panda_pal 2.0.5 → 3.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: b858f65fd9c01d50bc2577f2382a63e531a5e854
-  data.tar.gz: fd758de743170105b3672dbd2a440daad01d3aeb
+  metadata.gz: bd2cd5dc90e37ab172c4fcfa40d08c423bd91a9a
+  data.tar.gz: 41d62864c7f935dd73f0de1dfbf5f1429e03f1d8
 SHA512:
-  metadata.gz: 9ca9c760d8581ca394a27419f00db8686dd32f2d972616365163d311e12a1cc1f036c7f535c16a11480134a10eb34e0077210606588144b8ac276afeb6a908a3
-  data.tar.gz: b8bbe9997589c546dc406573a76c38ce7b8bc17a5840e4a4fabe117f28c2930aa3ce715bd4608a50adf0a38b4cb48f57b99cff5a87aa6d5c33df99f1172694fb
+  metadata.gz: a208fafdfa5df93a8109354003f43386ada84d4a952d3953ff6324d5b60458acc60833d369ce138cf6cadf32c61fd912ab15d08fea1025942946ac0096065c0c
+  data.tar.gz: 43aca646ccde51f27aa8d7fdf3b1127d5b90329df69d216be8b0dee7dc57421ce317082d63f34a136c147720489a19872f62e1b574c4cc9a6cb348653965b32f

data/app/models/panda_pal/organization.rb

@@ -1,6 +1,8 @@
 module PandaPal
   class Organization < ActiveRecord::Base
-
+    attribute :settings
+    attr_encrypted :settings, marshal: true, key: :encryption_key
+    before_save {|a| a.settings = a.settings} # this is a hacky work-around to a bug where attr_encrypted is not saving settings in place
     validates :key, uniqueness: { case_sensitive: false }, presence: true
     validates :secret, presence: true
     validates :name, uniqueness: { case_sensitive: false }, presence: true, format: { with: /\A[a-z0-9_]+\z/i }
@@ -16,6 +18,16 @@ module PandaPal
 
     serialize :settings, Hash
 
+    def encryption_key
+      # production environment might not have loaded secret_key_base yet.
+      # In that case, just read it from env.
+      if (Rails.application.secrets.secret_key_base)
+        Rails.application.secrets.secret_key_base[0,32]
+      else
+        ENV["SECRET_KEY_BASE"][0,32]
+      end
+    end
+
     private
 
     def create_schema

data/db/migrate/30171205183457_encrypt_organization_settings.rb

@@ -0,0 +1,13 @@
+class EncryptOrganizationSettings < ActiveRecord::Migration[5.1]
+  def up
+    rename_column :panda_pal_organizations, :settings, :old_settings
+    add_column :panda_pal_organizations, :encrypted_settings, :text
+    add_column :panda_pal_organizations, :encrypted_settings_iv, :string
+  end
+
+  def down
+    rename_column :panda_pal_organizations, :old_settings, :settings
+    remove_column :panda_pal_organizations, :encrypted_settings
+    remove_column :panda_pal_organizations, :encrypted_settings_iv
+  end
+end

data/db/migrate/30171205194657_remove_old_organization_settings.rb

@@ -0,0 +1,33 @@
+class RemoveOldOrganizationSettings < ActiveRecord::Migration[5.1]
+  def up
+    # migrations run for public and local tenants.  However, PandaPal::Organization
+    # is going to always go to public tenant.  So don't do this active record
+    # stuff unless we are on the public tenant.
+    if current_tenant == 'public'
+      #PandaPal::Organization.connection.schema_cache.clear!
+      #PandaPal::Organization.reset_column_information
+      PandaPal::Organization.find_each do |o|
+        # Would like to just be able to do this:
+        # o.settings = YAML.load(o.old_settings)
+        # o.save!
+        # but for some reason that is always making the settings null.  Instead we will encrypt the settings manually.
+
+        iv = SecureRandom.random_bytes(12)
+        key = o.encryption_key
+        encrypted_settings = PandaPal::Organization.encrypt_settings(YAML.load(o.old_settings), iv: iv, key: key)
+        o.update_columns(encrypted_settings_iv: [iv].pack("m"), encrypted_settings: encrypted_settings)
+      end
+    end
+    remove_column :panda_pal_organizations, :old_settings
+  end
+
+  def down
+    add_column :panda_pal_organizations, :old_settings, :text
+    if current_tenant == 'public'
+      PandaPal::Organization.find_each do |o|
+        o.old_settings = o.settings.to_yaml
+        o.save
+      end
+    end
+  end
+end

data/lib/panda_pal/version.rb

@@ -1,3 +1,3 @@
 module PandaPal
-  VERSION = "2.0.5"
+  VERSION = "3.0.0"
 end

data/panda_pal.gemspec

@@ -20,6 +20,7 @@ Gem::Specification.new do |s|
   s.add_dependency 'apartment', '~> 1.2.0'
   s.add_dependency 'ims-lti', '~> 2.1.0'
   s.add_dependency 'browser', '2.5.0'
+  s.add_dependency 'attr_encrypted', '~> 3.0.0'
 
   s.add_development_dependency 'rspec-rails'
   s.add_development_dependency 'factory_girl_rails'

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: panda_pal
 version: !ruby/object:Gem::Version
-  version: 2.0.5
+  version: 3.0.0
 platform: ruby
 authors:
 - Ben Young
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-12-06 00:00:00.000000000 Z
+date: 2017-12-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -81,6 +81,20 @@ dependencies:
     - - '='
       - !ruby/object:Gem::Version
         version: 2.5.0
+- !ruby/object:Gem::Dependency
+  name: attr_encrypted
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 3.0.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 3.0.0
 - !ruby/object:Gem::Dependency
   name: rspec-rails
   requirement: !ruby/object:Gem::Requirement
@@ -151,6 +165,8 @@ files:
 - db/migrate/20160413135653_create_panda_pal_sessions.rb
 - db/migrate/20160425130344_add_panda_pal_organization_to_session.rb
 - db/migrate/20170106165533_add_salesforce_id_to_organizations.rb
+- db/migrate/30171205183457_encrypt_organization_settings.rb
+- db/migrate/30171205194657_remove_old_organization_settings.rb
 - lib/panda_pal.rb
 - lib/panda_pal/engine.rb
 - lib/panda_pal/helpers.rb