Module: SymmetricEncryption::Generator

Defined in:
lib/symmetric_encryption/generator.rb

Class Method Summary collapse

Class Method Details

.generate_decrypted_accessors(model, decrypted_name, encrypted_name, options) ⇒ Object

Common internal method for generating accessors for decrypted accessors Primarily used by extensions

Raises:

  • (ArgumentError) 


5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
 
# File 'lib/symmetric_encryption/generator.rb', line 5

def self.generate_decrypted_accessors(model, decrypted_name, encrypted_name, options)
  options   = options.dup
  random_iv = options.delete(:random_iv) || false
  compress  = options.delete(:compress) || false
  type      = options.delete(:type) || :string

  raise(ArgumentError, "SymmetricEncryption Invalid options #{options.inspect} when encrypting '#{decrypted_name}'") unless options.empty?
  raise(ArgumentError, "Invalid type: #{type.inspect}. Valid types: #{SymmetricEncryption::COERCION_TYPES.inspect}") unless SymmetricEncryption::COERCION_TYPES.include?(type)

  if model.const_defined?(:EncryptedAttributes, _search_ancestors = false)
    mod                                                           = model.const_get(:EncryptedAttributes)
  else
    mod = model.const_set(:EncryptedAttributes, Module.new)
    model.send(:include, mod)
  end

  # Generate getter and setter methods
  mod.module_eval("    # Set the un-encrypted field\n    # Also updates the encrypted field with the encrypted value\n    # Freeze the decrypted field value so that it is not modified directly\n    def \#{decrypted_name}=(value)\n      v = SymmetricEncryption::Coerce.coerce(value, :\#{type})\n      return if (@\#{decrypted_name} == v) && !v.nil? && !(v == '')\n      self.\#{encrypted_name} = @stored_\#{encrypted_name} = ::SymmetricEncryption.encrypt(v, random_iv: \#{random_iv}, compress: \#{compress}, type: :\#{type})\n      @\#{decrypted_name} = v.freeze\n    end\n\n    # Returns the decrypted value for the encrypted field\n    # The decrypted value is cached and is only decrypted if the encrypted value has changed\n    # If this method is not called, then the encrypted value is never decrypted\n    def \#{decrypted_name}\n      if !defined?(@stored_\#{encrypted_name}) || (@stored_\#{encrypted_name} != self.\#{encrypted_name})\n        @\#{decrypted_name} = ::SymmetricEncryption.decrypt(self.\#{encrypted_name}, type: :\#{type}).freeze\n        @stored_\#{encrypted_name} = self.\#{encrypted_name}\n      end\n      @\#{decrypted_name}\n    end\n\n    # Map changes to encrypted value to unencrypted equivalent\n    def \#{decrypted_name}_changed?\n      \#{encrypted_name}_changed?\n    end\n  ACCESSORS\nend\n", __FILE__, __LINE__ + 1)