vault-rails 0.1.2 → 0.2.0

data/spec/integration/rails_spec.rb

@@ -1,41 +1,265 @@
+# encoding: utf-8
+
 require "spec_helper"
 
 describe Vault::Rails do
+  before(:all) do
+    Vault::Rails.sys.mount("transit", :transit)
+  end
+
   context "with default options" do
     before(:all) do
-      Vault.sys.mount("transit", :transit)
-      Vault.logical.write("transit/keys/dummy_people_ssn")
+      Vault::Rails.logical.write("transit/keys/dummy_people_ssn")
     end
 
     it "encrypts attributes" do
       person = Person.create!(ssn: "123-45-6789")
       expect(person.ssn_encrypted).to be
+      expect(person.ssn_encrypted.encoding).to eq(Encoding::UTF_8)
     end
 
     it "decrypts attributes" do
       person = Person.create!(ssn: "123-45-6789")
-      person = Person.find(person.id)
+      person.reload
 
       expect(person.ssn).to eq("123-45-6789")
+      expect(person.ssn.encoding).to eq(Encoding::UTF_8)
+    end
+
+    it "tracks dirty attributes" do
+      person = Person.create!(ssn: "123-45-6789")
+
+      expect(person.ssn_changed?).to be(false)
+      expect(person.ssn_change).to be(nil)
+      expect(person.ssn_was).to eq("123-45-6789")
+
+      person.ssn = "111-11-1111"
+
+      expect(person.ssn_changed?).to be(true)
+      expect(person.ssn_change).to eq(["123-45-6789", "111-11-1111"])
+      expect(person.ssn_was).to eq("123-45-6789")
+    end
+
+    it "allows attributes to be unset" do
+      person = Person.create!(ssn: "123-45-6789")
+      person.update_attributes!(ssn: nil)
+      person.reload
+
+      expect(person.ssn).to be(nil)
+    end
+
+    it "allows saving without validations" do
+      person = Person.new(ssn: "123-456-7890")
+      person.save(validate: false)
+      expect(person.ssn_encrypted).to match("vault:")
+    end
+
+    it "allows attributes to be unset after reload" do
+      person = Person.create!(ssn: "123-45-6789")
+      person.reload
+      person.update_attributes!(ssn: nil)
+      person.reload
+
+      expect(person.ssn).to be(nil)
+    end
+
+    it "allows attributes to be blank" do
+      person = Person.create!(ssn: "123-45-6789")
+      person.update_attributes!(ssn: "")
+      person.reload
+
+      expect(person.ssn).to eq("")
+    end
+
+    it "reloads instance variables on reload" do
+      person = Person.create!(ssn: "123-45-6789")
+      expect(person.instance_variable_get(:@ssn)).to eq("123-45-6789")
+
+      person.ssn = "111-11-1111"
+      person.reload
+      expect(person.instance_variable_get(:@ssn)).to eq("123-45-6789")
+    end
+
+    it "does not try to encrypt unchanged attributes" do
+      person = Person.create!(ssn: "123-45-6789")
+
+      expect(Vault::Rails).to_not receive(:encrypt)
+      person.name = "Cinderella"
+      person.save!
     end
   end
 
   context "with custom options" do
     before(:all) do
-      Vault.sys.mount("credit-secrets", :transit)
-      Vault.logical.write("credit-secrets/keys/people_credit_cards")
+      Vault::Rails.sys.mount("credit-secrets", :transit)
+      Vault::Rails.logical.write("credit-secrets/keys/people_credit_cards")
     end
 
     it "encrypts attributes" do
       person = Person.create!(credit_card: "1234567890111213")
       expect(person.cc_encrypted).to be
+      expect(person.cc_encrypted.encoding).to eq(Encoding::UTF_8)
     end
 
     it "decrypts attributes" do
       person = Person.create!(credit_card: "1234567890111213")
-      person = Person.find(person.id)
+      person.reload
 
       expect(person.credit_card).to eq("1234567890111213")
+      expect(person.credit_card.encoding).to eq(Encoding::UTF_8)
+    end
+
+    it "tracks dirty attributes" do
+      person = Person.create!(credit_card: "1234567890111213")
+
+      expect(person.credit_card_changed?).to be(false)
+      expect(person.credit_card_change).to eq(nil)
+      expect(person.credit_card_was).to eq("1234567890111213")
+
+      person.credit_card = "123456789010"
+
+      expect(person.credit_card_changed?).to be(true)
+      expect(person.credit_card_change).to eq(["1234567890111213", "123456789010"])
+      expect(person.credit_card_was).to eq("1234567890111213")
+    end
+
+    it "allows attributes to be unset" do
+      person = Person.create!(credit_card: "1234567890111213")
+      person.update_attributes!(credit_card: nil)
+      person.reload
+
+      expect(person.credit_card).to be(nil)
+    end
+
+    it "allows attributes to be blank" do
+      person = Person.create!(credit_card: "1234567890111213")
+      person.update_attributes!(credit_card: "")
+      person.reload
+
+      expect(person.credit_card).to eq("")
+    end
+  end
+
+  context "with non-ASCII characters" do
+    before(:all) do
+      Vault::Rails.sys.mount("non-ascii", :transit)
+      Vault::Rails.logical.write("non-ascii/keys/people_non_ascii")
+    end
+
+    it "encrypts attributes" do
+      person = Person.create!(non_ascii: "dás ümlaut")
+      expect(person.non_ascii_encrypted).to be
+      expect(person.non_ascii_encrypted.encoding).to eq(Encoding::UTF_8)
+    end
+
+    it "decrypts attributes" do
+      person = Person.create!(non_ascii: "dás ümlaut")
+      person.reload
+
+      expect(person.non_ascii).to eq("dás ümlaut")
+      expect(person.non_ascii.encoding).to eq(Encoding::UTF_8)
+    end
+
+    it "tracks dirty attributes" do
+      person = Person.create!(non_ascii: "dás ümlaut")
+
+      expect(person.non_ascii_changed?).to be(false)
+      expect(person.non_ascii_change).to eq(nil)
+      expect(person.non_ascii_was).to eq("dás ümlaut")
+
+      person.non_ascii = "él ñiñô"
+
+      expect(person.non_ascii_changed?).to be(true)
+      expect(person.non_ascii_change).to eq(["dás ümlaut", "él ñiñô"])
+      expect(person.non_ascii_was).to eq("dás ümlaut")
+    end
+
+    it "allows attributes to be unset" do
+      person = Person.create!(non_ascii: "dás ümlaut")
+      person.update_attributes!(non_ascii: nil)
+      person.reload
+
+      expect(person.non_ascii).to be(nil)
+    end
+
+    it "allows attributes to be blank" do
+      person = Person.create!(non_ascii: "dás ümlaut")
+      person.update_attributes!(non_ascii: "")
+      person.reload
+
+      expect(person.non_ascii).to eq("")
+    end
+  end
+
+  context "with the :json serializer"  do
+    before(:all) do
+      Vault::Rails.logical.write("transit/keys/dummy_people_details")
+    end
+
+    it "has a default value for unpersisted records" do
+      person = Person.new
+      expect(person.details).to eq({})
+    end
+
+    it "has a default value for persisted records" do
+      person = Person.create!
+      expect(person.details).to eq({})
+    end
+
+    it "tracks dirty attributes" do
+      person = Person.create!(details: { "foo" => "bar" })
+
+      expect(person.details_changed?).to be(false)
+      expect(person.details_change).to be(nil)
+      expect(person.details_was).to eq({ "foo" => "bar" })
+
+      person.details = { "zip" => "zap" }
+
+      expect(person.details_changed?).to be(true)
+      expect(person.details_change).to eq([{ "foo" => "bar" }, { "zip" => "zap" }])
+      expect(person.details_was).to eq({ "foo" => "bar" })
+    end
+
+    it "encodes and decodes attributes" do
+      person = Person.create!(details: { "foo" => "bar", "zip" => 1 })
+      person.reload
+
+      raw = Vault::Rails.decrypt("transit", "dummy_people_details", person.details_encrypted)
+      expect(raw).to eq("{\"foo\":\"bar\",\"zip\":1}")
+
+      expect(person.details).to eq("foo" => "bar", "zip" => 1)
+    end
+  end
+
+  context "with a custom serializer" do
+    before(:all) do
+      Vault::Rails.logical.write("transit/keys/dummy_people_business_card")
+    end
+
+    it "encodes and decodes attributes" do
+      person = Person.create!(business_card: "data")
+      person.reload
+
+      raw = Vault::Rails.decrypt("transit", "dummy_people_business_card", person.business_card_encrypted)
+      expect(raw).to eq("01100100011000010111010001100001")
+
+      expect(person.business_card).to eq("data")
+    end
+  end
+
+  context "with custom encode/decode proc" do
+    before(:all) do
+      Vault::Rails.logical.write("transit/keys/dummy_people_favorite_color")
+    end
+
+    it "encodes and decodes attributes" do
+      person = Person.create!(favorite_color: "blue")
+      person.reload
+
+      raw = Vault::Rails.decrypt("transit", "dummy_people_favorite_color", person.favorite_color_encrypted)
+      expect(raw).to eq("xxxbluexxx")
+
+      expect(person.favorite_color).to eq("blue")
     end
   end
 end

data/spec/support/vault_server.rb

@@ -7,6 +7,9 @@ module RSpec
   class VaultServer
     include Singleton
 
+    TOKEN_PATH = File.expand_path("~/.vault-token").freeze
+    TOKEN_PATH_BKUP = "#{TOKEN_PATH}.bak".freeze
+
     def self.method_missing(m, *args, &block)
       self.instance.public_send(m, *args, &block)
     end
@@ -14,6 +17,15 @@ module RSpec
     attr_reader :token
 
     def initialize
+      # If there is already a vault-token, we need to move it so we do not
+      # clobber!
+      if File.exist?(TOKEN_PATH)
+        FileUtils.mv(TOKEN_PATH, TOKEN_PATH_BKUP)
+        at_exit do
+          FileUtils.mv(TOKEN_PATH_BKUP, TOKEN_PATH)
+        end
+      end
+
       io = Tempfile.new("vault-server")
       pid = Process.spawn({}, "vault server -dev", out: io.to_i, err: io.to_i)
 
@@ -26,19 +38,7 @@ module RSpec
       end
 
       wait_for_ready do
-        output = ""
-
-        while
-          io.rewind
-          output = io.read
-          break if !output.empty?
-        end
-
-        if output.match(/Root Token: (.+)/)
-          @token = $1.strip
-        else
-          raise "Vault did not return a token!"
-        end
+        @token = File.read(TOKEN_PATH)
       end
     end
 
@@ -48,14 +48,7 @@ module RSpec
 
     def wait_for_ready(&block)
       Timeout.timeout(5) do
-        while
-          begin
-            open(address)
-          rescue SocketError, Errno::ECONNREFUSED, EOFError
-          rescue OpenURI::HTTPError => e
-            break if e.message =~ /404/
-          end
-
+        while !File.exist?(TOKEN_PATH)
           sleep(0.25)
         end
       end

data/spec/unit/encrypted_model_spec.rb

@@ -0,0 +1,45 @@
+require "spec_helper"
+
+describe Vault::EncryptedModel do
+  let(:klass) do
+    Class.new(ActiveRecord::Base) do
+      include Vault::EncryptedModel
+    end
+  end
+
+  describe ".vault_attribute" do
+    it "raises an exception if a serializer and :encode is given" do
+      expect {
+        klass.vault_attribute(:foo, serializer: :json, encode: ->(r) { r })
+      }.to raise_error(Vault::Rails::ValidationFailedError)
+    end
+
+    it "raises an exception if a serializer and :decode is given" do
+      expect {
+        klass.vault_attribute(:foo, serializer: :json, decode: ->(r) { r })
+      }.to raise_error(Vault::Rails::ValidationFailedError)
+    end
+
+    it "defines a getter" do
+      klass.vault_attribute(:foo)
+      expect(klass.instance_methods).to include(:foo)
+    end
+
+    it "defines a setter" do
+      klass.vault_attribute(:foo)
+      expect(klass.instance_methods).to include(:foo=)
+    end
+
+    it "defines a checker" do
+      klass.vault_attribute(:foo)
+      expect(klass.instance_methods).to include(:foo?)
+    end
+
+    it "defines dirty attribute methods" do
+      klass.vault_attribute(:foo)
+      expect(klass.instance_methods).to include(:foo_change)
+      expect(klass.instance_methods).to include(:foo_changed?)
+      expect(klass.instance_methods).to include(:foo_was)
+    end
+  end
+end

data/spec/unit/rails_spec.rb

@@ -1,28 +1,23 @@
 require "spec_helper"
 
-describe Vault do
-  describe ".application" do
-    it "returns the application" do
-      Vault.instance_variable_set(:@application, "dummy")
-      expect(Vault.application).to eq("dummy")
+describe Vault::Rails do
+  describe ".serializer_for" do
+    it "accepts a string" do
+      serializer = Vault::Rails.serializer_for("json")
+      expect(serializer).to be(Vault::Rails::JSONSerializer)
     end
 
-    it "raises an error if unset" do
-      Vault.instance_variable_set(:@application, nil)
-      expect { Vault.application }.to raise_error
+    it "accepts a symbol" do
+      serializer = Vault::Rails.serializer_for(:json)
+      expect(serializer).to be(Vault::Rails::JSONSerializer)
     end
-  end
-
-  describe ".application=" do
-    it "sets the value" do
-      Vault.application = "dummy"
-      expect(Vault.instance_variable_get(:@application)).to eq("dummy")
-    end
-  end
 
-  describe "Rails" do
-    it "is defined" do
-      expect { Vault.const_get(:Rails) }.to_not raise_error
+    it "raises an exception when there is no serializer for the key" do
+      expect {
+        Vault::Rails.serializer_for(:not_a_serializer)
+      }.to raise_error(Vault::Rails::UnknownSerializerError) { |e|
+        expect(e.message).to match("Unknown Vault serializer `:not_a_serializer'")
+      }
     end
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: vault-rails
 version: !ruby/object:Gem::Version
-  version: 0.1.2
+  version: 0.2.0
 platform: ruby
 authors:
 - Seth Vargo
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-05-14 00:00:00.000000000 Z
+date: 2016-05-03 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -30,28 +30,42 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.1'
+        version: '0.2'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.1'
+        version: '0.2'
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '1.9'
+        version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '1.9'
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: pry
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -106,7 +120,9 @@ files:
 - Rakefile
 - lib/vault/encrypted_model.rb
 - lib/vault/rails.rb
-- lib/vault/rails/testing.rb
+- lib/vault/rails/configurable.rb
+- lib/vault/rails/errors.rb
+- lib/vault/rails/serializer.rb
 - lib/vault/rails/version.rb
 - spec/dummy/Rakefile
 - spec/dummy/app/models/person.rb
@@ -136,6 +152,7 @@ files:
 - spec/dummy/db/migrate/20150428220101_create_people.rb
 - spec/dummy/db/schema.rb
 - spec/dummy/db/test.sqlite3
+- spec/dummy/lib/binary_serializer.rb
 - spec/dummy/log/development.log
 - spec/dummy/log/test.log
 - spec/dummy/public/404.html
@@ -145,6 +162,7 @@ files:
 - spec/integration/rails_spec.rb
 - spec/spec_helper.rb
 - spec/support/vault_server.rb
+- spec/unit/encrypted_model_spec.rb
 - spec/unit/rails_spec.rb
 homepage: https://github.com/hashicorp/vault-rails
 licenses:
@@ -198,6 +216,7 @@ test_files:
 - spec/dummy/db/migrate/20150428220101_create_people.rb
 - spec/dummy/db/schema.rb
 - spec/dummy/db/test.sqlite3
+- spec/dummy/lib/binary_serializer.rb
 - spec/dummy/log/development.log
 - spec/dummy/log/test.log
 - spec/dummy/public/404.html
@@ -208,4 +227,5 @@ test_files:
 - spec/integration/rails_spec.rb
 - spec/spec_helper.rb
 - spec/support/vault_server.rb
+- spec/unit/encrypted_model_spec.rb
 - spec/unit/rails_spec.rb