powerhome-attr_encrypted 1.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (38) hide show
  1. checksums.yaml +7 -0
  2. data/.gitignore +6 -0
  3. data/.travis.yml +67 -0
  4. data/CHANGELOG.md +98 -0
  5. data/Gemfile +3 -0
  6. data/MIT-LICENSE +20 -0
  7. data/README.md +465 -0
  8. data/Rakefile +25 -0
  9. data/attr_encrypted.gemspec +63 -0
  10. data/certs/saghaulor.pem +21 -0
  11. data/checksum/attr_encrypted-3.0.0.gem.sha256 +1 -0
  12. data/checksum/attr_encrypted-3.0.0.gem.sha512 +1 -0
  13. data/checksum/attr_encrypted-3.0.1.gem.sha256 +1 -0
  14. data/checksum/attr_encrypted-3.0.1.gem.sha512 +1 -0
  15. data/checksum/attr_encrypted-3.0.2.gem.sha256 +1 -0
  16. data/checksum/attr_encrypted-3.0.2.gem.sha512 +1 -0
  17. data/checksum/attr_encrypted-3.0.3.gem.sha256 +1 -0
  18. data/checksum/attr_encrypted-3.0.3.gem.sha512 +1 -0
  19. data/checksum/attr_encrypted-3.1.0.gem.sha256 +1 -0
  20. data/checksum/attr_encrypted-3.1.0.gem.sha512 +1 -0
  21. data/lib/attr_encrypted.rb +473 -0
  22. data/lib/attr_encrypted/adapters/active_record.rb +157 -0
  23. data/lib/attr_encrypted/adapters/data_mapper.rb +24 -0
  24. data/lib/attr_encrypted/adapters/sequel.rb +16 -0
  25. data/lib/attr_encrypted/version.rb +19 -0
  26. data/test/active_record_test.rb +365 -0
  27. data/test/attr_encrypted_test.rb +490 -0
  28. data/test/compatibility_test.rb +109 -0
  29. data/test/data_mapper_test.rb +59 -0
  30. data/test/legacy_active_record_test.rb +120 -0
  31. data/test/legacy_attr_encrypted_test.rb +300 -0
  32. data/test/legacy_compatibility_test.rb +95 -0
  33. data/test/legacy_data_mapper_test.rb +57 -0
  34. data/test/legacy_sequel_test.rb +54 -0
  35. data/test/run.sh +12 -0
  36. data/test/sequel_test.rb +55 -0
  37. data/test/test_helper.rb +61 -0
  38. metadata +294 -0
@@ -0,0 +1,109 @@
1
+ # frozen_string_literal: true
2
+
3
+ # -*- encoding: utf-8 -*-
4
+ require_relative 'test_helper'
5
+
6
+ # Test to ensure that existing representations in database do not break on
7
+ # migrating to new versions of this gem. This ensures that future versions of
8
+ # this gem will retain backwards compatibility with data generated by earlier
9
+ # versions.
10
+ class CompatibilityTest < Minitest::Test
11
+ class NonmarshallingPet < ActiveRecord::Base
12
+ PET_NICKNAME_SALT = Digest::SHA256.hexdigest('my-really-really-secret-pet-nickname-salt')
13
+ PET_NICKNAME_KEY = 'my-really-really-secret-pet-nickname-key'
14
+ PET_BIRTHDATE_SALT = Digest::SHA256.hexdigest('my-really-really-secret-pet-birthdate-salt')
15
+ PET_BIRTHDATE_KEY = 'my-really-really-secret-pet-birthdate-key'
16
+
17
+ self.attr_encrypted_options[:mode] = :per_attribute_iv_and_salt
18
+ self.attr_encrypted_options[:algorithm] = 'aes-256-cbc'
19
+ self.attr_encrypted_options[:insecure_mode] = true
20
+
21
+ attr_encrypted :nickname,
22
+ :key => proc { Encryptor.encrypt(:value => PET_NICKNAME_SALT, :key => PET_NICKNAME_KEY, insecure_mode: true, algorithm: 'aes-256-cbc') }
23
+ attr_encrypted :birthdate,
24
+ :key => proc { Encryptor.encrypt(:value => PET_BIRTHDATE_SALT, :key => PET_BIRTHDATE_KEY, insecure_mode: true, algorithm: 'aes-256-cbc') }
25
+ end
26
+
27
+ class MarshallingPet < ActiveRecord::Base
28
+ PET_NICKNAME_SALT = Digest::SHA256.hexdigest('my-really-really-secret-pet-nickname-salt')
29
+ PET_NICKNAME_KEY = 'my-really-really-secret-pet-nickname-key'
30
+ PET_BIRTHDATE_SALT = Digest::SHA256.hexdigest('my-really-really-secret-pet-birthdate-salt')
31
+ PET_BIRTHDATE_KEY = 'my-really-really-secret-pet-birthdate-key'
32
+
33
+ self.attr_encrypted_options[:mode] = :per_attribute_iv_and_salt
34
+ self.attr_encrypted_options[:algorithm] = 'aes-256-cbc'
35
+ self.attr_encrypted_options[:insecure_mode] = true
36
+
37
+ attr_encrypted :nickname,
38
+ :key => proc { Encryptor.encrypt(:value => PET_NICKNAME_SALT, :key => PET_NICKNAME_KEY, insecure_mode: true, algorithm: 'aes-256-cbc') },
39
+ :marshal => true
40
+ attr_encrypted :birthdate,
41
+ :key => proc { Encryptor.encrypt(:value => PET_BIRTHDATE_SALT, :key => PET_BIRTHDATE_KEY, insecure_mode: true, algorithm: 'aes-256-cbc') },
42
+ :marshal => true
43
+ end
44
+
45
+ def setup
46
+ drop_all_tables
47
+ create_tables
48
+ end
49
+
50
+ def test_nonmarshalling_backwards_compatibility
51
+ pet = NonmarshallingPet.create!(
52
+ :name => 'Fido',
53
+ :encrypted_nickname => 'E4lJTxFG/EfkfPg5MpnriQ==',
54
+ :encrypted_nickname_iv => 'z4Q8deE4h7f6S8NNZcbPNg==',
55
+ :encrypted_nickname_salt => 'adcd833001a873db',
56
+ :encrypted_birthdate => '6uKEAiFVdJw+N5El+U6Gow==',
57
+ :encrypted_birthdate_iv => 'zxtc1XPssL4s2HwA69nORQ==',
58
+ :encrypted_birthdate_salt => '4f879270045eaad7'
59
+ )
60
+
61
+ assert_equal 'Fido', pet.name
62
+ assert_equal 'Fido the Dog', pet.nickname
63
+ assert_equal '2011-07-09', pet.birthdate
64
+ end
65
+
66
+ def test_marshalling_backwards_compatibility
67
+ pet = MarshallingPet.create!(
68
+ :name => 'Fido',
69
+ :encrypted_nickname => 'EsQScJYkPw80vVGvKWkE37Px99HHpXPFjoEPTNa4rbs=',
70
+ :encrypted_nickname_iv => 'fNq1OZcGvty4KfcvGTcFSw==',
71
+ :encrypted_nickname_salt => '733b459b7d34c217',
72
+ :encrypted_birthdate => '+VUlKQGfNWkOgCwI4hv+3qlGIwh9h6cJ/ranJlaxvU+xxQdL3H3cOzTcI2rkYkdR',
73
+ :encrypted_birthdate_iv => 'Ka+zF/SwEYZKwVa24lvFfA==',
74
+ :encrypted_birthdate_salt => 'd5e892d5bbd81566'
75
+ )
76
+
77
+ assert_equal 'Fido', pet.name
78
+ assert_equal 'Mummy\'s little helper', pet.nickname
79
+
80
+ assert_equal Date.new(2011, 7, 9), pet.birthdate
81
+ end
82
+
83
+ private
84
+
85
+ def create_tables
86
+ ActiveRecord::Schema.define(:version => 1) do
87
+ create_table :nonmarshalling_pets do |t|
88
+ t.string :name
89
+ t.string :encrypted_nickname
90
+ t.string :encrypted_nickname_iv
91
+ t.string :encrypted_nickname_salt
92
+ t.string :encrypted_birthdate
93
+ t.string :encrypted_birthdate_iv
94
+ t.string :encrypted_birthdate_salt
95
+ end
96
+ create_table :marshalling_pets do |t|
97
+ t.string :name
98
+ t.string :encrypted_nickname
99
+ t.string :encrypted_nickname_iv
100
+ t.string :encrypted_nickname_salt
101
+ t.string :encrypted_birthdate
102
+ t.string :encrypted_birthdate_iv
103
+ t.string :encrypted_birthdate_salt
104
+ end
105
+ end
106
+ end
107
+ end
108
+
109
+ ActiveRecord::Base.establish_connection :adapter => 'sqlite3', :database => ':memory:'
@@ -0,0 +1,59 @@
1
+ # frozen_string_literal: true
2
+
3
+ require_relative 'test_helper'
4
+
5
+ DataMapper.setup(:default, 'sqlite3::memory:')
6
+
7
+ class Client
8
+ include DataMapper::Resource
9
+
10
+ property :id, Serial
11
+ property :encrypted_email, String
12
+ property :encrypted_email_iv, String
13
+ property :encrypted_email_salt, String
14
+
15
+ property :encrypted_credentials, Text
16
+ property :encrypted_credentials_iv, Text
17
+ property :encrypted_credentials_salt, Text
18
+
19
+ self.attr_encrypted_options[:mode] = :per_attribute_iv_and_salt
20
+
21
+ attr_encrypted :email, :key => SECRET_KEY
22
+ attr_encrypted :credentials, :key => SECRET_KEY, :marshal => true
23
+
24
+ def initialize(attrs = {})
25
+ super attrs
26
+ self.credentials ||= { :username => 'example', :password => 'test' }
27
+ end
28
+ end
29
+
30
+ DataMapper.auto_migrate!
31
+
32
+ class DataMapperTest < Minitest::Test
33
+
34
+ def setup
35
+ Client.all.each(&:destroy)
36
+ end
37
+
38
+ def test_should_encrypt_email
39
+ @client = Client.new :email => 'test@example.com'
40
+ assert @client.save
41
+ refute_nil @client.encrypted_email
42
+ refute_equal @client.email, @client.encrypted_email
43
+ assert_equal @client.email, Client.first.email
44
+ end
45
+
46
+ def test_should_marshal_and_encrypt_credentials
47
+ @client = Client.new
48
+ assert @client.save
49
+ refute_nil @client.encrypted_credentials
50
+ refute_equal @client.credentials, @client.encrypted_credentials
51
+ assert_equal @client.credentials, Client.first.credentials
52
+ assert Client.first.credentials.is_a?(Hash)
53
+ end
54
+
55
+ def test_should_encode_by_default
56
+ assert Client.attr_encrypted_options[:encode]
57
+ end
58
+
59
+ end
@@ -0,0 +1,120 @@
1
+ # frozen_string_literal: true
2
+
3
+ # -*- encoding: utf-8 -*-
4
+ require_relative 'test_helper'
5
+
6
+ ActiveRecord::Base.establish_connection :adapter => 'sqlite3', :database => ':memory:'
7
+
8
+ def create_people_table
9
+ ActiveRecord::Schema.define(:version => 1) do
10
+ create_table :legacy_people do |t|
11
+ t.string :encrypted_email
12
+ t.string :password
13
+ t.string :encrypted_credentials
14
+ t.string :salt
15
+ end
16
+ end
17
+ end
18
+
19
+ # The table needs to exist before defining the class
20
+ create_people_table
21
+
22
+ ActiveRecord::MissingAttributeError = ActiveModel::MissingAttributeError unless defined?(ActiveRecord::MissingAttributeError)
23
+
24
+ class LegacyPerson < ActiveRecord::Base
25
+ self.attr_encrypted_options[:insecure_mode] = true
26
+ self.attr_encrypted_options[:algorithm] = 'aes-256-cbc'
27
+ self.attr_encrypted_options[:mode] = :single_iv_and_salt
28
+
29
+ attr_encrypted :email, :key => 'a secret key'
30
+ attr_encrypted :credentials, :key => Proc.new { |user| Encryptor.encrypt(:value => user.salt, :key => 'some private key', insecure_mode: true, algorithm: 'aes-256-cbc') }, :marshal => true
31
+
32
+ ActiveSupport::Deprecation.silenced = true
33
+ def after_initialize; end
34
+ ActiveSupport::Deprecation.silenced = false
35
+
36
+ after_initialize :initialize_salt_and_credentials
37
+
38
+ protected
39
+
40
+ def initialize_salt_and_credentials
41
+ self.salt ||= Digest::SHA256.hexdigest((Time.now.to_i * rand(5)).to_s)
42
+ self.credentials ||= { :username => 'example', :password => 'test' }
43
+ rescue ActiveRecord::MissingAttributeError
44
+ end
45
+ end
46
+
47
+ class LegacyPersonWithValidation < LegacyPerson
48
+ validates_presence_of :email
49
+ validates_uniqueness_of :encrypted_email
50
+ end
51
+
52
+ class LegacyActiveRecordTest < Minitest::Test
53
+
54
+ def setup
55
+ drop_all_tables
56
+ create_people_table
57
+ end
58
+
59
+ def test_should_decrypt_with_correct_encoding
60
+ if defined?(Encoding)
61
+ @person = LegacyPerson.create :email => 'test@example.com'
62
+ assert_equal 'UTF-8', LegacyPerson.first.email.encoding.name
63
+ end
64
+ end
65
+
66
+ def test_should_encrypt_email
67
+ @person = LegacyPerson.create :email => 'test@example.com'
68
+ refute_nil @person.encrypted_email
69
+ refute_equal @person.email, @person.encrypted_email
70
+ assert_equal @person.email, LegacyPerson.first.email
71
+ end
72
+
73
+ def test_should_marshal_and_encrypt_credentials
74
+ @person = LegacyPerson.create
75
+ refute_nil @person.encrypted_credentials
76
+ refute_equal @person.credentials, @person.encrypted_credentials
77
+ assert_equal @person.credentials, LegacyPerson.first.credentials
78
+ end
79
+
80
+ def test_should_find_by_email
81
+ @person = LegacyPerson.create(:email => 'test@example.com')
82
+ assert_equal @person, LegacyPerson.find_by_email('test@example.com')
83
+ end
84
+
85
+ def test_should_find_by_email_and_password
86
+ LegacyPerson.create(:email => 'test@example.com', :password => 'invalid')
87
+ @person = LegacyPerson.create(:email => 'test@example.com', :password => 'test')
88
+ assert_equal @person, LegacyPerson.find_by_email_and_password('test@example.com', 'test')
89
+ end
90
+
91
+ def test_should_scope_by_email
92
+ @person = LegacyPerson.create(:email => 'test@example.com')
93
+ assert_equal @person, LegacyPerson.scoped_by_email('test@example.com').first rescue NoMethodError
94
+ end
95
+
96
+ def test_should_scope_by_email_and_password
97
+ LegacyPerson.create(:email => 'test@example.com', :password => 'invalid')
98
+ @person = LegacyPerson.create(:email => 'test@example.com', :password => 'test')
99
+ assert_equal @person, LegacyPerson.scoped_by_email_and_password('test@example.com', 'test').first rescue NoMethodError
100
+ end
101
+
102
+ def test_should_encode_by_default
103
+ assert LegacyPerson.attr_encrypted_options[:encode]
104
+ end
105
+
106
+ def test_should_validate_presence_of_email
107
+ @person = LegacyPersonWithValidation.new
108
+ assert !@person.valid?
109
+ assert !@person.errors[:email].empty? || @person.errors.on(:email)
110
+ end
111
+
112
+ def test_should_validate_uniqueness_of_email
113
+ @person = LegacyPersonWithValidation.new :email => 'test@example.com'
114
+ assert @person.save
115
+ @person2 = LegacyPersonWithValidation.new :email => @person.email
116
+ assert !@person2.valid?
117
+ assert !@person2.errors[:encrypted_email].empty? || @person2.errors.on(:encrypted_email)
118
+ end
119
+
120
+ end
@@ -0,0 +1,300 @@
1
+ # frozen_string_literal: true
2
+
3
+ # -*- encoding: utf-8 -*-
4
+ require_relative 'test_helper'
5
+
6
+ class LegacySillyEncryptor
7
+ def self.silly_encrypt(options)
8
+ (options[:value] + options[:some_arg]).reverse
9
+ end
10
+
11
+ def self.silly_decrypt(options)
12
+ options[:value].reverse.gsub(/#{options[:some_arg]}$/, '')
13
+ end
14
+ end
15
+
16
+ class LegacyUser
17
+ extend AttrEncrypted
18
+ self.attr_encrypted_options[:key] = Proc.new { |user| user.class.to_s } # default key
19
+ self.attr_encrypted_options[:insecure_mode] = true
20
+ self.attr_encrypted_options[:algorithm] = 'aes-256-cbc'
21
+ self.attr_encrypted_options[:mode] = :single_iv_and_salt
22
+
23
+ attr_encrypted :email, :without_encoding, :key => 'secret key'
24
+ attr_encrypted :password, :prefix => 'crypted_', :suffix => '_test'
25
+ attr_encrypted :ssn, :key => :salt, :attribute => 'ssn_encrypted'
26
+ attr_encrypted :credit_card, :encryptor => LegacySillyEncryptor, :encrypt_method => :silly_encrypt, :decrypt_method => :silly_decrypt, :some_arg => 'test'
27
+ attr_encrypted :with_encoding, :key => 'secret key', :encode => true
28
+ attr_encrypted :with_custom_encoding, :key => 'secret key', :encode => 'm'
29
+ attr_encrypted :with_marshaling, :key => 'secret key', :marshal => true
30
+ attr_encrypted :with_true_if, :key => 'secret key', :if => true
31
+ attr_encrypted :with_false_if, :key => 'secret key', :if => false
32
+ attr_encrypted :with_true_unless, :key => 'secret key', :unless => true
33
+ attr_encrypted :with_false_unless, :key => 'secret key', :unless => false
34
+ attr_encrypted :with_if_changed, :key => 'secret key', :if => :should_encrypt
35
+
36
+ attr_encryptor :aliased, :key => 'secret_key'
37
+
38
+ attr_accessor :salt
39
+ attr_accessor :should_encrypt
40
+
41
+ def initialize
42
+ self.salt = Time.now.to_i.to_s
43
+ self.should_encrypt = true
44
+ end
45
+ end
46
+
47
+ class LegacyAdmin < LegacyUser
48
+ attr_encrypted :testing
49
+ end
50
+
51
+ class LegacySomeOtherClass
52
+ extend AttrEncrypted
53
+ def self.call(object)
54
+ object.class
55
+ end
56
+ end
57
+
58
+ class LegacyAttrEncryptedTest < Minitest::Test
59
+
60
+ def test_should_store_email_in_encrypted_attributes
61
+ assert LegacyUser.encrypted_attributes.include?(:email)
62
+ end
63
+
64
+ def test_should_not_store_salt_in_encrypted_attributes
65
+ assert !LegacyUser.encrypted_attributes.include?(:salt)
66
+ end
67
+
68
+ def test_attr_encrypted_should_return_true_for_email
69
+ assert LegacyUser.attr_encrypted?('email')
70
+ end
71
+
72
+ def test_attr_encrypted_should_not_use_the_same_attribute_name_for_two_attributes_in_the_same_line
73
+ refute_equal LegacyUser.encrypted_attributes[:email][:attribute], LegacyUser.encrypted_attributes[:without_encoding][:attribute]
74
+ end
75
+
76
+ def test_attr_encrypted_should_return_false_for_salt
77
+ assert !LegacyUser.attr_encrypted?('salt')
78
+ end
79
+
80
+ def test_should_generate_an_encrypted_attribute
81
+ assert LegacyUser.new.respond_to?(:encrypted_email)
82
+ end
83
+
84
+ def test_should_generate_an_encrypted_attribute_with_a_prefix_and_suffix
85
+ assert LegacyUser.new.respond_to?(:crypted_password_test)
86
+ end
87
+
88
+ def test_should_generate_an_encrypted_attribute_with_the_attribute_option
89
+ assert LegacyUser.new.respond_to?(:ssn_encrypted)
90
+ end
91
+
92
+ def test_should_not_encrypt_nil_value
93
+ assert_nil LegacyUser.encrypt_email(nil)
94
+ end
95
+
96
+ def test_should_not_encrypt_empty_string
97
+ assert_equal '', LegacyUser.encrypt_email('')
98
+ end
99
+
100
+ def test_should_encrypt_email
101
+ refute_nil LegacyUser.encrypt_email('test@example.com')
102
+ refute_equal 'test@example.com', LegacyUser.encrypt_email('test@example.com')
103
+ end
104
+
105
+ def test_should_encrypt_email_when_modifying_the_attr_writer
106
+ @user = LegacyUser.new
107
+ assert_nil @user.encrypted_email
108
+ @user.email = 'test@example.com'
109
+ refute_nil @user.encrypted_email
110
+ assert_equal LegacyUser.encrypt_email('test@example.com'), @user.encrypted_email
111
+ end
112
+
113
+ def test_should_not_decrypt_nil_value
114
+ assert_nil LegacyUser.decrypt_email(nil)
115
+ end
116
+
117
+ def test_should_not_decrypt_empty_string
118
+ assert_equal '', LegacyUser.decrypt_email('')
119
+ end
120
+
121
+ def test_should_decrypt_email
122
+ encrypted_email = LegacyUser.encrypt_email('test@example.com')
123
+ refute_equal 'test@test.com', encrypted_email
124
+ assert_equal 'test@example.com', LegacyUser.decrypt_email(encrypted_email)
125
+ end
126
+
127
+ def test_should_decrypt_email_when_reading
128
+ @user = LegacyUser.new
129
+ assert_nil @user.email
130
+ @user.encrypted_email = LegacyUser.encrypt_email('test@example.com')
131
+ assert_equal 'test@example.com', @user.email
132
+ end
133
+
134
+ def test_should_encrypt_with_encoding
135
+ assert_equal LegacyUser.encrypt_with_encoding('test'), [LegacyUser.encrypt_without_encoding('test')].pack('m')
136
+ end
137
+
138
+ def test_should_decrypt_with_encoding
139
+ encrypted = LegacyUser.encrypt_with_encoding('test')
140
+ assert_equal 'test', LegacyUser.decrypt_with_encoding(encrypted)
141
+ assert_equal LegacyUser.decrypt_with_encoding(encrypted), LegacyUser.decrypt_without_encoding(encrypted.unpack('m').first)
142
+ end
143
+
144
+ def test_should_decrypt_utf8_with_encoding
145
+ encrypted = LegacyUser.encrypt_with_encoding("test\xC2\xA0utf-8\xC2\xA0text")
146
+ assert_equal "test\xC2\xA0utf-8\xC2\xA0text", LegacyUser.decrypt_with_encoding(encrypted)
147
+ assert_equal LegacyUser.decrypt_with_encoding(encrypted), LegacyUser.decrypt_without_encoding(encrypted.unpack('m').first)
148
+ end
149
+
150
+ def test_should_encrypt_with_custom_encoding
151
+ assert_equal LegacyUser.encrypt_with_custom_encoding('test'), [LegacyUser.encrypt_without_encoding('test')].pack('m')
152
+ end
153
+
154
+ def test_should_decrypt_with_custom_encoding
155
+ encrypted = LegacyUser.encrypt_with_custom_encoding('test')
156
+ assert_equal 'test', LegacyUser.decrypt_with_custom_encoding(encrypted)
157
+ assert_equal LegacyUser.decrypt_with_custom_encoding(encrypted), LegacyUser.decrypt_without_encoding(encrypted.unpack('m').first)
158
+ end
159
+
160
+ def test_should_encrypt_with_marshaling
161
+ @user = LegacyUser.new
162
+ @user.with_marshaling = [1, 2, 3]
163
+ refute_nil @user.encrypted_with_marshaling
164
+ assert_equal LegacyUser.encrypt_with_marshaling([1, 2, 3]), @user.encrypted_with_marshaling
165
+ end
166
+
167
+ def test_should_decrypt_with_marshaling
168
+ encrypted = LegacyUser.encrypt_with_marshaling([1, 2, 3])
169
+ @user = LegacyUser.new
170
+ assert_nil @user.with_marshaling
171
+ @user.encrypted_with_marshaling = encrypted
172
+ assert_equal [1, 2, 3], @user.with_marshaling
173
+ end
174
+
175
+ def test_should_use_custom_encryptor_and_crypt_method_names_and_arguments
176
+ assert_equal LegacySillyEncryptor.silly_encrypt(:value => 'testing', :some_arg => 'test'), LegacyUser.encrypt_credit_card('testing')
177
+ end
178
+
179
+ def test_should_evaluate_a_key_passed_as_a_symbol
180
+ @user = LegacyUser.new
181
+ assert_nil @user.ssn_encrypted
182
+ @user.ssn = 'testing'
183
+ refute_nil @user.ssn_encrypted
184
+ assert_equal Encryptor.encrypt(:value => 'testing', :key => @user.salt, insecure_mode: true, algorithm: 'aes-256-cbc'), @user.ssn_encrypted
185
+ end
186
+
187
+ def test_should_evaluate_a_key_passed_as_a_proc
188
+ @user = LegacyUser.new
189
+ assert_nil @user.crypted_password_test
190
+ @user.password = 'testing'
191
+ refute_nil @user.crypted_password_test
192
+ assert_equal Encryptor.encrypt(:value => 'testing', :key => 'LegacyUser', insecure_mode: true, algorithm: 'aes-256-cbc'), @user.crypted_password_test
193
+ end
194
+
195
+ def test_should_use_options_found_in_the_attr_encrypted_options_attribute
196
+ @user = LegacyUser.new
197
+ assert_nil @user.crypted_password_test
198
+ @user.password = 'testing'
199
+ refute_nil @user.crypted_password_test
200
+ assert_equal Encryptor.encrypt(:value => 'testing', :key => 'LegacyUser', insecure_mode: true, algorithm: 'aes-256-cbc'), @user.crypted_password_test
201
+ end
202
+
203
+ def test_should_inherit_encrypted_attributes
204
+ assert_equal [LegacyUser.encrypted_attributes.keys, :testing].flatten.collect { |key| key.to_s }.sort, LegacyAdmin.encrypted_attributes.keys.collect { |key| key.to_s }.sort
205
+ end
206
+
207
+ def test_should_inherit_attr_encrypted_options
208
+ assert !LegacyUser.attr_encrypted_options.empty?
209
+ assert_equal LegacyUser.attr_encrypted_options, LegacyAdmin.attr_encrypted_options
210
+ end
211
+
212
+ def test_should_not_inherit_unrelated_attributes
213
+ assert LegacySomeOtherClass.attr_encrypted_options.empty?
214
+ assert LegacySomeOtherClass.encrypted_attributes.empty?
215
+ end
216
+
217
+ def test_should_evaluate_a_symbol_option
218
+ assert_equal LegacySomeOtherClass, LegacySomeOtherClass.new.send(:evaluate_attr_encrypted_option, :class)
219
+ end
220
+
221
+ def test_should_evaluate_a_proc_option
222
+ assert_equal LegacySomeOtherClass, LegacySomeOtherClass.new.send(:evaluate_attr_encrypted_option, proc { |object| object.class })
223
+ end
224
+
225
+ def test_should_evaluate_a_lambda_option
226
+ assert_equal LegacySomeOtherClass, LegacySomeOtherClass.new.send(:evaluate_attr_encrypted_option, lambda { |object| object.class })
227
+ end
228
+
229
+ def test_should_evaluate_a_method_option
230
+ assert_equal LegacySomeOtherClass, LegacySomeOtherClass.new.send(:evaluate_attr_encrypted_option, LegacySomeOtherClass.method(:call))
231
+ end
232
+
233
+ def test_should_return_a_string_option
234
+ class_string = 'LegacySomeOtherClass'
235
+ assert_equal class_string, LegacySomeOtherClass.new.send(:evaluate_attr_encrypted_option, class_string)
236
+ end
237
+
238
+ def test_should_encrypt_with_true_if
239
+ @user = LegacyUser.new
240
+ assert_nil @user.encrypted_with_true_if
241
+ @user.with_true_if = 'testing'
242
+ refute_nil @user.encrypted_with_true_if
243
+ assert_equal Encryptor.encrypt(:value => 'testing', :key => 'secret key', insecure_mode: true, algorithm: 'aes-256-cbc'), @user.encrypted_with_true_if
244
+ end
245
+
246
+ def test_should_not_encrypt_with_false_if
247
+ @user = LegacyUser.new
248
+ assert_nil @user.encrypted_with_false_if
249
+ @user.with_false_if = 'testing'
250
+ refute_nil @user.encrypted_with_false_if
251
+ assert_equal 'testing', @user.encrypted_with_false_if
252
+ end
253
+
254
+ def test_should_encrypt_with_false_unless
255
+ @user = LegacyUser.new
256
+ assert_nil @user.encrypted_with_false_unless
257
+ @user.with_false_unless = 'testing'
258
+ refute_nil @user.encrypted_with_false_unless
259
+ assert_equal Encryptor.encrypt(:value => 'testing', :key => 'secret key', insecure_mode: true, algorithm: 'aes-256-cbc'), @user.encrypted_with_false_unless
260
+ end
261
+
262
+ def test_should_not_encrypt_with_true_unless
263
+ @user = LegacyUser.new
264
+ assert_nil @user.encrypted_with_true_unless
265
+ @user.with_true_unless = 'testing'
266
+ refute_nil @user.encrypted_with_true_unless
267
+ assert_equal 'testing', @user.encrypted_with_true_unless
268
+ end
269
+
270
+ def test_should_work_with_aliased_attr_encryptor
271
+ assert LegacyUser.encrypted_attributes.include?(:aliased)
272
+ end
273
+
274
+ def test_should_always_reset_options
275
+ @user = LegacyUser.new
276
+ @user.with_if_changed = "encrypt_stuff"
277
+
278
+ @user = LegacyUser.new
279
+ @user.should_encrypt = false
280
+ @user.with_if_changed = "not_encrypted_stuff"
281
+ assert_equal "not_encrypted_stuff", @user.with_if_changed
282
+ assert_equal "not_encrypted_stuff", @user.encrypted_with_if_changed
283
+ end
284
+
285
+ def test_should_cast_values_as_strings_before_encrypting
286
+ string_encrypted_email = LegacyUser.encrypt_email('3')
287
+ assert_equal string_encrypted_email, LegacyUser.encrypt_email(3)
288
+ assert_equal '3', LegacyUser.decrypt_email(string_encrypted_email)
289
+ end
290
+
291
+ def test_should_create_query_accessor
292
+ @user = LegacyUser.new
293
+ assert !@user.email?
294
+ @user.email = ''
295
+ assert !@user.email?
296
+ @user.email = 'test@example.com'
297
+ assert @user.email?
298
+ end
299
+
300
+ end