Class: ActiveRecord::Base
- Inherits:
-
Object
- Object
- ActiveRecord::Base
- Defined in:
- lib/symmetric_encryption/extensions/active_record/base.rb
Class Method Summary collapse
-
.attr_encrypted(*params) ⇒ Object
Drop in replacement for attr_encrypted gem, except that it uses SymmetricEncryption for managing the encryption key.
-
.encrypted_attribute?(attribute) ⇒ Boolean
Returns whether an attribute has been configured to be encrypted.
-
.encrypted_attributes ⇒ Object
Contains a hash of encrypted attributes with virtual attribute names as keys and real attribute names as values.
-
.encrypted_column?(attribute) ⇒ Boolean
Returns whether the attribute is the database column to hold the encrypted data for a matching encrypted attribute.
-
.encrypted_columns ⇒ Object
Return the name of all encrypted columns as an Array of symbols Example: [:encrypted_email, :encrypted_password].
-
.encrypted_keys ⇒ Object
Return the name of all encrypted virtual attributes as an Array of symbols Example: [:email, :password].
Class Method Details
.attr_encrypted(*params) ⇒ Object
Drop in replacement for attr_encrypted gem, except that it uses SymmetricEncryption for managing the encryption key
Parameters:
-
Symbolic names of each method to create which has a corresponding method already defined in rails starting with: encrypted_
-
Followed by an optional hash:
:marshal [true|false] Whether this element should be converted to YAML before encryption Default: false :random_iv [true|false] Whether the encrypted value should use a random IV every time the field is encrypted. It is recommended to set this to true where feasible. If the encrypted value could be used as part of a SQL where clause, or as part of any lookup, then it must be false. Setting random_iv to true will result in a different encrypted output for the same input string. Note: Only set to true if the field will never be used as part of the where clause in an SQL query. Note: When random_iv is true it will add a 8 byte header, plus the bytes to store the random IV in every returned encrypted string, prior to the encoding if any. Default: false Highly Recommended where feasible: true :compress [true|false] Whether to compress str before encryption Should only be used for large strings since compression overhead and the overhead of adding the 'magic' header may exceed any benefits of compression Note: Adds a 6 byte header prior to encoding, only if :random_iv is false Default: false
39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 |
# File 'lib/symmetric_encryption/extensions/active_record/base.rb', line 39 def attr_encrypted(*params) # Ensure ActiveRecord has created all its methods first # Ignore failures since the table may not yet actually exist define_attribute_methods rescue nil = params.last.is_a?(Hash) ? params.pop : {} random_iv = .fetch(:random_iv, false) compress = .fetch(:compress, false) marshal = .fetch(:marshal, false) params.each do |attribute| # Generate unencrypted attribute with getter and setter class_eval(<<-UNENCRYPTED, __FILE__, __LINE__ + 1) # Returns the decrypted value for the encrypted attribute # The decrypted value is cached and is only decrypted if the encrypted value has changed # If this method is not called, then the encrypted value is never decrypted def #{attribute} if @stored_encrypted_#{attribute} != self.encrypted_#{attribute} @#{attribute} = ::SymmetricEncryption.decrypt(self.encrypted_#{attribute}).freeze @stored_encrypted_#{attribute} = self.encrypted_#{attribute} end @#{attribute} end # Set the un-encrypted attribute # Also updates the encrypted field with the encrypted value def #{attribute}=(value) self.encrypted_#{attribute} = @stored_encrypted_#{attribute} = ::SymmetricEncryption.encrypt(value#{".to_yaml" if marshal},#{random_iv},#{compress}) @#{attribute} = value.freeze end UNENCRYPTED encrypted_attributes[attribute.to_sym] = "encrypted_#{attribute}".to_sym end end |
.encrypted_attribute?(attribute) ⇒ Boolean
Returns whether an attribute has been configured to be encrypted
Example
class User < ActiveRecord::Base
attr_accessor :name
attr_encrypted :email
end
User.encrypted_attribute?(:name) # false
User.encrypted_attribute?(:email) # true
112 113 114 |
# File 'lib/symmetric_encryption/extensions/active_record/base.rb', line 112 def encrypted_attribute?(attribute) encrypted_keys.include?(attribute) end |
.encrypted_attributes ⇒ Object
Contains a hash of encrypted attributes with virtual attribute names as keys and real attribute names as values
Example
class User < ActiveRecord::Base
attr_encrypted :email
end
User.encrypted_attributes # { :email => :encrypted_email }
85 86 87 |
# File 'lib/symmetric_encryption/extensions/active_record/base.rb', line 85 def encrypted_attributes @encrypted_attributes ||= superclass.respond_to?(:encrypted_attributes) ? superclass.encrypted_attributes.dup : {} end |
.encrypted_column?(attribute) ⇒ Boolean
Returns whether the attribute is the database column to hold the encrypted data for a matching encrypted attribute
Example
class User < ActiveRecord::Base
attr_accessor :name
attr_encrypted :email
end
User.encrypted_column?(:encrypted_name) # false
User.encrypted_column?(:encrypted_email) # true
128 129 130 |
# File 'lib/symmetric_encryption/extensions/active_record/base.rb', line 128 def encrypted_column?(attribute) encrypted_columns.include?(attribute) end |
.encrypted_columns ⇒ Object
Return the name of all encrypted columns as an Array of symbols Example: [:encrypted_email, :encrypted_password]
97 98 99 |
# File 'lib/symmetric_encryption/extensions/active_record/base.rb', line 97 def encrypted_columns @encrypted_columns ||= encrypted_attributes.values end |
.encrypted_keys ⇒ Object
Return the name of all encrypted virtual attributes as an Array of symbols Example: [:email, :password]
91 92 93 |
# File 'lib/symmetric_encryption/extensions/active_record/base.rb', line 91 def encrypted_keys @encrypted_keys ||= encrypted_attributes.keys end |