Class: Sequent::Core::Helpers::Secret

Inherits:

Object

• Object
• Sequent::Core::Helpers::Secret

Defined in:

lib/sequent/core/helpers/secret.rb

Overview

You can use this in Commands to handle for instance passwords safely. It uses BCrypt to encrypt the Secret.

Attributes that are of type Secret are encrypted after successful validation in the CommandService automatically. So there is no need to do this yourself, Sequent will take care of this for you. As a result the CommandHandlers will receive the encrypted values.

Since this is meant to be used in Commands based on input you can put in Strings and Secrets.

Example usage:

class CreateUser < Sequent::Command
  attrs email: String, password: Sequent::Secret
end

command = CreateUser.new(
  aggregate_id: Sequent.new_uuid,
  email: 'ben@sequent.io',
  password: 'secret',
)

puts command.password
=> secret

command.valid?
=> true

command = command.parse_attrs_to_correct_types
puts command.password
=> SAasdf239as$%^@#%dasfgasasdf (or something similar :-))

When command validation fails attributes of type Sequent::Secret are cleared.

command.valid?
=> false

puts command.password
=> ''

There is no real need to use this type in Events since there we are only interested in the encrypted String at that point.

Besides the Sequent::Secret type there are also some helper methods available to assist in verifying secrets.

See encrypt_secret See re_encrypt_secret See verify_secret

Instance Attribute Summary

• #value ⇒ Object readonly

  Returns the value of attribute value.

Class Method Summary

• .deserialize_from_json(value) ⇒ Object
• .encrypt_secret(clear_text_secret) ⇒ Object

  Creates a hash for the given clear text password.

• .re_encrypt_secret(clear_text_secret, hashed_secret) ⇒ Object

  Creates a hash for the given clear text secret using the given hashed secret as a salt (essentially re-creating the secret hash).

• .verify_secret(hashed_secret, clear_text_secret) ⇒ Object

  Verifies that the hashed and clear text secret are equal.

Instance Method Summary

• #==(other) ⇒ Object
• #encrypt ⇒ Object
• #initialize(value) ⇒ Secret constructor

  A new instance of Secret.

• #verify_secret(clear_text_secret) ⇒ Object

Constructor Details

#initialize(value) ⇒ Secret

Returns a new instance of Secret.

# File 'lib/sequent/core/helpers/secret.rb', line 96

def initialize(value)
  fail ArgumentError, 'value can not be blank' if value.blank?

  @value = if value.is_a?(Secret)
             value.value
           else
             value
           end
end

Instance Attribute Details

#value ⇒ Object (readonly)

Returns the value of attribute value.

# File 'lib/sequent/core/helpers/secret.rb', line 94

def value
  @value
end

Class Method Details

.deserialize_from_json(value) ⇒ Object

# File 'lib/sequent/core/helpers/secret.rb', line 60

def deserialize_from_json(value)
  new(value)
end

.encrypt_secret(clear_text_secret) ⇒ Object

Creates a hash for the given clear text password.

# File 'lib/sequent/core/helpers/secret.rb', line 67

def encrypt_secret(clear_text_secret)
  fail ArgumentError, 'clear_text_secret can not be blank' if clear_text_secret.blank?

  BCrypt::Password.create(clear_text_secret)
end

.re_encrypt_secret(clear_text_secret, hashed_secret) ⇒ Object

Creates a hash for the given clear text secret using the given hashed secret as a salt (essentially re-creating the secret hash).

# File 'lib/sequent/core/helpers/secret.rb', line 77

def re_encrypt_secret(clear_text_secret, hashed_secret)
  fail ArgumentError, 'clear_text_secret can not be blank' if clear_text_secret.blank?
  fail ArgumentError, 'hashed_secret can not be blank' if hashed_secret.blank?

  BCrypt::Engine.hash_secret(clear_text_secret, hashed_secret)
end

.verify_secret(hashed_secret, clear_text_secret) ⇒ Object

Verifies that the hashed and clear text secret are equal.

# File 'lib/sequent/core/helpers/secret.rb', line 87

def verify_secret(hashed_secret, clear_text_secret)
  return false if hashed_secret.blank? || clear_text_secret.blank?

  BCrypt::Password.new(hashed_secret) == clear_text_secret
end

Instance Method Details

#==(other) ⇒ Object

# File 'lib/sequent/core/helpers/secret.rb', line 115

def ==(other)
  return false unless other&.class == Secret

  other.value == @value
end

#encrypt ⇒ Object

# File 'lib/sequent/core/helpers/secret.rb', line 106

def encrypt
  @value = self.class.encrypt_secret(@value)
  self
end

#verify_secret(clear_text_secret) ⇒ Object

# File 'lib/sequent/core/helpers/secret.rb', line 111

def verify_secret(clear_text_secret)
  self.class.verify_secret(@value, clear_text_secret)
end