RubyGems - sequel_vault - Versions diffs - 0.2 → 0.3 - Mend

sequel_vault 0.2 → 0.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 79908bf231a085221e910b96b7345983e900a794
-  data.tar.gz: ce9c51ff401740d8b402dae1edf45c7aa323b991
+  metadata.gz: 165282372b352387b3f41c17d6a652db49e6fd88
+  data.tar.gz: bcf9013ae07860c426d1e9895dac5c8fc50eed21
 SHA512:
-  metadata.gz: df113a38e57794ac31a830f01ad5b0a65ad9970b5f89c1bda85bc592516849704ad101c75e95b77756fbd07b4c76a48492967636ddf7072a487fbf6c708427ca
-  data.tar.gz: 7953a1f131303b5f2eb28edf48d183c2ee255b76bb7530403e3577c44fc75a85dcee7ad0191c025e58f64e28485741722c5cb69522df15a2efbb57cca4056e69
+  metadata.gz: 35567135ac68c423cba3e794f1f4e96a336fdb8c34bbea44857ecc02b630175f455f06dc46b50f85d1a1127ce5cc642efe6d749a5db7fc83826ec15c0fed2ebf
+  data.tar.gz: 161c4e25ecad6ff8720f419803c415183971853c0884f6d18480137d6983954abd6a5c66b5a199bf608344407267b283a3b46287f48c7c1159fbdf9bb36c7acf

data/Gemfile.lock CHANGED Viewed

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    sequel_vault (0.1)
+    sequel_vault (0.2)
       fernet (~> 2.1, >= 2.1)
       sequel (~> 4.21, >= 4.21.0)
@@ -10,23 +10,23 @@ GEM
   specs:
     diff-lcs (1.2.5)
     docile (1.1.5)
-    fernet (2.1)
+    fernet (2.1.1)
       valcro (= 0.1)
-    multi_json (1.11.0)
-    rspec (3.2.0)
-      rspec-core (~> 3.2.0)
-      rspec-expectations (~> 3.2.0)
-      rspec-mocks (~> 3.2.0)
-    rspec-core (3.2.2)
-      rspec-support (~> 3.2.0)
-    rspec-expectations (3.2.0)
+    multi_json (1.11.1)
+    rspec (3.3.0)
+      rspec-core (~> 3.3.0)
+      rspec-expectations (~> 3.3.0)
+      rspec-mocks (~> 3.3.0)
+    rspec-core (3.3.1)
+      rspec-support (~> 3.3.0)
+    rspec-expectations (3.3.0)
       diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.2.0)
-    rspec-mocks (3.2.1)
+      rspec-support (~> 3.3.0)
+    rspec-mocks (3.3.1)
       diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.2.0)
-    rspec-support (3.2.2)
-    sequel (4.21.0)
+      rspec-support (~> 3.3.0)
+    rspec-support (3.3.0)
+    sequel (4.23.0)
     simplecov (0.9.2)
       docile (~> 1.1.0)
       multi_json (~> 1.0)

data/lib/sequel_vault.rb CHANGED Viewed

@@ -1,40 +1,47 @@
 require "fernet"
+require "sequel"
 module Sequel
   module Plugins
     module Vault
       class InvalidCiphertext < Exception; end
-      def self.configure(model, keys = nil, *attrs)
+      def self.apply(model, keys = [], *attrs)
+        model.instance_eval do
+          @vault_attrs = attrs
+          @vault_keys = keys
+        end
+      end
+      def self.configure(model, keys = [], *attrs)
         model.vault_attributes(keys, *attrs) unless attrs.empty?
       end
       module ClassMethods
-        attr_accessor :vault_attributes_module
+        attr_reader :vault_attrs
+        attr_reader :vault_keys
+        attr_reader :vault_module
+        Plugins.inherited_instance_variables(self, :@vault_attrs => :dup, :@vault_keys => :dup)
         def vault_attributes(keys, *attrs)
-          include(self.vault_attributes_module ||= Module.new) unless vault_attributes_module
-          vault_attributes_module.class_eval do
-            attrs.each do |attr|
-              define_method(attr) do
-                cypher = super()
-                decrypt(keys, cypher) unless cypher.nil?
-              end
+          raise(Error, 'must provide both keys name and attrs when setting up vault') unless keys && attrs
+          @vault_keys = keys
+          @vault_attrs = attrs
-              define_method("#{attr}=") do |plain|
-                return if plain.nil?
-                cypher = encrypt(keys, plain)
-                digest = OpenSSL::HMAC.digest('sha512', keys.first, plain)
-                super(cypher)
-                send("#{attr}_digest=", digest)
+          self.class.instance_eval do
+            attrs.each do |attr|
+              define_method("#{attr}_lookup") do |plain|
+                digests = keys.map { |key| Sequel.blob(digest(key, plain)) }
+                where("#{attr}_digest": digests).first
               end
             end
           end
         end
-      end
-      module InstanceMethods
-        private
+        def digest(keys, plain)
+          OpenSSL::HMAC.digest(OpenSSL::Digest.new('sha512'), Array(keys).first, plain)
+        end
         def encrypt(keys, plain)
           ::Fernet.generate(keys.first, plain)
@@ -49,6 +56,28 @@ module Sequel
           raise InvalidCiphertext, "Could not decrypt field"
         end
       end
+      module DatasetMethods
+      end
+      module InstanceMethods
+        def []=(attr, plain)
+          if model.vault_attrs.include?(attr) && !plain.nil?
+            send("#{attr}_digest=", self.class.digest(model.vault_keys, plain))
+            value = self.class.encrypt(model.vault_keys, plain)
+          end
+          super(attr, value || plain)
+        end
+        def [](attr)
+          if model.vault_attrs.include?(attr)
+            cypher = super(attr)
+            self.class.decrypt(model.vault_keys, cypher) unless cypher.nil?
+          else
+            super(attr)
+          end
+        end
+      end
     end
   end
 end

data/sequel_vault.gemspec CHANGED Viewed

@@ -13,7 +13,7 @@ Gem::Specification.new do |gem|
   gem.test_files    = gem.files.grep(%r{^(test|spec|features)/})
   gem.name          = "sequel_vault"
   gem.require_paths = ["lib"]
-  gem.version       = '0.2'
+  gem.version       = '0.3'
   gem.add_runtime_dependency 'sequel', '~> 4.21', '>= 4.21.0'
   gem.add_runtime_dependency 'fernet', '~> 2.1', '>= 2.1'

data/spec/sequel_vault_spec.rb CHANGED Viewed

@@ -2,42 +2,51 @@
 require "spec_helper"
 describe Sequel::Plugins::Vault do
-  let(:db) { Sequel.mock }
+  let(:db) { Sequel.mock(autoid: 1) }
   let(:klass) do
     Class.new(Sequel::Model(db[:vm])) do
       set_primary_key :id
+      unrestrict_primary_key
       set_columns([:id, :secret, :secret_digest])
       plugin :vault
     end
   end
+  let(:dataset) { klass.dataset }
   let(:model) { klass.new }
   let(:keys) do
     ["woRXJWevRaxZLxgoiEQtCDPBSf9TNg57bki0RUK1U48=",
      "fih3l0Z9e4NBpy5KIj+rmXVexY5O9LspzuqCFyqavjg="]
   end
-  let(:sqls) { db.sqls }
   let(:secret) { "Attack at once." }
+  let(:cypher) { klass.encrypt(keys, secret) }
   let(:digest) { OpenSSL::HMAC.digest('sha512', keys.first, secret) }
   it "should encrypt vault attributes" do
-    model.class.vault_attributes(keys, :secret)
+    klass.vault_attributes(keys, :secret)
     model.secret = secret
     expect(model.values[:secret]).to_not eq(secret)
     expect(model.secret).to eq(secret)
   end
   it "should allow nil value" do
-    model.class.vault_attributes(keys, :secret)
+    klass.vault_attributes(keys, :secret)
     model.secret = nil
     expect(model.values[:secret]).to be_nil
     expect(model.secret).to be_nil
   end
   it "should write a digest of the value" do
-    model.class.vault_attributes(keys, :secret)
+    klass.vault_attributes(keys, :secret)
     model.secret = secret
     expect(model.values[:secret_digest]).to_not eq(secret)
     expect(model.secret_digest).to eq(digest)
   end
+  it "should provide a digest lookup" do
+    dataset._fetch = { id: 1, secret: cypher, secret_digest: digest }
+    klass.vault_attributes(keys, :secret)
+    lookup = klass.secret_lookup("secret")
+    expect(lookup.secret).to eq(secret)
+  end
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: sequel_vault
 version: !ruby/object:Gem::Version
-  version: '0.2'
+  version: '0.3'
 platform: ruby
 authors:
 - Timothée Peignier
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2015-06-28 00:00:00.000000000 Z
+date: 2015-06-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: sequel