pgcrypto 0.3.6 → 0.4.1

data/lib/pgcrypto/column.rb

@@ -1,18 +1,19 @@
 module PGCrypto
   class Column < ActiveRecord::Base
 
-    attr_accessible :name if respond_to? :attr_accessible
-
     self.table_name = 'pgcrypto_columns'
 
-    before_save :set_owner_table
-    belongs_to :owner, :autosave => false, :inverse_of => :pgcrypto_columns, :polymorphic => true
+    belongs_to :owner, polymorphic: true
 
-    default_scope { select(%w(id owner_id owner_type owner_table)) }
+    has_encrypted_column :value
 
-    protected
-    def set_owner_table
-      self.owner_table = self.owner.class.table_name
+    def self.tables_and_columns
+      tables_and_columns = []
+      select('DISTINCT owner_type, name').each do |column|
+        tables_and_columns.push [column.owner_type.constantize.table_name, column.name]
+      end
+      tables_and_columns
     end
+
   end
 end

data/lib/pgcrypto/column_converter.rb

@@ -0,0 +1,26 @@
+require 'pgcrypto/column'
+
+module PGCrypto
+  class ColumnConverter
+
+    def self.migrate!
+      new.migrate!
+    end
+
+    def migrate!
+      PGCrypto::Column.find_each(batch_size: 100) do |column|
+        migrate_column(column)
+      end
+    end
+
+    private
+
+    def migrate_column(column)
+      if column.owner
+        column.owner.update_column(column.name, column.value)
+        puts "Migrated #{column.owner}##{column.name}"
+      end
+    end
+
+  end
+end

data/lib/pgcrypto/generators/base_generator.rb

@@ -0,0 +1,12 @@
+require 'rails/generators/migration'
+require 'rails/generators/active_record/migration'
+
+class BaseGenerator < Rails::Generators::Base
+  include Rails::Generators::Migration
+  extend ActiveRecord::Generators::Migration
+
+  def self.next_migration_number(*args)
+    Time.now.utc.strftime("%Y%m%d%H%M%S").to_i.to_s
+  end
+
+end

data/lib/{generators/pgcrypto → pgcrypto/generators}/install/install_generator.rb

@@ -1,11 +1,8 @@
-require 'rails/generators/migration'
-require 'rails/generators/active_record/migration'
+require 'pgcrypto/generators/base_generator'
 
 module Pgcrypto
   module Generators
-    class InstallGenerator < Rails::Generators::Base
-      include Rails::Generators::Migration
-      extend ActiveRecord::Generators::Migration
+    class InstallGenerator < BaseGenerator
 
       source_root File.expand_path('../templates', __FILE__)
 

data/lib/pgcrypto/generators/install/templates/migration.rb

@@ -0,0 +1,5 @@
+class InstallPgcrypto < ActiveRecord::Migration
+  def change
+    enable_extension "pgcrypto"
+  end
+end

data/lib/pgcrypto/generators/upgrade/USAGE

@@ -0,0 +1,8 @@
+Description:
+    Generates the PGCrypto upgrade-from-0.3.x migration
+
+Example:
+    rails generate pgcrypto:install
+
+    This will create:
+        db/migrate/XXXXXX_upgrade_pgcrypto_to_0_4_0.rb

data/lib/pgcrypto/generators/upgrade/templates/migration.rb

@@ -0,0 +1,22 @@
+require 'pgcrypto/column'
+require 'pgcrypto/column_converter'
+
+class UpgradePgcryptoTo040 < ActiveRecord::Migration
+  def up
+    # Add columns based on the ones we already know exist
+    PGCrypto::Column.tables_and_columns do |table, column|
+      add_column table, column, :binary
+    end
+
+    # Migrate column data
+    PGCrypto::ColumnConverter.migrate!
+
+    # Drop the old, now-unused columns table
+    # COMMENT THIS IN IF YOU REALLY WANT IT
+    # drop_table :pgcrypto_columns
+  end
+
+  def down
+    raise ActiveRecord::IrreversibleMigration
+  end
+end

data/lib/pgcrypto/generators/upgrade/upgrade_generator.rb

@@ -0,0 +1,15 @@
+require 'pgcrypto/generators/base_generator'
+
+module Pgcrypto
+  module Generators
+    class UpgradeGenerator < BaseGenerator
+
+      source_root File.expand_path('../templates', __FILE__)
+
+      def copy_migration
+        migration_template("migration.rb", "db/migrate/upgrade_pgcrypto_to_0_4_0.rb")
+      end
+
+    end
+  end
+end

data/lib/pgcrypto/has_encrypted_column.rb

@@ -0,0 +1,25 @@
+module PGCrypto
+  module HasEncryptedColumn
+    def has_encrypted_column(*column_names)
+      options = column_names.extract_options!
+      options.reverse_merge(type: :pgp)
+
+      column_names.each do |column_name|
+        # Stash the encryption type in our module
+        PGCrypto[table_name][column_name.to_s] ||= options.symbolize_keys
+      end
+    end
+
+    def pgcrypto(*args)
+      if defined? Rails
+        Rails.logger.debug "[DEPRECATION WARNING] `pgcrypto' is deprecated. Please use `has_encrypted_column' instead!"
+      end
+      has_encrypted_column(*args)
+    end
+
+  end
+end
+
+if defined? ActiveRecord::Base
+  ActiveRecord::Base.extend PGCrypto::HasEncryptedColumn
+end

data/lib/pgcrypto/key.rb

@@ -1,14 +1,4 @@
 module PGCrypto
-  class KeyManager < Hash
-    def []=(key, value)
-      unless value.is_a?(Key)
-        value = Key.new(value)
-      end
-      value.name = key
-      super key, value
-    end
-  end
-
   class Key
     attr_accessor :name, :password, :value
     attr_reader :path

data/lib/pgcrypto/key_manager.rb

@@ -0,0 +1,11 @@
+module PGCrypto
+  class KeyManager < Hash
+    def []=(key, value)
+      unless value.is_a?(Key)
+        value = Key.new(value)
+      end
+      value.name = key
+      super key, value
+    end
+  end
+end

data/lib/pgcrypto/railtie.rb

@@ -0,0 +1,15 @@
+module PGCrypto
+  class Railtie < Rails::Railtie
+    generators do
+      require 'pgcrypto/generators/install/install_generator'
+      require 'pgcrypto/generators/upgrade/upgrade_generator'
+    end
+
+    rake_tasks do
+      tasks = File.join(File.dirname(__FILE__), '../tasks/*.rake')
+      Dir[tasks].each do |file|
+        load file
+      end
+    end
+  end
+end

data/lib/pgcrypto/table.rb

@@ -0,0 +1,11 @@
+module PGCrypto
+  class Table < Hash
+    def [](key)
+      super(key.to_sym)
+    end
+
+    def []=(key, value)
+      super key.to_sym, value
+    end
+  end
+end

data/lib/pgcrypto/table_manager.rb

@@ -1,14 +1,6 @@
-module PGCrypto
-  class Table < Hash
-    def [](key)
-      super(key.to_sym)
-    end
-
-    def []=(key, value)
-      super key.to_sym, value
-    end
-  end
+require 'pgcrypto/table'
 
+module PGCrypto
   class TableManager < Table
     def [](key)
       return {} unless key

data/lib/tasks/pgcrypto.rake

@@ -0,0 +1,7 @@
+namespace :pgcrypto do
+  desc "Migrate PGCrypto 0.3.x-style columns to 0.4 style"
+  task migrate_old_columns: :environment do
+    require 'pgcrypto/column_converter'
+    PGCrypto::ColumnConverter.migrate!
+  end
+end

data/pgcrypto.gemspec

@@ -2,14 +2,16 @@
 # DO NOT EDIT THIS FILE DIRECTLY
 # Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
 # -*- encoding: utf-8 -*-
+# stub: pgcrypto 0.4.0 ruby lib
 
 Gem::Specification.new do |s|
   s.name = "pgcrypto"
-  s.version = "0.3.5"
+  s.version = "0.4.0"
 
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
+  s.require_paths = ["lib"]
   s.authors = ["Flip Sasser"]
-  s.date = "2012-09-02"
+  s.date = "2014-08-24"
   s.description = "\n      PGCrypto is an ActiveRecord::Base extension that allows you to asymmetrically\n      encrypt PostgreSQL columns with as little trouble as possible. It's totally\n      freaking rad.\n    "
   s.email = "flip@x451.com"
   s.extra_rdoc_files = [
@@ -26,16 +28,28 @@ Gem::Specification.new do |s|
     "README.markdown",
     "Rakefile",
     "VERSION",
-    "lib/generators/pgcrypto/install/USAGE",
-    "lib/generators/pgcrypto/install/install_generator.rb",
-    "lib/generators/pgcrypto/install/templates/initializer.rb",
-    "lib/generators/pgcrypto/install/templates/migration.rb",
+    "lib/active_record/connection_adapters/pgcrypto_adapter.rb",
+    "lib/active_record/connection_adapters/pgcrypto_adapter/rails_3.rb",
+    "lib/active_record/connection_adapters/pgcrypto_adapter/rails_4.rb",
     "lib/pgcrypto.rb",
-    "lib/pgcrypto/active_record.rb",
-    "lib/pgcrypto/arel.rb",
+    "lib/pgcrypto/adapter.rb",
     "lib/pgcrypto/column.rb",
+    "lib/pgcrypto/column_converter.rb",
+    "lib/pgcrypto/generators/base_generator.rb",
+    "lib/pgcrypto/generators/install/USAGE",
+    "lib/pgcrypto/generators/install/install_generator.rb",
+    "lib/pgcrypto/generators/install/templates/initializer.rb",
+    "lib/pgcrypto/generators/install/templates/migration.rb",
+    "lib/pgcrypto/generators/upgrade/USAGE",
+    "lib/pgcrypto/generators/upgrade/templates/migration.rb",
+    "lib/pgcrypto/generators/upgrade/upgrade_generator.rb",
+    "lib/pgcrypto/has_encrypted_column.rb",
     "lib/pgcrypto/key.rb",
+    "lib/pgcrypto/key_manager.rb",
+    "lib/pgcrypto/railtie.rb",
+    "lib/pgcrypto/table.rb",
     "lib/pgcrypto/table_manager.rb",
+    "lib/tasks/pgcrypto.rake",
     "pgcrypto.gemspec",
     "spec/lib/pgcrypto_spec.rb",
     "spec/spec_helper.rb",
@@ -45,25 +59,18 @@ Gem::Specification.new do |s|
     "spec/support/public.password.key"
   ]
   s.homepage = "http://github.com/Plinq/pgcrypto"
-  s.require_paths = ["lib"]
-  s.rubygems_version = "1.8.24"
+  s.rubygems_version = "2.4.1"
   s.summary = "A transparent ActiveRecord::Base extension for encrypted columns"
 
   if s.respond_to? :specification_version then
-    s.specification_version = 3
+    s.specification_version = 4
 
     if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
-      s.add_runtime_dependency(%q<activerecord>, [">= 3.2"])
-      s.add_runtime_dependency(%q<big_spoon>, [">= 0.2.1"])
       s.add_development_dependency(%q<jeweler>, [">= 0"])
     else
-      s.add_dependency(%q<activerecord>, [">= 3.2"])
-      s.add_dependency(%q<big_spoon>, [">= 0.2.1"])
       s.add_dependency(%q<jeweler>, [">= 0"])
     end
   else
-    s.add_dependency(%q<activerecord>, [">= 3.2"])
-    s.add_dependency(%q<big_spoon>, [">= 0.2.1"])
     s.add_dependency(%q<jeweler>, [">= 0"])
   end
 end

data/spec/lib/pgcrypto_spec.rb

@@ -4,102 +4,100 @@ require 'spec_helper'
 # ActiveRecord::Base.logger = Logger.new(STDOUT)
 
 specs = proc do
-  it "should extend ActiveRecord::Base" do
-    PGCryptoTestModel.should respond_to(:pgcrypto)
-  end
-  
-  it "should have readers and writers" do
-    model = PGCryptoTestModel.new
-    model.should respond_to(:test_column)
-    model.should respond_to(:test_column=)
-  end
-  
-  it "should be settable on create" do
-    model = PGCryptoTestModel.new(:test_column => 'this is a test')
-    model.save!.should be_true
-  end
-  
-  it "should be settable on update" do
-    model = PGCryptoTestModel.create!
-    model.test_column = 'this is another test'
-    model.save!.should be_true
-  end
-  
-  it "should be update-able" do
-    model = PGCryptoTestModel.create!(:test_column => 'i am test column')
-    model.update_attributes!(:test_column => 'but now i am a different column, son').should be_true
-    model.test_column.should == 'but now i am a different column, son'
-  end
-  
-  it "should be retrievable at create" do
-    model = PGCryptoTestModel.create!(:test_column => 'i am test column')
-    model.test_column.should == 'i am test column'
-  end
-  
-  it "should be retrievable after create" do
-    model = PGCryptoTestModel.create!(:test_column => 'i should return to you')
-    PGCryptoTestModel.find(model.id).test_column.should == 'i should return to you'
-  end
-
-  it "should be retrievable at update" do
-    model = PGCryptoTestModel.create!(:test_column => 'i will update')
-    model.test_column.should == 'i will update'
-    model.update_attributes!(:test_column => 'i updated')
-    model.test_column.should == 'i updated'
-  end
-  
-  it "should be retrievable without update" do
-    model = PGCryptoTestModel.create!(:test_column => 'i will update')
-    model.test_column.should == 'i will update'
-    model.test_column = 'i updated'
-    model.test_column.should == 'i updated'
-  end
-  
-  it "should be searchable" do
-    model = PGCryptoTestModel.create!(:test_column => 'i am findable!')
-    PGCryptoTestModel.where(:test_column => model.test_column).should == [model]
-  end
-  
-  it "should track changes" do
-    model = PGCryptoTestModel.create!(:test_column => 'i am clean')
-    model.test_column = "now i'm not!"
-    model.test_column_changed?.should be_true
-  end
-  
-  it "should not be dirty if unchanged" do
-    model = PGCryptoTestModel.create!(:test_column => 'i am clean')
-    model.test_column = 'i am clean'
-    model.test_column_changed?.should_not be_true
-  end
-  
-  it "should reload with the class" do
-    model = PGCryptoTestModel.create!(:test_column => 'i am clean')
-    model.test_column = 'i am dirty'
+
+  let(:stored_raw) {
+    connection = PGCryptoTestModel.connection
+    result = connection.select_one("SELECT encrypted_text FROM pgcrypto_test_models LIMIT 1")
+    result['encrypted_text']
+  }
+
+  # Default test text
+  let(:text) { "text to encrypt" }
+  # That text as it appears un-encrypted in a binary column - we'll compare
+  # this to what gets set to ensure the text is properly encrypted
+  let(:text_raw) { "\\x7465787420746f20656e6372797074" }
+
+  let(:text_2) { "something else entirely" }
+  let(:text_2_raw) { "\\x736f6d657468696e6720656c736520656e746972656c79" }
+
+  it "extends ActiveRecord::Base" do
+    expect(PGCryptoTestModel).to respond_to(:has_encrypted_column)
+    expect(PGCryptoTestModel).to respond_to(:pgcrypto)
+  end
+
+  it "encrypts text on insert" do
+    PGCryptoTestModel.create!(name: 'foobar', encrypted_text: text)
+    expect(stored_raw).not_to eq(text_raw)
+    expect(PGCryptoTestModel.last.name).to eq('foobar')
+  end
+
+  it "encrypts new text on update" do
+    PGCryptoTestModel.create.tap do |model|
+      model.encrypted_text = text
+      model.save!
+    end
+    expect(stored_raw).not_to eq(text_raw)
+  end
+
+  it "encrypts changed text on update" do
+    PGCryptoTestModel.create!(encrypted_text: text).tap do |model|
+      model.update_attributes!(encrypted_text: text_2)
+    end
+    expect(stored_raw).not_to eq(text_2_raw)
+  end
+
+  it "keeps plaintext versions of the encrypted text" do
+    model = PGCryptoTestModel.create!(encrypted_text: text)
+    expect(model.encrypted_text).to eq(text)
+  end
+
+  it "decrypts text when it is selected" do
+    model = PGCryptoTestModel.create!(encrypted_text: text)
+    expect(PGCryptoTestModel.find(model.id).encrypted_text).to eq(text)
+  end
+
+  it "retrieves decrypted text after update" do
+    model = PGCryptoTestModel.create!(:encrypted_text => 'i will update')
+    expect(PGCryptoTestModel.find(model.id).encrypted_text).to eq('i will update')
+    model.update_attributes!(encrypted_text: 'i updated', name: 'testy mctesterson')
+    expect(PGCryptoTestModel.find(model.id).encrypted_text).to eq('i updated')
+  end
+
+  it "retrieves decrypted text without update" do
+    model = PGCryptoTestModel.create!(:encrypted_text => 'i will update')
+    expect(PGCryptoTestModel.find(model.id).encrypted_text).to eq('i will update')
+    model.encrypted_text = 'i updated'
+    expect(model.encrypted_text).to eq('i updated')
+  end
+
+  it "supports querying encrypted columns transparently" do
+    model = PGCryptoTestModel.create!(:encrypted_text => 'i am findable!')
+    expect(PGCryptoTestModel.where(encrypted_text: model.encrypted_text)).to eq([model])
+  end
+
+  it "tracks changes" do
+    model = PGCryptoTestModel.create!(:encrypted_text => 'i am clean')
+    model.encrypted_text = "now i'm not!"
+    expect(model.encrypted_text_changed?).to be_truthy
+  end
+
+  it "is not dirty if attributes are unchanged" do
+    model = PGCryptoTestModel.create!(:encrypted_text => 'i am clean')
+    model.encrypted_text = 'i am clean'
+    expect(model.encrypted_text_changed?).not_to be_truthy
+  end
+
+  it "reloads with the class" do
+    model = PGCryptoTestModel.create!(:encrypted_text => 'i am clean')
+    model.encrypted_text = 'i am dirty'
     model.reload
-    model.test_column.should == 'i am clean'
-    model.test_column_changed?.should_not be_true
-  end
-  
-  it "should allow direct setting of values as well" do
-    model = PGCryptoTestModel.create!(:test_column => 'one')
-    model.test_column.should == 'one'
-    model.test_column = 'two'
-    model.save!.should be_true
-    model.select_pgcrypto_column(:test_column).value.should == 'two'
-  end
-  
-  it "should delete the column when I set the value to nil" do
-    model = PGCryptoTestModel.create!(:test_column => 'one')
-    model.test_column = nil
-    model.save!
-    model.select_pgcrypto_column(:test_column).should be_nil
-  end
-  
-  it "should plz work" do
-    model = PGCryptoTestModel.find(PGCryptoTestModel.create!(:test_column => 'one'))
-    model.test_column = 'two'
-    model.save!
-    model.select_pgcrypto_column(:test_column).value.should == 'two'
+    expect(model.encrypted_text).to eq('i am clean')
+    expect(model.encrypted_text_changed?).not_to be_truthy
+  end
+
+  it "decrypts direct selects" do
+    model = PGCryptoTestModel.create!(:encrypted_text => 'to be selected...')
+    expect(PGCryptoTestModel.select([:id, :encrypted_text]).where(id: model.id).first).to eq(model)
   end
 end
 
@@ -111,7 +109,7 @@ describe PGCrypto do
       PGCrypto.keys[:public] = {:path => File.join(keypath, 'public.key')}
     end
 
-    # instance_eval(&specs)
+     instance_eval(&specs)
   end
 
   describe "with password-protected keys" do
@@ -123,10 +121,13 @@ describe PGCrypto do
     instance_eval(&specs)
   end
 
-  describe "with Brett's keys" do
-    before :each do
-      PGCrypto.keys[:private] = {:path => File.join(keypath, 'private.brett.key'), :password => '4a13zhUF'}
-      PGCrypto.keys[:public] = {:path => File.join(keypath, 'public.brett.key')}
+  describe "with the PostGIS adapter" do
+    before :all do
+      gem 'activerecord-postgis-adapter', ActiveRecord::VERSION::MAJOR == 3 ? '< 0.7' : '>= 1.1'
+      require 'activerecord-postgis-adapter'
+      PGCrypto.keys[:private] = {:path => File.join(keypath, 'private.key')}
+      PGCrypto.keys[:public] = {:path => File.join(keypath, 'public.key')}
+      PGCrypto.base_adapter = ActiveRecord::ConnectionAdapters::PostGISAdapter::MainAdapter
     end
 
     instance_eval(&specs)