to_s)
-              # when migrating it's best to specify the type directly
-              # however, we can try to use the original type if its already defined
-              if attributes_to_define_after_schema_loads.key?(original_name.to_s)
-                attribute name, attributes_to_define_after_schema_loads[original_name.to_s].first
-              elsif options[:migrating]
-                # we use the original attribute for serialization in the encrypt and decrypt methods
-                # so we can use a generic value here
-                attribute name, ActiveRecord::Type::Value.new
-              else
-                attribute name, :string
-              end
-            elsif attributes_to_define_after_schema_loads[name.to_s].first.is_a?(Proc)
-              # hack for Active Record 6.1+ to set string type after serialize
-              # otherwise, type gets set to ActiveModel::Type::Value
-              # which always returns false for changed_in_place?
-              # earlier versions of Active Record take the previous code path
-              attribute_type = attributes_to_define_after_schema_loads[name.to_s].first.call(nil)
-              if attribute_type.is_a?(ActiveRecord::Type::Serialized) && attribute_type.subtype.nil?
-                attribute name, ActiveRecord::Type::Serialized.new(ActiveRecord::Type::String.new, attribute_type.coder)
-              end
             end
 
             define_method("#{name}_was") do

data/lib/lockbox/version.rb

@@ -1,3 +1,3 @@
 module Lockbox
-  VERSION = "2.0.1"
+  VERSION = "2.2.0"
 end

data/lib/lockbox.rb

@@ -98,8 +98,12 @@ end
 if defined?(ActiveSupport.on_load)
   ActiveSupport.on_load(:active_record) do
     ar_version = ActiveRecord::VERSION::STRING.to_f
-    if ar_version < 7
-      if ar_version >= 5.2
+    if ar_version < 7.2
+      if ar_version >= 7.1
+        raise Lockbox::Error, "Active Record #{ActiveRecord::VERSION::STRING} requires Lockbox < 2.2"
+      elsif ar_version >= 7.0
+        raise Lockbox::Error, "Active Record #{ActiveRecord::VERSION::STRING} requires Lockbox < 2.1"
+      elsif ar_version >= 5.2
         raise Lockbox::Error, "Active Record #{ActiveRecord::VERSION::STRING} requires Lockbox < 2"
       elsif ar_version >= 5
         raise Lockbox::Error, "Active Record #{ActiveRecord::VERSION::STRING} requires Lockbox < 0.7"

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: lockbox
 version: !ruby/object:Gem::Version
-  version: 2.0.1
+  version: 2.2.0
 platform: ruby
 authors:
 - Andrew Kane
 bindir: bin
 cert_chain: []
-date: 2024-12-29 00:00:00.000000000 Z
+date: 1980-01-02 00:00:00.000000000 Z
 dependencies: []
 email: andrew@ankane.org
 executables: []
@@ -48,14 +48,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '3.1'
+      version: '3.3'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.6.2
+rubygems_version: 4.0.6
 specification_version: 4
 summary: Modern encryption for Ruby and Rails
 test_files: []