lockbox 0.3.7 → 0.4.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 72291291d3b8ac532d4c309bde141febf41d40b5228ce4d4b2541248702fe08d
-  data.tar.gz: d184e486e64cf5f0ecc882cf453fa76b18ce69b03f34d93335da7b1f70c12a01
+  metadata.gz: cb1e70486f88d6aad134fe0a13d74e750505888415cff633138fab97887b8d0a
+  data.tar.gz: e40ed2533aa32adc6b5c3048ab3e4588a652c0335d2eb7c408c3ea90e833f8c5
 SHA512:
-  metadata.gz: 4badf3561effc1d381ae5ddfcdd3ce64a5bfb70e586c140df4795a392d36e5440a3d3930921f14732b349c2f93246a6f4ddfbe62ef508c2a2ad503b5f52d28f8
-  data.tar.gz: 12e48eab11c6f1aefc7a1ea8656e8d1e0cdceebe54147e573e1beb13f635149d99a5bfea0402595a8a6d53403bb498b2f404bb3a70a684908bc87decbd39c365
+  metadata.gz: '02051826a17857790dbf6045c4a5a3948d0843fb27a0b4799599393b8c600a43891f6c40e84c7d7dc08be2ff2fe272eaa71c2f8220b29ee6e78cb0f4e8513e53'
+  data.tar.gz: e997bace782a9affd36a92b80de749b4aaa708caf6f8323023f0b651c8d98bfc08f6911c9946a3baa0a807d4c8020b119459523c7afd6ba66adf038c28973b96

data/CHANGELOG.md

@@ -1,3 +1,10 @@
+## 0.4.0 (2020-05-03)
+
+- Load encrypted attributes when `attributes` called
+- Added support for migrating and rotating relations
+- Removed deprecated `attached_encrypted` method
+- Removed legacy `attr_encrypted` encryptor
+
 ## 0.3.7 (2020-04-20)
 
 - Added Active Support notifications for Active Storage and Carrierwave

data/README.md

@@ -205,6 +205,8 @@ User.create!(email: "hi@example.org")
 
 If you need to query encrypted fields, check out [Blind Index](https://github.com/ankane/blind_index).
 
+You can [migrate existing data](#migrating-existing-data) similarly to Active Record.
+
 ## Active Storage
 
 Add to your model:
@@ -378,7 +380,7 @@ Use `decrypt_str` get the value as UTF-8
 
 To make key rotation easy, you can pass previous versions of keys that can decrypt.
 
-### Active Record
+### Active Record & Mongoid
 
 Update your model:
 
@@ -398,26 +400,6 @@ Lockbox.rotate(User, attributes: [:email])
 
 Once all records are rotated, you can remove `previous_versions` from the model.
 
-### Mongoid
-
-Update your model:
-
-```ruby
-class User
-  encrypts :email, previous_versions: [{key: previous_key}]
-end
-```
-
-Use `master_key` instead of `key` if passing the master key.
-
-To rotate existing records, use:
-
-```ruby
-Lockbox.rotate(User, attributes: [:email])
-```
-
-Once all records are rotated, you can remove `previous_versions` from the model.
-
 ### Active Storage
 
 Update your model:
@@ -462,9 +444,9 @@ end
 
 Once all files are rotated, you can remove `previous_versions` from the model.
 
-### Strings
+### Local Files & Strings
 
-For strings, use:
+For local files and strings, use:
 
 ```ruby
 Lockbox.new(key: key, previous_versions: [{key: previous_key}])

data/lib/lockbox.rb

@@ -29,8 +29,6 @@ if defined?(ActiveSupport)
 
   ActiveSupport.on_load(:mongoid) do
     Mongoid::Document::ClassMethods.include(Lockbox::Model)
-    # TODO remove in 0.4.0
-    Mongoid::Document::ClassMethods.include(Lockbox::Model::Attached)
   end
 end
 

data/lib/lockbox/encryptor.rb

@@ -82,25 +82,5 @@ module Lockbox
       target.content_type = source.content_type if source.respond_to?(:content_type)
       target.set_encoding(source.external_encoding) if source.respond_to?(:external_encoding)
     end
-
-    # TODO remove in 0.4.0
-    # legacy for attr_encrypted
-    def self.encrypt(options)
-      box(options).encrypt(options[:value])
-    end
-
-    # TODO remove in 0.4.0
-    # legacy for attr_encrypted
-    def self.decrypt(options)
-      box(options).decrypt(options[:value])
-    end
-
-    # TODO remove in 0.4.0
-    # legacy for attr_encrypted
-    def self.box(options)
-      options = options.slice(:key, :encryption_key, :decryption_key, :algorithm, :previous_versions)
-      options[:algorithm] = "aes-gcm" if options[:algorithm] == "aes-256-gcm"
-      Lockbox.new(options)
-    end
   end
 end

data/lib/lockbox/migrator.rb

@@ -40,9 +40,6 @@ module Lockbox
       # unscope if passed a model
       unless ar_relation?(relation) || mongoid_relation?(relation)
         relation = relation.unscoped
-      else
-        # TODO remove in 0.4.0
-        relation = relation.unscoped
       end
 
       # convert from possible class to ActiveRecord::Relation or Mongoid::Criteria

data/lib/lockbox/model.rb

@@ -81,6 +81,17 @@ module Lockbox
             end
 
             if activerecord
+              # TODO wrap in module?
+              def attributes
+                # load attributes
+                # essentially a no-op if already loaded
+                # an exception is thrown if decryption fails
+                self.class.lockbox_attributes.each do |_, lockbox_attribute|
+                  send(lockbox_attribute[:attribute])
+                end
+                super
+              end
+
               # needed for in-place modifications
               # assigned attributes are encrypted on assignment
               # and then again here
@@ -391,12 +402,6 @@ module Lockbox
           end
         end
       end
-
-      # TODO remove in future version
-      def attached_encrypted(attribute, **options)
-        warn "[lockbox] DEPRECATION WARNING: Use encrypts_attached instead"
-        encrypts_attached(attribute, **options)
-      end
     end
   end
 end

data/lib/lockbox/version.rb

@@ -1,3 +1,3 @@
 module Lockbox
-  VERSION = "0.3.7"
+  VERSION = "0.4.0"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: lockbox
 version: !ruby/object:Gem::Version
-  version: 0.3.7
+  version: 0.4.0
 platform: ruby
 authors:
 - Andrew Kane
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-04-20 00:00:00.000000000 Z
+date: 2020-05-04 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler