lockbox 0.2.4 → 0.2.5

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: d4bf60bca21cbcbf37397b2431401a56191b2a8a2b311ddd12bbe8f94d43a259
-  data.tar.gz: '09969a1e9c7904fe69e017dd6aa8a0d5e1a50573fc5937994ad2c0eab63f499b'
+  metadata.gz: 33199b663aaa289ff221bd83278063e366501185112f9aea61ea52997c6646fb
+  data.tar.gz: 3d8556b252b574c69cd50244cc752302825cae423daf6bcbac5a0f07b6a83d9d
 SHA512:
-  metadata.gz: 5b513fb92e0074f10a5044acbcd9a06bba8f90af473cdc52ae7d981e5432e77afedca887372246afbbb16df7c72cc099ad12a59312e909ef36203c9678b2d987
-  data.tar.gz: 1ab527b1cad1a112b1ce43a3e2745faff13289dfa9dabcd15d7e0ca856cfec801b41112faa09ca312dd57537f3ac5a32d5882fb369d2bb0e262f8bd2bd20d8b4
+  metadata.gz: 9246245fe128a27292ee9a365ab04fcb0acfd3336b838aeef5756353d35add2248911916e6dec4ed46cb0adf01576ac8fb98066cb6a35aec7827144d5d208d40
+  data.tar.gz: 98273c362d05eca1b66cc578264c18db1a66007fd461ae0d3d8919305f9c34b9af70450a5fe3b318357fe296fc0455b52f52d7b2313a04269101fdf50b408df4

data/CHANGELOG.md

@@ -1,4 +1,10 @@
-## 0.2.4
+## 0.2.5 (2019-12-14)
+
+- Made `model.attribute?` consistent with unencrypted columns
+- Added `decrypt_str` method
+- Improved fixtures for attributes with `type` option
+
+## 0.2.4 (2019-08-16)
 
 - Added support for Mongoid
 - Added `encrypt_io` and `decrypt_io` methods
@@ -6,36 +12,36 @@
 - Fixed error with migrate and default scope
 - Fixed encryption with Active Storage 6 and `record.create!`
 
-## 0.2.3
+## 0.2.3 (2019-07-31)
 
 - Added time type
 - Added support for rotating padding with same key
 - Fixed `OpenSSL::KDF` error on some platforms
 - Fixed UTF-8 error
 
-## 0.2.2
+## 0.2.2 (2019-07-24)
 
 - Fixed error with models that have attachments but no encrypted attachments
 
-## 0.2.1
+## 0.2.1 (2019-07-22)
 
 - Added support for types
 - Added support for serialized attributes
 - Added support for padding
 - Added `encode` option for binary columns
 
-## 0.2.0
+## 0.2.0 (2019-07-08)
 
 - Added `encrypts` method for database fields
 - Added `encrypts_attached` method
 - Added `generate_key` method
 - Added support for XSalsa20
 
-## 0.1.1
+## 0.1.1 (2019-02-28)
 
 - Added support for hybrid cryptography
 - Added support for database fields
 
-## 0.1.0
+## 0.1.0 (2019-01-02)
 
 - First release

data/README.md

@@ -44,6 +44,24 @@ Lockbox.master_key = Rails.application.credentials.lockbox_master_key
 
 Alternatively, you can use a [key management service](#key-management) to manage your keys.
 
+## Instructions
+
+Database fields
+
+- [Active Record](#active-record)
+- [Mongoid](#mongoid)
+
+Files
+
+- [Active Storage](#active-storage)
+- [CarrierWave](#carrierwave)
+- [Shrine](#shrine)
+- [Local Files](#local-files)
+
+Other
+
+- [Strings](#strings)
+
 ## Database Fields
 
 ### Active Record
@@ -51,7 +69,7 @@ Alternatively, you can use a [key management service](#key-management) to manage
 Create a migration with:
 
 ```ruby
-class AddEmailCiphertextToUsers < ActiveRecord::Migration[5.2]
+class AddEmailCiphertextToUsers < ActiveRecord::Migration[6.0]
   def change
     add_column :users, :email_ciphertext, :text
   end
@@ -92,7 +110,7 @@ class User < ApplicationRecord
 end
 ```
 
-**Note:** Always use a `text` or `binary` column in migrations, regardless of the type
+**Note:** Always use a `text` or `binary` column for the ciphertext in migrations, regardless of the type
 
 Lockbox automatically works with serialized fields for maximum compatibility with existing code and libraries.
 
@@ -100,6 +118,9 @@ Lockbox automatically works with serialized fields for maximum compatibility wit
 class User < ApplicationRecord
   serialize :properties, JSON
   encrypts :properties
+
+  store :settings, accessors: [:color, :homepage]
+  encrypts :settings
 end
 ```
 
@@ -247,6 +268,12 @@ Decrypt
 box.decrypt(ciphertext)
 ```
 
+Decrypt and return UTF-8 instead of binary
+
+```ruby
+box.decrypt_str(ciphertext)
+```
+
 ## Migrating Existing Data
 
 Lockbox makes it easy to encrypt an existing column. Add a new column for the ciphertext, then add to your model:
@@ -384,20 +411,29 @@ Heroku [comes with libsodium](https://devcenter.heroku.com/articles/stack-packag
 
 ##### Ubuntu
 
-For Ubuntu 16.04, use:
+For Ubuntu 18.04, use:
 
 ```sh
-sudo apt-get install libsodium18
+sudo apt-get install libsodium23
 ```
 
-For Ubuntu 18.04, use:
+For Ubuntu 16.04, use:
 
 ```sh
-sudo apt-get install libsodium23
+sudo apt-get install libsodium18
 ```
 
 ##### Travis CI
 
+On Bionic, add to `.travis.yml`:
+
+```yml
+addons:
+  apt:
+    packages:
+      - libsodium23
+```
+
 On Xenial, add to `.travis.yml`:
 
 ```yml
@@ -524,7 +560,7 @@ For XSalsa20, use the appropriate [Libsodium library](https://libsodium.gitbook.
 
 ## Migrating from Another Library
 
-Lockbox makes it easy to migrate from another library. The example below uses `attr_encrypted` but the same approach should work for any library.
+Lockbox makes it easy to migrate from another library without downtime. The example below uses `attr_encrypted` but the same approach should work for any library.
 
 Let’s suppose your model looks like this:
 
@@ -538,7 +574,7 @@ end
 Create a migration with:
 
 ```ruby
-class MigrateToLockbox < ActiveRecord::Migration[5.2]
+class MigrateToLockbox < ActiveRecord::Migration[6.0]
   def change
     add_column :users, :name_ciphertext, :text
     add_column :users, :email_ciphertext, :text
@@ -571,7 +607,7 @@ end
 Then remove the previous gem from your Gemfile and drop its columns.
 
 ```ruby
-class RemovePreviousEncryptedColumns < ActiveRecord::Migration[5.2]
+class RemovePreviousEncryptedColumns < ActiveRecord::Migration[6.0]
   def change
     remove_column :users, :encrypted_name, :text
     remove_column :users, :encrypted_name_iv, :text
@@ -639,3 +675,12 @@ Everyone is encouraged to help improve this project. Here are a few ways you can
 - Fix bugs and [submit pull requests](https://github.com/ankane/lockbox/pulls)
 - Write, clarify, or fix documentation
 - Suggest or add new features
+
+To get started with development and testing:
+
+```sh
+git clone https://github.com/ankane/lockbox.git
+cd lockbox
+bundle install
+bundle exec rake test
+```

data/lib/lockbox.rb

@@ -141,6 +141,11 @@ class Lockbox
     new_io
   end
 
+  def decrypt_str(ciphertext, **options)
+    message = decrypt(ciphertext, **options)
+    message.force_encoding(Encoding::UTF_8)
+  end
+
   def self.generate_key
     SecureRandom.hex(32)
   end

data/lib/lockbox/model.rb

@@ -104,10 +104,13 @@ class Lockbox
           @lockbox_attributes[original_name] = options.merge(encode: encode)
 
           if @lockbox_attributes.size == 1
+            # use same approach as activerecord serialization
             def serializable_hash(options = nil)
               options = options.try(:dup) || {}
+
               options[:except] = Array(options[:except])
-              options[:except] += self.class.lockbox_attributes.values.flat_map { |v| [v[:attribute], v[:encrypted_attribute]] }
+              options[:except] += self.class.lockbox_attributes.flat_map { |_, v| [v[:attribute], v[:encrypted_attribute]] }
+
               super(options)
             end
 
@@ -151,6 +154,10 @@ class Lockbox
 
           if respond_to?(:attribute)
             attribute name, attribute_type
+
+            define_method("#{name}?") do
+              send("#{encrypted_attribute}?")
+            end
           else
             m = Module.new do
               define_method("#{name}=") do |val|
@@ -183,45 +190,6 @@ class Lockbox
           define_method("#{name}=") do |message|
             original_message = message
 
-            unless message.nil?
-              case options[:type]
-              when :boolean
-                message = ActiveRecord::Type::Boolean.new.serialize(message)
-                message = nil if message == "" # for Active Record < 5.2
-                message = message ? "t" : "f" unless message.nil?
-              when :date
-                message = ActiveRecord::Type::Date.new.serialize(message)
-                # strftime should be more stable than to_s(:db)
-                message = message.strftime("%Y-%m-%d") unless message.nil?
-              when :datetime
-                message = ActiveRecord::Type::DateTime.new.serialize(message)
-                message = nil unless message.respond_to?(:iso8601) # for Active Record < 5.2
-                message = message.iso8601(9) unless message.nil?
-              when :time
-                message = ActiveRecord::Type::Time.new.serialize(message)
-                message = nil unless message.respond_to?(:strftime)
-                message = message.strftime("%H:%M:%S.%N") unless message.nil?
-                message
-              when :integer
-                message = ActiveRecord::Type::Integer.new(limit: 8).serialize(message)
-                message = 0 if message.nil?
-                # signed 64-bit integer, big endian
-                message = [message].pack("q>")
-              when :float
-                message = ActiveRecord::Type::Float.new.serialize(message)
-                # double precision, big endian
-                message = [message].pack("G") unless message.nil?
-              when :string, :binary
-                # do nothing
-                # encrypt will convert to binary
-              else
-                type = (self.class.try(:attribute_types) || {})[name.to_s]
-                if type && type.is_a?(ActiveRecord::Type::Serialized)
-                  message = type.serialize(message)
-                end
-              end
-            end
-
             # decrypt first for dirty tracking
             # don't raise error if can't decrypt previous
             begin
@@ -230,13 +198,8 @@ class Lockbox
               nil
             end
 
-            ciphertext =
-              if message.nil? || (message == "" && !options[:padding])
-                message
-              else
-                self.class.send(class_method_name, message, context: self)
-              end
-
+            # set ciphertext
+            ciphertext = self.class.send(class_method_name, message, context: self)
             send("#{encrypted_attribute}=", ciphertext)
 
             super(original_message)
@@ -305,9 +268,53 @@ class Lockbox
           # for fixtures
           define_singleton_method class_method_name do |message, **opts|
             table = respond_to?(:table_name) ? table_name : collection_name.to_s
-            ciphertext = Lockbox::Utils.build_box(opts[:context], options, table, encrypted_attribute).encrypt(message)
-            ciphertext = Base64.strict_encode64(ciphertext) if encode
-            ciphertext
+
+            unless message.nil?
+              case options[:type]
+              when :boolean
+                message = ActiveRecord::Type::Boolean.new.serialize(message)
+                message = nil if message == "" # for Active Record < 5.2
+                message = message ? "t" : "f" unless message.nil?
+              when :date
+                message = ActiveRecord::Type::Date.new.serialize(message)
+                # strftime should be more stable than to_s(:db)
+                message = message.strftime("%Y-%m-%d") unless message.nil?
+              when :datetime
+                message = ActiveRecord::Type::DateTime.new.serialize(message)
+                message = nil unless message.respond_to?(:iso8601) # for Active Record < 5.2
+                message = message.iso8601(9) unless message.nil?
+              when :time
+                message = ActiveRecord::Type::Time.new.serialize(message)
+                message = nil unless message.respond_to?(:strftime)
+                message = message.strftime("%H:%M:%S.%N") unless message.nil?
+                message
+              when :integer
+                message = ActiveRecord::Type::Integer.new(limit: 8).serialize(message)
+                message = 0 if message.nil?
+                # signed 64-bit integer, big endian
+                message = [message].pack("q>")
+              when :float
+                message = ActiveRecord::Type::Float.new.serialize(message)
+                # double precision, big endian
+                message = [message].pack("G") unless message.nil?
+              when :string, :binary
+                # do nothing
+                # encrypt will convert to binary
+              else
+                type = (try(:attribute_types) || {})[name.to_s]
+                if type && type.is_a?(ActiveRecord::Type::Serialized)
+                  message = type.serialize(message)
+                end
+              end
+            end
+
+            if message.nil? || (message == "" && !options[:padding])
+              message
+            else
+              ciphertext = Lockbox::Utils.build_box(opts[:context], options, table, encrypted_attribute).encrypt(message)
+              ciphertext = Base64.strict_encode64(ciphertext) if encode
+              ciphertext
+            end
           end
         end
       end

data/lib/lockbox/version.rb

@@ -1,3 +1,3 @@
 class Lockbox
-  VERSION = "0.2.4"
+  VERSION = "0.2.5"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: lockbox
 version: !ruby/object:Gem::Version
-  version: 0.2.4
+  version: 0.2.5
 platform: ruby
 authors:
 - Andrew Kane
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-08-16 00:00:00.000000000 Z
+date: 2019-12-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -218,7 +218,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.4
+rubygems_version: 3.0.3
 signing_key: 
 specification_version: 4
 summary: Modern encryption for Rails