mongoid-encryptor 0.0.1

data/CHANGELOG.md

@@ -0,0 +1,7 @@
+Changelog
+=========
+
+0.0.1
+-----
+
+* first release.

data/LICENSE

@@ -0,0 +1,20 @@
+Copyright (c) 2011 Junya Ogura
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,145 @@
+mongoid-encryptor
+=================
+
+mongoid-encryptor encrypts and decrypts one or more fields in a Mongoid model.
+
+
+Install
+-------
+
+Put this line in your Gemfile:
+
+    gem 'mongoid-encryptor'
+
+Then bundle:
+
+    $ bundle
+
+
+Quick Start
+-----------
+
+Add mongoid-encryptor to your Gemfile.
+
+    gem 'mongoid-encryptor', :require => 'mongoid/encryptor'
+
+Set up SHA encrypted field in models like this:
+
+    class Credential
+      include Mongoid::Document
+      include Mongoid::Encryptor
+      field :password
+      encrypts :password
+    end
+    
+    >> c = Credential.new
+    => #<Credential _id: 4d6383aeb2de3cbea1000001, password: nil>
+    >> c.password = 'this is a secret'
+    => "this is a secret"
+    >> c.password.encrypted?
+    => false
+    >> c.save
+    => true
+    
+    >> c.password
+    => "70a202166f0a78defe464d810f30b50b767cb89a"
+    >> c.password.encrypted?
+    => true
+    >> c.password.cipher.salt
+    => "salt"
+    >> c.password == 'this is a secret'
+    => true
+
+
+Symmetric encryption
+--------------------
+
+Set up Symmetric encrypted field in models like this:
+
+    class Credential
+      include Mongoid::Document
+      include Mongoid::Encryptor
+      field :password
+      encrypts :password, :mode => :symmetric, :password => 'key'
+    end
+    
+    >> c = Credential.new
+    => #<Credential _id: 4d638b6db2de3cc2ca000001, password: nil>
+    >> c.password = 'this is a secret'
+    => "this is a secret"
+    >> c.password.encrypted?
+    => false
+    >> c.save
+    => true
+    
+    >> c.password
+    => "y3HnNrU0HviAl3aw2sWH1KttBLsCLYP1\n"
+    >> c.password.encrypted?
+    => true
+    >> c.password.cipher
+    => #<EncryptedStrings::SymmetricCipher:0x000001016b1c08 @algorithm="DES-EDE3-CBC", @password="key">
+    >> c.password.cipher.password
+    => "key"
+    >> c.password == 'this is a secret'
+    => true
+
+
+Asymmetric encryption
+---------------------
+
+Set up Asymmetric encrypted field in models like this:
+
+    class Credential
+      include Mongoid::Document
+      include Mongoid::Encryptor
+      field :password
+      encrypts :password, :mode => :asymmetric,
+        :private_key_file => '/path/to/private_key',
+        :public_key_file => '/path/to/public_key'
+    end
+    
+    >> c = Credential.new
+    => #<Credential _id: 4d638ceab2de3cc3c1000001, password: nil>
+    >> c.password = 'this is a secret'
+    => "this is a secret"
+    >> c.password.encrypted?
+    => false
+    >> c.save
+    => true
+    
+    >> c.password
+    => "ha/2EacZTmvAIHOSjFEshM+9UHUItB/wGKJ5ftClQDllA9SOBJJazTlsMS9m\nPd5W3goZbY9V2dDdNo4NgQ0e8VsG0dpcvOIrua/ye+jX3e+0ocevcnOH9PL9\n8C5P8caOD/sKlKLTI0Dr1v/6d/f0Q4UuPQyTh3d4aEWyagypWyQ=\n"
+    >> c.password.encrypted?
+    => true
+    >> c.password == 'this is a secret'
+    => true
+
+You can generate keypair like this:
+
+    $ openssl genrsa -des3 -out private 1024  # generate private key
+    $ openssl rsa -in private -pubout -out public  # generate public key
+    $ mv private private.bak
+    $ openssl rsa -in private.bak -out private  # remove passphrase from private key
+    $ ls -l
+    -rw-r--r--   1 juno  staff   887  2 22 19:20 private
+    -rw-r--r--   1 juno  staff   963  2 22 19:19 private.bak
+    -rw-r--r--   1 juno  staff   272  2 22 19:19 public
+
+
+Questions, Feedback
+-------------------
+
+[github/juno](http://github.com/juno/) or [@junya](http://twitter.com/junya).
+
+
+References
+----------
+
+*  [pluginaweek/encrypted_strings](https://github.com/pluginaweek/encrypted_strings)
+*  [pluginaweek/encrypted_attributes](https://github.com/pluginaweek/encrypted_attributes)
+
+
+Copyright
+---------
+
+(c) 2011 Junya Ogura. See LICENSE.txt for further details.

data/lib/mongoid/encryptor/version.rb

@@ -0,0 +1,7 @@
+# -*- encoding: utf-8 -*-
+
+module Mongoid #:nodoc:
+  module Encryptor
+    VERSION = '0.0.1'
+  end
+end

data/lib/mongoid/encryptor.rb

@@ -0,0 +1,72 @@
+# -*- encoding: utf-8 -*-
+require 'encrypted_strings'
+
+module Mongoid #:nodoc:
+
+  # mongoid-encryptor encrypts and decrypts one or more fields in a Mongoid model.
+  module Encryptor
+    extend ActiveSupport::Concern
+
+    module ClassMethods #:nodoc:
+      # @param [Hash] attrs
+      def encrypts(*attrs)
+        base_options = attrs.last.is_a?(Hash) ? attrs.pop : {}
+
+        attrs.each do |attr_name|
+          options = base_options.dup
+          attr_name = attr_name.to_s
+
+          mode = options.delete(:mode) || :sha
+          cipher_class = EncryptedStrings.const_get("#{mode.to_s.classify}Cipher")
+
+          send(:before_validation) do |doc|
+            doc.send(:write_encrypted_attribute, attr_name, cipher_class, options)
+            true
+          end
+
+          define_method(attr_name) do
+            read_encrypted_attribute(attr_name, cipher_class, options)
+          end
+        end
+      end
+    end
+
+    module InstanceMethods #:nodoc:
+      private
+
+      # @param [String] attr_name
+      # @param [Class] cipher_class
+      # @param [Hash] options
+      def write_encrypted_attribute(attr_name, cipher_class, options)
+        value = read_attribute(attr_name.to_sym)
+        return if value.blank? or value.encrypted?
+
+        cipher = instantiate_cipher(cipher_class, options)
+        value = cipher.encrypt(value)
+        value.cipher = cipher
+        send("#{attr_name}=", value)
+      end
+
+      # @param [String] attr_name
+      # @param [Class] cipher_class
+      # @param [Hash] options
+      def read_encrypted_attribute(attr_name, cipher_class, options)
+        value = read_attribute(attr_name)
+
+        unless value.blank? || value.encrypted? || attribute_changed?(attr_name) || new_record?
+          value.cipher = instantiate_cipher(cipher_class, options)
+        end
+
+        value
+      end
+
+      # @param [Class] cipher_class
+      # @param [Hash] options
+      # @return [EncryptedStrings::Cipher]
+      def instantiate_cipher(cipher_class, options)
+        cipher_class.new(options.dup)
+      end
+    end
+  end
+
+end

data/spec/asymmetric_encryption_spec.rb

@@ -0,0 +1,27 @@
+# -*- encoding: utf-8 -*-
+require 'spec_helper'
+
+describe 'Asymmetric encryption' do
+  let(:credential) { AsymmetricCredential.create(:email => 'john.smith@example.com', :password => 'this is a secret') }
+
+  context "#to_s" do
+    subject { "#{credential.password}" }
+    it { should_not eq('this is a secret') }
+  end
+
+  context "'this is a secret'" do
+    subject { credential.password }
+    it { should be_encrypted }
+    it { should eq('this is a secret') }
+  end
+
+  context "attribute length" do
+    subject { credential.password.length }
+    it { should eq(175) }
+  end
+
+  context "cipher" do
+    subject { credential.password.cipher }
+    it { should be_an_instance_of(EncryptedStrings::AsymmetricCipher) }
+  end
+end

data/spec/encrypted_attributes_spec.rb

@@ -0,0 +1,11 @@
+# -*- encoding: utf-8 -*-
+require 'spec_helper'
+
+describe 'Encrypted attributes' do
+  context "Not encryption" do
+    let(:credential) { Credential.create(:email => 'john.smith@example.com') }
+    before { credential.password = 'this is not a secret' }
+    subject { credential.password }
+    it { should eq('this is not a secret') }
+  end
+end

data/spec/keys/private

@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQDYVF73yp10OGVKO0UYrVwFO4bKJv4i4V1Et7KeHfdCFVU7/oxA
+tISjKvlh/KdBE+dlqCAgxemThANkAspQRr6BSe5jqgDHea2Qd6qvq4JgkxCLr3Io
+irxQ79zKw2rvhPsWMAyFNdRHlGBCyIP/If0htPccX0HbGk0lVBGN9cFWLwIDAQAB
+AoGBAJtpcZh+vUNDSLFdhzRFRviTXTBZdvXEBedaOT4StRGKleM16biKd0dpliNp
+CRddnz2O3RXuWPGbQ3xT7NhjGnQhYsSKbPXQRpp+BdaiR/B36R9L/DYVxquOqpeQ
+fR2Q2tRXANAw8fPvI3rANq1oNZFKTma8dP2D+cyf7/YTrndBAkEA77+DIjE+Iy5c
+BNEiOYCLkSEo239vl0Qy1EwVovdzDiPnhjEj6q1weVtMOplJ1uoACUTikMuny2EO
+s773h4yunwJBAOb+dquUgfKAlO+aGGwybUDeb9Etgqo2p+dmFqqcGknAi6+lmTOQ
+V120tXXdf184W7AGpp/X9rARs1TRF5+KfnECQQDYbGCbSCqYpavpqUSk9faHn5B7
+fPGmcqkT3k8V2x0g4aaKC+gpXEIROyp4J5JxkLFRrL5+CWpCfS5Bcp2O3p9vAkBI
+Hv8SR0XjXz4hKS2i6oOuE0U6PEllt7boyrkc/6w9hr6WUs/oh5KfkUJu0H9qTYBj
+D1CK67T7+CrTuozzpRwhAkB80NeUiQNpQqlCRmeoo+XjHXFsoIRZO9sMs86nBkJ+
+p4HVUKhDgMSTGA8V0P/h9zDFo8iPtarcAA/WlEm6mLwV
+-----END RSA PRIVATE KEY-----

data/spec/keys/public

@@ -0,0 +1,6 @@
+-----BEGIN PUBLIC KEY-----
+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDYVF73yp10OGVKO0UYrVwFO4bK
+Jv4i4V1Et7KeHfdCFVU7/oxAtISjKvlh/KdBE+dlqCAgxemThANkAspQRr6BSe5j
+qgDHea2Qd6qvq4JgkxCLr3IoirxQ79zKw2rvhPsWMAyFNdRHlGBCyIP/If0htPcc
+X0HbGk0lVBGN9cFWLwIDAQAB
+-----END PUBLIC KEY-----

data/spec/models/asymmetric_credential.rb

@@ -0,0 +1,13 @@
+class AsymmetricCredential
+  include Mongoid::Document
+  include Mongoid::Encryptor
+
+  field :email
+  field :password
+
+  validates_presence_of :email, :password
+
+  encrypts :password, :mode => :asymmetric,
+    :private_key_file => File.dirname(__FILE__) + '/../keys/private',
+    :public_key_file => File.dirname(__FILE__) + '/../keys/public'
+end

data/spec/models/credential.rb

@@ -0,0 +1,9 @@
+class Credential
+  include Mongoid::Document
+  include Mongoid::Encryptor
+
+  field :email
+  field :password
+
+  validates_presence_of :email, :password
+end

data/spec/models/sha_credential.rb

@@ -0,0 +1,11 @@
+class ShaCredential
+  include Mongoid::Document
+  include Mongoid::Encryptor
+
+  field :email
+  field :password
+
+  validates_presence_of :email, :password
+
+  encrypts :password, :mode => :sha,
+end

data/spec/models/sha_with_salt_credential.rb

@@ -0,0 +1,11 @@
+class ShaWithSaltCredential
+  include Mongoid::Document
+  include Mongoid::Encryptor
+
+  field :email
+  field :password
+
+  validates_presence_of :email, :password
+
+  encrypts :password, :mode => :sha, :salt => 'admin'
+end

data/spec/models/symmetric_credential.rb

@@ -0,0 +1,11 @@
+class SymmetricCredential
+  include Mongoid::Document
+  include Mongoid::Encryptor
+
+  field :email
+  field :password
+
+  validates_presence_of :email, :password
+
+  encrypts :password, :mode => :symmetric, :password => 'key'
+end

data/spec/sha_encryption_spec.rb

@@ -0,0 +1,57 @@
+# -*- encoding: utf-8 -*-
+require 'spec_helper'
+
+describe 'SHA encryption' do
+  let(:credential) { ShaCredential.create(:email => 'john.smith@example.com', :password => 'this is a secret') }
+
+  context "#to_s" do
+    subject { "#{credential.password}" }
+    it { should eq("70a202166f0a78defe464d810f30b50b767cb89a") }
+  end
+
+  context "'this is a secret'" do
+    subject { credential.password }
+    it { should be_encrypted }
+    it { should eq('this is a secret') }
+  end
+
+  context "cipher" do
+    subject { credential.password.cipher }
+    it { should be_an_instance_of(EncryptedStrings::ShaCipher) }
+  end
+
+  context "use default salt" do
+    subject { credential.password.cipher.salt }
+    it { should eq('salt') }
+  end
+
+  context "load from database" do
+    subject { ShaCredential.find(credential.id).password }
+    it { should be_encrypted }
+    it { should eq('this is a secret') }
+
+    context "#to_s" do
+      subject { "#{ShaCredential.find(credential.id).password}" }
+      it { should eq("70a202166f0a78defe464d810f30b50b767cb89a") }
+    end
+  end
+
+  context "with mass assignment" do
+    let(:credential) { ShaCredential.new(:email => 'john.smith@example.com', :password => 'this is a secret') }
+    subject { credential.password }
+    it { should eq('this is a secret') }
+    it { should_not be_encrypted }
+
+    context "after save" do
+      before { credential.save! }
+      subject { credential.password }
+      it { should be_encrypted }
+      it { should eq('this is a secret') }
+
+      context "#to_s" do
+        subject { "#{credential.password}" }
+        it { should eq('70a202166f0a78defe464d810f30b50b767cb89a') }
+      end
+    end
+  end
+end

data/spec/sha_with_salt_encryption_spec.rb

@@ -0,0 +1,27 @@
+# -*- encoding: utf-8 -*-
+require 'spec_helper'
+
+describe 'SHA with salt encryption' do
+  let(:credential) { ShaWithSaltCredential.create(:email => 'john.smith@example.com', :password => 'this is a secret') }
+
+  context "#to_s" do
+    subject { "#{credential.password}" }
+    it { should eq("f218935d0c4b9a5e6d5faae7bc6b6bd35f319cbe") }
+  end
+
+  context "'this is a secret'" do
+    subject { credential.password }
+    it { should be_encrypted }
+    it { should eq('this is a secret') }
+  end
+
+  context "cipher" do
+    subject { credential.password.cipher }
+    it { should be_an_instance_of(EncryptedStrings::ShaCipher) }
+  end
+
+  context "use custom salt" do
+    subject { credential.password.cipher.salt }
+    it { should eq('admin') }
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,20 @@
+require 'rubygems'
+require 'bundler/setup'
+
+require 'database_cleaner'
+require 'mongoid'
+require 'rspec'
+
+Mongoid.configure do |config|
+  name = 'mongoid_encryptor_test'
+  config.master = Mongo::Connection.new.db(name)
+end
+
+require File.expand_path("../../lib/mongoid/encryptor", __FILE__)
+
+Dir["#{File.dirname(__FILE__)}/models/*.rb"].each {|f| require f}
+
+RSpec.configure do |config|
+  config.before(:all) { DatabaseCleaner.strategy = :truncation }
+  config.before(:each) { DatabaseCleaner.clean }
+end

data/spec/symmetric_encryption_spec.rb

@@ -0,0 +1,23 @@
+# -*- encoding: utf-8 -*-
+require 'spec_helper'
+
+describe "Symmetric encryption" do
+  let(:credential) { SymmetricCredential.create(:email => 'john.smith@example.com', :password => 'this is a secret') }
+
+  context "'this is a secret'" do
+    subject { credential.password }
+    it { should eq("y3HnNrU0HviAl3aw2sWH1KttBLsCLYP1\n") }
+    it { should be_encrypted }
+    it { should eq('this is a secret') }
+  end
+
+  context 'cipher' do
+    subject { credential.password.cipher }
+    it { should be_an_instance_of(EncryptedStrings::SymmetricCipher) }
+  end
+
+  context 'cipher password' do
+    subject { credential.password.cipher.password }
+    it { should eq('key') }
+  end
+end

metadata

@@ -0,0 +1,151 @@
+--- !ruby/object:Gem::Specification 
+name: mongoid-encryptor
+version: !ruby/object:Gem::Version 
+  prerelease: 
+  version: 0.0.1
+platform: ruby
+authors: 
+- Junya Ogura
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2011-02-22 00:00:00 +09:00
+default_executable: 
+dependencies: 
+- !ruby/object:Gem::Dependency 
+  name: mongoid
+  prerelease: false
+  requirement: &id001 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        version: 2.0.0.rc.7
+  type: :runtime
+  version_requirements: *id001
+- !ruby/object:Gem::Dependency 
+  name: encrypted_strings
+  prerelease: false
+  requirement: &id002 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        version: 0.3.3
+  type: :runtime
+  version_requirements: *id002
+- !ruby/object:Gem::Dependency 
+  name: bson_ext
+  prerelease: false
+  requirement: &id003 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        version: 1.2.0
+  type: :development
+  version_requirements: *id003
+- !ruby/object:Gem::Dependency 
+  name: database_cleaner
+  prerelease: false
+  requirement: &id004 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        version: 0.6.0
+  type: :development
+  version_requirements: *id004
+- !ruby/object:Gem::Dependency 
+  name: rspec
+  prerelease: false
+  requirement: &id005 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        version: 2.4.0
+  type: :development
+  version_requirements: *id005
+- !ruby/object:Gem::Dependency 
+  name: ruby-debug19
+  prerelease: false
+  requirement: &id006 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        version: 0.11.0
+  type: :development
+  version_requirements: *id006
+description: mongoid-encryptor encrypts and decrypts one or more fields in a Mongoid model.
+email: 
+- junyaogura@gmail.com
+executables: []
+
+extensions: []
+
+extra_rdoc_files: []
+
+files: 
+- lib/mongoid/encryptor/version.rb
+- lib/mongoid/encryptor.rb
+- CHANGELOG.md
+- LICENSE
+- README.md
+- spec/asymmetric_encryption_spec.rb
+- spec/encrypted_attributes_spec.rb
+- spec/keys/private
+- spec/keys/public
+- spec/models/asymmetric_credential.rb
+- spec/models/credential.rb
+- spec/models/sha_credential.rb
+- spec/models/sha_with_salt_credential.rb
+- spec/models/symmetric_credential.rb
+- spec/sha_encryption_spec.rb
+- spec/sha_with_salt_encryption_spec.rb
+- spec/spec_helper.rb
+- spec/symmetric_encryption_spec.rb
+has_rdoc: true
+homepage: http://github.com/juno/mongoid-encryptor
+licenses: []
+
+post_install_message: 
+rdoc_options: []
+
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      version: "0"
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      version: "0"
+requirements: []
+
+rubyforge_project: mongoid-encryptor
+rubygems_version: 1.5.0
+signing_key: 
+specification_version: 3
+summary: Encrypt a Mongoid model fields
+test_files: 
+- spec/asymmetric_encryption_spec.rb
+- spec/encrypted_attributes_spec.rb
+- spec/keys/private
+- spec/keys/public
+- spec/models/asymmetric_credential.rb
+- spec/models/credential.rb
+- spec/models/sha_credential.rb
+- spec/models/sha_with_salt_credential.rb
+- spec/models/symmetric_credential.rb
+- spec/sha_encryption_spec.rb
+- spec/sha_with_salt_encryption_spec.rb
+- spec/spec_helper.rb
+- spec/symmetric_encryption_spec.rb