diff --git a/LICENSE b/LICENSE index 13df3a7..567ae40 100644 --- a/LICENSE +++ b/LICENSE @@ -1,20 +1,7 @@ -Copyright 2015 +Copyright 2015 DefineScope -Permission is hereby granted, free of charge, to any person obtaining -a copy of this software and associated documentation files (the -"Software"), to deal in the Software without restriction, including -without limitation the rights to use, copy, modify, merge, publish, -distribute, sublicense, and/or sell copies of the Software, and to -permit persons to whom the Software is furnished to do so, subject to -the following conditions: +Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the “Software”), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: -The above copyright notice and this permission notice shall be -included in all copies or substantial portions of the Software. +The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, -EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND -NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE -LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION -OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION -WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. +THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. diff --git a/definerails_sensitivedata.gemspec b/definerails_sensitivedata.gemspec index d3af1b9..417d85b 100644 --- a/definerails_sensitivedata.gemspec +++ b/definerails_sensitivedata.gemspec @@ -1,8 +1,10 @@ -$:.push File.expand_path("../lib", __FILE__) +$LOAD_PATH.push File.expand_path('lib', __dir__) require "definerails_sensitivedata/version" Gem::Specification.new do |s| + s.required_ruby_version = '>= 3.2' + s.name = "definerails_sensitivedata" s.version = DefineRails::SensitiveData::VERSION s.authors = ["DefineScope"] @@ -15,5 +17,7 @@ Gem::Specification.new do |s| s.files = Dir["{app,config,db,lib}/**/*", "LICENSE", "Rakefile"] # s.test_files = Dir["test/**/*"] - #s.add_dependency "rails"#, ">= 7.0.0" + s.add_dependency "rails", ">= 7.0.0" + + s.metadata["rubygems_mfa_required"] = "true" end diff --git a/lib/definerails_sensitivedata/config.rb b/lib/definerails_sensitivedata/config.rb index fcfa2c8..5221d8b 100644 --- a/lib/definerails_sensitivedata/config.rb +++ b/lib/definerails_sensitivedata/config.rb @@ -9,7 +9,7 @@ def configure end def config - @_config ||= Config.new + @config ||= Config.new end end end diff --git a/lib/definerails_sensitivedata/encryption/active_record__encrypted_attribute_type.rb b/lib/definerails_sensitivedata/encryption/active_record__encrypted_attribute_type.rb index 0bdbf5a..3ecd482 100644 --- a/lib/definerails_sensitivedata/encryption/active_record__encrypted_attribute_type.rb +++ b/lib/definerails_sensitivedata/encryption/active_record__encrypted_attribute_type.rb @@ -15,9 +15,9 @@ def decrypt(value) with_context do encryptor.decrypt(value, **decryption_options) end - rescue ActiveRecord::Encryption::Errors::Base => error + rescue ActiveRecord::Encryption::Errors::Base => e if previous_types_without_clean_text.blank? - handle_deserialize_error(error, value) + handle_deserialize_error(e, value) else try_to_deserialize_with_previous_encrypted_types(value) end diff --git a/lib/definerails_sensitivedata/encryption/encryptor.rb b/lib/definerails_sensitivedata/encryption/encryptor.rb index cb40c0d..b68fbad 100644 --- a/lib/definerails_sensitivedata/encryption/encryptor.rb +++ b/lib/definerails_sensitivedata/encryption/encryptor.rb @@ -8,6 +8,8 @@ def initialize( empty_string_visible_in_db: true, store_nil_as_empty_string: true ) + super() + @empty_string_visible_in_db = empty_string_visible_in_db @store_nil_as_empty_string = store_nil_as_empty_string end @@ -16,11 +18,7 @@ def encrypt(clear_text, **options) if clear_text.present? super elsif clear_text.nil? - if @store_nil_as_empty_string - "" - else - nil - end + "" if @store_nil_as_empty_string elsif clear_text.strip == "" if @empty_string_visible_in_db "" diff --git a/lib/definerails_sensitivedata/encryption/key_provider.rb b/lib/definerails_sensitivedata/encryption/key_provider.rb index c7214a5..d60ffbb 100644 --- a/lib/definerails_sensitivedata/encryption/key_provider.rb +++ b/lib/definerails_sensitivedata/encryption/key_provider.rb @@ -14,18 +14,18 @@ def encryption_key end def decryption_keys(encrypted_message) - _keys = + keys_for_decryption = if ::ActiveRecord::Encryption.config.store_key_references && encrypted_message.headers.encrypted_data_key_id keys_grouped_by_id[encrypted_message.headers.encrypted_data_key_id] else - _primary_keys + primary_keys_to_use end key_salt = encrypted_message.headers[:ks] - if _keys && key_salt - return _keys.collect do |k| + if keys_for_decryption && key_salt + return keys_for_decryption.collect do |k| k.with_salt(key_salt) end end @@ -35,15 +35,15 @@ def decryption_keys(encrypted_message) private def active_primary_key - @active_primary_key ||= _primary_keys.last + @active_primary_key ||= primary_keys_to_use.last end def keys_grouped_by_id - @keys_grouped_by_id ||= _primary_keys.group_by(&:id) + @keys_grouped_by_id ||= primary_keys_to_use.group_by(&:id) end - def _primary_keys - @keys ||= + def primary_keys_to_use + @primary_keys_to_use ||= Array(::ActiveRecord::Encryption.config.primary_key) .collect do |password| ::DefineRails::SensitiveData::Encryption::Key.derive_from(password) diff --git a/lib/definerails_sensitivedata/models/sensitive_data_object__active_record.rb b/lib/definerails_sensitivedata/models/sensitive_data_object__active_record.rb index 6010996..104ccb1 100644 --- a/lib/definerails_sensitivedata/models/sensitive_data_object__active_record.rb +++ b/lib/definerails_sensitivedata/models/sensitive_data_object__active_record.rb @@ -39,11 +39,9 @@ def encrypts(*attributes, **options) ) end - def has_sensitive_data(*attributes, **options) + def has_sensitive_data(*attributes, **options) # rubocop:disable Naming/PredicateName return if attributes.blank? - store_empty_as_nil = options.delete(:store_empty_as_nil) != false - in_attribute = options.delete(:in)&.to_sym || :sensitive_data unless @__has_registered_sensitive_data_encrypted_attribute @@ -57,7 +55,7 @@ def has_sensitive_data(*attributes, **options) define_method attribute_name do the_hash = send(in_attribute) - the_hash.dig(attribute_name) if the_hash.present? + the_hash[attribute_name] if the_hash.present? end define_method "#{ attribute_name }=" do |the_value| @@ -80,13 +78,13 @@ def has_sensitive_data(*attributes, **options) define_method attribute_name_before_last_save do send("#{in_attribute}_before_last_save") - .then {|x| x.blank? ? nil : x } + .then(&:presence) &.dig(attribute_name) end define_method attribute_name_in_database do send("#{in_attribute}_in_database") - .then {|x| x.blank? ? nil : x } + .then(&:presence) &.dig(attribute_name) end @@ -100,6 +98,7 @@ def has_sensitive_data(*attributes, **options) end end + end end end diff --git a/lib/definerails_sensitivedata/version.rb b/lib/definerails_sensitivedata/version.rb index c1d0328..2f1e205 100644 --- a/lib/definerails_sensitivedata/version.rb +++ b/lib/definerails_sensitivedata/version.rb @@ -1,5 +1,5 @@ module DefineRails module SensitiveData - VERSION = "2.0.4" + VERSION = "2.0.4".freeze end end