securely_hashed_attributes 0.1.0

data/.gitignore

@@ -0,0 +1,4 @@
+*.gem
+.bundle
+Gemfile.lock
+pkg/*

data/.rspec

@@ -0,0 +1,2 @@
+-f progress
+-c

data/Gemfile

@@ -0,0 +1,4 @@
+source "http://rubygems.org"
+
+# Specify your gem's dependencies in securely_hashed_attributes.gemspec
+gemspec

data/LICENSE

@@ -0,0 +1,7 @@
+Public Domained!
+
+I, Ian D. Eccles, release all claims of copyright on this code and place it
+in the public domain.
+
+Do what you like with it, really, go nuts.
+

data/README.md

@@ -0,0 +1,116 @@
+## Overview
+
+This gem provides a quick and dirty way to add secure hashing to your
+ActiveRecord models.  It relies on the recent refactoring of
+`ActiveRecord::Base::serialize` thus **Rails 3.1+** is **required**.
+
+## Motivation
+
+I wrote this gem in response to Aaron Patterson's request for a
+`has_secure_password` implementation that uses the newfound flexibility of
+`ActiveRecord::Base::serialize`.  I originally intended to refactor the
+`has_secure_password` method in Rails 3.1, but that poses a problem that
+stems from the fact that `has_secure_password` is defined in ActiveModel::SecurePassword,
+while all of the column serialization jazz is part of `ActiveRecord::Base`.
+
+Either `SecurePassword` would need to be moved to `ActiveRecord`, or all of
+the `serialize` jazz would need to be moved to `ActiveModel`.  The first
+approach is the easiest, and at the moment only `ActiveRecord::Base` mixes-in
+the `ActiveModel::SecurePassword` module, but it still takes away the option
+of using it in, say, `ActiveResource::Base`.  The second approach would be
+a pretty involved undertaking, and while the work done by `serialize` and the
+coders does not depend upon `ActiveRecord`, no actual serialization is
+performed until the model is persisted.  As a result, it probably doesn't make
+much sense to refactor `serialize` into `ActiveModel`.
+
+In either case, such a refactoring would require some amount of pull amongst
+the Rails community (both components mentioned were put in place by some
+important Rails people) and unlike Jackie Treehorn, I don't pull shit in this
+town.  So, I created this gem to illustrate how dead simple the new hotness
+of `serialize` makes this feature.  It should work just fine with
+`ActiveRecord`, but it was built as more of a proof of concept than anything
+else.
+
+### Usage
+
+Here's an example of how you might use this gem:
+
+    # Schema: users(:password_hash => String, :bollocks => String,
+    #   :fancy_pants => String)
+    class User < ActiveRecord::Base
+      securely_hashes :password, :to => :password_hash
+      securely_hashes :bollocks
+    
+      class AlternateCoder
+        def self.dump some_value
+          # ...
+        end
+      
+        def self.load encoded
+          # ...
+        end
+      end
+    
+      securely_hashes :fancy_pants, :with => AlternateCoder
+    end
+
+    some_user = User.new
+    some_user.password    = 'super secret'
+    some_user.bollocks    = 'something else to hash'
+    some_user.fancy_pants = 'you get the idea'
+    some_user.save
+    some_user.reload
+    some_user.password_hash # => $2a$10blahetcetc...
+    some_user.bollocks      # => $2a$10yaddayadda...
+
+When using the `:to => <column name>` option, the gem will create getters and
+setters for the given attribute name and the setter will pass the value on
+to the actual column.  So, in our example of
+
+    securely_hashes :password, :to => :password_hash
+    
+the gem defined `password` and `password=` methods on our model automatically.
+This behavior is important to note because it can clobber (or be clobbered) by
+methods explicitly defined on the model. If the `:to => ...` option is not
+used, no methods are created.
+
+### Installing
+
+You can use this gem in your rails app by adding
+
+    gem 'securely_hashed_attributes'
+    
+to your `Gemfile`.  Alternatively, you can install the gem directly:
+
+    gem install securely_hashed_attributes
+    
+or you can clone the git repo:
+
+    git clone git://github.com/iande/securely_hashed_attributes.git
+
+I want to re-iterate that this gem was written mostly as a proof of concept,
+and you **must** be running Rails **3.1+** to use it.
+
+### Further Thoughts
+
+Hopefully this gem serves its purpose of demonstrating how easy it is to do
+some pretty cool shit with serialized columns in Rails 3.1.  You could easily
+add a coder that handles encryption to securely persist data in a column and
+semi-automagically work with the unencrypted data in your app.  It also
+provides opportunities for leveraging features of your database of choice, as
+Aaron Patterson demonstrated with his HStore coder at RailsConf 2011.
+Although, you may not want to use `eval` to decode the data.
+
+
+### License
+
+Public Domained!
+
+### Contributing
+
+I'm pretty open to pull requests, if anyone finds utility in this gem and
+wants to contribute additional features.  All I ask is that you provide
+adequate documentation and test coverage for any code you contribute.  If you
+find the "public domaining" of this code to be problematic, fork the code
+and put it under whatever license you like.  You're free to do with this code
+pretty much whatever you like.

data/Rakefile

@@ -0,0 +1,9 @@
+require 'rake'
+require 'rspec/core/rake_task'
+
+desc "Run RSpec"
+RSpec::Core::RakeTask.new do |t|
+  t.verbose = false
+end
+
+task :default => :spec

data/init.rb

@@ -0,0 +1 @@
+require 'securely_hashed_attributes'

data/lib/securely_hashed_attributes.rb

@@ -0,0 +1,72 @@
+# Kind of necessary for, you know, everything else we do.
+require 'bcrypt'
+require 'active_record'
+
+# The primary namespace of this gem
+module SecurelyHashedAttributes
+  # The default settings constant. Once the library is fully loaded,
+  # +:with+ will still be +nil+, but +:to+ will be set to
+  # {SecurelyHashedAttributes::Coders::BCryptPasswordColumn}
+  DEFAULT_ATTRIBUTE_OPTIONS = {
+    :to => nil,
+    :with => nil
+  }
+end
+require 'securely_hashed_attributes/version'
+require 'securely_hashed_attributes/coders'
+
+# Adds the singleton method
+# {ActiveRecord::Base.securely_hashes securely_hashes} to +ActiveRecord::Base+
+class ActiveRecord::Base
+  class << self
+    # Adds a secure hash serialization to a column with the help of +bcrypt+.
+    # By default, +attrib+ will serve as both the attribute to serialize and
+    # the name of the column that will hold the serialized value.  If you want
+    # to serialize the value to a different column, use the +:to+ option.
+    # Hashing of the value assigned to +attrib+ will not occur until the model
+    # is persisted.
+    #
+    # @param [#to_sym] attrib attribute to serialize
+    # @param [Hash] opts additional options
+    # @option opts [#to_sym] :to The column to serialize +attrib+ to.  If this
+    #   option is specified, a reader attribute will be created for +attrib+
+    #   and a +<attrib>=+ method will be create that copies the assigned value
+    #   to the specified column.
+    # @option opts [#to_sym] :with (BCryptPasswordColumn)
+    #   The coder to use to serialize and deserialize values assigned to +attrib+.
+    # @see SecurelyHashedAttributes::Coders::BCryptPasswordColumn
+    # @example
+    #   class User < ActiveRecord::Base
+    #     securely_hashes :password, :to => :password_hash
+    #     securely_hashes :security_answer
+    #   end
+    #   
+    #   new_user = User.new
+    #   new_user.password = 'my password'
+    #   new_user.security_answer = 'I am a turtle'
+    #   new_user.save
+    #   new_user.reload
+    #   new_user.password_hash                         # => '$2a$10blahetcetc...'
+    #   new_user.security_answer                       # => '$2a$10yaddayadda...'
+    #   new_user.password_hash   == 'not my password'  # => false
+    #   new_user.password_hash   == 'my password'      # => true
+    #   new_user.security_answer == 'I am a duck'      # => false
+    #   new_user.security_answer == 'I am a turtle'    # => true
+    def securely_hashes attrib, opts={}
+      opts = SecurelyHashedAttributes::DEFAULT_ATTRIBUTE_OPTIONS.merge opts
+      attrib = attrib.to_sym
+      if opts[:to]
+        col = opts[:to].to_sym
+        serialize col, opts[:with]
+
+        attr_reader attrib      
+        define_method :"#{attrib}=" do |val|
+          instance_variable_set(:"@#{attrib}", val)
+          self[col] = val
+        end
+      else
+        serialize attrib, opts[:with]
+      end
+    end
+  end
+end

data/lib/securely_hashed_attributes/coders.rb

@@ -0,0 +1,5 @@
+# The namespace for the serialize coders we'll provide.
+module SecurelyHashedAttributes::Coders
+end
+
+require 'securely_hashed_attributes/coders/bcrypt_password_column'

data/lib/securely_hashed_attributes/coders/bcrypt_password_column.rb

@@ -0,0 +1,30 @@
+# This coder serializes strings to +BCrypt::Password+ instances which, as the
+# name suggests, are suitable handlers for passwords.
+class SecurelyHashedAttributes::Coders::BCryptPasswordColumn
+  # A list of errors to handle when loading
+  RESCUE_ERRORS = [ArgumentError, BCrypt::Errors::InvalidHash]
+  
+  # Wrap the given data in the warm blanket of a +BCrypt::Password+
+  # @param [#to_s] str data to serialize
+  # @return [BCrypt::Password]
+  def self.dump str
+    BCrypt::Password.create str
+  end
+
+  # Takes a String digest generated by +bcrypt+ and wraps it in a new
+  # +BCrypt::Password+ for functionality beyond that of a simple +String+.
+  # If +digest+ is +nil+, an empty string is returned.  If +bcrypt+ does not
+  # recognize +digest+ as a valid hash, +digest+ itself is returned.
+  # @param [String] digest a string digest generated by +bcrypt+
+  # @return [BCrypt::Password, String]
+  def self.load digest
+    return '' if digest.nil?
+    begin
+      BCrypt::Password.new digest
+    rescue *RESCUE_ERRORS
+      digest
+    end
+  end
+  
+  SecurelyHashedAttributes::DEFAULT_ATTRIBUTE_OPTIONS[:with] = self
+end

data/lib/securely_hashed_attributes/version.rb

@@ -0,0 +1,4 @@
+module SecurelyHashedAttributes
+  # Current version of the securely_hashed_attributes gem
+  VERSION = "0.1.0"
+end

data/securely_hashed_attributes.gemspec

@@ -0,0 +1,26 @@
+# -*- encoding: utf-8 -*-
+$:.push File.expand_path("../lib", __FILE__)
+require "securely_hashed_attributes/version"
+
+Gem::Specification.new do |s|
+  s.name        = "securely_hashed_attributes"
+  s.version     = SecurelyHashedAttributes::VERSION
+  s.platform    = Gem::Platform::RUBY
+  s.authors     = ["Ian D. Eccles"]
+  s.email       = ["ian.eccles@gmail.com"]
+  s.homepage    = ""
+  s.summary     = %q{Add securely hashed attributes to your models}
+  s.description = %q{Add securely hashed attributes to your models, serialized with BCrypt}
+
+  s.rubyforge_project = "securely_hashed_attributes"
+
+  s.files         = `git ls-files`.split("\n")
+  s.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")
+  s.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
+  s.require_paths = ["lib"]
+  s.add_development_dependency 'rails', '~> 3.1.0.beta1'
+  s.add_development_dependency 'rspec', '~> 2.6.0'
+  s.add_development_dependency 'with_model', '~> 0.1.5'
+  s.add_development_dependency 'sqlite3', '~> 1.3.3'
+  s.add_development_dependency 'simplecov', '~> 0.4.2'
+end

data/spec/securely_hashed_attributes/coders/bcrypt_password_column_spec.rb

@@ -0,0 +1,32 @@
+require 'spec_helper'
+
+describe SecurelyHashedAttributes::Coders::BCryptPasswordColumn do
+  it "should dump a string as a bcrypt password hash" do
+    hashed = SecurelyHashedAttributes::Coders::BCryptPasswordColumn.dump('my stringzy')
+    hashed.should be_a_kind_of(BCrypt::Password)
+  end
+  
+  it "should dump a non string to bcrypt by converting it to a string" do
+    hashed = SecurelyHashedAttributes::Coders::BCryptPasswordColumn.dump([1, 2, 3])
+    hashed.should be_a_kind_of(BCrypt::Password)
+  end
+  
+  it "should load a bcrypt hash as a string" do
+    hashed = SecurelyHashedAttributes::Coders::BCryptPasswordColumn.dump('my stringzy')
+    loaded = SecurelyHashedAttributes::Coders::BCryptPasswordColumn.load(hashed)
+    loaded.should be_a_kind_of(BCrypt::Password)
+    loaded.should == 'my stringzy'
+  end
+  
+  it "should load a nil as an empty string" do
+    loaded = SecurelyHashedAttributes::Coders::BCryptPasswordColumn.load(nil)
+    loaded.should_not be_a_kind_of(BCrypt::Password)
+    loaded.should == ''
+  end
+  
+  it "should load a non bcrypt hash as a plain string" do
+    loaded = SecurelyHashedAttributes::Coders::BCryptPasswordColumn.load('sweet lameness')
+    loaded.should_not be_a_kind_of(BCrypt::Password)
+    loaded.should == 'sweet lameness'
+  end
+end

data/spec/securely_hashed_attributes_spec.rb

@@ -0,0 +1,96 @@
+require 'spec_helper'
+
+require 'active_record/connection_adapters/sqlite3_adapter'
+
+ActiveRecord::Base.establish_connection(:adapter => "sqlite3", :database => ":memory:")
+
+describe ActiveRecord::Base do
+  class AlternateCoder
+    def self.dump(*_); 'encoded'; end
+    def self.load(*_); 'decoded'; end
+  end
+  
+  let(:new_model) {
+    HashingModel.new
+  }
+  
+  with_model :hashing_model do
+    table do |t|
+      t.string :blathering
+      t.string :password_hash
+      t.string :chicken_fist_digest
+      t.string :big_mclargehuge
+    end
+    
+    model do
+      attr_reader :stately_dutch, :portly
+      alias :stately_dutch? :stately_dutch
+      alias :portly? :portly
+      
+      securely_hashes :blathering, :with => AlternateCoder
+      securely_hashes :password, :to => :password_hash
+      securely_hashes :chicken_fist, :to => :chicken_fist_digest
+      
+      def chicken_fist=(bird)
+        @stately_dutch = true
+      end
+      
+      def rip_steakface=(beefy)
+        @portly = true
+      end
+      
+      securely_hashes :rip_steakface, :to => :big_mclargehuge
+    end
+  end
+  
+  before(:each) do
+    HashingModel.delete_all
+  end
+  
+  it "should create getters and setters for :password" do
+    new_model.should respond_to(:password)
+    new_model.should respond_to(:password=)
+    new_model.password = 'super duper'
+    new_model.password.should == 'super duper'
+  end
+  
+  it "should serialize :password to :password_digest on save" do
+    new_model.password = 'super duper'
+    new_model.save
+    new_model.reload
+    new_model.password_hash.should_not be_empty
+    new_model.password_hash.should be_a_kind_of(BCrypt::Password)
+    new_model.password_hash.should == 'super duper'
+  end
+  
+  it "should get clobbered by #chicken_fist=" do
+    new_model.should_not be_stately_dutch
+    new_model.chicken_fist = 'a string to hash'
+    new_model.should be_stately_dutch
+  end
+  
+  it "should not hash properly because of #chicken_fist=" do
+    new_model.chicken_fist = 'a string to hash'
+    new_model.save
+    new_model.chicken_fist_digest.should be_empty
+  end
+  
+  it "should clobber #rip_steakface=" do
+    new_model.should_not be_portly
+    new_model.rip_steakface = 'a string to hash'
+    new_model.should_not be_portly
+  end
+  
+  it "should has properly because it overwrote #rip_steakface=" do
+    new_model.rip_steakface = 'a string to hash'
+    new_model.save
+    new_model.big_mclargehuge.should_not be_empty
+  end
+  
+  it "should serialize :blathering with an alternate coder" do
+    new_model.blathering = 'fancy pants'
+    new_model.save
+    new_model.reload
+    new_model.blathering.should == 'decoded'
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,16 @@
+Dir[File.expand_path('support', File.dirname(__FILE__)) + "/**/*.rb"].each { |f| require f }
+
+begin
+  require 'simplecov'
+  SimpleCov.start do
+    add_filter "/spec/"
+  end
+rescue LoadError
+end
+
+require 'securely_hashed_attributes'
+require 'with_model'
+
+RSpec.configure do |config|
+  config.extend WithModel
+end

metadata

@@ -0,0 +1,126 @@
+--- !ruby/object:Gem::Specification 
+name: securely_hashed_attributes
+version: !ruby/object:Gem::Version 
+  prerelease: 
+  version: 0.1.0
+platform: ruby
+authors: 
+- Ian D. Eccles
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2011-05-19 00:00:00 Z
+dependencies: 
+- !ruby/object:Gem::Dependency 
+  name: rails
+  prerelease: false
+  requirement: &id001 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        version: 3.1.0.beta1
+  type: :development
+  version_requirements: *id001
+- !ruby/object:Gem::Dependency 
+  name: rspec
+  prerelease: false
+  requirement: &id002 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        version: 2.6.0
+  type: :development
+  version_requirements: *id002
+- !ruby/object:Gem::Dependency 
+  name: with_model
+  prerelease: false
+  requirement: &id003 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        version: 0.1.5
+  type: :development
+  version_requirements: *id003
+- !ruby/object:Gem::Dependency 
+  name: sqlite3
+  prerelease: false
+  requirement: &id004 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        version: 1.3.3
+  type: :development
+  version_requirements: *id004
+- !ruby/object:Gem::Dependency 
+  name: simplecov
+  prerelease: false
+  requirement: &id005 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        version: 0.4.2
+  type: :development
+  version_requirements: *id005
+description: Add securely hashed attributes to your models, serialized with BCrypt
+email: 
+- ian.eccles@gmail.com
+executables: []
+
+extensions: []
+
+extra_rdoc_files: []
+
+files: 
+- .gitignore
+- .rspec
+- Gemfile
+- LICENSE
+- README.md
+- Rakefile
+- init.rb
+- lib/securely_hashed_attributes.rb
+- lib/securely_hashed_attributes/coders.rb
+- lib/securely_hashed_attributes/coders/bcrypt_password_column.rb
+- lib/securely_hashed_attributes/version.rb
+- securely_hashed_attributes.gemspec
+- spec/securely_hashed_attributes/coders/bcrypt_password_column_spec.rb
+- spec/securely_hashed_attributes_spec.rb
+- spec/spec_helper.rb
+homepage: ""
+licenses: []
+
+post_install_message: 
+rdoc_options: []
+
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      version: "0"
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      version: "0"
+requirements: []
+
+rubyforge_project: securely_hashed_attributes
+rubygems_version: 1.7.2
+signing_key: 
+specification_version: 3
+summary: Add securely hashed attributes to your models
+test_files: 
+- spec/securely_hashed_attributes/coders/bcrypt_password_column_spec.rb
+- spec/securely_hashed_attributes_spec.rb
+- spec/spec_helper.rb
+has_rdoc: