Class: ActiveRecord::Base

Inherits:
Object
  • Object
show all
Defined in:
lib/symmetric_encryption/extensions/active_record/base.rb

Class Method Summary collapse

Class Method Details

.attr_encrypted(*params) ⇒ Object

Drop in replacement for attr_encrypted gem, except that it uses SymmetricEncryption for managing the encryption key

Parameters:

  • Symbolic names of each method to create which has a corresponding method already defined in rails starting with: encrypted_

  • Followed by an optional hash:

    :marshal [true|false]
      Whether this element should be converted to YAML before encryption
      Default: false
    
    :random_iv [true|false]
      Whether the encrypted value should use a random IV every time the
      field is encrypted.
      It is recommended to set this to true where feasible. If the encrypted
      value could be used as part of a SQL where clause, or as part
      of any lookup, then it must be false.
      Setting random_iv to true will result in a different encrypted output for
      the same input string.
      Note: Only set to true if the field will never be used as part of
        the where clause in an SQL query.
      Note: When random_iv is true it will add a 8 byte header, plus the bytes
        to store the random IV in every returned encrypted string, prior to the
        encoding if any.
      Default: false
      Highly Recommended where feasible: true
    
    :compress [true|false]
      Whether to compress str before encryption
      Should only be used for large strings since compression overhead and
      the overhead of adding the 'magic' header may exceed any benefits of
      compression
      Note: Adds a 6 byte header prior to encoding, only if :random_iv is false
      Default: false
    

39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
# File 'lib/symmetric_encryption/extensions/active_record/base.rb', line 39

def attr_encrypted(*params)
  # Ensure ActiveRecord has created all its methods first
  # Ignore failures since the table may not yet actually exist
  define_attribute_methods rescue nil

  options = params.last.is_a?(Hash) ? params.pop : {}
  random_iv = options.fetch(:random_iv, false)
  compress  = options.fetch(:compress, false)
  marshal   = options.fetch(:marshal, false)

  params.each do |attribute|
    # Generate unencrypted attribute with getter and setter
    class_eval(<<-UNENCRYPTED, __FILE__, __LINE__ + 1)
      # Returns the decrypted value for the encrypted attribute
      # The decrypted value is cached and is only decrypted if the encrypted value has changed
      # If this method is not called, then the encrypted value is never decrypted
      def #{attribute}
        if @stored_encrypted_#{attribute} != self.encrypted_#{attribute}
          @#{attribute} = ::SymmetricEncryption.decrypt(self.encrypted_#{attribute}).freeze
          @stored_encrypted_#{attribute} = self.encrypted_#{attribute}
        end
        @#{attribute}
      end

      # Set the un-encrypted attribute
      # Also updates the encrypted field with the encrypted value
      def #{attribute}=(value)
        self.encrypted_#{attribute} = @stored_encrypted_#{attribute} = ::SymmetricEncryption.encrypt(value#{".to_yaml" if marshal},#{random_iv},#{compress})
        @#{attribute} = value.freeze
      end
    UNENCRYPTED

    encrypted_attributes[attribute.to_sym] = "encrypted_#{attribute}".to_sym
  end
end

.encrypted_attribute?(attribute) ⇒ Boolean

Returns whether an attribute has been configured to be encrypted

Example

class User < ActiveRecord::Base
  attr_accessor :name
  attr_encrypted :email
end

User.encrypted_attribute?(:name) # false
User.encrypted_attribute?(:email) # true

Returns:

  • (Boolean)

112
113
114
# File 'lib/symmetric_encryption/extensions/active_record/base.rb', line 112

def encrypted_attribute?(attribute)
  encrypted_keys.include?(attribute)
end

.encrypted_attributesObject

Contains a hash of encrypted attributes with virtual attribute names as keys and real attribute names as values

Example

class User < ActiveRecord::Base
  attr_encrypted :email
end

User.encrypted_attributes # { :email => :encrypted_email }

85
86
87
# File 'lib/symmetric_encryption/extensions/active_record/base.rb', line 85

def encrypted_attributes
  @encrypted_attributes ||= superclass.respond_to?(:encrypted_attributes) ? superclass.encrypted_attributes.dup : {}
end

.encrypted_column?(attribute) ⇒ Boolean

Returns whether the attribute is the database column to hold the encrypted data for a matching encrypted attribute

Example

class User < ActiveRecord::Base
  attr_accessor :name
  attr_encrypted :email
end

User.encrypted_column?(:encrypted_name) # false
User.encrypted_column?(:encrypted_email) # true

Returns:

  • (Boolean)

128
129
130
# File 'lib/symmetric_encryption/extensions/active_record/base.rb', line 128

def encrypted_column?(attribute)
  encrypted_columns.include?(attribute)
end

.encrypted_columnsObject

Return the name of all encrypted columns as an Array of symbols Example: [:encrypted_email, :encrypted_password]


97
98
99
# File 'lib/symmetric_encryption/extensions/active_record/base.rb', line 97

def encrypted_columns
  @encrypted_columns ||= encrypted_attributes.values
end

.encrypted_keysObject

Return the name of all encrypted virtual attributes as an Array of symbols Example: [:email, :password]


91
92
93
# File 'lib/symmetric_encryption/extensions/active_record/base.rb', line 91

def encrypted_keys
  @encrypted_keys ||= encrypted_attributes.keys
end