powerhome-attr_encrypted 1.0.1

data/test/legacy_compatibility_test.rb

@@ -0,0 +1,95 @@
+# frozen_string_literal: true
+
+# -*- encoding: utf-8 -*-
+require_relative 'test_helper'
+
+# Test to ensure that existing representations in database do not break on
+# migrating to new versions of this gem. This ensures that future versions of
+# this gem will retain backwards compatibility with data generated by earlier
+# versions.
+class LegacyCompatibilityTest < Minitest::Test
+  class LegacyNonmarshallingPet < ActiveRecord::Base
+    PET_NICKNAME_SALT = Digest::SHA256.hexdigest('my-really-really-secret-pet-nickname-salt')
+    PET_NICKNAME_KEY = 'my-really-really-secret-pet-nickname-key'
+    PET_BIRTHDATE_SALT = Digest::SHA256.hexdigest('my-really-really-secret-pet-birthdate-salt')
+    PET_BIRTHDATE_KEY = 'my-really-really-secret-pet-birthdate-key'
+
+    self.attr_encrypted_options[:insecure_mode] = true
+    self.attr_encrypted_options[:algorithm] = 'aes-256-cbc'
+    self.attr_encrypted_options[:mode] = :single_iv_and_salt
+
+    attr_encrypted :nickname,
+      :key => proc { Encryptor.encrypt(:value => PET_NICKNAME_SALT, :key => PET_NICKNAME_KEY, insecure_mode: true, algorithm: 'aes-256-cbc') }
+    attr_encrypted :birthdate,
+      :key => proc { Encryptor.encrypt(:value => PET_BIRTHDATE_SALT, :key => PET_BIRTHDATE_KEY, insecure_mode: true, algorithm: 'aes-256-cbc') }
+  end
+
+  class LegacyMarshallingPet < ActiveRecord::Base
+    PET_NICKNAME_SALT = Digest::SHA256.hexdigest('my-really-really-secret-pet-nickname-salt')
+    PET_NICKNAME_KEY = 'my-really-really-secret-pet-nickname-key'
+    PET_BIRTHDATE_SALT = Digest::SHA256.hexdigest('my-really-really-secret-pet-birthdate-salt')
+    PET_BIRTHDATE_KEY = 'my-really-really-secret-pet-birthdate-key'
+
+    self.attr_encrypted_options[:insecure_mode] = true
+    self.attr_encrypted_options[:algorithm] = 'aes-256-cbc'
+    self.attr_encrypted_options[:mode] = :single_iv_and_salt
+
+    attr_encrypted :nickname,
+                   :key => proc { Encryptor.encrypt(:value => PET_NICKNAME_SALT, :key => PET_NICKNAME_KEY, insecure_mode: true, algorithm: 'aes-256-cbc') },
+                   :marshal => true
+    attr_encrypted :birthdate,
+                   :key => proc { Encryptor.encrypt(:value => PET_BIRTHDATE_SALT, :key => PET_BIRTHDATE_KEY, insecure_mode: true, algorithm: 'aes-256-cbc') },
+                   :marshal => true
+  end
+
+  def setup
+    drop_all_tables
+    create_tables
+  end
+
+  def test_nonmarshalling_backwards_compatibility
+    pet = LegacyNonmarshallingPet.create!(
+      :name => 'Fido',
+      :encrypted_nickname => 'uSUB6KGzta87yxesyVc3DA==',
+      :encrypted_birthdate => 'I3d691B2PtFXLx15kO067g=='
+    )
+
+    assert_equal 'Fido', pet.name
+    assert_equal 'Fido the Dog', pet.nickname
+    assert_equal '2011-07-09', pet.birthdate
+  end
+
+  def test_marshalling_backwards_compatibility
+    pet = LegacyMarshallingPet.create!(
+      :name => 'Fido',
+      :encrypted_nickname => '7RwoT64in4H+fGVBPYtRcN0K4RtriIy1EP4nDojUa8g=',
+      :encrypted_birthdate => 'bSp9sJhXQSp2QlNZHiujtcK4lRVBE8HQhn1y7moQ63bGJR20hvRSZ73ePAmm+wc5'
+    )
+
+    assert_equal 'Fido', pet.name
+    assert_equal 'Mummy\'s little helper', pet.nickname
+
+    assert_equal Date.new(2011, 7, 9), pet.birthdate
+  end
+
+  private
+
+  def create_tables
+    ActiveRecord::Schema.define(:version => 1) do
+      create_table :legacy_nonmarshalling_pets do |t|
+        t.string :name
+        t.string :encrypted_nickname
+        t.string :encrypted_birthdate
+        t.string :salt
+      end
+      create_table :legacy_marshalling_pets do |t|
+        t.string :name
+        t.string :encrypted_nickname
+        t.string :encrypted_birthdate
+        t.string :salt
+      end
+    end
+  end
+end
+
+ActiveRecord::Base.establish_connection :adapter => 'sqlite3', :database => ':memory:'

data/test/legacy_data_mapper_test.rb

@@ -0,0 +1,57 @@
+# frozen_string_literal: true
+
+require_relative 'test_helper'
+
+DataMapper.setup(:default, 'sqlite3::memory:')
+
+class LegacyClient
+  include DataMapper::Resource
+  self.attr_encrypted_options[:insecure_mode] = true
+  self.attr_encrypted_options[:algorithm] = 'aes-256-cbc'
+  self.attr_encrypted_options[:mode] = :single_iv_and_salt
+
+  property :id, Serial
+  property :encrypted_email, String
+  property :encrypted_credentials, Text
+  property :salt, String
+
+  attr_encrypted :email, :key => 'a secret key', mode: :single_iv_and_salt
+  attr_encrypted :credentials, :key => Proc.new { |client| Encryptor.encrypt(:value => client.salt, :key => 'some private key', insecure_mode: true, algorithm: 'aes-256-cbc') }, :marshal => true, mode: :single_iv_and_salt
+
+  def initialize(attrs = {})
+    super attrs
+    self.salt ||= Digest::SHA1.hexdigest((Time.now.to_i * rand(5)).to_s)
+    self.credentials ||= { :username => 'example', :password => 'test' }
+  end
+end
+
+DataMapper.auto_migrate!
+
+class LegacyDataMapperTest < Minitest::Test
+
+  def setup
+    LegacyClient.all.each(&:destroy)
+  end
+
+  def test_should_encrypt_email
+    @client = LegacyClient.new :email => 'test@example.com'
+    assert @client.save
+    refute_nil @client.encrypted_email
+    refute_equal @client.email, @client.encrypted_email
+    assert_equal @client.email, LegacyClient.first.email
+  end
+
+  def test_should_marshal_and_encrypt_credentials
+    @client = LegacyClient.new
+    assert @client.save
+    refute_nil @client.encrypted_credentials
+    refute_equal @client.credentials, @client.encrypted_credentials
+    assert_equal @client.credentials, LegacyClient.first.credentials
+    assert LegacyClient.first.credentials.is_a?(Hash)
+  end
+
+  def test_should_encode_by_default
+    assert LegacyClient.attr_encrypted_options[:encode]
+  end
+
+end

data/test/legacy_sequel_test.rb

@@ -0,0 +1,54 @@
+# frozen_string_literal: true
+
+require_relative 'test_helper'
+
+DB.create_table :legacy_humans do
+  primary_key :id
+  column :encrypted_email, :string
+  column :password, :string
+  column :encrypted_credentials, :string
+  column :salt, :string
+end
+
+class LegacyHuman < Sequel::Model(:legacy_humans)
+  self.attr_encrypted_options[:insecure_mode] = true
+  self.attr_encrypted_options[:algorithm] = 'aes-256-cbc'
+  self.attr_encrypted_options[:mode] = :single_iv_and_salt
+
+  attr_encrypted :email, :key => 'a secret key', mode: :single_iv_and_salt
+  attr_encrypted :credentials, :key => Proc.new { |human| Encryptor.encrypt(:value => human.salt, :key => 'some private key', insecure_mode: true, algorithm: 'aes-256-cbc') }, :marshal => true, mode: :single_iv_and_salt
+
+  def after_initialize(attrs = {})
+    self.salt ||= Digest::SHA1.hexdigest((Time.now.to_i * rand(5)).to_s)
+    self.credentials ||= { :username => 'example', :password => 'test' }
+  end
+end
+
+class LegacySequelTest < Minitest::Test
+
+  def setup
+    LegacyHuman.all.each(&:destroy)
+  end
+
+  def test_should_encrypt_email
+    @human = LegacyHuman.new :email => 'test@example.com'
+    assert @human.save
+    refute_nil @human.encrypted_email
+    refute_equal @human.email, @human.encrypted_email
+    assert_equal @human.email, LegacyHuman.first.email
+  end
+
+  def test_should_marshal_and_encrypt_credentials
+    @human = LegacyHuman.new
+    assert @human.save
+    refute_nil @human.encrypted_credentials
+    refute_equal @human.credentials, @human.encrypted_credentials
+    assert_equal @human.credentials, LegacyHuman.first.credentials
+    assert LegacyHuman.first.credentials.is_a?(Hash)
+  end
+
+  def test_should_encode_by_default
+    assert LegacyHuman.attr_encrypted_options[:encode]
+  end
+
+end

data/test/run.sh

@@ -0,0 +1,12 @@
+#!/usr/bin/env sh -e
+
+for RUBY in 1.9.3 2.0.0 2.1 2.2
+do
+  for RAILS in 2.3.8 3.0.0 3.1.0 3.2.0 4.0.0 4.1.0 4.2.0
+  do
+    if [[ $RUBY -gt 1.9.3 && $RAILS -lt 4.0.0 ]]; then
+      continue
+    fi
+    RBENV_VERSION=$RUBY ACTIVERECORD=$RAILS bundle && bundle exec rake
+  done
+done

data/test/sequel_test.rb

@@ -0,0 +1,55 @@
+# frozen_string_literal: true
+
+require_relative 'test_helper'
+
+DB.create_table :humans do
+  primary_key :id
+  column :encrypted_email, :string
+  column :encrypted_email_salt, String
+  column :encrypted_email_iv, :string
+  column :password, :string
+  column :encrypted_credentials, :string
+  column :encrypted_credentials_iv, :string
+  column :encrypted_credentials_salt, String
+end
+
+class Human < Sequel::Model(:humans)
+  self.attr_encrypted_options[:mode] = :per_attribute_iv_and_salt
+
+  attr_encrypted :email, :key => SECRET_KEY
+  attr_encrypted :credentials, :key => SECRET_KEY, :marshal => true
+
+  def after_initialize(attrs = {})
+    self.credentials ||= { :username => 'example', :password => 'test' }
+  end
+end
+
+class SequelTest < Minitest::Test
+
+  def setup
+    Human.all.each(&:destroy)
+  end
+
+  def test_should_encrypt_email
+    @human = Human.new :email => 'test@example.com'
+    assert @human.save
+    refute_nil @human.encrypted_email
+    refute_equal @human.email, @human.encrypted_email
+    assert_equal @human.email, Human.first.email
+  end
+
+  def test_should_marshal_and_encrypt_credentials
+
+    @human = Human.new :credentials => { :username => 'example', :password => 'test' }
+    assert @human.save
+    refute_nil @human.encrypted_credentials
+    refute_equal @human.credentials, @human.encrypted_credentials
+    assert_equal @human.credentials, Human.first.credentials
+    assert Human.first.credentials.is_a?(Hash)
+  end
+
+  def test_should_encode_by_default
+    assert Human.attr_encrypted_options[:encode]
+  end
+
+end

data/test/test_helper.rb

@@ -0,0 +1,61 @@
+# frozen_string_literal: true
+
+require 'simplecov'
+require 'simplecov-rcov'
+require 'codeclimate-test-reporter'
+require 'pry-byebug'
+
+SimpleCov.formatter = SimpleCov::Formatter::MultiFormatter.new(
+  [
+    SimpleCov::Formatter::HTMLFormatter,
+    SimpleCov::Formatter::RcovFormatter,
+    CodeClimate::TestReporter::Formatter
+  ]
+)
+
+SimpleCov.start do
+  add_filter 'test'
+end
+
+CodeClimate::TestReporter.start
+
+require 'minitest/autorun'
+
+# Rails 4.0.x pins to an old minitest
+unless defined?(MiniTest::Test)
+  MiniTest::Test = MiniTest::Unit::TestCase
+end
+
+require 'active_record'
+require 'data_mapper'
+require 'digest/sha2'
+require 'sequel'
+ActiveSupport::Deprecation.behavior = :raise
+
+$:.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
+$:.unshift(File.dirname(__FILE__))
+require 'attr_encrypted'
+
+DB = if defined?(RUBY_ENGINE) && RUBY_ENGINE.to_sym == :jruby
+  Sequel.jdbc('jdbc:sqlite::memory:')
+else
+  Sequel.sqlite
+end
+
+# The :after_initialize hook was removed in Sequel 4.0
+# and had been deprecated for a while before that:
+# http://sequel.rubyforge.org/rdoc-plugins/classes/Sequel/Plugins/AfterInitialize.html
+# This plugin re-enables it.
+Sequel::Model.plugin :after_initialize
+
+SECRET_KEY = SecureRandom.random_bytes(32)
+
+def base64_encoding_regex
+  /^(?:[A-Za-z0-9+\/]{4})*(?:[A-Za-z0-9+\/]{2}==|[A-Za-z0-9+\/]{3}=|[A-Za-z0-9+\/]{4})$/
+end
+
+def drop_all_tables
+  connection = ActiveRecord::Base.connection
+  tables = (ActiveRecord::VERSION::MAJOR >= 5 ? connection.data_sources : connection.tables)
+  tables.each { |table| ActiveRecord::Base.connection.drop_table(table) }
+end

metadata

@@ -0,0 +1,294 @@
+--- !ruby/object:Gem::Specification
+name: powerhome-attr_encrypted
+version: !ruby/object:Gem::Version
+  version: 1.0.1
+platform: ruby
+authors:
+- Wade Winningham
+- Ben Langfeld
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2020-06-17 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: encryptor
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 3.0.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 3.0.0
+- !ruby/object:Gem::Dependency
+  name: activerecord
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.0.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.0.0
+- !ruby/object:Gem::Dependency
+  name: actionpack
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.0.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.0.0
+- !ruby/object:Gem::Dependency
+  name: datamapper
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: minitest
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: sequel
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: pry-byebug
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: sqlite3
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.3.0
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.3.6
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.3.0
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.3.6
+- !ruby/object:Gem::Dependency
+  name: dm-sqlite-adapter
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: simplecov
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: simplecov-rcov
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: codeclimate-test-reporter
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "<="
+      - !ruby/object:Gem::Version
+        version: 0.6.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "<="
+      - !ruby/object:Gem::Version
+        version: 0.6.0
+description: Generates attr_accessors that encrypt and decrypt attributes transparently
+email:
+- wwinningham@powerhrg.com
+- ben@langfeld.me
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".travis.yml"
+- CHANGELOG.md
+- Gemfile
+- MIT-LICENSE
+- README.md
+- Rakefile
+- attr_encrypted.gemspec
+- certs/saghaulor.pem
+- checksum/attr_encrypted-3.0.0.gem.sha256
+- checksum/attr_encrypted-3.0.0.gem.sha512
+- checksum/attr_encrypted-3.0.1.gem.sha256
+- checksum/attr_encrypted-3.0.1.gem.sha512
+- checksum/attr_encrypted-3.0.2.gem.sha256
+- checksum/attr_encrypted-3.0.2.gem.sha512
+- checksum/attr_encrypted-3.0.3.gem.sha256
+- checksum/attr_encrypted-3.0.3.gem.sha512
+- checksum/attr_encrypted-3.1.0.gem.sha256
+- checksum/attr_encrypted-3.1.0.gem.sha512
+- lib/attr_encrypted.rb
+- lib/attr_encrypted/adapters/active_record.rb
+- lib/attr_encrypted/adapters/data_mapper.rb
+- lib/attr_encrypted/adapters/sequel.rb
+- lib/attr_encrypted/version.rb
+- test/active_record_test.rb
+- test/attr_encrypted_test.rb
+- test/compatibility_test.rb
+- test/data_mapper_test.rb
+- test/legacy_active_record_test.rb
+- test/legacy_attr_encrypted_test.rb
+- test/legacy_compatibility_test.rb
+- test/legacy_data_mapper_test.rb
+- test/legacy_sequel_test.rb
+- test/run.sh
+- test/sequel_test.rb
+- test/test_helper.rb
+homepage: https://github.com/powerhome/attr_encrypted
+licenses:
+- MIT
+metadata: {}
+post_install_message: |2+
+
+
+
+  WARNING: Several insecure default options and features were deprecated in attr_encrypted v2.0.0.
+
+  Additionally, there was a bug in Encryptor v2.0.0 that insecurely encrypted data when using an AES-*-GCM algorithm.
+
+  This bug was fixed but introduced breaking changes between v2.x and v3.x.
+
+  Please see the README for more information regarding upgrading to attr_encrypted v3.0.0.
+
+
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 2.0.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.1.2
+signing_key:
+specification_version: 4
+summary: Power's version of the attr_encrypted gem
+test_files:
+- test/active_record_test.rb
+- test/attr_encrypted_test.rb
+- test/compatibility_test.rb
+- test/data_mapper_test.rb
+- test/legacy_active_record_test.rb
+- test/legacy_attr_encrypted_test.rb
+- test/legacy_compatibility_test.rb
+- test/legacy_data_mapper_test.rb
+- test/legacy_sequel_test.rb
+- test/run.sh
+- test/sequel_test.rb
+- test/test_helper.rb
+...