module Mongoid::Kms::ClassMethods

Class methods

Public Instance Methods

decrypt_field(object, field_name, data, encryption_context = nil) click to toggle source
# File lib/mongoid/kms.rb, line 104
def decrypt_field(object, field_name, data, encryption_context = nil)
  encryption_context ||= kms_context(object, field_name)

  Mongoid::Kms.kms.decrypt({
    ciphertext_blob: data,
    encryption_context: encryption_context
  })[:plaintext]
end
encrypt_field(object, field_name, value) click to toggle source
# File lib/mongoid/kms.rb, line 96
def encrypt_field(object, field_name, value)
  Mongoid::Kms.kms.encrypt({
    key_id: Mongoid::Kms.key,
    plaintext: value,
    encryption_context: kms_context(object, field_name)
  })[:ciphertext_blob]
end
get_encrypted_field_name(field_name) click to toggle source
# File lib/mongoid/kms.rb, line 148
def get_encrypted_field_name(field_name)
  "kms_secure_#{field_name}"
end
inherited(child) click to toggle source
Calls superclass method
# File lib/mongoid/kms.rb, line 91
def inherited(child)
  child.kms_field_map = self.kms_field_map.clone
  super(child)
end
kms_context(object, field_name) click to toggle source
# File lib/mongoid/kms.rb, line 113
def kms_context(object, field_name)
  kms_context_array(object, field_name).inject({}) do |hash, key|
    if object.respond_to?(key)
      value = object.send(key).to_s
      hash[key] = value if !value.nil? && value != ""
    else
      hash[key] = key
    end

    hash
  end
end
kms_context_array(object, field_name) click to toggle source
# File lib/mongoid/kms.rb, line 140
def kms_context_array(object, field_name)
  kms_field_map[field_name.to_s][:context] || []
end
kms_context_was(object, field_name) click to toggle source
# File lib/mongoid/kms.rb, line 126
def kms_context_was(object, field_name)
  kms_context_array(object, field_name).inject({}) do |hash, key|
    if object.respond_to?("#{key}_was") && object.send("#{key}_changed?")
      hash[key] = object.send("#{key}_was").to_s
    elsif object.respond_to?(key)
      hash[key] = object.send(key).to_s
    else
      hash[key] = key
    end

    hash
  end
end
kms_type(field_name) click to toggle source
# File lib/mongoid/kms.rb, line 144
def kms_type(field_name)
  kms_field_map[field_name.to_s][:type]
end
secure_field(field_name, args) click to toggle source
# File lib/mongoid/kms.rb, line 152
def secure_field(field_name, args)
  encrypted_field_name = get_encrypted_field_name(field_name)

  create_dirty_methods field_name, field_name
  after_validation :set_kms_values

  kms_field_map[field_name.to_s] = {context: args.delete(:context), type: args[:type]}

  field encrypted_field_name, type: Mongoid::Kms.bson_class::Binary

  define_method(field_name) do
    if instance_variable_defined?("@#{field_name}")
      instance_variable_get("@#{field_name}")
    else
      raw = send("kms_secure_#{field_name}")
      raw = raw.data if raw.is_a?(Mongoid::Kms.bson_class::Binary)

      if raw.nil?
        raw
      else
        v = self.class.decrypt_field(self, field_name, raw)
        instance_variable_set("@#{field_name}", v)
        v
      end
    end
  end

  define_method("#{field_name}=") do |value|
    self.send("#{field_name}_will_change!")
    instance_variable_set("@#{field_name}", value)
  end
end