sequel_vault 0.3 → 0.4
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.gitignore +2 -0
- data/Gemfile.lock +5 -2
- data/lib/sequel_vault.rb +30 -10
- data/sequel_vault.gemspec +1 -1
- data/spec/sequel_vault_spec.rb +7 -4
- metadata +4 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 3049adb333bd60b77bf10308bd4b762c0fe5e074
|
4
|
+
data.tar.gz: 942936b542ea08b4c968d85a000515da9cd1c4f0
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: ffeab0fb22d2bdb46899ff54599574251b41a55080a8311e08571d7255dd671bed61193f34ce5fd94fceaccf2b962d6a8e597fa168fd6b287dca70338e88178b
|
7
|
+
data.tar.gz: 1ee118a4925797d427da37de478e95e486ba1521f7b4ad06366127d4ecfe4c89e51222f16bccd70f97aaf1f7e3bd94b4bdba1c97e884c21b61b6387891dadfa5
|
data/.gitignore
CHANGED
data/Gemfile.lock
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
PATH
|
2
2
|
remote: .
|
3
3
|
specs:
|
4
|
-
sequel_vault (0.
|
4
|
+
sequel_vault (0.3)
|
5
5
|
fernet (~> 2.1, >= 2.1)
|
6
6
|
sequel (~> 4.21, >= 4.21.0)
|
7
7
|
|
@@ -26,7 +26,7 @@ GEM
|
|
26
26
|
diff-lcs (>= 1.2.0, < 2.0)
|
27
27
|
rspec-support (~> 3.3.0)
|
28
28
|
rspec-support (3.3.0)
|
29
|
-
sequel (4.
|
29
|
+
sequel (4.26.0)
|
30
30
|
simplecov (0.9.2)
|
31
31
|
docile (~> 1.1.0)
|
32
32
|
multi_json (~> 1.0)
|
@@ -43,3 +43,6 @@ DEPENDENCIES
|
|
43
43
|
sequel_vault!
|
44
44
|
simplecov (~> 0.9.2)
|
45
45
|
sqlite3 (~> 1.3, >= 1.3.10)
|
46
|
+
|
47
|
+
BUNDLED WITH
|
48
|
+
1.10.6
|
data/lib/sequel_vault.rb
CHANGED
@@ -17,20 +17,27 @@ module Sequel
|
|
17
17
|
model.vault_attributes(keys, *attrs) unless attrs.empty?
|
18
18
|
end
|
19
19
|
|
20
|
+
# @!attribute [r] vault_attrs
|
21
|
+
# @return [Array<Symbol>] array of all attributes to be encrypted
|
22
|
+
# @!attribute [r] vault_keys
|
23
|
+
# @return [Array<String>] array of all keys to be used.
|
20
24
|
module ClassMethods
|
21
25
|
attr_reader :vault_attrs
|
22
26
|
attr_reader :vault_keys
|
23
|
-
attr_reader :vault_module
|
24
27
|
|
25
28
|
Plugins.inherited_instance_variables(self, :@vault_attrs => :dup, :@vault_keys => :dup)
|
26
29
|
|
27
|
-
|
28
|
-
|
30
|
+
# Setup vault with the given keys for the given attributes.
|
31
|
+
#
|
32
|
+
# @param [Array<String>] keys to be used
|
33
|
+
# @param [Array<Symbol>] attributes that will be encrypted
|
34
|
+
def vault_attributes(keys, *attributes)
|
35
|
+
raise(Error, 'must provide both keys name and attrs when setting up vault') unless keys && attributes
|
29
36
|
@vault_keys = keys
|
30
|
-
@vault_attrs =
|
37
|
+
@vault_attrs = attributes
|
31
38
|
|
32
39
|
self.class.instance_eval do
|
33
|
-
|
40
|
+
attributes.each do |attr|
|
34
41
|
define_method("#{attr}_lookup") do |plain|
|
35
42
|
digests = keys.map { |key| Sequel.blob(digest(key, plain)) }
|
36
43
|
where("#{attr}_digest": digests).first
|
@@ -39,14 +46,29 @@ module Sequel
|
|
39
46
|
end
|
40
47
|
end
|
41
48
|
|
49
|
+
# Returns the HMAC digest of plain text.
|
50
|
+
#
|
51
|
+
# @param [Array<String>] keys to be used
|
52
|
+
# @param [String] plain text
|
53
|
+
# @return [String] HMAC digest of the plain text
|
42
54
|
def digest(keys, plain)
|
43
|
-
OpenSSL::HMAC.digest(OpenSSL::Digest.new('sha512'), Array(keys).
|
55
|
+
OpenSSL::HMAC.digest(OpenSSL::Digest.new('sha512'), Array(keys).last, plain)
|
44
56
|
end
|
45
57
|
|
58
|
+
# Returns the encrypted version of plain text.
|
59
|
+
#
|
60
|
+
# @param [Array<String>] keys to be used
|
61
|
+
# @param [String] plain text
|
62
|
+
# @return [String] encrypted version of the plain text
|
46
63
|
def encrypt(keys, plain)
|
47
|
-
::Fernet.generate(keys.
|
64
|
+
::Fernet.generate(keys.last, plain)
|
48
65
|
end
|
49
66
|
|
67
|
+
# Returns the decryped version of encrypted text.
|
68
|
+
#
|
69
|
+
# @param [Array<String>] keys to be used
|
70
|
+
# @param [String] cypher text
|
71
|
+
# @return [String] plain version of the cypher text
|
50
72
|
def decrypt(keys, cypher)
|
51
73
|
keys.each do |key|
|
52
74
|
verifier = ::Fernet.verifier(key, cypher, enforce_ttl: false)
|
@@ -57,14 +79,12 @@ module Sequel
|
|
57
79
|
end
|
58
80
|
end
|
59
81
|
|
60
|
-
module DatasetMethods
|
61
|
-
end
|
62
|
-
|
63
82
|
module InstanceMethods
|
64
83
|
def []=(attr, plain)
|
65
84
|
if model.vault_attrs.include?(attr) && !plain.nil?
|
66
85
|
send("#{attr}_digest=", self.class.digest(model.vault_keys, plain))
|
67
86
|
value = self.class.encrypt(model.vault_keys, plain)
|
87
|
+
super(:key_id, model.vault_keys.length) if model.columns.include?(:key_id)
|
68
88
|
end
|
69
89
|
super(attr, value || plain)
|
70
90
|
end
|
data/sequel_vault.gemspec
CHANGED
@@ -13,7 +13,7 @@ Gem::Specification.new do |gem|
|
|
13
13
|
gem.test_files = gem.files.grep(%r{^(test|spec|features)/})
|
14
14
|
gem.name = "sequel_vault"
|
15
15
|
gem.require_paths = ["lib"]
|
16
|
-
gem.version = '0.
|
16
|
+
gem.version = '0.4'
|
17
17
|
|
18
18
|
gem.add_runtime_dependency 'sequel', '~> 4.21', '>= 4.21.0'
|
19
19
|
gem.add_runtime_dependency 'fernet', '~> 2.1', '>= 2.1'
|
data/spec/sequel_vault_spec.rb
CHANGED
@@ -7,7 +7,7 @@ describe Sequel::Plugins::Vault do
|
|
7
7
|
Class.new(Sequel::Model(db[:vm])) do
|
8
8
|
set_primary_key :id
|
9
9
|
unrestrict_primary_key
|
10
|
-
set_columns([:id, :secret, :secret_digest])
|
10
|
+
set_columns([:id, :secret, :secret_digest, :key_id])
|
11
11
|
|
12
12
|
plugin :vault
|
13
13
|
end
|
@@ -15,18 +15,19 @@ describe Sequel::Plugins::Vault do
|
|
15
15
|
let(:dataset) { klass.dataset }
|
16
16
|
let(:model) { klass.new }
|
17
17
|
let(:keys) do
|
18
|
-
["
|
19
|
-
"
|
18
|
+
["fih3l0Z9e4NBpy5KIj+rmXVexY5O9LspzuqCFyqavjg=",
|
19
|
+
"woRXJWevRaxZLxgoiEQtCDPBSf9TNg57bki0RUK1U48="]
|
20
20
|
end
|
21
21
|
let(:secret) { "Attack at once." }
|
22
22
|
let(:cypher) { klass.encrypt(keys, secret) }
|
23
|
-
let(:digest) { OpenSSL::HMAC.digest('sha512', keys.
|
23
|
+
let(:digest) { OpenSSL::HMAC.digest('sha512', keys.last, secret) }
|
24
24
|
|
25
25
|
it "should encrypt vault attributes" do
|
26
26
|
klass.vault_attributes(keys, :secret)
|
27
27
|
model.secret = secret
|
28
28
|
expect(model.values[:secret]).to_not eq(secret)
|
29
29
|
expect(model.secret).to eq(secret)
|
30
|
+
expect(model.key_id).to eq(2)
|
30
31
|
end
|
31
32
|
|
32
33
|
it "should allow nil value" do
|
@@ -34,6 +35,7 @@ describe Sequel::Plugins::Vault do
|
|
34
35
|
model.secret = nil
|
35
36
|
expect(model.values[:secret]).to be_nil
|
36
37
|
expect(model.secret).to be_nil
|
38
|
+
expect(model.key_id).to be_nil
|
37
39
|
end
|
38
40
|
|
39
41
|
it "should write a digest of the value" do
|
@@ -41,6 +43,7 @@ describe Sequel::Plugins::Vault do
|
|
41
43
|
model.secret = secret
|
42
44
|
expect(model.values[:secret_digest]).to_not eq(secret)
|
43
45
|
expect(model.secret_digest).to eq(digest)
|
46
|
+
expect(model.key_id).to eq(2)
|
44
47
|
end
|
45
48
|
|
46
49
|
it "should provide a digest lookup" do
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: sequel_vault
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: '0.
|
4
|
+
version: '0.4'
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Timothée Peignier
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2015-
|
11
|
+
date: 2015-09-20 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: sequel
|
@@ -141,10 +141,11 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
141
141
|
version: '0'
|
142
142
|
requirements: []
|
143
143
|
rubyforge_project:
|
144
|
-
rubygems_version: 2.4.5
|
144
|
+
rubygems_version: 2.4.5.1
|
145
145
|
signing_key:
|
146
146
|
specification_version: 4
|
147
147
|
summary: Handle attributes encryption.
|
148
148
|
test_files:
|
149
149
|
- spec/sequel_vault_spec.rb
|
150
150
|
- spec/spec_helper.rb
|
151
|
+
has_rdoc:
|