witness_protection 0.0.1.pre1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 5fce464db4f5fed515a73dece789dbc055e83ed1
+  data.tar.gz: 78034cd87308c75b8003063b2ca038b9828cfaf2
+SHA512:
+  metadata.gz: 2c8e541f429b7cd653a4b36b65f59768e7602f2bc2b6e09679c07ffa7f4da42649332f138f5d0099cc3ea90c393791fce801b0ff99103905bdf3af5b765787fa
+  data.tar.gz: 4f497fc5072bde55ba6d47d1dee4c7bcd9161f12170d2600fde7029ab0c1374d6693b78725b93b4a92d4ff28d3719fa95a934cab3fd44fbe0388c2be5de1ef11

data/.gitignore

@@ -0,0 +1,23 @@
+*.gem
+*.rbc
+/.config
+/coverage/
+/InstalledFiles
+/pkg/
+/spec/reports/
+/test/tmp/
+/test/version_tmp/
+/tmp/
+.dat*
+.repl_history
+build/
+/.yardoc/
+/_yardoc/
+/doc/
+/rdoc/
+/.bundle/
+/lib/bundler/man/
+Gemfile.lock
+.ruby-version
+.ruby-gemset
+.rvmrc

data/.rspec

@@ -0,0 +1,3 @@
+--color
+--warnings
+--require helper

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in witness_protection.gemspec
+gemspec

data/LICENSE.txt

@@ -0,0 +1,22 @@
+Copyright (c) 2014 Philip Vieira
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,124 @@
+# Witness Protection
+Rails library that lets you have an encrypted identities for your active record models.
+
+## Setup
+
+Add an an encryption salt through your `secrets.yml` or `application.yml` if you're using Figaro.
+As long as you get the encryption salt in to your environment you'll be fine.
+
+```yaml
+development:
+  encryption_salt: "$2a$10$pKIdnO.R6xIrnIr5T6k8GO"
+```
+
+You can generate an encryption salt using the bcrypt engine.
+
+```
+require "bcrypt"
+BCrypt::Engine.generate_salt
+# => "$2a$10$pKIdnO.R6xIrnIr5T6k8GO"
+```
+
+Create a model with an attribute you'd like to have encrypted.
+
+```bash
+$ rails generate model Person name:string
+```
+
+Include witness protection in your model and use the protected_identity macro to enable encryption.
+
+```ruby
+require "witness_protection"
+
+class Person < ActiveRecord::Base
+
+  include WitnessProtection
+
+  protected_identity :name
+
+end
+```
+
+```ruby
+Person.create name: "Philip"
+# => <Person id: 1, name: "$2a$10$8RdONCVhuLKmt0Fu5IxAo.vApyi0LISUJ6XxMNQjwJV...">
+
+Person.identify_by_name "Philip"
+# => <Person id: 1, name: "$2a$10$8RdONCVhuLKmt0Fu5IxAo.vApyi0LISUJ6XxMNQjwJV...">
+```
+
+## Generated values
+You are also able to generate values for the protected identity field. This is useful for things like auth tokens.
+
+```ruby
+class User < ActiveRecord::Base
+
+  include WitnessProtection
+
+  protected_identity :auth_token
+
+end
+```
+
+```ruby
+user = User.create
+# => <User id: nil, auth_token: nil>
+
+token = user.generate_auth_token { SecureRandom.hex }
+# => cb17f6573c5cb9bc86e90b66d1a441ef
+
+user
+# => <User id: nil, auth_token: "$2a$10$8RdONCVhuLKmt0Fu5IxAo.GlU.PXWR4nOeLfv2THxhC...">
+
+user.save
+# => true
+
+User.identify_by_auth_token(token)
+# => <User id: 1, auth_token: "$2a$10$8RdONCVhuLKmt0Fu5IxAo.GlU.PXWR4nOeLfv2THxhC...">
+```
+
+## Installation
+Add this line to your application's Gemfile:
+
+```ruby
+gem "witness_protection"
+```
+
+And then execute:
+
+```bash
+$ bundle
+```
+
+Or install it yourself as:
+
+```
+$ gem install witness_protection
+```
+
+
+## Lisence
+
+Copyright (c) 2014 Philip Vieira
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+

data/Rakefile

@@ -0,0 +1,2 @@
+require "bundler/gem_tasks"
+

data/lib/witness_protection/rspec/macros.rb

@@ -0,0 +1,79 @@
+module WitnessProtection
+  module RSpec
+    module Macros
+
+      def it_has_been_witness_protected(field, *args, &blk)
+
+        it { should respond_to("encrypt_#{field}") }
+
+        context "ClassMethods" do
+
+          it { expect(described_class).to respond_to("identify_by_#{field}") }
+          let(:expected_token) { "super-seCret_url-token" }
+
+          before(:each) do
+            allow(subject).to receive(:__generate_secure_token__).with(field).and_return(expected_token)
+            subject.send("encrypt_#{field}")
+            subject.save!
+          end
+
+          identify_by_method = "identify_by_#{field}"
+          describe ".#{identify_by_method}" do
+
+            it "returns the record for the corresponding secure token" do
+              expect( described_class.send(identify_by_method, expected_token) ).to eq subject
+            end
+
+            context "no records match the secure token" do
+
+              it "should return nil" do
+                described_class.send(identify_by_method, "bad token").should be_nil
+              end
+
+            end
+
+          end
+
+          identify_by_bang_method = "identify_by_#{field}!"
+          describe ".#{identify_by_bang_method}" do
+
+            it "returns the record for the corresponding secure token" do
+              expect( described_class.send(identify_by_bang_method, expected_token) ).to eq subject
+            end
+
+            context "no records match the secure token" do
+
+              it "raise active record error" do
+                expect { described_class.send(identify_by_bang_method, "bad token") }.to raise_error ActiveRecord::RecordNotFound
+              end
+
+            end
+
+          end
+
+        end
+
+        encrypt_token_method = "encrypt_#{field}"
+        describe "##{encrypt_token_method}" do
+
+          let(:expected_token) { "super-seCret_url-token" }
+
+          before(:each) { allow(subject).to receive(:__generate_secure_token__).and_return(expected_token) }
+
+          it "assigns a valid BCrypt hash to password reset token field" do
+            expected_value = BCrypt::Engine.hash_secret(expected_token, Figaro.env.encryption_salt!)
+            expect(subject).to receive("#{field}=").with(expected_value)
+            subject.send(encrypt_token_method)
+          end
+
+          it "returns the token key" do
+            expect( subject.send(encrypt_token_method) ).to eq expected_token
+          end
+
+        end
+
+      end
+
+    end
+  end
+end

data/lib/witness_protection/version.rb

@@ -0,0 +1,3 @@
+module WitnessProtection
+  VERSION = "0.0.1.pre1"
+end

data/lib/witness_protection.rb

@@ -0,0 +1,82 @@
+require "active_support/concern"
+require "witness_protection/version"
+
+module WitnessProtection
+
+  extend ActiveSupport::Concern
+
+  included do
+    require "bcrypt"
+
+    class << self
+
+      def protected_identity(identity_column, *args)
+
+        define_method "#{identity_column}=" do |value|
+          super self.class.__encrypt_protected_token__(value)
+        end
+
+        define_method "encrypt_#{identity_column}" do |&blk|
+          self.__encrypt_protected_token__(identity_column, &blk)
+        end
+
+        define_singleton_method "identify_by_#{identity_column}" do |token|
+          self.__identify_by_protected_token__(identity_column, token)
+        end
+
+        define_singleton_method "identify_by_#{identity_column}!" do |token|
+          self.__identify_by_protected_token__!(identity_column, token)
+        end
+
+      end
+
+      def __identify_by_protected_token__(column, token)
+        send("find_by_#{column}", __encrypt_protected_token__(token))
+      end
+
+      def __identify_by_protected_token__!(column, token)
+        record = __identify_by_protected_token__(column, token)
+        raise ActiveRecord::RecordNotFound unless record
+        return record
+      end
+
+      def __encryption_salt__
+        unless salt = ENV["ENCRYPTION_SALT"]
+          fail "Can't find `ENCRYPTION_SALT' in environment."
+        end
+        return salt
+      end
+
+      def __encrypt_protected_token__(token)
+        BCrypt::Engine.hash_secret(token, __encryption_salt__)
+      end
+
+    end
+
+  end
+
+  def __generate_protected_token__(identity_column, &generator)
+    raise ArgumentError unless identity_column
+    return instance_eval(&generator) if block_given?
+
+    generation_method = "generate_#{identity_column}"
+    return send(generation_method) if respond_to?(generation_method)
+    return SecureRandom.urlsafe_base64
+  end
+
+
+  def __encrypt_protected_token__(identity_column, &generator)
+    raise ArgumentError unless identity_column
+
+    token = nil
+
+    self[identity_column] = loop do
+      token = __generate_protected_token__(identity_column, &generator)
+      hash = self.class.__encrypt_protected_token__(token)
+      break hash unless self.class.exists? identity_column => hash
+    end
+
+    return token
+  end
+
+end

data/spec/helper.rb

@@ -0,0 +1,30 @@
+require "witness_protection"
+require "active_record"
+
+ActiveRecord::Base.establish_connection adapter: "sqlite3", database: ":memory:"
+load File.dirname(__FILE__) + '/schema.rb'
+require File.dirname(__FILE__) + '/models.rb'
+
+RSpec.configure do |config|
+
+  config.filter_run :focus
+  config.run_all_when_everything_filtered = true
+
+  if config.files_to_run.one?
+    config.default_formatter = "doc"
+  end
+
+  config.profile_examples = false
+  config.order = :random
+  Kernel.srand config.seed
+
+  config.expect_with :rspec do |expectations|
+    expectations.syntax = :expect
+  end
+
+  config.mock_with :rspec do |mocks|
+    mocks.syntax = :expect
+    mocks.verify_partial_doubles = true
+  end
+
+end

data/spec/models.rb

@@ -0,0 +1,16 @@
+class Person < ActiveRecord::Base
+
+  include WitnessProtection
+
+  protected_identity :name
+
+end
+
+
+class Access < ActiveRecord::Base
+
+  include WitnessProtection
+
+  protected_identity :token
+
+end

data/spec/schema.rb

@@ -0,0 +1,13 @@
+ActiveRecord::Schema.define do
+
+  self.verbose = false
+
+  create_table :people, :force => true do |t|
+    t.string :name
+  end
+
+  create_table :accesses, :force => true do |t|
+    t.string :token
+  end
+
+end

data/spec/witness_protection_spec.rb

@@ -0,0 +1,32 @@
+def encryption_salt
+  ENV["ENCRYPTION_SALT"] ||= BCrypt::Engine.generate_salt
+end; encryption_salt
+
+describe WitnessProtection do
+
+  describe Person do
+
+    subject!(:person) { described_class.create name: "Alexander" }
+
+    it "encrypts & identifies by the name" do
+      expect(described_class.identify_by_name("Alexander")).to eq person
+    end
+
+  end
+
+  describe Access do
+
+    subject!(:access) { described_class.new }
+
+    before(:each) do
+      access.encrypt_token { "foobar1234" }
+      access.save
+    end
+
+    it "encrypts & identifies by a token generated from a proc" do
+      expect(described_class.identify_by_token("foobar1234")).to eq access
+    end
+
+  end
+
+end

data/witness_protection.gemspec

@@ -0,0 +1,30 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'witness_protection/version'
+
+Gem::Specification.new do |spec|
+
+  spec.name          = "witness_protection"
+  spec.version       = WitnessProtection::VERSION
+  spec.authors       = ["Philip Vieira"]
+  spec.email         = ["philip@vallin.se"]
+  spec.summary       = "Rails library that lets you have an encrypted identities for your active record models."
+  spec.homepage      = ""
+  spec.license       = "MIT"
+
+  spec.files         = `git ls-files -z`.split("\x0")
+  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
+  spec.require_paths = ["lib"]
+
+  spec.add_dependency "bcrypt"
+  spec.add_dependency "activerecord", "~> 4.0"
+  spec.add_dependency "activesupport", "~> 4.0"
+
+  spec.add_development_dependency "bundler", "~> 1.6"
+  spec.add_development_dependency "rake", "~> 10.0"
+  spec.add_development_dependency "rspec", "~> 3.0"
+  spec.add_development_dependency "sqlite3", "~> 1.3"
+
+end

metadata

@@ -0,0 +1,161 @@
+--- !ruby/object:Gem::Specification
+name: witness_protection
+version: !ruby/object:Gem::Version
+  version: 0.0.1.pre1
+platform: ruby
+authors:
+- Philip Vieira
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2014-09-04 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bcrypt
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: activerecord
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4.0'
+- !ruby/object:Gem::Dependency
+  name: activesupport
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4.0'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.6'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.6'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: sqlite3
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.3'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.3'
+description: 
+email:
+- philip@vallin.se
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".rspec"
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- lib/witness_protection.rb
+- lib/witness_protection/rspec/macros.rb
+- lib/witness_protection/version.rb
+- spec/helper.rb
+- spec/models.rb
+- spec/schema.rb
+- spec/witness_protection_spec.rb
+- witness_protection.gemspec
+homepage: ''
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">"
+    - !ruby/object:Gem::Version
+      version: 1.3.1
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.2.2
+signing_key: 
+specification_version: 4
+summary: Rails library that lets you have an encrypted identities for your active
+  record models.
+test_files:
+- spec/helper.rb
+- spec/models.rb
+- spec/schema.rb
+- spec/witness_protection_spec.rb