symmetric-encryption 3.7.2 → 3.8.0

data/lib/symmetric_encryption/version.rb

@@ -1,3 +1,3 @@
 module SymmetricEncryption #:nodoc
-  VERSION = "3.7.2"
+  VERSION = '3.8.0'
 end

data/lib/symmetric_encryption/writer.rb

@@ -100,9 +100,9 @@ module SymmetricEncryption
     #  end
     def self.open(filename_or_stream, options={}, &block)
       raise(ArgumentError, 'options must be a hash') unless options.respond_to?(:each_pair)
-      mode = options.fetch(:mode, 'wb')
+      mode     = options.fetch(:mode, 'wb')
       compress = options.fetch(:compress, false)
-      ios = filename_or_stream.is_a?(String) ? ::File.open(filename_or_stream, mode) : filename_or_stream
+      ios      = filename_or_stream.is_a?(String) ? ::File.open(filename_or_stream, mode) : filename_or_stream
 
       begin
         file = self.new(ios, options)
@@ -114,11 +114,11 @@ module SymmetricEncryption
     end
 
     # Encrypt data before writing to the supplied stream
-    def initialize(ios,options={})
-      @ios        = ios
-      header      = options.fetch(:header, true)
-      random_key  = options.fetch(:random_key, true)
-      random_iv   = options.fetch(:random_iv, random_key)
+    def initialize(ios, options={})
+      @ios       = ios
+      header     = options.fetch(:header, true)
+      random_key = options.fetch(:random_key, true)
+      random_iv  = options.fetch(:random_iv, random_key)
       raise(ArgumentError, 'When :random_key is true, :random_iv must also be true') if random_key && !random_iv
       # Compress is only used at this point for setting the flag in the header
       compress    = options.fetch(:compress, false)
@@ -137,21 +137,21 @@ module SymmetricEncryption
       @stream_cipher.encrypt
 
       key = random_key ? @stream_cipher.random_key : cipher.send(:key)
-      iv = random_iv ? @stream_cipher.random_iv : cipher.send(:iv)
+      iv  = random_iv ? @stream_cipher.random_iv : cipher.send(:iv)
 
       @stream_cipher.key = key
-      @stream_cipher.iv = iv if iv
+      @stream_cipher.iv  = iv if iv
 
       # Write the Encryption header including the random iv, key, and cipher
       if header
         @ios.write(Cipher.build_header(
             cipher.version,
             compress,
-            random_iv  ? iv : nil,
+            random_iv ? iv : nil,
             random_key ? key : nil,
             cipher_name))
       end
-      @size = 0
+      @size   = 0
       @closed = false
     end
 
@@ -182,8 +182,8 @@ module SymmetricEncryption
     def write(data)
       return unless data
 
-      bytes = data.to_s
-      @size += bytes.size
+      bytes   = data.to_s
+      @size   += bytes.size
       partial = @stream_cipher.update(bytes)
       @ios.write(partial) if partial.length > 0
       data.length

data/test/active_record_test.rb

@@ -1,9 +1,10 @@
 require_relative 'test_helper'
 
-ActiveRecord::Base.logger = SemanticLogger[ActiveRecord]
+ActiveRecord::Base.logger         = SemanticLogger[ActiveRecord]
 ActiveRecord::Base.configurations = YAML::load(ERB.new(IO.read('test/config/database.yml')).result)
 ActiveRecord::Base.establish_connection(:test)
 
+#@formatter:off
 ActiveRecord::Schema.define version: 0 do
   create_table :users, force: true do |t|
     t.string :encrypted_bank_account_number
@@ -27,6 +28,11 @@ ActiveRecord::Schema.define version: 0 do
     t.string :encrypted_text
     t.string :encrypted_number
   end
+
+  create_table :unique_users, force: true do |t|
+    t.string :encrypted_email
+    t.string :encrypted_username
+  end
 end
 
 class User < ActiveRecord::Base
@@ -52,13 +58,27 @@ class User < ActiveRecord::Base
   attr_encrypted :text,           type: :string
   attr_encrypted :number,         type: :integer
 
-  validates      :text, format: { with: /\A[a-zA-Z ]+\z/, message: "only allows letters" }, presence: true
+  validates      :text, format: { with: /\A[a-zA-Z ]+\z/, message: 'only allows letters' }, presence: true
   validates      :number, presence: true
 end
 
+class UniqueUser < ActiveRecord::Base
+  attr_encrypted :email
+  attr_encrypted :username
+
+  validates_uniqueness_of :encrypted_email,    allow_blank: true, if: :encrypted_email_changed?
+  validates_uniqueness_of :encrypted_username, allow_blank: true, if: :encrypted_username_changed?
+
+  validates :username,
+    length:      {in: 3..20},
+    format:      {with: /\A[\w\d\-[[:alnum:]]]+\z/},
+    allow_blank: true
+end
+#@formatter:on
+
 # Initialize the database connection
 config_file = File.join(File.dirname(__FILE__), 'config', 'database.yml')
-raise "database config not found. Create a config file at: test/config/database.yml" unless File.exists? config_file
+raise 'database config not found. Create a config file at: test/config/database.yml' unless File.exists? config_file
 
 cfg = YAML.load(ERB.new(File.new(config_file).read).result)['test']
 raise("Environment 'test' not defined in test/config/database.yml") unless cfg
@@ -69,7 +89,7 @@ User.establish_connection(cfg)
 # Unit Test for attr_encrypted extensions in ActiveRecord
 #
 class ActiveRecordTest < Minitest::Test
-  context 'ActiveRecord' do
+  describe 'ActiveRecord' do
     INTEGER_VALUE  = 12
     FLOAT_VALUE    = 88.12345
     DECIMAL_VALUE  = BigDecimal.new("22.51")
@@ -77,19 +97,19 @@ class ActiveRecordTest < Minitest::Test
     TIME_VALUE     = Time.new(2013, 01, 01, 22, 30, 00, "-04:00")
     DATE_VALUE     = Date.new(1927, 04, 02)
 
-    setup do
-      @bank_account_number = "1234567890"
-      @bank_account_number_encrypted = "QEVuQwIAL94ArJeFlJrZp6SYsvoOGA=="
+    before do
+      @bank_account_number           = '1234567890'
+      @bank_account_number_encrypted = 'QEVuQwIAL94ArJeFlJrZp6SYsvoOGA=='
 
-      @social_security_number = "987654321"
-      @social_security_number_encrypted = "QEVuQwIAS+8X1NRrqdfEIQyFHVPuVA=="
+      @social_security_number           = '987654321'
+      @social_security_number_encrypted = 'QEVuQwIAS+8X1NRrqdfEIQyFHVPuVA=='
 
-      @string = "A string containing some data to be encrypted with a random initialization vector"
-      @long_string = "A string containing some data to be encrypted with a random initialization vector and compressed since it takes up so much space in plain text form"
+      @string      = 'A string containing some data to be encrypted with a random initialization vector'
+      @long_string = 'A string containing some data to be encrypted with a random initialization vector and compressed since it takes up so much space in plain text form'
 
       @name = 'Joe Bloggs'
 
-      @h = { a: 'A', b: 'B' }
+      @h = {a: 'A', b: 'B'}
 
       @user = User.new(
         # Encrypted Attribute
@@ -113,7 +133,7 @@ class ActiveRecordTest < Minitest::Test
       )
     end
 
-    should 'have encrypted methods' do
+    it 'have encrypted methods' do
       assert_equal true, @user.respond_to?(:encrypted_bank_account_number)
       assert_equal true, @user.respond_to?(:bank_account_number)
       assert_equal true, @user.respond_to?(:encrypted_social_security_number)
@@ -121,19 +141,21 @@ class ActiveRecordTest < Minitest::Test
       assert_equal true, @user.respond_to?(:data_yaml)
       assert_equal true, @user.respond_to?(:data_json)
       assert_equal false, @user.respond_to?(:encrypted_name)
+      assert_equal true, @user.respond_to?(:encrypted_bank_account_number_changed?)
+      assert_equal true, @user.respond_to?(:bank_account_number_changed?)
     end
 
-    should 'have unencrypted values' do
+    it 'have unencrypted values' do
       assert_equal @bank_account_number, @user.bank_account_number
       assert_equal @social_security_number, @user.social_security_number
     end
 
-    should 'have encrypted values' do
+    it 'have encrypted values' do
       assert_equal @bank_account_number_encrypted, @user.encrypted_bank_account_number
       assert_equal @social_security_number_encrypted, @user.encrypted_social_security_number
     end
 
-    should 'support same iv' do
+    it 'support same iv' do
       @user.social_security_number = @social_security_number
       assert first_value = @user.social_security_number
       # Assign the same value
@@ -141,7 +163,7 @@ class ActiveRecordTest < Minitest::Test
       assert_equal first_value, @user.social_security_number
     end
 
-    should 'support a random iv' do
+    it 'support a random iv' do
       @user.string = @string
       assert first_value = @user.encrypted_string
       # Assign the same value
@@ -149,21 +171,21 @@ class ActiveRecordTest < Minitest::Test
       assert_equal true, first_value != @user.encrypted_string
     end
 
-    should 'support a random iv and compress' do
-      @user.string = @long_string
+    it 'support a random iv and compress' do
+      @user.string      = @long_string
       @user.long_string = @long_string
 
       assert_equal true, (@user.encrypted_long_string.length.to_f / @user.encrypted_string.length) < 0.8
     end
 
-    should 'encrypt' do
-      user = User.new
+    it 'encrypt' do
+      user                     = User.new
       user.bank_account_number = @bank_account_number
       assert_equal @bank_account_number, user.bank_account_number
       assert_equal @bank_account_number_encrypted, user.encrypted_bank_account_number
     end
 
-    should 'allow lookups using unencrypted or encrypted column name' do
+    it 'allow lookups using unencrypted or encrypted column name' do
       if ActiveRecord::VERSION::STRING.to_f < 4.1
         @user.save!
 
@@ -175,19 +197,19 @@ class ActiveRecordTest < Minitest::Test
       end
     end
 
-    should 'all paths should lead to the same result' do
+    it 'all paths it lead to the same result' do
       assert_equal @bank_account_number_encrypted, (@user.encrypted_social_security_number = @bank_account_number_encrypted)
       assert_equal @bank_account_number, @user.social_security_number
       assert_equal @bank_account_number_encrypted, @user.encrypted_social_security_number
     end
 
-    should 'all paths should lead to the same result 2' do
+    it 'all paths it lead to the same result 2' do
       assert_equal @bank_account_number, (@user.social_security_number = @bank_account_number)
       assert_equal @bank_account_number_encrypted, @user.encrypted_social_security_number
       assert_equal @bank_account_number, @user.social_security_number
     end
 
-    should 'all paths should lead to the same result, check uninitialized' do
+    it 'all paths it lead to the same result, check uninitialized' do
       user = User.new
       assert_equal nil, user.social_security_number
       assert_equal @bank_account_number, (user.social_security_number = @bank_account_number)
@@ -199,7 +221,7 @@ class ActiveRecordTest < Minitest::Test
       assert_equal nil, user.encrypted_social_security_number
     end
 
-    should 'allow unencrypted values to be passed to the constructor' do
+    it 'allow unencrypted values to be passed to the constructor' do
       user = User.new(bank_account_number: @bank_account_number, social_security_number: @social_security_number)
       assert_equal @bank_account_number, user.bank_account_number
       assert_equal @social_security_number, user.social_security_number
@@ -207,31 +229,31 @@ class ActiveRecordTest < Minitest::Test
       assert_equal @social_security_number_encrypted, user.encrypted_social_security_number
     end
 
-    should 'return encrypted attributes for the class' do
+    it 'return encrypted attributes for the class' do
       expect = {social_security_number: :encrypted_social_security_number, bank_account_number: :encrypted_bank_account_number}
       result = User.encrypted_attributes
-      expect.each_pair {|k,v| assert_equal expect[k], result[k]}
+      expect.each_pair { |k, v| assert_equal expect[k], result[k] }
     end
 
-    should 'return encrypted keys for the class' do
+    it 'return encrypted keys for the class' do
       expect = [:social_security_number, :bank_account_number]
       result = User.encrypted_keys
-      expect.each {|val| assert_equal true, result.include?(val)}
+      expect.each { |val| assert_equal true, result.include?(val) }
 
       # Also check encrypted_attribute?
-      expect.each {|val| assert_equal true, User.encrypted_attribute?(val)}
+      expect.each { |val| assert_equal true, User.encrypted_attribute?(val) }
     end
 
-    should 'return encrypted columns for the class' do
+    it 'return encrypted columns for the class' do
       expect = [:encrypted_social_security_number, :encrypted_bank_account_number]
       result = User.encrypted_columns
-      expect.each {|val| assert_equal true, result.include?(val)}
+      expect.each { |val| assert_equal true, result.include?(val) }
 
       # Also check encrypted_column?
-      expect.each {|val| assert_equal true, User.encrypted_column?(val)}
+      expect.each { |val| assert_equal true, User.encrypted_column?(val) }
     end
 
-    should 'validate encrypted data' do
+    it 'validate encrypted data' do
       assert_equal true, @user.valid?
       @user.encrypted_bank_account_number = '123'
       assert_equal false, @user.valid?
@@ -242,7 +264,7 @@ class ActiveRecordTest < Minitest::Test
       assert_equal true, @user.valid?
     end
 
-    should 'validate un-encrypted string data' do
+    it 'validate un-encrypted string data' do
       assert_equal true, @user.valid?
       @user.text = '123'
       assert_equal false, @user.valid?
@@ -255,7 +277,7 @@ class ActiveRecordTest < Minitest::Test
       assert_equal ["only allows letters", "can't be blank"], @user.errors[:text]
     end
 
-    should 'validate un-encrypted integer data with coercion' do
+    it 'validate un-encrypted integer data with coercion' do
       assert_equal true, @user.valid?
       @user.number = '123'
       assert_equal true, @user.valid?
@@ -272,22 +294,22 @@ class ActiveRecordTest < Minitest::Test
       assert_equal ["can't be blank"], @user.errors[:number]
     end
 
-    context "with saved user" do
-      setup do
+    describe "with saved user" do
+      before do
         @user.save!
       end
 
-      teardown do
+      after do
         @user.destroy
       end
 
-      should "return correct data type before save" do
+      it "return correct data type before save" do
         u = User.new(integer_value: "5")
         assert_equal 5, u.integer_value
         assert u.integer_value.kind_of?(Integer)
       end
 
-      should "handle gsub! for non-encrypted_field" do
+      it "handle gsub! for non-encrypted_field" do
         @user.name.gsub!('a', 'v')
         new_name = @name.gsub('a', 'v')
         assert_equal new_name, @user.name
@@ -295,15 +317,15 @@ class ActiveRecordTest < Minitest::Test
         assert_equal new_name, @user.name
       end
 
-      should "prevent gsub! on non-encrypted value of encrypted_field" do
+      it "prevent gsub! on non-encrypted value of encrypted_field" do
         # can't modify frozen String
         assert_raises RuntimeError do
           @user.bank_account_number.gsub!('5', '4')
         end
       end
 
-      should "revert changes on reload" do
-        new_bank_account_number = '444444444'
+      it "revert changes on reload" do
+        new_bank_account_number   = '444444444'
         @user.bank_account_number = new_bank_account_number
         assert_equal new_bank_account_number, @user.bank_account_number
 
@@ -313,9 +335,9 @@ class ActiveRecordTest < Minitest::Test
         assert_equal @bank_account_number, @user.bank_account_number
       end
 
-      should "revert changes to encrypted field on reload" do
-        new_bank_account_number = '111111111'
-        new_encrypted_bank_account_number = SymmetricEncryption.encrypt(new_bank_account_number)
+      it "revert changes to encrypted field on reload" do
+        new_bank_account_number             = '111111111'
+        new_encrypted_bank_account_number   = SymmetricEncryption.encrypt(new_bank_account_number)
         @user.encrypted_bank_account_number = new_encrypted_bank_account_number
         assert_equal new_encrypted_bank_account_number, @user.encrypted_bank_account_number
         assert_equal new_bank_account_number, @user.bank_account_number
@@ -326,12 +348,13 @@ class ActiveRecordTest < Minitest::Test
         assert_equal @bank_account_number, @user.bank_account_number
       end
 
-      context "data types" do
-        setup do
+      describe "data types" do
+        before do
           @user_clone = User.find(@user.id)
         end
 
         [
+          #@formatter:off
           { attribute: :integer_value,  klass: Integer,    value: INTEGER_VALUE,  new_value: 98 },
           { attribute: :float_value,    klass: Float,      value: FLOAT_VALUE,    new_value: 45.4321 },
           { attribute: :decimal_value,  klass: BigDecimal, value: DECIMAL_VALUE,  new_value: BigDecimal.new("99.95"), coercible: "22.51"},
@@ -340,9 +363,10 @@ class ActiveRecordTest < Minitest::Test
           { attribute: :date_value,     klass: Date,       value: DATE_VALUE,     new_value: Date.new(2027, 04, 02), coercible: DATE_VALUE.to_time },
           { attribute: :true_value,     klass: TrueClass,  value: true,           new_value: false },
           { attribute: :false_value,    klass: FalseClass, value: false,          new_value: true },
+          #@formatter:on
         ].each do |value_test|
-          context "#{value_test[:klass]} values" do
-            setup do
+          describe "#{value_test[:klass]} values" do
+            before do
               @attribute = value_test[:attribute]
               @klass     = value_test[:klass]
               @value     = value_test[:value]
@@ -350,18 +374,18 @@ class ActiveRecordTest < Minitest::Test
               @new_value = value_test[:new_value]
             end
 
-            should "return correct data type" do
+            it "return correct data type" do
               assert_equal @value, @user_clone.send(@attribute)
               assert @user.clone.send(@attribute).kind_of?(@klass)
             end
 
-            should "coerce data type before save" do
+            it "coerce data type before save" do
               u = User.new(@attribute => @value)
               assert_equal @value, u.send(@attribute)
               assert u.send(@attribute).kind_of?(@klass), "Value supposed to be coerced into #{@klass}, but is #{u.send(@attribute).class.name}"
             end
 
-            should "permit replacing value with nil" do
+            it "permit replacing value with nil" do
               @user_clone.send("#{@attribute}=".to_sym, nil)
               @user_clone.save!
 
@@ -370,7 +394,7 @@ class ActiveRecordTest < Minitest::Test
               assert_nil @user.send("encrypted_#{@attribute}".to_sym)
             end
 
-            should "permit replacing value with an empty string" do
+            it "permit replacing value with an empty string" do
               @user_clone.send("#{@attribute}=".to_sym, '')
               @user_clone.save!
 
@@ -379,7 +403,7 @@ class ActiveRecordTest < Minitest::Test
               assert_nil @user.send("encrypted_#{@attribute}".to_sym)
             end
 
-            should "permit replacing value with a blank string" do
+            it "permit replacing value with a blank string" do
               @user_clone.send("#{@attribute}=".to_sym, '    ')
               @user_clone.save!
 
@@ -388,7 +412,7 @@ class ActiveRecordTest < Minitest::Test
               assert_nil @user.send("encrypted_#{@attribute}".to_sym)
             end
 
-            should "permit replacing value" do
+            it "permit replacing value" do
               @user_clone.send("#{@attribute}=".to_sym, @new_value)
               @user_clone.save!
 
@@ -398,8 +422,8 @@ class ActiveRecordTest < Minitest::Test
           end
         end
 
-        context "JSON Serialization" do
-          setup do
+        describe "JSON Serialization" do
+          before do
             # JSON Does not support symbols, so they will come back as strings
             # Convert symbols to string in the test
             @h.keys.each do |k|
@@ -408,18 +432,18 @@ class ActiveRecordTest < Minitest::Test
             end
           end
 
-          should "return correct data type" do
+          it "return correct data type" do
             assert_equal @h, @user_clone.data_json
             assert @user.clone.data_json.kind_of?(Hash)
           end
 
-          should "not coerce data type (leaves as hash) before save" do
+          it "not coerce data type (leaves as hash) before save" do
             u = User.new(data_json: @h)
             assert_equal @h, u.data_json
             assert u.data_json.kind_of?(Hash)
           end
 
-          should "permit replacing value with nil" do
+          it "permit replacing value with nil" do
             @user_clone.data_json = nil
             @user_clone.save!
 
@@ -428,9 +452,9 @@ class ActiveRecordTest < Minitest::Test
             assert_nil @user.encrypted_data_json
           end
 
-          should "permit replacing value" do
-            new_value = @h.clone
-            new_value['c'] = 'C'
+          it "permit replacing value" do
+            new_value             = @h.clone
+            new_value['c']        = 'C'
             @user_clone.data_json = new_value
             @user_clone.save!
 
@@ -439,19 +463,19 @@ class ActiveRecordTest < Minitest::Test
           end
         end
 
-        context "YAML Serialization" do
-          should "return correct data type" do
+        describe "YAML Serialization" do
+          it "return correct data type" do
             assert_equal @h, @user_clone.data_yaml
             assert @user.clone.data_yaml.kind_of?(Hash)
           end
 
-          should "not coerce data type (leaves as hash) before save" do
+          it "not coerce data type (leaves as hash) before save" do
             u = User.new(data_yaml: @h)
             assert_equal @h, u.data_yaml
             assert u.data_yaml.kind_of?(Hash)
           end
 
-          should "permit replacing value with nil" do
+          it "permit replacing value with nil" do
             @user_clone.data_yaml = nil
             @user_clone.save!
 
@@ -460,9 +484,9 @@ class ActiveRecordTest < Minitest::Test
             assert_nil @user.encrypted_data_yaml
           end
 
-          should "permit replacing value" do
-            new_value = @h.clone
-            new_value[:c] = 'C'
+          it "permit replacing value" do
+            new_value             = @h.clone
+            new_value[:c]         = 'C'
             @user_clone.data_yaml = new_value
             @user_clone.save!
 
@@ -470,8 +494,37 @@ class ActiveRecordTest < Minitest::Test
             assert_equal new_value, @user.data_yaml
           end
         end
+      end
 
+      describe 'changed?' do
+        it 'return false if it was not changed' do
+          assert_equal false, @user.encrypted_bank_account_number_changed?
+          assert_equal false, @user.bank_account_number_changed?
+        end
+
+        it 'return true if it was changed' do
+          @user.bank_account_number = '15424623'
+          assert_equal true, @user.encrypted_bank_account_number_changed?
+          assert_equal true, @user.bank_account_number_changed?
+        end
+      end
+    end
+
+    describe 'uniqueness' do
+      before do
+        UniqueUser.destroy_all
+        @email      = 'whatever@not-unique.com'
+        @username   = 'gibby007'
+        @user       = UniqueUser.create!(email: @email)
+        @email_user = UniqueUser.create!(username: @username)
+      end
+
+      it 'does not allow duplicate values' do
+        duplicate = UniqueUser.new(email: @email)
+        assert_equal false, duplicate.valid?
+        assert_equal 'has already been taken', duplicate.errors.messages[:encrypted_email].first
       end
     end
+
   end
 end