spectator-attr_encrypted 1.1.3

data/lib/attr_encrypted/adapters/active_record.rb

@@ -0,0 +1,55 @@
+if defined?(ActiveRecord)
+  module AttrEncrypted
+    module Adapters
+      module ActiveRecord
+        def self.extended(base)
+          base.attr_encrypted_options[:encode] = true
+          base.eigenclass_eval { alias_method_chain :method_missing, :attr_encrypted }
+        end
+        
+        protected
+        
+          # Ensures the attribute methods for db fields have been defined before calling the original 
+          # <tt>attr_encrypted</tt> method
+          def attr_encrypted(*attrs)
+            define_attribute_methods rescue nil
+            super
+            attrs.reject { |attr| attr.is_a?(Hash) }.each { |attr| alias_method "#{attr}_before_type_cast", attr }
+          end
+          
+          # Allows you to use dynamic methods like <tt>find_by_email</tt> or <tt>scoped_by_email</tt> for 
+          # encrypted attributes
+          #
+          # NOTE: This only works when the <tt>:key</tt> option is specified as a string (see the README)
+          #
+          # This is useful for encrypting fields like email addresses. Your user's email addresses 
+          # are encrypted in the database, but you can still look up a user by email for logging in
+          #
+          # Example
+          #
+          #   class User < ActiveRecord::Base
+          #     attr_encrypted :email, :key => 'secret key'
+          #   end
+          #
+          #   User.find_by_email_and_password('test@example.com', 'testing')
+          #   # results in a call to
+          #   User.find_by_encrypted_email_and_password('the_encrypted_version_of_test@example.com', 'testing')
+          def method_missing_with_attr_encrypted(method, *args, &block)
+            if match = /^(find|scoped)_(all_by|by)_([_a-zA-Z]\w*)$/.match(method.to_s)
+              attribute_names = match.captures.last.split('_and_')
+              attribute_names.each_with_index do |attribute, index|
+                if attr_encrypted?(attribute)
+                  args[index] = send("encrypt_#{attribute}", args[index])
+                  attribute_names[index] = encrypted_attributes[attribute]
+                end
+              end
+              method = "#{match.captures[0]}_#{match.captures[1]}_#{attribute_names.join('_and_')}".to_sym
+            end
+            method_missing_without_attr_encrypted(method, *args, &block)
+          end
+      end
+    end
+  end
+  
+  ActiveRecord::Base.extend AttrEncrypted::Adapters::ActiveRecord
+end

data/lib/attr_encrypted/adapters/data_mapper.rb

@@ -0,0 +1,21 @@
+if defined?(DataMapper)
+  module AttrEncrypted
+    module Adapters
+      module DataMapper
+        def self.extended(base)
+          base.eigenclass_eval do 
+            alias_method :included_without_attr_encrypted, :included
+            alias_method :included, :included_with_attr_encrypted
+          end
+        end
+        
+        def included_with_attr_encrypted(base)
+          included_without_attr_encrypted(base)
+          base.attr_encrypted_options[:encode] = true
+        end
+      end
+    end
+  end
+  
+  DataMapper::Resource.extend AttrEncrypted::Adapters::DataMapper
+end

data/lib/attr_encrypted/adapters/sequel.rb

@@ -0,0 +1,13 @@
+if defined?(Sequel)
+  module AttrEncrypted
+    module Adapters
+      module Sequel
+        def self.extended(base)
+          base.attr_encrypted_options[:encode] = true
+        end
+      end
+    end
+  end
+  
+  Sequel::Model.extend AttrEncrypted::Adapters::Sequel
+end

data/test/active_record_test.rb

@@ -0,0 +1,100 @@
+require File.expand_path('../test_helper', __FILE__)
+
+ActiveRecord::Base.establish_connection :adapter => 'sqlite3', :database => ':memory:'
+
+def create_people_table
+  silence_stream(STDOUT) do
+    ActiveRecord::Schema.define(:version => 1) do
+      create_table :people do |t|
+        t.string   :encrypted_email
+        t.string   :password
+        t.string   :encrypted_credentials
+        t.string   :salt
+      end
+    end
+  end
+end
+
+# The table needs to exist before defining the class
+create_people_table
+
+class Person < ActiveRecord::Base
+  attr_encrypted :email, :key => 'a secret key'
+  attr_encrypted :credentials, :key => Proc.new { |user| Encryptor.encrypt(:value => user.salt, :key => 'some private key') }, :marshal => true
+
+  def initialize(attributes = nil)
+    super(attributes)
+    self.salt ||= Digest::SHA256.hexdigest((Time.now.to_i * rand(5)).to_s)
+    self.credentials ||= { :username => 'example', :password => 'test' }
+  rescue Exception => e
+    raise unless ['ActiveRecord::MissingAttributeError', 'ActiveModel::MissingAttributeError'].include? e.class.to_s
+  end
+end
+
+class PersonWithValidation < Person
+  validates_presence_of :email
+  validates_uniqueness_of :encrypted_email
+end
+
+class ActiveRecordTest < Test::Unit::TestCase
+
+  def setup
+    ActiveRecord::Base.connection.tables.each { |table| ActiveRecord::Base.connection.drop_table(table) }
+    create_people_table
+  end
+
+  def test_should_encrypt_email
+    @person = Person.create :email => 'test@example.com'
+    assert_not_nil @person.encrypted_email
+    assert_not_equal @person.email, @person.encrypted_email
+    assert_equal @person.email, Person.find(:first).email
+  end
+
+  def test_should_marshal_and_encrypt_credentials
+    @person = Person.create
+    assert_not_nil @person.encrypted_credentials
+    assert_not_equal @person.credentials, @person.encrypted_credentials
+    assert_equal @person.credentials, Person.find(:first).credentials
+  end
+
+  def test_should_find_by_email
+    @person = Person.create(:email => 'test@example.com')
+    assert_equal @person, Person.find_by_email('test@example.com')
+  end
+
+  def test_should_find_by_email_and_password
+    Person.create(:email => 'test@example.com', :password => 'invalid')
+    @person = Person.create(:email => 'test@example.com', :password => 'test')
+    assert_equal @person, Person.find_by_email_and_password('test@example.com', 'test')
+  end
+
+  def test_should_scope_by_email
+    @person = Person.create(:email => 'test@example.com')
+    assert_equal @person, Person.scoped_by_email('test@example.com').find(:first) rescue NoMethodError
+  end
+
+  def test_should_scope_by_email_and_password
+    Person.create(:email => 'test@example.com', :password => 'invalid')
+    @person = Person.create(:email => 'test@example.com', :password => 'test')
+    assert_equal @person, Person.scoped_by_email_and_password('test@example.com', 'test').find(:first) rescue NoMethodError
+  end
+
+  def test_should_encode_by_default
+    assert Person.attr_encrypted_options[:encode]
+  end
+
+  def test_should_validate_presence_of_email
+    @person = PersonWithValidation.new
+    assert !@person.valid?
+    assert ![nil, []].include?(@person.errors[:email])
+  end
+
+  def test_should_validate_uniqueness_of_email
+    @person = PersonWithValidation.new :email => 'test@example.com'
+    assert @person.save
+    @person2 = PersonWithValidation.new :email => @person.email
+    assert !@person2.valid?
+    assert ![nil, []].include?(@person2.errors[:encrypted_email])
+  end
+
+end

data/test/attr_encrypted_test.rb

@@ -0,0 +1,277 @@
+require File.expand_path('../test_helper', __FILE__)
+require 'mocha'
+
+class SillyEncryptor
+  def self.silly_encrypt(options)
+    (options[:value] + options[:some_arg]).reverse
+  end
+
+  def self.silly_decrypt(options)
+    options[:value].reverse.gsub(/#{options[:some_arg]}$/, '')
+  end
+end
+
+class User
+  self.attr_encrypted_options[:key] = Proc.new { |user| user.class.to_s } # default key
+
+  attr_encrypted :email, :without_encoding, :key => 'secret key'
+  attr_encrypted :password, :prefix => 'crypted_', :suffix => '_test'
+  attr_encrypted :ssn, :key => :salt, :attribute => 'ssn_encrypted'
+  attr_encrypted :credit_card, :encryptor => SillyEncryptor, :encrypt_method => :silly_encrypt, :decrypt_method => :silly_decrypt, :some_arg => 'test'
+  attr_encrypted :with_encoding, :key => 'secret key', :encode => true
+  attr_encrypted :with_custom_encoding, :key => 'secret key', :encode => 'm'
+  attr_encrypted :with_marshaling, :key => 'secret key', :marshal => true
+  attr_encrypted :with_true_if, :key => 'secret key', :if => true
+  attr_encrypted :with_false_if, :key => 'secret key', :if => false
+  attr_encrypted :with_true_unless, :key => 'secret key', :unless => true
+  attr_encrypted :with_false_unless, :key => 'secret key', :unless => false
+  attr_encrypted :with_if_changed, :key => 'secret key', :if => :should_encrypt
+
+  attr_encryptor :aliased, :key => 'secret_key'
+
+  attr_accessor :salt
+  attr_accessor :should_encrypt
+
+  def initialize
+    self.salt = Time.now.to_i.to_s
+    self.should_encrypt = true
+  end
+end
+
+class Admin < User
+  attr_encrypted :testing
+end
+
+class SomeOtherClass
+  def self.call(object)
+    object.class
+  end
+end
+
+class AttrEncryptedTest < Test::Unit::TestCase
+
+  def test_should_store_email_in_encrypted_attributes
+    assert User.encrypted_attributes.include?('email')
+  end
+
+  def test_should_not_store_salt_in_encrypted_attributes
+    assert !User.encrypted_attributes.include?('salt')
+  end
+
+  def test_attr_encrypted_should_return_true_for_email
+    assert User.attr_encrypted?('email')
+  end
+
+  def test_attr_encrypted_should_return_false_for_salt
+    assert !User.attr_encrypted?('salt')
+  end
+
+  def test_should_generate_an_encrypted_attribute
+    assert User.new.respond_to?(:encrypted_email)
+  end
+
+  def test_should_generate_an_encrypted_attribute_with_a_prefix_and_suffix
+    assert User.new.respond_to?(:crypted_password_test)
+  end
+
+  def test_should_generate_an_encrypted_attribute_with_the_attribute_option
+    assert User.new.respond_to?(:ssn_encrypted)
+  end
+
+  def test_should_not_encrypt_nil_value
+    assert_nil User.encrypt_email(nil)
+  end
+
+  def test_should_not_encrypt_empty_string
+    assert_equal '', User.encrypt_email('')
+  end
+
+  def test_should_encrypt_email
+    assert_not_nil User.encrypt_email('test@example.com')
+    assert_not_equal 'test@example.com', User.encrypt_email('test@example.com')
+  end
+
+  def test_should_encrypt_email_when_modifying_the_attr_writer
+    @user = User.new
+    assert_nil @user.send(:encrypted_email)
+    @user.email = 'test@example.com'
+    assert_not_nil @user.send(:encrypted_email)
+    assert_equal User.encrypt_email('test@example.com'), @user.send(:encrypted_email)
+  end
+
+  def test_should_not_decrypt_nil_value
+    assert_nil User.decrypt_email(nil)
+  end
+
+  def test_should_not_decrypt_empty_string
+    assert_equal '', User.decrypt_email('')
+  end
+
+  def test_should_decrypt_email
+    encrypted_email = User.encrypt_email('test@example.com')
+    assert_not_equal 'test@test.com', encrypted_email
+    assert_equal 'test@example.com', User.decrypt_email(encrypted_email)
+  end
+
+  def test_should_decrypt_email_when_reading
+    @user = User.new
+    assert_nil @user.email
+    @user.send(:encrypted_email=, User.encrypt_email('test@example.com'))
+    assert_equal 'test@example.com', @user.email
+  end
+
+  def test_should_encrypt_with_encoding
+    assert_equal User.encrypt_with_encoding('test'), [User.encrypt_without_encoding('test')].pack('m*')
+  end
+
+  def test_should_decrypt_with_encoding
+    encrypted = User.encrypt_with_encoding('test')
+    assert_equal 'test', User.decrypt_with_encoding(encrypted)
+    assert_equal User.decrypt_with_encoding(encrypted), User.decrypt_without_encoding(encrypted.unpack('m')[0])
+  end
+
+  def test_should_encrypt_with_custom_encoding
+    assert_equal User.encrypt_with_encoding('test'), [User.encrypt_without_encoding('test')].pack('m')
+  end
+
+  def test_should_decrypt_with_custom_encoding
+    encrypted = User.encrypt_with_encoding('test')
+    assert_equal 'test', User.decrypt_with_encoding(encrypted)
+    assert_equal User.decrypt_with_encoding(encrypted), User.decrypt_without_encoding(encrypted.unpack('m')[0])
+  end
+
+  def test_should_encrypt_with_marshaling
+    @user = User.new
+    @user.with_marshaling = [1, 2, 3]
+    assert_not_nil @user.send(:encrypted_with_marshaling)
+    assert_equal User.encrypt_with_marshaling([1, 2, 3]), @user.send(:encrypted_with_marshaling)
+  end
+
+  def test_should_decrypt_with_marshaling
+    encrypted = User.encrypt_with_marshaling([1, 2, 3])
+    @user = User.new
+    assert_nil @user.with_marshaling
+    @user.send(:encrypted_with_marshaling=, encrypted)
+    assert_equal [1, 2, 3], @user.with_marshaling
+  end
+
+  def test_should_use_custom_encryptor_and_crypt_method_names_and_arguments
+    assert_equal SillyEncryptor.silly_encrypt(:value => 'testing', :some_arg => 'test'), User.encrypt_credit_card('testing')
+  end
+
+  def test_should_evaluate_a_key_passed_as_a_symbol
+    @user = User.new
+    assert_nil @user.send(:ssn_encrypted)
+    @user.ssn = 'testing'
+    assert_not_nil @user.send(:ssn_encrypted)
+    assert_equal Encryptor.encrypt(:value => 'testing', :key => @user.salt), @user.send(:ssn_encrypted)
+  end
+
+  def test_should_evaluate_a_key_passed_as_a_proc
+    @user = User.new
+    assert_nil @user.send(:crypted_password_test)
+    @user.password = 'testing'
+    assert_not_nil @user.send(:crypted_password_test)
+    assert_equal Encryptor.encrypt(:value => 'testing', :key => 'User'), @user.send(:crypted_password_test)
+  end
+
+  def test_should_use_options_found_in_the_attr_encrypted_options_attribute
+    @user = User.new
+    assert_nil @user.send(:crypted_password_test)
+    @user.password = 'testing'
+    assert_not_nil @user.send(:crypted_password_test)
+    assert_equal Encryptor.encrypt(:value => 'testing', :key => 'User'), @user.send(:crypted_password_test)
+  end
+
+  def test_should_inherit_encrypted_attributes
+    assert_equal User.encrypted_attributes.merge('testing' => 'encrypted_testing'), Admin.encrypted_attributes
+  end
+
+  def test_should_inherit_attr_encrypted_options
+    assert !User.attr_encrypted_options.empty?
+    assert_equal User.attr_encrypted_options, Admin.attr_encrypted_options
+  end
+
+  def test_should_not_inherit_unrelated_attributes
+    assert SomeOtherClass.attr_encrypted_options.empty?
+    assert SomeOtherClass.encrypted_attributes.empty?
+  end
+
+  def test_should_evaluate_a_symbol_option
+    assert_equal Object, Object.send(:evaluate_attr_encrypted_option, :class, Object.new)
+  end
+
+  def test_should_evaluate_a_proc_option
+    assert_equal Object, Object.send(:evaluate_attr_encrypted_option, proc { |object| object.class }, Object.new)
+  end
+
+  def test_should_evaluate_a_lambda_option
+    assert_equal Object, Object.send(:evaluate_attr_encrypted_option, lambda { |object| object.class }, Object.new)
+  end
+
+  def test_should_evaluate_a_method_option
+    assert_equal Object, Object.send(:evaluate_attr_encrypted_option, SomeOtherClass.method(:call), Object.new)
+  end
+
+  def test_should_return_a_string_option
+    assert_equal 'Object', Object.send(:evaluate_attr_encrypted_option, 'Object', Object.new)
+  end
+
+  def test_should_encrypt_with_true_if
+    @user = User.new
+    assert_nil @user.send(:encrypted_with_true_if)
+    @user.with_true_if = 'testing'
+    assert_not_nil @user.send(:encrypted_with_true_if)
+    assert_equal Encryptor.encrypt(:value => 'testing', :key => 'secret key'), @user.send(:encrypted_with_true_if)
+  end
+
+  def test_should_not_encrypt_with_false_if
+    @user = User.new
+    assert_nil @user.send(:encrypted_with_false_if)
+    @user.with_false_if = 'testing'
+    assert_not_nil @user.send(:encrypted_with_false_if)
+    assert_equal 'testing', @user.send(:encrypted_with_false_if)
+  end
+
+  def test_should_encrypt_with_false_unless
+    @user = User.new
+    assert_nil @user.send(:encrypted_with_false_unless)
+    @user.with_false_unless = 'testing'
+    assert_not_nil @user.send(:encrypted_with_false_unless)
+    assert_equal Encryptor.encrypt(:value => 'testing', :key => 'secret key'), @user.send(:encrypted_with_false_unless)
+  end
+
+  def test_should_not_encrypt_with_true_unless
+    @user = User.new
+    assert_nil @user.send(:encrypted_with_true_unless)
+    @user.with_true_unless = 'testing'
+    assert_not_nil @user.send(:encrypted_with_true_unless)
+    assert_equal 'testing', @user.send(:encrypted_with_true_unless)
+  end
+
+  def test_should_work_with_aliased_attr_encryptor
+    assert User.encrypted_attributes.include?('aliased')
+  end
+
+  def test_should_always_reset_options
+    @user = User.new
+    @user.with_if_changed = "encrypt_stuff"
+    @user.stubs(:instance_variable_get).returns(nil)
+    @user.stubs(:instance_variable_set).raises("BadStuff")
+    assert_raise RuntimeError do
+      @user.with_if_changed
+    end
+
+    @user = User.new
+    @user.should_encrypt = false
+    @user.with_if_changed = "not_encrypted_stuff"
+    assert_equal "not_encrypted_stuff", @user.with_if_changed
+    assert_equal "not_encrypted_stuff", @user.send(:encrypted_with_if_changed)
+  end
+
+  def test_should_return_true_if_method_name_is_defined
+    assert User.send :has_instance_method?, :encrypted_email
+    assert User.send :has_instance_method?, "encrypted_email"
+  end
+
+end