mongoid-encrypted-fields 1.2.0 → 1.2.1

data/.ruby-gemset

@@ -0,0 +1 @@
+mongoid-encrypted-fields

data/.ruby-version

@@ -0,0 +1 @@
+1.9.3

data/CHANGLOG.md

@@ -1,5 +1,7 @@
 # Revision history
 
+## 1.2.1 - Uniqueness validator fails if developer attempts to use case-insensitive option for an encrypted field
+
 ## 1.2 - Add EncryptedHash
 
 * Accepted [pull request](https://github.com/KoanHealth/mongoid-encrypted-fields/pull/4) from ashirazi to add support for encrypted hashes

data/README.md

@@ -20,7 +20,7 @@ Queries encrypt data before searching the database, so equality matches work aut
 
     GibberishCipher can be found in examples - uses the [Gibberish](https://github.com/mdp/gibberish) gem:
 ```Ruby
-    Mongoid::EncryptedFields.cipher = GibberishCipher.new(ENV['MY_PASSWORD']) 
+    Mongoid::EncryptedFields.cipher = GibberishCipher.new(ENV['MY_PASSWORD'], ENV['MY_SALT'])
 ```
 
 * Use encrypted types for fields in your models:
@@ -48,6 +48,18 @@ Queries encrypt data before searching the database, so equality matches work aut
     ```Ruby
     Person.where(ssn: '123456789').count() # ssn is encrypted before querying the database
     ```
+* The Mongoid uniqueness validator is patched to detect of encrypted fields:
+    ```Ruby
+    class Person
+        ...
+        field :ssn, type: Mongoid::EncryptedString
+        validates_uniqueness_of :ssn, case_sensitive: true # Works as expected
+        validates_uniqueness_of :ssn, case_sensitive: false # Raises exception - encrypted field cannot support a case insensitive match
+    end
+
+    Person.create!(name: 'Bill', ssn: '123456789')
+    Person.create!(name: 'Ted', ssn: '123456789') #=> fails with uniqueness error
+    ```
 
 ## Known Limitations
 * Single cipher for all encrypted fields
@@ -57,6 +69,7 @@ Queries encrypt data before searching the database, so equality matches work aut
   * Hash
   * String
   * Time
+* The uniqueness validator for encrypted fields is always case-sensitive.  Using it with case-sensitive false raises an exception.
 
 ## Copyright
 (c) 2012 Koan Health. See LICENSE.txt for further details.

data/examples/gibberish_cipher.rb

@@ -1,19 +1,20 @@
 require 'gibberish/aes'
 
-# Gibberish uses a unique salt for every encryption, but we need the same text
-# to return the same ciphertext so Searching for encrypted field will work
-class GibberishCipher < Gibberish::AES
+# Gibberish uses a unique salt for every encryption, but we need the same text to return the same ciphertext
+# so Searching for encrypted field will work
+class GibberishCipher
 
-  SALT = "OU812FTW" # TODO: If you use this example class, make a unique 8-byte salt for your project
+  def initialize(password, salt)
+    @cipher = Gibberish::AES.new(password)
+    @salt = salt
+  end
 
-  def initialize(password, options = {})
-    super password, options[:size] || 256
-    @salt = options[:salt] || SALT
+  def encrypt(data)
+    @cipher.encrypt(data, salt: @salt)
   end
 
-  def generate_salt(supplied_salt)
-    return @salt if @salt
-    super
+  def decrypt(data)
+    @cipher.decrypt(data)
   end
 
 end

data/lib/mongoid-encrypted-fields.rb

@@ -6,6 +6,7 @@ require 'mongoid-encrypted-fields/fields/encrypted_string'
 require 'mongoid-encrypted-fields/fields/encrypted_date'
 require 'mongoid-encrypted-fields/fields/encrypted_date_time'
 require 'mongoid-encrypted-fields/fields/encrypted_time'
+require 'mongoid-encrypted-fields/validations/uniqueness'
 
 module Mongoid
   module EncryptedFields

data/lib/mongoid-encrypted-fields/validations/uniqueness.rb

@@ -0,0 +1,30 @@
+# encoding: utf-8
+
+module Mongoid
+  module Validations # renamed to module Validatable in Mongoid 4.0
+
+    # Monkey-patch for Mongoid's uniqueness validator to encrypt
+    # uniqueness test values before querying the database
+    #
+    # Patch is confirmed to work on Mongoid >= 3.0.0
+    # Should work in Mongoid >= 4.0.0 by renaming module Validations to Validatable
+    #
+    # A known limitation is that the :case_sensitive option does not work
+    # for encrypted fields; they must always be case-sensitive.
+    class UniquenessValidator
+
+      def setup_with_validation(klass)
+        setup_without_validation(klass)
+        return if case_sensitive?
+        attributes.each do |attribute|
+          field_type = @klass.fields[attribute.to_s].options[:type]
+          raise ArgumentError, "Encrypted field :#{attribute} cannot support case insensitive uniqueness" if field_type.method_defined?(:encrypted)
+        end
+      end
+
+      alias_method :setup_without_validation, :setup
+      alias_method :setup, :setup_with_validation
+
+    end
+  end
+end

data/lib/mongoid-encrypted-fields/version.rb

@@ -1,5 +1,5 @@
 module Mongoid
   module EncryptedFields
-      VERSION = '1.2.0'
+      VERSION = '1.2.1'
   end
 end

data/spec/mongoid-encrypted-fields/fields/encrypted_date_spec.rb

@@ -4,7 +4,7 @@ module Mongoid
   describe EncryptedDate do
 
     before(:all) do
-      Mongoid::EncryptedFields.cipher = GibberishCipher.new('my test password')
+      Mongoid::EncryptedFields.cipher = GibberishCipher.new('my test password', 'weaksalt')
     end
 
     subject { Mongoid::EncryptedDate }

data/spec/mongoid-encrypted-fields/fields/encrypted_datetime_spec.rb

@@ -4,7 +4,7 @@ module Mongoid
   describe EncryptedDateTime do
 
     before(:all) do
-      Mongoid::EncryptedFields.cipher = GibberishCipher.new('my test password')
+      Mongoid::EncryptedFields.cipher = GibberishCipher.new('my test password', 'weaksalt')
     end
 
     subject { Mongoid::EncryptedDateTime }

data/spec/mongoid-encrypted-fields/fields/encrypted_field_spec.rb

@@ -4,7 +4,7 @@ module Mongoid
   describe EncryptedField do
 
     before(:all) do
-      Mongoid::EncryptedFields.cipher = GibberishCipher.new('my test password')
+      Mongoid::EncryptedFields.cipher = GibberishCipher.new('my test password', 'weaksalt')
     end
 
     it "should encrypt and decrypt a string" do

data/spec/mongoid-encrypted-fields/fields/encrypted_hash_spec.rb

@@ -4,7 +4,7 @@ module Mongoid
   describe EncryptedHash do
 
     before(:all) do
-      Mongoid::EncryptedFields.cipher = GibberishCipher.new('my test password')
+      Mongoid::EncryptedFields.cipher = GibberishCipher.new('my test password', 'weaksalt')
     end
 
     subject { Mongoid::EncryptedHash }

data/spec/mongoid-encrypted-fields/fields/encrypted_string_spec.rb

@@ -4,7 +4,7 @@ module Mongoid
   describe EncryptedString do
 
     before(:all) do
-      Mongoid::EncryptedFields.cipher = GibberishCipher.new('my test password')
+      Mongoid::EncryptedFields.cipher = GibberishCipher.new('my test password', 'weaksalt')
     end
 
     let(:raw) { "abc123" }

data/spec/mongoid-encrypted-fields/fields/encrypted_time_spec.rb

@@ -4,7 +4,7 @@ module Mongoid
   describe EncryptedTime do
 
     before(:all) do
-      Mongoid::EncryptedFields.cipher = GibberishCipher.new('my test password')
+      Mongoid::EncryptedFields.cipher = GibberishCipher.new('my test password', 'weaksalt')
     end
 
     subject { Mongoid::EncryptedTime }

data/spec/mongoid-encrypted-fields/fields/model_spec.rb

@@ -3,7 +3,7 @@ require 'spec_helper'
 describe 'Single model' do
 
   before(:all) do
-    Mongoid::EncryptedFields.cipher = GibberishCipher.new('my test password')
+    Mongoid::EncryptedFields.cipher = GibberishCipher.new('my test password', 'weaksalt')
   end
 
   let (:ssn) { '123456789' }

data/spec/mongoid-encrypted-fields/validations/uniqueness_spec.rb

@@ -0,0 +1,99 @@
+require "spec_helper"
+
+describe Mongoid::Validations::UniquenessValidator do
+
+  before(:all) do
+    Mongoid::EncryptedFields.cipher = GibberishCipher.new('my test password', 'weaksalt')
+  end
+
+  before(:each) do
+    Mongoid.purge!
+    Mongoid::IdentityMap.clear
+  end
+
+  describe "#valid?" do
+
+    let(:person) do
+      Person.new(name: "bill", ssn: "abc456789")
+    end
+
+    after do
+      Person.reset_callbacks(:validate)
+    end
+
+    context "when the value is in conflict" do
+
+      context "when the field is not encrypted" do
+
+        context "when the validation is case-sensitive" do
+
+          before do
+            Person.validates_uniqueness_of :name, case_sensitive: true
+            Person.create!(name: "bill")
+          end
+
+          it "correctly detects a uniqueness conflict" do
+            expect(person).to_not be_valid
+          end
+        end
+
+        context "when the validation is case-insensitive" do
+
+          before do
+            Person.validates_uniqueness_of :name, case_sensitive: false
+            Person.create!(name: "BiLl")
+          end
+
+          it "behaves as case-insensitive" do
+            expect(person).to_not be_valid
+          end
+        end
+      end
+
+      context "when the field is encrypted" do
+
+        context "when the validation is case-sensitive" do
+
+          it "behaves as case-sensitive" do
+            expect(person).to be_valid
+          end
+        end
+
+        context "when the validation is case-insensitive" do
+
+          it "throws an exception" do
+            expect { Person.validates_uniqueness_of :ssn, case_sensitive: false }.to raise_error 'Encrypted field :ssn cannot support case insensitive uniqueness'
+          end
+
+        end
+      end
+    end
+
+    context "when the value is not conflict" do
+
+      context "when the field is not encrypted" do
+
+        before do
+          Person.validates_uniqueness_of :name
+          Person.create!(name: "ted")
+        end
+
+        it "correctly detects a uniqueness conflict" do
+          expect(person).to be_valid
+        end
+      end
+
+      context "when the field is encrypted" do
+
+        before do
+          Person.validates_uniqueness_of :ssn
+          Person.create!(ssn: "223456789")
+        end
+
+        it "correctly detects a uniqueness conflict" do
+          expect(person).to be_valid
+        end
+      end
+    end
+  end
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: mongoid-encrypted-fields
 version: !ruby/object:Gem::Version
-  version: 1.2.0
+  version: 1.2.1
   prerelease: 
 platform: ruby
 authors:
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2013-03-20 00:00:00.000000000 Z
+date: 2013-04-22 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: mongoid
@@ -100,6 +100,8 @@ extra_rdoc_files: []
 files:
 - .gitignore
 - .rspec
+- .ruby-gemset
+- .ruby-version
 - .rvmrc
 - CHANGLOG.md
 - Gemfile
@@ -117,6 +119,7 @@ files:
 - lib/mongoid-encrypted-fields/fields/encrypted_string.rb
 - lib/mongoid-encrypted-fields/fields/encrypted_time.rb
 - lib/mongoid-encrypted-fields/logging.rb
+- lib/mongoid-encrypted-fields/validations/uniqueness.rb
 - lib/mongoid-encrypted-fields/version.rb
 - mongoid-encrypted-fields.gemspec
 - spec/config/mongoid.yml
@@ -127,6 +130,7 @@ files:
 - spec/mongoid-encrypted-fields/fields/encrypted_string_spec.rb
 - spec/mongoid-encrypted-fields/fields/encrypted_time_spec.rb
 - spec/mongoid-encrypted-fields/fields/model_spec.rb
+- spec/mongoid-encrypted-fields/validations/uniqueness_spec.rb
 - spec/spec_helper.rb
 - spec/support/models/person.rb
 homepage: https://github.com/KoanHealth/mongoid-encrypted-fields
@@ -143,7 +147,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '0'
       segments:
       - 0
-      hash: -3259061833501052041
+      hash: 3728144320335115622
 required_rubygems_version: !ruby/object:Gem::Requirement
   none: false
   requirements:
@@ -152,7 +156,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
       segments:
       - 0
-      hash: -3259061833501052041
+      hash: 3728144320335115622
 requirements: []
 rubyforge_project: 
 rubygems_version: 1.8.25
@@ -168,5 +172,6 @@ test_files:
 - spec/mongoid-encrypted-fields/fields/encrypted_string_spec.rb
 - spec/mongoid-encrypted-fields/fields/encrypted_time_spec.rb
 - spec/mongoid-encrypted-fields/fields/model_spec.rb
+- spec/mongoid-encrypted-fields/validations/uniqueness_spec.rb
 - spec/spec_helper.rb
 - spec/support/models/person.rb