vault-rails 0.1.2 → 0.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +116 -32
- data/lib/vault/encrypted_model.rb +215 -24
- data/lib/vault/rails.rb +183 -21
- data/lib/vault/rails/configurable.rb +98 -0
- data/lib/vault/rails/errors.rb +19 -0
- data/lib/vault/rails/serializer.rb +33 -0
- data/lib/vault/rails/version.rb +1 -1
- data/spec/dummy/app/models/person.rb +16 -0
- data/spec/dummy/config/initializers/vault.rb +2 -1
- data/spec/dummy/db/development.sqlite3 +0 -0
- data/spec/dummy/db/migrate/20150428220101_create_people.rb +4 -0
- data/spec/dummy/db/schema.rb +6 -2
- data/spec/dummy/db/test.sqlite3 +0 -0
- data/spec/dummy/lib/binary_serializer.rb +12 -0
- data/spec/dummy/log/development.log +15591 -0
- data/spec/integration/rails_spec.rb +230 -6
- data/spec/support/vault_server.rb +14 -21
- data/spec/unit/encrypted_model_spec.rb +45 -0
- data/spec/unit/rails_spec.rb +14 -19
- metadata +29 -9
- data/lib/vault/rails/testing.rb +0 -73
data/lib/vault/rails/testing.rb
DELETED
@@ -1,73 +0,0 @@
|
|
1
|
-
require_relative "../encrypted_model"
|
2
|
-
|
3
|
-
require "base64"
|
4
|
-
require "openssl"
|
5
|
-
|
6
|
-
module Vault
|
7
|
-
module Rails
|
8
|
-
module Testing
|
9
|
-
# Start the vault-rails testing stubs.
|
10
|
-
#
|
11
|
-
# @return [self]
|
12
|
-
def self.enable!
|
13
|
-
@enabled = true
|
14
|
-
return self
|
15
|
-
end
|
16
|
-
|
17
|
-
# Stop the vault-rails testing stubs.
|
18
|
-
#
|
19
|
-
# @return [self]
|
20
|
-
def self.disable!
|
21
|
-
@enabled = false
|
22
|
-
return self
|
23
|
-
end
|
24
|
-
|
25
|
-
# Returns whether the testing library is enabled.
|
26
|
-
#
|
27
|
-
# @return [true, false]
|
28
|
-
def self.enabled?
|
29
|
-
return defined?(@enabled) ? @enabled : false
|
30
|
-
end
|
31
|
-
end
|
32
|
-
|
33
|
-
# Save a reference to the original methods.
|
34
|
-
class << self
|
35
|
-
alias_method :encrypt_original, :encrypt
|
36
|
-
alias_method :decrypt_original, :decrypt
|
37
|
-
end
|
38
|
-
|
39
|
-
# @see Vault::Rails.encrypt
|
40
|
-
def self.encrypt(path, key, plaintext)
|
41
|
-
if Vault::Rails::Testing.enabled?
|
42
|
-
return nil if plaintext.nil?
|
43
|
-
cipher = OpenSSL::Cipher::AES.new(128, :CBC)
|
44
|
-
cipher.encrypt
|
45
|
-
cipher.key = key_for(path, key)
|
46
|
-
return Base64.strict_encode64(cipher.update(plaintext) + cipher.final)
|
47
|
-
else
|
48
|
-
return encrypt_original(path, key, plaintext)
|
49
|
-
end
|
50
|
-
end
|
51
|
-
|
52
|
-
# @see Vault::Rails.decrypt
|
53
|
-
def self.decrypt(path, key, ciphertext)
|
54
|
-
if Vault::Rails::Testing.enabled?
|
55
|
-
return nil if ciphertext.nil?
|
56
|
-
cipher = OpenSSL::Cipher::AES.new(128, :CBC)
|
57
|
-
cipher.decrypt
|
58
|
-
cipher.key = key_for(path, key)
|
59
|
-
return cipher.update(Base64.strict_decode64(ciphertext)) + cipher.final
|
60
|
-
else
|
61
|
-
return decrypt_original(path, key, ciphertext)
|
62
|
-
end
|
63
|
-
end
|
64
|
-
|
65
|
-
private
|
66
|
-
|
67
|
-
# The symmetric key for the given params.
|
68
|
-
# @return [String]
|
69
|
-
def self.key_for(path, key)
|
70
|
-
return Base64.strict_encode64("#{path}/#{key}".ljust(32, "x"))
|
71
|
-
end
|
72
|
-
end
|
73
|
-
end
|