From 48e4a2c589c6961b5655dd79b0bcf5f43d88f24a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ren=C3=A9e=20Hendricksen?= Date: Thu, 14 Jul 2016 17:47:17 -0400 Subject: [PATCH] use travis settings for encrypted columns --- .../api/v3/extensions/encrypted_column.rb | 109 ------------------ lib/travis/api/v3/models/ssl_key.rb | 2 +- lib/travis/api/v3/models/token.rb | 2 +- lib/travis/api/v3/models/user.rb | 2 +- 4 files changed, 3 insertions(+), 112 deletions(-) delete mode 100644 lib/travis/api/v3/extensions/encrypted_column.rb diff --git a/lib/travis/api/v3/extensions/encrypted_column.rb b/lib/travis/api/v3/extensions/encrypted_column.rb deleted file mode 100644 index 6818b887..00000000 --- a/lib/travis/api/v3/extensions/encrypted_column.rb +++ /dev/null @@ -1,109 +0,0 @@ -require 'securerandom' -require 'base64' - -module Travis::API::V3 - module Extensions - class EncryptedColumn - attr_reader :disable, :options - alias disabled? disable - - def initialize(options = {}) - @options = options || {} - @disable = self.options[:disable] - @key = self.options[:key] - end - - def enabled? - !disabled? - end - - def load(data) - return nil unless data - - data = data.to_s - - decrypt?(data) ? decrypt(data) : data - end - - def dump(data) - encrypt?(data) ? encrypt(data.to_s) : data - end - - def key - @key || config.key - end - - def iv - SecureRandom.hex(8) - end - - def prefix - '--ENCR--' - end - - def decrypt?(data) - data.present? && (!use_prefix? || prefix_used?(data)) - end - - def encrypt?(data) - data.present? && enabled? - end - - def prefix_used?(data) - data[0..7] == prefix - end - - def decrypt(data) - data = data[8..-1] if prefix_used?(data) - - data = decode data - - iv = data[-16..-1] - data = data[0..-17] - - aes = create_aes :decrypt, key.to_s, iv - - result = aes.update(data) + aes.final - end - - def encrypt(data) - iv = self.iv - - aes = create_aes :encrypt, key.to_s, iv - - encrypted = aes.update(data) + aes.final - - encrypted = "#{encrypted}#{iv}" - encrypted = encode encrypted - encrypted = "#{prefix}#{encrypted}" if use_prefix? - encrypted - end - - def use_prefix? - options.has_key?(:use_prefix) ? options[:use_prefix] : Travis::Features.feature_inactive?(:db_encryption_prefix) - end - - def create_aes(mode = :encrypt, key, iv) - aes = OpenSSL::Cipher::AES.new(256, :CBC) - - aes.send(mode) - aes.key = key - aes.iv = iv - - aes - end - - def config - Travis.config.encryption - end - - def decode(str) - Base64.strict_decode64 str - end - - def encode(str) - Base64.strict_encode64 str - end - end - end -end diff --git a/lib/travis/api/v3/models/ssl_key.rb b/lib/travis/api/v3/models/ssl_key.rb index 75e1e8a2..bd9685c7 100644 --- a/lib/travis/api/v3/models/ssl_key.rb +++ b/lib/travis/api/v3/models/ssl_key.rb @@ -2,7 +2,7 @@ module Travis::API::V3 class Models::SSLKey < Model belongs_to :repository - serialize :private_key, Travis::API::V3::Extensions::EncryptedColumn.new + serialize :private_key, Travis::Settings::EncryptedColumn.new def encoded_public_key key = build_key.public_key diff --git a/lib/travis/api/v3/models/token.rb b/lib/travis/api/v3/models/token.rb index 90965d0b..4cd6bf35 100644 --- a/lib/travis/api/v3/models/token.rb +++ b/lib/travis/api/v3/models/token.rb @@ -2,7 +2,7 @@ module Travis::API::V3 class Models::Token < Model belongs_to :user validate :token, presence: true - serialize :token, Extensions::EncryptedColumn.new(disable: true) + serialize :token, Travis::Settings::EncryptedColumn.new(disable: true) before_validation :generate_token, on: :create protected diff --git a/lib/travis/api/v3/models/user.rb b/lib/travis/api/v3/models/user.rb index 510542c8..66ccf86d 100644 --- a/lib/travis/api/v3/models/user.rb +++ b/lib/travis/api/v3/models/user.rb @@ -9,7 +9,7 @@ module Travis::API::V3 has_many :stars has_one :subscription, as: :owner - serialize :github_oauth_token, Extensions::EncryptedColumn.new(disable: true) + serialize :github_oauth_token, Travis::Settings::EncryptedColumn.new(disable: true) def token tokens.first_or_create.token