pgcrypto 0.3.6 → 0.4.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: c9f559149b0f0fb92a83866b18afc506d80c7fde
-  data.tar.gz: 0289e4d9a15a047e4c8d87155af4352d88c155a3
+  metadata.gz: b99c62fc6bec129aea118f72d80707481a5432af
+  data.tar.gz: c2a12881ae7160f7d1660470a31fc3ae508637e5
 SHA512:
-  metadata.gz: 7967944ddd6457d57a3e202fa2a06b7e6a8b8c04cc1a17c4a41916256a87c4bd7be89eb0c0669dcc19e73810f206670894d0303587441f28f9ad5ee04f34e44b
-  data.tar.gz: 1e64bf7e07b3bc88dc6a6afad090d1825664af6b8c8676c21137e802c8e6d05e1ba0fb26294b7a11f690dd43608cdcf3f0172092c746e8bf54400b328c72b24e
+  metadata.gz: a600e76151008c35358173898eb71a0f1d840d65d22d98048ff8039222f8452fd9c31706db4b1df6798f8c80a86c7bc2bf36a4963163324ecd5e61dd5707e3a4
+  data.tar.gz: a2a6a9f4f63ccd43e46c6956f25f090cd694c22cb9945e2f428cae39ed918ede71cfa684f71b28feb9dd993af4ad0b5a757490936c52a7832cc8f04d413c9519

data/CHANGES.md

@@ -1,4 +1,8 @@
 # CHANGELOG
+## 0.4.0
+- Refactored EVERYTHING to support encryption directly
+  on columns. See README for upgrade instructions.
+
 ## 0.3.5
 - Fixed ActiveRecord dependency issue (now handles any
   version of ActiveRecord from 3.2 to current)
@@ -52,7 +56,7 @@
 
 ## 0.1.2
 - Added automatic installation of the pgcrypto extension if'n it
-  doesn't already exist. Helpful, but doesn't fully make the 
+  doesn't already exist. Helpful, but doesn't fully make the
   `rake db:test:prepare` cut yet. Still working on that bit...
 
 ## 0.1.1

data/Gemfile

@@ -1,8 +1,5 @@
 source 'http://rubygems.org'
 
-gem 'activerecord', '>= 3.2', :require => 'active_record'
-gem 'big_spoon', '>= 0.2.1'
-
 group :development do
   gem 'jeweler'
 end
@@ -12,7 +9,7 @@ group :test do
   gem 'fuubar'
   gem 'guard-rspec'
   gem 'pg', '>= 0.11'
-  gem 'rspec', rspec_version = '>= 2.6'
+  gem 'rspec', '>= 2.6'
   gem 'simplecov', :require => false
   gem 'terminal-notifier'
 end

data/README.markdown

@@ -1,54 +1,139 @@
-PGCrypto for ActiveRecord::Base
-===
+# PGCrypto for ActiveRecord::Base
 
-**PGCrypto** adds seamless column-level encryption to your ActiveRecord::Base subclasses. It's literally *one giant hack,*
-so I make no promises as to its efficacy in the real world beyond my tiny, Rails-3.2-based utopia.
+**PGCrypto** adds seamless column-level encryption to your ActiveRecord::Base subclasses.
 
-Installation
--
+#### **WARNING TO 0.3.x USERS**:
 
-PGCrypto will load the `pgcrypto` extension into your database if you haven't already, but this change will NOT get propagated
-to your schema.rb file, so... go figure. You'll have to `CREATE EXTENSION IF NOT EXISTS pgcrypto` any database built from the
-schema file (**HINT** that means your test databases). Anyway, do the following.
+PGCrypto's architecture has changed significantly as of 0.4.0. **PLEASE** read both the installation and upgrading sections below before you upgrade.
+
+## Installation
+
+Installing PGCrypto is pretty simple, but I'm going to give you the TL;DR first because the instructions can look more daunting than they are.
+
+### TL;DR Install
+
+1. Add it to your Gemfile and bundle: `gem "pgcrypto"`
+2. Change `adapter: postgresql` to `adapter: pgcrypto` in `config/database.yml`.
+3. Generate some files using `rails generate pgcrypto:install`.
+4. Add encryptable columns using `add_column :users, :social_security_number, :binary`
+5. Run pending migrations: `rake db:migrate`
+6. Tell a model that it has an encrypted column using `has_encrypted_column :social_security_number`
+7. Profit.
+
+### Full Install Instructions
+
+1. Add pgcrypto to your Gemfile and run `bundle install`.
 
-1. Add pgcrypto to your Gemfile:
-	
 		gem "pgcrypto"
 
-2. Then bundle it:
-	
-		bundle
+2. Update your database adapter. If you were previously using the `postgresl` adapter, you should now be using a `pgcrypto` adapter, like so:
+
+	#### `config/database.yml`:
+
+		common: &common
+		  adapter: pgcrypto
+		  min_messages: warning
+
+		development:
+		  <<: *common
+		  database: my_app_development
+		  host: localhost
+
+		test: &test
+		  <<: *common
+		  database: my_app_test
+		  host: localhost
 
-3. Generate the migration and the initializer:
+		production:
+		  <<: *common
+		  host: whatevs
+		  database: my_app_production
+		  username: whatevs
+		  password: totally_not_my_app
 
-		rails g pgcrypto:install
-		rake db:migrate
+	**NOTE:** if you are already using a PostgreSQL-descendant as an adapter (for example, the awesome [PostGIS adapter](https://github.com/rgeo/activerecord-postgis-adapter)), you'll need to read through the "Alternate Adapters" section below. But **don't panic**, it's 100% supported by PGCrypto.
 
-4. Edit the initializer in `config/initializers/pgcrypto.rb` to point to your public and private GPG keys:
-	
-		PGCrypto.keys[:private] = {:path => "~/.keys/private.key"}
-		PGCrypto.keys[:public] = {:path => "~/.keys/public.key"}
+3. Generate the required files using the included generator.
+
+		rails generate pgcrypto:install
+
+
+4. Edit the new initializer to point to your public and private GPG keys:
+
+	#### `config/initializers/pgcrypto.rb`:
+
+		PGCrypto.keys[:private] = {path: "~/.keys/private.key"}
+		PGCrypto.keys[:public] = {path: "~/.keys/public.key"}
+
+5. Add PGCrypto columns to your models in a migration. Something like the following:
+
+		rails generate migration add_social_security_number_to_users
+
+	And in the migration:
+
+		class AddSocialSecurityNumberToUsers < ActiveRecord::Migration
+		  def change
+		    add_column :users, :social_security_number, :binary
+		  end
+		end
+
+6. Tell the User class to encrypt and decrypt the `social_security_number` attribute on the fly:
 
-5. Tell the User class to encrypt and decrypt the `social_security_number` attribute on the fly:
-		
 		class User < ActiveRecord::Base
 			# ... all kinds of neat stuff ...
 
-			pgcrypto :social_security_number
+			has_encrypted_column :social_security_number
 
 			# ... some other fun stuff
 		end
 
-6. Profit
-		
-		User.create!(:social_security_number => "466-99-1234") #=> #<User with stuff>
+7. Profit
+
+		User.create!(social_security_number: "466-99-1234") #=> #<User with stuff>
 		User.last.social_security_number #=> "466-99-1234"
 
 BAM. It looks innocuous on your end, but on the back end that beast is storing the social security number in
 a GPG-encrypted column that can only be decrypted with your secure key.
 
-Keys
--
+### Rails 3.x and PostgreSQL extensions
+
+PGCrypto will load the `pgcrypto` extension into your database if you haven't already, but this change will NOT get propagated
+to your schema.rb file, so... go figure. You'll have to `CREATE EXTENSION IF NOT EXISTS pgcrypto` any database built from the
+schema file (**HINT** that means your test databases).
+
+
+## Upgrading from 0.3.x
+
+If you've been on 0.3.x branch, the most important change is that **PGCrypto now uses database columns on models directly**. This means you don't need the `pgcrypto_columns` table anymore. Follow these steps to migrate your new app over!
+
+1. BACK UP YOUR PRODUCTION DATABASE.
+
+2. In `config/database.yml`, change `adapter: postgresql` to `adapter: pgcrypto`
+
+2. Generate the upgrade files:
+
+	`rails generate pgcrypto:upgrade`
+
+3. Run the migration that gets generated. It will do three things:
+	1. It will add encrypted columns directly to tables whose records have corresponding columns in the `pgcrypto_columns` table.
+	2. It will move values from `pgcrypto_columns` into the appropriate columns on the parent models.
+	3. It will drop the `pgcrypto_columns` table.
+
+4. The `pgcrypto` method is being deprecated in favor of the more declarative `has_encrypted_column`. Any model that calls `pgcrypto` will start generating deprecation warnings. So g'head and update your models.
+
+### Manual upgrade
+
+If you don't trust my auto-generated migration, follow these steps:
+
+1. Add columns directly to models' tables:
+
+		add_column :users, :social_security_number, :pgcrypto
+
+2. Run `rake pgcrypto:upgrade_columns` to copy `PGCrypto::Column` values directly onto your tables' new columns.
+
+3. Generate a migration to drop the `pgcrypto_columns` table.
+
+## Keys
 
 If you want to bundle your public key with your application, PGCrypto will automatically load `RAILS_ROOT/.pgcrypto`,
 so feel free to put your public key in there. You can also tell PGCrypto about your keys in a number of fun ways.
@@ -67,8 +152,17 @@ storage on your server, since if you're using this library you presumably care a
 
 	PGCrypto.keys[:private] = {:value => ENV['PRIVATE_KEY'], :password => ENV['PRIVATE_KEY_PASSWORD']}
 
-Warranty (or lack thereof)
--
+## Alternate Adapters
+
+If you're already using an adapter that isn't the PostgreSQL adapter, you'll want to tell PGCrypto so it can make sure it supports your extra stuff. The easiest way to do this is to tell it which adapter it should inherit from.
+
+In `config/initializers/pgcrypto.rb`, add:
+
+	PGCrypto.base_adapter = ActiveRecord::ConnectionAdapters:PostGISAdapter
+
+...or whatever your adapter is. Then make sure you're telling `config/database.yml` to use `adapter: pgcrypto`.
+
+## Warranty (or lack thereof)
 
 As I mentioned before, this library is one HUGE hack. This is just scratching the surface of keeping your data secure.
 For example, if you don't protect your log files, anyone who can read them can get your private and public keys and
@@ -78,7 +172,6 @@ alongside those private and public keys.
 Basically, this will make it easy to start with asymmetric, GPG-based, column-level encryption in PostgreSQL. But that's about
 it; the rest is up to you.
 
-**As such,** the author and Delightful Widgets Inc. offer ***ABSOLUTELY NO GODDAMN WARRANTY***. As I mentioned, this works great in our
-Rails 3.2 world, but YMMV if your version of Arel or ActiveRecord are ahead or behind ours. Sorry, folks.
+**As such,** the author and Delightful Widgets Inc. offer ***ABSOLUTELY NO GODDAMN WARRANTY***. Sorry, folks.
 
 Copyright (C) 2012 Delightful Widgets, Inc. Built by Flip Sasser, Monkeypatcher Extraordinaire!

data/VERSION

@@ -1 +1 @@
-0.3.6
+0.4.1

data/lib/active_record/connection_adapters/pgcrypto_adapter.rb

@@ -0,0 +1,4 @@
+require 'active_record/version'
+require 'pgcrypto/adapter'
+
+require "active_record/connection_adapters/pgcrypto_adapter/rails_#{ActiveRecord::VERSION::MAJOR}"

data/lib/active_record/connection_adapters/pgcrypto_adapter/rails_3.rb

@@ -0,0 +1,20 @@
+ActiveRecord::Base.class_eval do
+  def self.pgcrypto_connection(config) # :nodoc:
+      config = config.symbolize_keys
+      host     = config[:host]
+      port     = config[:port] || 5432
+      username = config[:username].to_s if config[:username]
+      password = config[:password].to_s if config[:password]
+
+      if config.key?(:database)
+        database = config[:database]
+      else
+        raise ArgumentError, "No database specified. Missing argument: database."
+      end
+
+      # The postgres drivers don't allow the creation of an unconnected PGconn object,
+      # so just pass a nil connection object for the time being.
+      PGCrypto::Adapter.new(nil, logger, [host, port, nil, nil, database, username, password], config)
+    end
+end
+

data/lib/active_record/connection_adapters/pgcrypto_adapter/rails_4.rb

@@ -0,0 +1,22 @@
+module ActiveRecord
+  module ConnectionHandling
+
+    def pgcrypto_connection(config, *args, &block)
+      conn_params = config.symbolize_keys
+
+      conn_params.delete_if { |_, v| v.nil? }
+
+      # Map ActiveRecords param names to PGs.
+      conn_params[:user] = conn_params.delete(:username) if conn_params[:username]
+      conn_params[:dbname] = conn_params.delete(:database) if conn_params[:database]
+
+      # Forward only valid config params to PGconn.connect.
+      conn_params.keep_if { |k, _| VALID_CONN_PARAMS.include?(k) }
+
+      # The postgres drivers don't allow the creation of an unconnected PGconn object,
+      # so just pass a nil connection object for the time being.
+      PGCrypto::Adapter.new(nil, logger, conn_params, config)
+    end
+
+  end
+end

data/lib/pgcrypto.rb

@@ -1,118 +1,28 @@
-require 'big_spoon'
-require 'pgcrypto/active_record'
-require 'pgcrypto/arel'
-require 'pgcrypto/column'
+require 'active_record/connection_adapters/postgresql_adapter'
+require 'pgcrypto/has_encrypted_column'
 require 'pgcrypto/key'
+require 'pgcrypto/key_manager'
 require 'pgcrypto/table_manager'
 
 module PGCrypto
-  class << self
-    def [](key)
-      (@table_manager ||= TableManager.new)[key]
-    end
-
-    def keys
-      @keys ||= KeyManager.new
-    end
+  def self.[](key)
+    (@table_manager ||= TableManager.new)[key]
   end
 
-  class Error < StandardError; end
-
-  module ClassMethods
-    def pgcrypto(*pgcrypto_column_names)
-      options = pgcrypto_column_names.last.is_a?(Hash) ? pgcrypto_column_names.pop : {}
-      options = {:include => false, :type => :pgp}.merge(options)
-
-      has_many :pgcrypto_columns, :as => :owner, :autosave => true, :class_name => 'PGCrypto::Column', :dependent => :delete_all
-
-      hooks do
-        before(:reload) do
-          self.class.pgcrpyto_columns.each do |column_name, options|
-            reset_attribute! column_name
-            changed_attributes.delete(column_name)
-          end
-        end
-      end
-
-      pgcrypto_column_names.map(&:to_s).each do |column_name|
-        # Stash the encryption type in our module so various monkeypatches can access it later!
-        PGCrypto[table_name][column_name] = options.symbolize_keys
-
-        # Add dynamic attribute readers/writers for ActiveModel APIs
-        # define_attribute_method column_name
-
-        # Add attribute readers/writers to keep this baby as fluid and clean as possible.
-        start_line = __LINE__; pgcrypto_methods = <<-PGCRYPTO_METHODS
-        def #{column_name}
-          return @_pgcrypto_#{column_name}.try(:value) if defined?(@_pgcrypto_#{column_name})
-          @_pgcrypto_#{column_name} ||= select_pgcrypto_column(:#{column_name})
-          @_pgcrypto_#{column_name}.try(:value)
-        end
-
-        # We write the attribute directly to its child value. Neato!
-        def #{column_name}=(value)
-          attribute_will_change!(:#{column_name}) if value != @_pgcrypto_#{column_name}.try(:value)
-          if value.nil?
-            pgcrypto_columns.select{|column| column.name == "#{column_name}"}.each(&:mark_for_destruction)
-            remove_instance_variable("@_pgcrypto_#{column_name}") if defined?(@_pgcrypto_#{column_name})
-          else
-            @_pgcrypto_#{column_name} ||= pgcrypto_columns.select{|column| column.name == "#{column_name}"}.first || pgcrypto_columns.new(:name => "#{column_name}")
-            pgcrypto_columns.push(@_pgcrypto_#{column_name})
-            @_pgcrypto_#{column_name}.value = value
-          end
-        end
-
-        def #{column_name}_changed?
-          changed.include?(:#{column_name})
-        end
-        PGCRYPTO_METHODS
-
-        class_eval pgcrypto_methods, __FILE__, start_line
-      end
-
-      # If any columns are set to be included in the parent record's finder,
-      # we'll go ahead and add 'em!
-      if PGCrypto[table_name].any?{|column, options| options[:include] }
-        default_scope includes(:pgcrypto_columns)
-      end
-    end
+  def self.base_adapter
+    @base_adapter ||= ActiveRecord::ConnectionAdapters::PostgreSQLAdapter
+  end
 
-    def pgcrpyto_columns
-      PGCrypto[table_name]
-    end
+  def self.base_adapter=(base_adapter)
+    @base_adapter = base_adapter
+    rebuild_adapter! if respond_to?(:rebuild_adapter!)
   end
 
-  module InstanceMethods
-    def select_pgcrypto_column(column_name)
-      return nil if new_record?
-      # Now here's the fun part. We want the selector on PGCrypto columns to do the decryption
-      # for us, so we have override the SELECT and add a JOIN to build out the decrypted value
-      # whenever it's requested.
-      options = PGCrypto[self.class.table_name][column_name]
-      pgcrypto_column_finder = pgcrypto_columns
-      if key = PGCrypto.keys[:private]
-        pgcrypto_column_finder = pgcrypto_column_finder.select([
-          %w(id owner_id owner_type owner_table).map {|column| %("#{PGCrypto::Column.table_name}"."#{column}")},
-          %[pgp_pub_decrypt("#{PGCrypto::Column.table_name}"."value", pgcrypto_keys.#{key.name}#{key.password?}) AS "value"]
-        ].flatten).joins(%[CROSS JOIN (SELECT #{key.dearmored} AS "#{key.name}") AS pgcrypto_keys])
-      end
-      pgcrypto_column_finder.where(:name => column_name).first
-    rescue ActiveRecord::StatementInvalid => e
-      case e.message
-      when /^PGError: ERROR:  Wrong key or corrupt data/
-        # If a column has been corrupted, we'll return nil and let the DBA
-        # figure out WTF the is going on
-        logger.error(e.message.split("\n").first)
-        nil
-      else
-        raise e
-      end
-    end
+  def self.keys
+    @keys ||= KeyManager.new
   end
 end
 
 PGCrypto.keys[:public] = {:path => '.pgcrypto'} if File.file?('.pgcrypto')
-if defined? ActiveRecord::Base
-  ActiveRecord::Base.extend PGCrypto::ClassMethods
-  ActiveRecord::Base.send :include, PGCrypto::InstanceMethods
-end
+
+require 'pgcrypto/railtie' if defined? Rails::Railtie

data/lib/pgcrypto/adapter.rb

@@ -0,0 +1,162 @@
+require 'pgcrypto'
+
+module PGCrypto
+  def self.build_adapter!
+    Class.new(PGCrypto.base_adapter) do
+      include PGCrypto::AdapterMethods
+    end
+  end
+
+  def self.rebuild_adapter!
+    remove_const(:Adapter) if const_defined? :Adapter
+    const_set(:Adapter, build_adapter!)
+  end
+
+  module AdapterMethods
+    ADAPTER_NAME = 'PGCrypto'
+
+    def quote(*args, &block)
+      if args.first.is_a?(Arel::Nodes::SqlLiteral)
+        args.first
+      else
+        super
+      end
+    end
+
+    def to_sql(arel, *args)
+      case arel
+      when Arel::InsertManager
+        pgcrypto_insert(arel)
+      when Arel::SelectManager
+        pgcrypto_select(arel)
+      when Arel::UpdateManager
+        pgcrypto_update(arel)
+      end
+      super(arel, *args)
+    end
+
+    private
+
+    def pgcrypto_decrypt_column(table_name, column_name, key)
+      table = Arel::Table.new(table_name)
+      column = Arel::Attribute.new(table, column_name)
+      key_dearmored = Arel::Nodes::SqlLiteral.new("#{key.dearmored}#{key.password?}")
+      Arel::Nodes::NamedFunction.new('pgp_pub_decrypt', [column, key_dearmored])
+    end
+
+    def pgcrypto_encrypt_string(string, key)
+      if string.is_a?(String)
+        string = quote(string)
+      else
+        string = quote_string(string)
+      end
+      encryption_instruction = %[pgp_pub_encrypt(#{string}, #{key.dearmored})]
+      Arel::Nodes::SqlLiteral.new(encryption_instruction)
+    end
+
+    def pgcrypto_insert(arel)
+      if table = PGCrypto[arel.ast.relation.name.to_s]
+        arel.ast.columns.each_with_index do |column, i|
+          if options = table[column.name.to_sym]
+            key = options[:key] || PGCrypto.keys[:public]
+            next unless key
+            # Encrypt encryptable columns
+            value = arel.ast.values.expressions[i]
+            arel.ast.values.expressions[i] = pgcrypto_encrypt_string(value, key)
+          end
+        end
+      end
+    end
+
+    def pgcrypto_select(arel)
+      # We start by looping through each "core," which is just a
+      # SelectStatement and correcting plain-text queries against an encrypted
+      # column...
+      arel.ast.cores.each do |core|
+        next unless core.is_a?(Arel::Nodes::SelectCore)
+
+        pgcrypto_update_selects(core, core.projections) if core.projections
+        pgcrypto_update_selects(core, core.having) if core.having
+
+        # Loop through each WHERE to determine whether or not we need to refer
+        # to its decrypted counterpart
+        pgcrypto_update_wheres(core)
+      end
+    end
+
+    def pgcrypto_update(arel)
+      if table = PGCrypto[arel.ast.relation.name.to_s]
+        # Find all columns with encryption instructions and encrypt them
+        arel.ast.values.each do |value|
+          if value.respond_to?(:left) && options = table[value.left.name]
+            key = options[:key] || PGCrypto.keys[:public]
+            next unless key
+
+            if value.right.nil?
+              value.right = Arel::Nodes::SqlLiteral.new('NULL')
+            else
+              value.right = pgcrypto_encrypt_string(value.right, key)
+            end
+          end
+        end
+      end
+    end
+
+    def pgcrypto_update_selects(core, selects)
+      table_name = core.source.left.name
+      columns = PGCrypto[table_name]
+      return if columns.empty?
+
+      untouched_columns = columns.keys.map(&:to_s)
+
+      selects.each_with_index do |select, i|
+        next unless select.respond_to?(:name)
+
+        select_name = select.name.to_s
+        if untouched_columns.include?(select_name)
+          key = columns[select_name.to_sym][:private] || PGCrypto.keys[:private]
+          next unless key
+          decrypt = pgcrypto_decrypt_column(table_name, select_name, key)
+          selects[i] = decrypt.as(select_name)
+          untouched_columns.delete(select_name)
+        end
+      end
+
+      splat_projection = selects.find { |select| select.respond_to?(:name) && select.name == '*' }
+      if untouched_columns.any? && splat_projection
+        untouched_columns.each do |column|
+          key = columns[column.to_sym][:private] || PGCrypto.keys[:private]
+          next unless key
+          decrypt = pgcrypto_decrypt_column(table_name, column, key)
+          core.projections.push(decrypt.as(column))
+        end
+      end
+    end
+
+    def pgcrypto_update_wheres(core)
+      table_name = core.source.left.name
+      columns = PGCrypto[table_name]
+      return if columns.empty?
+
+      core.wheres.each do |where|
+        if where.respond_to?(:children)
+          # Loop through the children to replace them with a decrypted
+          # counterpart
+          where.children.each do |child|
+            next unless child.respond_to?(:left) && options = columns[child.left.name.to_s]
+            key = options[:private] || PGCrypto.keys[:private]
+            child.left = pgcrypto_decrypt_column(table_name, child.left.name, key)
+            if child.right.is_a?(String)
+              # Prevent ActiveRecord from re-casting this as binary text
+              child.right = Arel::Nodes::SqlLiteral.new("'#{quote_string(child.right)}'")
+            end
+          end
+        end
+      end
+    end
+
+  end
+
+  Adapter = build_adapter!
+
+end