powerhome-attr_encrypted 1.0.1

data/lib/attr_encrypted/adapters/active_record.rb

@@ -0,0 +1,157 @@
+# frozen_string_literal: true
+
+if defined?(ActiveRecord::Base)
+  module AttrEncrypted
+    module Adapters
+      module ActiveRecord
+        def self.extended(base) # :nodoc:
+          base.class_eval do
+
+            # https://github.com/attr-encrypted/attr_encrypted/issues/68
+            alias_method :reload_without_attr_encrypted, :reload
+            def reload(*args, &block)
+              result = reload_without_attr_encrypted(*args, &block)
+              self.class.encrypted_attributes.keys.each do |attribute_name|
+                instance_variable_set("@#{attribute_name}", nil)
+              end
+              result
+            end
+
+            attr_encrypted_options[:encode] = true
+
+            class << self
+              alias_method :method_missing_without_attr_encrypted, :method_missing
+              alias_method :method_missing, :method_missing_with_attr_encrypted
+            end
+
+            def perform_attribute_assignment(method, new_attributes, *args)
+              return if new_attributes.blank?
+
+              send method, new_attributes.reject { |k, _|  self.class.encrypted_attributes.key?(k.to_sym) }, *args
+              send method, new_attributes.reject { |k, _| !self.class.encrypted_attributes.key?(k.to_sym) }, *args
+            end
+            private :perform_attribute_assignment
+
+            if ::ActiveRecord::VERSION::STRING > "3.1"
+              alias_method :assign_attributes_without_attr_encrypted, :assign_attributes
+              def assign_attributes(*args)
+                perform_attribute_assignment :assign_attributes_without_attr_encrypted, *args
+              end
+            end
+
+            alias_method :attributes_without_attr_encrypted=, :attributes=
+            def attributes=(*args)
+              perform_attribute_assignment :attributes_without_attr_encrypted=, *args
+            end
+          end
+        end
+
+        protected
+
+          # <tt>attr_encrypted</tt> method
+          def attr_encrypted(*attrs)
+            super
+            options = attrs.extract_options!
+            attr = attrs.pop
+            attribute attr if ::ActiveRecord::VERSION::STRING >= "5.1.0"
+            options.merge! encrypted_attributes[attr]
+
+            define_method("#{attr}_was") do
+              attribute_was(attr)
+            end
+
+            if ::ActiveRecord::VERSION::STRING >= "4.1"
+              define_method("#{attr}_changed?") do |options = {}|
+                attribute_changed?(attr, options)
+              end
+            else
+              define_method("#{attr}_changed?") do
+                attribute_changed?(attr)
+              end
+            end
+
+            define_method("#{attr}_change") do
+              attribute_change(attr)
+            end
+
+            define_method("#{attr}_with_dirtiness=") do |value|
+              ##
+              # In ActiveRecord 5.2+, due to changes to the way virtual
+              # attributes are handled, @attributes[attr].value is nil which
+              # breaks attribute_was. Setting it here returns us to the expected
+              # behavior.
+              if ::ActiveRecord::VERSION::STRING >= "5.2"
+                # This is needed support attribute_was before a record has
+                # been saved
+                set_attribute_was(attr, __send__(attr)) if value != __send__(attr)
+                # This is needed to support attribute_was after a record has
+                # been saved
+                @attributes.write_from_user(attr.to_s, value) if value != __send__(attr)
+              end
+              ##
+              attribute_will_change!(attr) if value != __send__(attr)
+              __send__("#{attr}_without_dirtiness=", value)
+            end
+
+            alias_method "#{attr}_without_dirtiness=", "#{attr}="
+            alias_method "#{attr}=", "#{attr}_with_dirtiness="
+
+            alias_method "#{attr}_before_type_cast", attr
+          end
+
+          def attribute_instance_methods_as_symbols
+            # We add accessor methods of the db columns to the list of instance
+            # methods returned to let ActiveRecord define the accessor methods
+            # for the db columns
+
+            if connected? && table_exists?
+              columns_hash.keys.inject(super) {|instance_methods, column_name| instance_methods.concat [column_name.to_sym, :"#{column_name}="]}
+            else
+              super
+            end
+          end
+
+          def attribute_instance_methods_as_symbols_available?
+            connected? && table_exists?
+          end
+
+          # Allows you to use dynamic methods like <tt>find_by_email</tt> or <tt>scoped_by_email</tt> for
+          # encrypted attributes
+          #
+          # NOTE: This only works when the <tt>:key</tt> option is specified as a string (see the README)
+          #
+          # This is useful for encrypting fields like email addresses. Your user's email addresses
+          # are encrypted in the database, but you can still look up a user by email for logging in
+          #
+          # Example
+          #
+          #   class User < ActiveRecord::Base
+          #     attr_encrypted :email, key: 'secret key'
+          #   end
+          #
+          #   User.find_by_email_and_password('test@example.com', 'testing')
+          #   # results in a call to
+          #   User.find_by_encrypted_email_and_password('the_encrypted_version_of_test@example.com', 'testing')
+          def method_missing_with_attr_encrypted(method, *args, &block)
+            if match = /^(find|scoped)_(all_by|by)_([_a-zA-Z]\w*)$/.match(method.to_s)
+              attribute_names = match.captures.last.split('_and_')
+              attribute_names.each_with_index do |attribute, index|
+                if attr_encrypted?(attribute) && encrypted_attributes[attribute.to_sym][:mode] == :single_iv_and_salt
+                  args[index] = send("encrypt_#{attribute}", args[index])
+                  warn "DEPRECATION WARNING: This feature will be removed in the next major release."
+                  attribute_names[index] = encrypted_attributes[attribute.to_sym][:attribute]
+                end
+              end
+              method = "#{match.captures[0]}_#{match.captures[1]}_#{attribute_names.join('_and_')}".to_sym
+            end
+            method_missing_without_attr_encrypted(method, *args, &block)
+          end
+      end
+    end
+  end
+
+  ActiveSupport.on_load(:active_record) do
+    extend AttrEncrypted
+    extend AttrEncrypted::Adapters::ActiveRecord
+  end
+end

data/lib/attr_encrypted/adapters/data_mapper.rb

@@ -0,0 +1,24 @@
+# frozen_string_literal: true
+
+if defined?(DataMapper)
+  module AttrEncrypted
+    module Adapters
+      module DataMapper
+        def self.extended(base) # :nodoc:
+          class << base
+            alias_method :included_without_attr_encrypted, :included
+            alias_method :included, :included_with_attr_encrypted
+          end
+        end
+
+        def included_with_attr_encrypted(base)
+          included_without_attr_encrypted(base)
+          base.extend AttrEncrypted
+          base.attr_encrypted_options[:encode] = true
+        end
+      end
+    end
+  end
+
+  DataMapper::Resource.extend AttrEncrypted::Adapters::DataMapper
+end

data/lib/attr_encrypted/adapters/sequel.rb

@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+
+if defined?(Sequel)
+  module AttrEncrypted
+    module Adapters
+      module Sequel
+        def self.extended(base) # :nodoc:
+          base.attr_encrypted_options[:encode] = true
+        end
+      end
+    end
+  end
+
+  Sequel::Model.extend AttrEncrypted
+  Sequel::Model.extend AttrEncrypted::Adapters::Sequel
+end

data/lib/attr_encrypted/version.rb

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+module AttrEncrypted
+  # Contains information about this gem's version
+  module Version
+    MAJOR = 1
+    MINOR = 0
+    PATCH = 1
+
+    # Returns a version string by joining <tt>MAJOR</tt>, <tt>MINOR</tt>, and <tt>PATCH</tt> with <tt>'.'</tt>
+    #
+    # Example
+    #
+    #   Version.string # '1.0.2'
+    def self.string
+      [MAJOR, MINOR, PATCH].join('.')
+    end
+  end
+end

data/test/active_record_test.rb

@@ -0,0 +1,365 @@
+# frozen_string_literal: true
+
+require_relative 'test_helper'
+
+ActiveRecord::Base.establish_connection(adapter: 'sqlite3', database: ':memory:')
+
+def create_tables
+  ActiveRecord::Schema.define(version: 1) do
+    self.verbose = false
+    create_table :people do |t|
+      t.string   :encrypted_email
+      t.string   :password
+      t.string   :encrypted_credentials
+      t.binary   :salt
+      t.binary   :key_iv
+      t.string   :encrypted_email_salt
+      t.string   :encrypted_credentials_salt
+      t.string   :encrypted_email_iv
+      t.string   :encrypted_credentials_iv
+    end
+    create_table :accounts do |t|
+      t.string :encrypted_password
+      t.string :encrypted_password_iv
+      t.string :encrypted_password_salt
+      t.string :key
+    end
+    create_table :users do |t|
+      t.string :login
+      t.string :encrypted_password
+      t.string :encrypted_password_iv
+      t.boolean :is_admin
+    end
+    create_table :prime_ministers do |t|
+      t.string :encrypted_name
+      t.string :encrypted_name_iv
+    end
+    create_table :addresses do |t|
+      t.binary :encrypted_street
+      t.binary :encrypted_street_iv
+      t.binary :encrypted_zipcode
+      t.string :mode
+    end
+  end
+end
+
+ActiveRecord::MissingAttributeError = ActiveModel::MissingAttributeError unless defined?(ActiveRecord::MissingAttributeError)
+
+if ::ActiveRecord::VERSION::STRING > "4.0"
+  module Rack
+    module Test
+      class UploadedFile; end
+    end
+  end
+
+  require 'action_controller/metal/strong_parameters'
+end
+
+class Person < ActiveRecord::Base
+  self.attr_encrypted_options[:mode] = :per_attribute_iv_and_salt
+  attr_encrypted :email, key: SECRET_KEY
+  attr_encrypted :credentials, key: Proc.new { |user| Encryptor.encrypt(value: user.salt, key: SECRET_KEY, iv: user.key_iv) }, marshal: true
+
+  after_initialize :initialize_salt_and_credentials
+
+  protected
+
+  def initialize_salt_and_credentials
+    self.key_iv ||= SecureRandom.random_bytes(12)
+    self.salt ||= Digest::SHA256.hexdigest((Time.now.to_i * rand(1000)).to_s)[0..15]
+    self.credentials ||= { username: 'example', password: 'test' }
+  end
+end
+
+class PersonWithValidation < Person
+  validates_presence_of :email
+end
+
+class PersonWithProcMode < Person
+  attr_encrypted :email,       key: SECRET_KEY, mode: Proc.new { :per_attribute_iv_and_salt }
+  attr_encrypted :credentials, key: SECRET_KEY, mode: Proc.new { :single_iv_and_salt }, insecure_mode: true
+end
+
+class Account < ActiveRecord::Base
+  ACCOUNT_ENCRYPTION_KEY = SecureRandom.urlsafe_base64(24)
+  attr_encrypted :password, key: :password_encryption_key
+
+  def encrypting?(attr)
+    encrypted_attributes[attr][:operation] == :encrypting
+  end
+
+  def password_encryption_key
+    if encrypting?(:password)
+      self.key = ACCOUNT_ENCRYPTION_KEY
+    else
+      self.key
+    end
+  end
+end
+
+class PersonWithSerialization < ActiveRecord::Base
+  self.table_name = 'people'
+  attr_encrypted :email, key: SECRET_KEY
+  serialize :password
+end
+
+class UserWithProtectedAttribute < ActiveRecord::Base
+  self.table_name = 'users'
+  attr_encrypted :password, key: SECRET_KEY
+  attr_protected :is_admin if ::ActiveRecord::VERSION::STRING < "4.0"
+end
+
+class PersonUsingAlias < ActiveRecord::Base
+  self.table_name = 'people'
+  attr_encryptor :email, key: SECRET_KEY
+end
+
+class PrimeMinister < ActiveRecord::Base
+  attr_encrypted :name, marshal: true, key: SECRET_KEY
+end
+
+class Address < ActiveRecord::Base
+  self.attr_encrypted_options[:marshal] = false
+  self.attr_encrypted_options[:encode] = false
+  attr_encrypted :street, encode_iv: false, key: SECRET_KEY
+  attr_encrypted :zipcode, key: SECRET_KEY, mode: Proc.new { |address| address.mode.to_sym }, insecure_mode: true
+end
+
+class ActiveRecordTest < Minitest::Test
+  def setup
+    drop_all_tables
+    create_tables
+  end
+
+  def test_should_encrypt_email
+    @person = Person.create(email: 'test@example.com')
+    refute_nil @person.encrypted_email
+    refute_equal @person.email, @person.encrypted_email
+    assert_equal @person.email, Person.first.email
+  end
+
+  def test_should_marshal_and_encrypt_credentials
+    @person = Person.create
+    refute_nil @person.encrypted_credentials
+    refute_equal @person.credentials, @person.encrypted_credentials
+    assert_equal @person.credentials, Person.first.credentials
+  end
+
+  def test_should_encode_by_default
+    assert Person.attr_encrypted_options[:encode]
+  end
+
+  def test_should_validate_presence_of_email
+    @person = PersonWithValidation.new
+    assert !@person.valid?
+    assert !@person.errors[:email].empty? || @person.errors.on(:email)
+  end
+
+  def test_should_encrypt_decrypt_with_iv
+    @person = Person.create(email: 'test@example.com')
+    @person2 = Person.find(@person.id)
+    refute_nil @person2.encrypted_email_iv
+    assert_equal 'test@example.com', @person2.email
+  end
+
+  def test_should_ensure_attributes_can_be_deserialized
+    @person = PersonWithSerialization.new(email: 'test@example.com', password: %w(an array of strings))
+    @person.save
+    assert_equal @person.password, %w(an array of strings)
+  end
+
+  def test_should_create_an_account_regardless_of_arguments_order
+    Account.create!(key: SECRET_KEY, password: "password")
+    Account.create!(password: "password" , key: SECRET_KEY)
+  end
+
+  def test_should_set_attributes_regardless_of_arguments_order
+    # minitest does not implement `assert_nothing_raised` https://github.com/seattlerb/minitest/issues/112
+    Account.new.attributes = { password: "password", key: SECRET_KEY }
+  end
+
+  def test_should_create_changed_predicate
+    person = Person.create!(email: 'test@example.com')
+    refute person.email_changed?
+    person.email = 'test@example.com'
+    refute person.email_changed?
+    person.email = nil
+    assert person.email_changed?
+    person.email = 'test2@example.com'
+    assert person.email_changed?
+  end
+
+  def test_should_create_was_predicate
+    original_email = 'test@example.com'
+    person = Person.create!(email: original_email)
+    assert_equal original_email, person.email_was
+    person.email = 'test2@example.com'
+    assert_equal original_email, person.email_was
+    old_pm_name = "Winston Churchill"
+    pm = PrimeMinister.create!(name: old_pm_name)
+    assert_equal old_pm_name, pm.name_was
+    old_zipcode = "90210"
+    address = Address.create!(zipcode: old_zipcode, mode: "single_iv_and_salt")
+    assert_equal old_zipcode, address.zipcode_was
+  end
+
+  def test_attribute_was_works_when_options_for_old_encrypted_value_are_different_than_options_for_new_encrypted_value
+    pw = 'password'
+    crypto_key = SecureRandom.urlsafe_base64(24)
+    old_iv = SecureRandom.random_bytes(12)
+    account = Account.create
+    encrypted_value = Encryptor.encrypt(value: pw, iv: old_iv, key: crypto_key)
+    Account.where(id: account.id).update_all(key: crypto_key, encrypted_password_iv: [old_iv].pack('m'), encrypted_password: [encrypted_value].pack('m'))
+    account = Account.find(account.id)
+    assert_equal pw, account.password
+    account.password = pw.reverse
+    assert_equal pw, account.password_was
+    account.save
+    account.reload
+    assert_equal Account::ACCOUNT_ENCRYPTION_KEY, account.key
+    assert_equal pw.reverse, account.password
+  end
+
+  # ActiveRecord 5.2 specific methods
+  if ::ActiveRecord::VERSION::STRING >= "5.2"
+    def test_should_create_will_save_change_to_predicate
+      person = Person.create!(email: 'test@example.com')
+      refute person.will_save_change_to_email?
+      person.email = 'test@example.com'
+      refute person.will_save_change_to_email?
+      person.email = 'test2@example.com'
+      assert person.will_save_change_to_email?
+    end
+
+    def test_should_create_saved_change_to_predicate
+      person = Person.create!(email: 'test@example.com')
+      assert person.saved_change_to_email?
+      person.reload
+      person.email = 'test@example.com'
+      refute person.saved_change_to_email?
+      person.email = nil
+      refute person.saved_change_to_email?
+      person.email = 'test2@example.com'
+      refute person.saved_change_to_email?
+      person.save
+      assert person.saved_change_to_email?
+    end
+  end
+
+  if ::ActiveRecord::VERSION::STRING > "4.0"
+    def test_should_assign_attributes
+      @user = UserWithProtectedAttribute.new(login: 'login', is_admin: false)
+      @user.attributes = ActionController::Parameters.new(login: 'modified', is_admin: true).permit(:login)
+      assert_equal 'modified', @user.login
+    end
+
+    def test_should_not_assign_protected_attributes
+      @user = UserWithProtectedAttribute.new(login: 'login', is_admin: false)
+      @user.attributes = ActionController::Parameters.new(login: 'modified', is_admin: true).permit(:login)
+      assert !@user.is_admin?
+    end
+
+    def test_should_raise_exception_if_not_permitted
+      @user = UserWithProtectedAttribute.new(login: 'login', is_admin: false)
+      assert_raises ActiveModel::ForbiddenAttributesError do
+        @user.attributes = ActionController::Parameters.new(login: 'modified', is_admin: true)
+      end
+    end
+
+    def test_should_raise_exception_on_init_if_not_permitted
+      assert_raises ActiveModel::ForbiddenAttributesError do
+        @user = UserWithProtectedAttribute.new ActionController::Parameters.new(login: 'modified', is_admin: true)
+      end
+    end
+  else
+    def test_should_assign_attributes
+      @user = UserWithProtectedAttribute.new(login: 'login', is_admin: false)
+      @user.attributes = { login: 'modified', is_admin: true }
+      assert_equal 'modified', @user.login
+    end
+
+    def test_should_not_assign_protected_attributes
+      @user = UserWithProtectedAttribute.new(login: 'login', is_admin: false)
+      @user.attributes = { login: 'modified', is_admin: true }
+      assert !@user.is_admin?
+    end
+
+    def test_should_assign_protected_attributes
+      @user = UserWithProtectedAttribute.new(login: 'login', is_admin: false)
+      if ::ActiveRecord::VERSION::STRING > "3.1"
+        @user.send(:assign_attributes, { login: 'modified', is_admin: true }, without_protection: true)
+      else
+        @user.send(:attributes=, { login: 'modified', is_admin: true }, false)
+      end
+      assert @user.is_admin?
+    end
+  end
+
+  def test_should_allow_assignment_of_nil_attributes
+    @person = Person.new
+    assert_nil(@person.attributes = nil)
+  end
+
+  def test_should_allow_proc_based_mode
+    @person = PersonWithProcMode.create(email: 'test@example.com', credentials: 'password123')
+
+    # Email is :per_attribute_iv_and_salt
+    assert_equal @person.class.encrypted_attributes[:email][:mode].class, Proc
+    assert_equal @person.class.encrypted_attributes[:email][:mode].call, :per_attribute_iv_and_salt
+    refute_nil @person.encrypted_email_salt
+    refute_nil @person.encrypted_email_iv
+
+    # Credentials is :single_iv_and_salt
+    assert_equal @person.class.encrypted_attributes[:credentials][:mode].class, Proc
+    assert_equal @person.class.encrypted_attributes[:credentials][:mode].call, :single_iv_and_salt
+    assert_nil @person.encrypted_credentials_salt
+    assert_nil @person.encrypted_credentials_iv
+  end
+
+  if ::ActiveRecord::VERSION::STRING > "3.1"
+    def test_should_allow_assign_attributes_with_nil
+      @person = Person.new
+      assert_nil(@person.assign_attributes nil)
+    end
+  end
+
+  def test_that_alias_encrypts_column
+    user = PersonUsingAlias.new
+    user.email = 'test@example.com'
+    user.save
+
+    refute_nil user.encrypted_email
+    refute_equal user.email, user.encrypted_email
+    assert_equal user.email, PersonUsingAlias.first.email
+  end
+
+  # See https://github.com/attr-encrypted/attr_encrypted/issues/68
+  def test_should_invalidate_virtual_attributes_on_reload
+    old_pm_name = 'Winston Churchill'
+    new_pm_name = 'Neville Chamberlain'
+    pm = PrimeMinister.create!(name: old_pm_name)
+    assert_equal old_pm_name, pm.name
+    pm.name = new_pm_name
+    assert_equal new_pm_name, pm.name
+
+    result = pm.reload
+    assert_equal pm, result
+    assert_equal old_pm_name, pm.name
+  end
+
+  def test_should_save_encrypted_data_as_binary
+    street = '123 Elm'
+    address = Address.create!(street: street)
+    refute_equal address.encrypted_street, street
+    assert_equal Address.first.street, street
+  end
+
+  def test_should_evaluate_proc_based_mode
+    street = '123 Elm'
+    zipcode = '12345'
+    address = Address.create(street: street, zipcode: zipcode, mode: :single_iv_and_salt)
+    address.reload
+    refute_equal address.encrypted_zipcode, zipcode
+    assert_equal address.zipcode, zipcode
+  end
+end