sequel_vault 0.3 → 0.4

Sign up to get free protection for your applications and to get access to all the features.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/.gitignore +2 -0
  3. data/Gemfile.lock +5 -2
  4. data/lib/sequel_vault.rb +30 -10
  5. data/sequel_vault.gemspec +1 -1
  6. data/spec/sequel_vault_spec.rb +7 -4
  7. metadata +4 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 165282372b352387b3f41c17d6a652db49e6fd88
4
- data.tar.gz: bcf9013ae07860c426d1e9895dac5c8fc50eed21
3
+ metadata.gz: 3049adb333bd60b77bf10308bd4b762c0fe5e074
4
+ data.tar.gz: 942936b542ea08b4c968d85a000515da9cd1c4f0
5
5
  SHA512:
6
- metadata.gz: 35567135ac68c423cba3e794f1f4e96a336fdb8c34bbea44857ecc02b630175f455f06dc46b50f85d1a1127ce5cc642efe6d749a5db7fc83826ec15c0fed2ebf
7
- data.tar.gz: 161c4e25ecad6ff8720f419803c415183971853c0884f6d18480137d6983954abd6a5c66b5a199bf608344407267b283a3b46287f48c7c1159fbdf9bb36c7acf
6
+ metadata.gz: ffeab0fb22d2bdb46899ff54599574251b41a55080a8311e08571d7255dd671bed61193f34ce5fd94fceaccf2b962d6a8e597fa168fd6b287dca70338e88178b
7
+ data.tar.gz: 1ee118a4925797d427da37de478e95e486ba1521f7b4ad06366127d4ecfe4c89e51222f16bccd70f97aaf1f7e3bd94b4bdba1c97e884c21b61b6387891dadfa5
data/.gitignore CHANGED
@@ -1,2 +1,4 @@
1
1
  coverage
2
2
  *.gem
3
+ doc/
4
+ .yardoc
data/Gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- sequel_vault (0.2)
4
+ sequel_vault (0.3)
5
5
  fernet (~> 2.1, >= 2.1)
6
6
  sequel (~> 4.21, >= 4.21.0)
7
7
 
@@ -26,7 +26,7 @@ GEM
26
26
  diff-lcs (>= 1.2.0, < 2.0)
27
27
  rspec-support (~> 3.3.0)
28
28
  rspec-support (3.3.0)
29
- sequel (4.23.0)
29
+ sequel (4.26.0)
30
30
  simplecov (0.9.2)
31
31
  docile (~> 1.1.0)
32
32
  multi_json (~> 1.0)
@@ -43,3 +43,6 @@ DEPENDENCIES
43
43
  sequel_vault!
44
44
  simplecov (~> 0.9.2)
45
45
  sqlite3 (~> 1.3, >= 1.3.10)
46
+
47
+ BUNDLED WITH
48
+ 1.10.6
data/lib/sequel_vault.rb CHANGED
@@ -17,20 +17,27 @@ module Sequel
17
17
  model.vault_attributes(keys, *attrs) unless attrs.empty?
18
18
  end
19
19
 
20
+ # @!attribute [r] vault_attrs
21
+ # @return [Array<Symbol>] array of all attributes to be encrypted
22
+ # @!attribute [r] vault_keys
23
+ # @return [Array<String>] array of all keys to be used.
20
24
  module ClassMethods
21
25
  attr_reader :vault_attrs
22
26
  attr_reader :vault_keys
23
- attr_reader :vault_module
24
27
 
25
28
  Plugins.inherited_instance_variables(self, :@vault_attrs => :dup, :@vault_keys => :dup)
26
29
 
27
- def vault_attributes(keys, *attrs)
28
- raise(Error, 'must provide both keys name and attrs when setting up vault') unless keys && attrs
30
+ # Setup vault with the given keys for the given attributes.
31
+ #
32
+ # @param [Array<String>] keys to be used
33
+ # @param [Array<Symbol>] attributes that will be encrypted
34
+ def vault_attributes(keys, *attributes)
35
+ raise(Error, 'must provide both keys name and attrs when setting up vault') unless keys && attributes
29
36
  @vault_keys = keys
30
- @vault_attrs = attrs
37
+ @vault_attrs = attributes
31
38
 
32
39
  self.class.instance_eval do
33
- attrs.each do |attr|
40
+ attributes.each do |attr|
34
41
  define_method("#{attr}_lookup") do |plain|
35
42
  digests = keys.map { |key| Sequel.blob(digest(key, plain)) }
36
43
  where("#{attr}_digest": digests).first
@@ -39,14 +46,29 @@ module Sequel
39
46
  end
40
47
  end
41
48
 
49
+ # Returns the HMAC digest of plain text.
50
+ #
51
+ # @param [Array<String>] keys to be used
52
+ # @param [String] plain text
53
+ # @return [String] HMAC digest of the plain text
42
54
  def digest(keys, plain)
43
- OpenSSL::HMAC.digest(OpenSSL::Digest.new('sha512'), Array(keys).first, plain)
55
+ OpenSSL::HMAC.digest(OpenSSL::Digest.new('sha512'), Array(keys).last, plain)
44
56
  end
45
57
 
58
+ # Returns the encrypted version of plain text.
59
+ #
60
+ # @param [Array<String>] keys to be used
61
+ # @param [String] plain text
62
+ # @return [String] encrypted version of the plain text
46
63
  def encrypt(keys, plain)
47
- ::Fernet.generate(keys.first, plain)
64
+ ::Fernet.generate(keys.last, plain)
48
65
  end
49
66
 
67
+ # Returns the decryped version of encrypted text.
68
+ #
69
+ # @param [Array<String>] keys to be used
70
+ # @param [String] cypher text
71
+ # @return [String] plain version of the cypher text
50
72
  def decrypt(keys, cypher)
51
73
  keys.each do |key|
52
74
  verifier = ::Fernet.verifier(key, cypher, enforce_ttl: false)
@@ -57,14 +79,12 @@ module Sequel
57
79
  end
58
80
  end
59
81
 
60
- module DatasetMethods
61
- end
62
-
63
82
  module InstanceMethods
64
83
  def []=(attr, plain)
65
84
  if model.vault_attrs.include?(attr) && !plain.nil?
66
85
  send("#{attr}_digest=", self.class.digest(model.vault_keys, plain))
67
86
  value = self.class.encrypt(model.vault_keys, plain)
87
+ super(:key_id, model.vault_keys.length) if model.columns.include?(:key_id)
68
88
  end
69
89
  super(attr, value || plain)
70
90
  end
data/sequel_vault.gemspec CHANGED
@@ -13,7 +13,7 @@ Gem::Specification.new do |gem|
13
13
  gem.test_files = gem.files.grep(%r{^(test|spec|features)/})
14
14
  gem.name = "sequel_vault"
15
15
  gem.require_paths = ["lib"]
16
- gem.version = '0.3'
16
+ gem.version = '0.4'
17
17
 
18
18
  gem.add_runtime_dependency 'sequel', '~> 4.21', '>= 4.21.0'
19
19
  gem.add_runtime_dependency 'fernet', '~> 2.1', '>= 2.1'
data/spec/sequel_vault_spec.rb CHANGED
@@ -7,7 +7,7 @@ describe Sequel::Plugins::Vault do
7
7
  Class.new(Sequel::Model(db[:vm])) do
8
8
  set_primary_key :id
9
9
  unrestrict_primary_key
10
- set_columns([:id, :secret, :secret_digest])
10
+ set_columns([:id, :secret, :secret_digest, :key_id])
11
11
 
12
12
  plugin :vault
13
13
  end
@@ -15,18 +15,19 @@ describe Sequel::Plugins::Vault do
15
15
  let(:dataset) { klass.dataset }
16
16
  let(:model) { klass.new }
17
17
  let(:keys) do
18
- ["woRXJWevRaxZLxgoiEQtCDPBSf9TNg57bki0RUK1U48=",
19
- "fih3l0Z9e4NBpy5KIj+rmXVexY5O9LspzuqCFyqavjg="]
18
+ ["fih3l0Z9e4NBpy5KIj+rmXVexY5O9LspzuqCFyqavjg=",
19
+ "woRXJWevRaxZLxgoiEQtCDPBSf9TNg57bki0RUK1U48="]
20
20
  end
21
21
  let(:secret) { "Attack at once." }
22
22
  let(:cypher) { klass.encrypt(keys, secret) }
23
- let(:digest) { OpenSSL::HMAC.digest('sha512', keys.first, secret) }
23
+ let(:digest) { OpenSSL::HMAC.digest('sha512', keys.last, secret) }
24
24
 
25
25
  it "should encrypt vault attributes" do
26
26
  klass.vault_attributes(keys, :secret)
27
27
  model.secret = secret
28
28
  expect(model.values[:secret]).to_not eq(secret)
29
29
  expect(model.secret).to eq(secret)
30
+ expect(model.key_id).to eq(2)
30
31
  end
31
32
 
32
33
  it "should allow nil value" do
@@ -34,6 +35,7 @@ describe Sequel::Plugins::Vault do
34
35
  model.secret = nil
35
36
  expect(model.values[:secret]).to be_nil
36
37
  expect(model.secret).to be_nil
38
+ expect(model.key_id).to be_nil
37
39
  end
38
40
 
39
41
  it "should write a digest of the value" do
@@ -41,6 +43,7 @@ describe Sequel::Plugins::Vault do
41
43
  model.secret = secret
42
44
  expect(model.values[:secret_digest]).to_not eq(secret)
43
45
  expect(model.secret_digest).to eq(digest)
46
+ expect(model.key_id).to eq(2)
44
47
  end
45
48
 
46
49
  it "should provide a digest lookup" do
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: sequel_vault
3
3
  version: !ruby/object:Gem::Version
4
- version: '0.3'
4
+ version: '0.4'
5
5
  platform: ruby
6
6
  authors:
7
7
  - Timothée Peignier
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2015-06-29 00:00:00.000000000 Z
11
+ date: 2015-09-20 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: sequel
@@ -141,10 +141,11 @@ required_rubygems_version: !ruby/object:Gem::Requirement
141
141
  version: '0'
142
142
  requirements: []
143
143
  rubyforge_project:
144
- rubygems_version: 2.4.5
144
+ rubygems_version: 2.4.5.1
145
145
  signing_key:
146
146
  specification_version: 4
147
147
  summary: Handle attributes encryption.
148
148
  test_files:
149
149
  - spec/sequel_vault_spec.rb
150
150
  - spec/spec_helper.rb
151
+ has_rdoc: