lockbox 0.3.7 → 0.4.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 72291291d3b8ac532d4c309bde141febf41d40b5228ce4d4b2541248702fe08d
4
- data.tar.gz: d184e486e64cf5f0ecc882cf453fa76b18ce69b03f34d93335da7b1f70c12a01
3
+ metadata.gz: cb1e70486f88d6aad134fe0a13d74e750505888415cff633138fab97887b8d0a
4
+ data.tar.gz: e40ed2533aa32adc6b5c3048ab3e4588a652c0335d2eb7c408c3ea90e833f8c5
5
5
  SHA512:
6
- metadata.gz: 4badf3561effc1d381ae5ddfcdd3ce64a5bfb70e586c140df4795a392d36e5440a3d3930921f14732b349c2f93246a6f4ddfbe62ef508c2a2ad503b5f52d28f8
7
- data.tar.gz: 12e48eab11c6f1aefc7a1ea8656e8d1e0cdceebe54147e573e1beb13f635149d99a5bfea0402595a8a6d53403bb498b2f404bb3a70a684908bc87decbd39c365
6
+ metadata.gz: '02051826a17857790dbf6045c4a5a3948d0843fb27a0b4799599393b8c600a43891f6c40e84c7d7dc08be2ff2fe272eaa71c2f8220b29ee6e78cb0f4e8513e53'
7
+ data.tar.gz: e997bace782a9affd36a92b80de749b4aaa708caf6f8323023f0b651c8d98bfc08f6911c9946a3baa0a807d4c8020b119459523c7afd6ba66adf038c28973b96
data/CHANGELOG.md CHANGED
@@ -1,3 +1,10 @@
1
+ ## 0.4.0 (2020-05-03)
2
+
3
+ - Load encrypted attributes when `attributes` called
4
+ - Added support for migrating and rotating relations
5
+ - Removed deprecated `attached_encrypted` method
6
+ - Removed legacy `attr_encrypted` encryptor
7
+
1
8
  ## 0.3.7 (2020-04-20)
2
9
 
3
10
  - Added Active Support notifications for Active Storage and Carrierwave
data/README.md CHANGED
@@ -205,6 +205,8 @@ User.create!(email: "hi@example.org")
205
205
 
206
206
  If you need to query encrypted fields, check out [Blind Index](https://github.com/ankane/blind_index).
207
207
 
208
+ You can [migrate existing data](#migrating-existing-data) similarly to Active Record.
209
+
208
210
  ## Active Storage
209
211
 
210
212
  Add to your model:
@@ -378,7 +380,7 @@ Use `decrypt_str` get the value as UTF-8
378
380
 
379
381
  To make key rotation easy, you can pass previous versions of keys that can decrypt.
380
382
 
381
- ### Active Record
383
+ ### Active Record & Mongoid
382
384
 
383
385
  Update your model:
384
386
 
@@ -398,26 +400,6 @@ Lockbox.rotate(User, attributes: [:email])
398
400
 
399
401
  Once all records are rotated, you can remove `previous_versions` from the model.
400
402
 
401
- ### Mongoid
402
-
403
- Update your model:
404
-
405
- ```ruby
406
- class User
407
- encrypts :email, previous_versions: [{key: previous_key}]
408
- end
409
- ```
410
-
411
- Use `master_key` instead of `key` if passing the master key.
412
-
413
- To rotate existing records, use:
414
-
415
- ```ruby
416
- Lockbox.rotate(User, attributes: [:email])
417
- ```
418
-
419
- Once all records are rotated, you can remove `previous_versions` from the model.
420
-
421
403
  ### Active Storage
422
404
 
423
405
  Update your model:
@@ -462,9 +444,9 @@ end
462
444
 
463
445
  Once all files are rotated, you can remove `previous_versions` from the model.
464
446
 
465
- ### Strings
447
+ ### Local Files & Strings
466
448
 
467
- For strings, use:
449
+ For local files and strings, use:
468
450
 
469
451
  ```ruby
470
452
  Lockbox.new(key: key, previous_versions: [{key: previous_key}])
data/lib/lockbox.rb CHANGED
@@ -29,8 +29,6 @@ if defined?(ActiveSupport)
29
29
 
30
30
  ActiveSupport.on_load(:mongoid) do
31
31
  Mongoid::Document::ClassMethods.include(Lockbox::Model)
32
- # TODO remove in 0.4.0
33
- Mongoid::Document::ClassMethods.include(Lockbox::Model::Attached)
34
32
  end
35
33
  end
36
34
 
@@ -82,25 +82,5 @@ module Lockbox
82
82
  target.content_type = source.content_type if source.respond_to?(:content_type)
83
83
  target.set_encoding(source.external_encoding) if source.respond_to?(:external_encoding)
84
84
  end
85
-
86
- # TODO remove in 0.4.0
87
- # legacy for attr_encrypted
88
- def self.encrypt(options)
89
- box(options).encrypt(options[:value])
90
- end
91
-
92
- # TODO remove in 0.4.0
93
- # legacy for attr_encrypted
94
- def self.decrypt(options)
95
- box(options).decrypt(options[:value])
96
- end
97
-
98
- # TODO remove in 0.4.0
99
- # legacy for attr_encrypted
100
- def self.box(options)
101
- options = options.slice(:key, :encryption_key, :decryption_key, :algorithm, :previous_versions)
102
- options[:algorithm] = "aes-gcm" if options[:algorithm] == "aes-256-gcm"
103
- Lockbox.new(options)
104
- end
105
85
  end
106
86
  end
@@ -40,9 +40,6 @@ module Lockbox
40
40
  # unscope if passed a model
41
41
  unless ar_relation?(relation) || mongoid_relation?(relation)
42
42
  relation = relation.unscoped
43
- else
44
- # TODO remove in 0.4.0
45
- relation = relation.unscoped
46
43
  end
47
44
 
48
45
  # convert from possible class to ActiveRecord::Relation or Mongoid::Criteria
data/lib/lockbox/model.rb CHANGED
@@ -81,6 +81,17 @@ module Lockbox
81
81
  end
82
82
 
83
83
  if activerecord
84
+ # TODO wrap in module?
85
+ def attributes
86
+ # load attributes
87
+ # essentially a no-op if already loaded
88
+ # an exception is thrown if decryption fails
89
+ self.class.lockbox_attributes.each do |_, lockbox_attribute|
90
+ send(lockbox_attribute[:attribute])
91
+ end
92
+ super
93
+ end
94
+
84
95
  # needed for in-place modifications
85
96
  # assigned attributes are encrypted on assignment
86
97
  # and then again here
@@ -391,12 +402,6 @@ module Lockbox
391
402
  end
392
403
  end
393
404
  end
394
-
395
- # TODO remove in future version
396
- def attached_encrypted(attribute, **options)
397
- warn "[lockbox] DEPRECATION WARNING: Use encrypts_attached instead"
398
- encrypts_attached(attribute, **options)
399
- end
400
405
  end
401
406
  end
402
407
  end
@@ -1,3 +1,3 @@
1
1
  module Lockbox
2
- VERSION = "0.3.7"
2
+ VERSION = "0.4.0"
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: lockbox
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.3.7
4
+ version: 0.4.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Andrew Kane
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-04-20 00:00:00.000000000 Z
11
+ date: 2020-05-04 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler