lib/symmetric_encryption/extensions/mongoid/fields.rb in symmetric-encryption-1.1.1 vs lib/symmetric_encryption/extensions/mongoid/fields.rb in symmetric-encryption-2.0.0

@@ -23,10 +23,11 @@
       #    include Mongoid::Document
       #
       #    field :name,                             :type => String
       #    field :encrypted_social_security_number, :type => String, :encrypted => true
       #    field :age,                              :type => Integer
+      #    field :life_history,                     :type => String, :encrypted => true, :compress => true, :random_iv => true
       #
       #  end
       #
       # The above document results in the following document in the Mongo collection 'persons':
       # {
@@ -48,65 +49,75 @@
       #
       #   # Sets the encrypted_social_security_number to encrypted version
       #   person.social_security_number = "123456789"
       #
       #   # Or, is equivalent to:
-      #   person.social_security_number = SymmetricEncryption.encrypt("123456789")
+      #   person.encrypted_social_security_number = SymmetricEncryption.encrypt("123456789")
       #
       #
       # Note: Unlike attr_encrypted finders must use the encrypted field name
-      #   For Example this is NOT valid:
+      #   Invalid Example, does not work:
       #     person = Person.where(:social_security_number => '123456789').first
       #
+      #   Valid Example:
+      #     person = Person.where(:encrypted_social_security_number => SymmetricEncryption.encrypt('123456789')).first
+      #
       # Defines all the fields that are accessible on the Document
       # For each field that is defined, a getter and setter will be
       # added as an instance method to the Document.
       #
       # @example Define a field.
-      #   field :score, :type => Integer, :default => 0
+      #   field :social_security_number, :type => String, :encrypted => true, :compress => false, :random_iv => false
+      #   field :sensitive_text, :type => String, :encrypted => true, :compress => true, :random_iv => true
       #
       # @param [ Symbol ] name The name of the field.
       # @param [ Hash ] options The options to pass to the field.
       #
-      # @option options [ Boolean ] :encryption If the field contains encrypted data.
-      # @option options [ Symbol ] :decrypt_as Name of the getters and setters to generate to access the decrypted value of this field.
-      # @option options [ Class ] :type The type of the field.
-      # @option options [ String ] :label The label for the field.
-      # @option options [ Object, Proc ] :default The field's default
+      # @option options [ Boolean ] :encrypted  If the field contains encrypted data.
+      # @option options [ Symbol ]  :decrypt_as Name of the getters and setters to generate to access the decrypted value of this field.
+      # @option options [ Boolean ] :compress   Whether to compress this encrypted field
+      # @option options [ Boolean ] :random_iv  Whether the encrypted value should use a random IV every time the field is encrypted.
       #
+      # @option options [ Class ]   :type The type of the field.
+      # @option options [ String ]  :label The label for the field.
+      # @option options [ Object, Proc ] :default The fields default
+      #
       # @return [ Field ] The generated field
       def field_with_symmetric_encryption(field_name, options={})
         if options.delete(:encrypted) == true
           decrypt_as = options.delete(:decrypt_as)
           unless decrypt_as
             raise "SymmetricEncryption for Mongoid. When encryption is enabled for a field it must either start with 'encrypted_' or the option :decrypt must be supplied" unless field_name.to_s.start_with?('encrypted_')
             decrypt_as = field_name.to_s['encrypted_'.length..-1]
           end
 
+          random_iv = options.delete(:random_iv) || false
+          compress  = options.delete(:compress) || false
+
           # Store Intended data type for this field, but we store it as a String
           underlying_type = options[:type]
           options[:type] = String
 
           raise "SymmetricEncryption for Mongoid currently only supports :type => String" unless underlying_type == String
 
-          # #TODO Need to do type conversions. Currently only support String
+          # #TODO Need to do type conversions. Currently only supports String
 
           # Generate getter and setter methods
           class_eval(<<-EOS, __FILE__, __LINE__ + 1)
-            # Set the un-encrypted bank account number
+            # Set the un-encrypted field
             # Also updates the encrypted field with the encrypted value
             def #{decrypt_as}=(value)
-              @stored_#{field_name} = SymmetricEncryption.encrypt(value)
+              @stored_#{field_name} = ::SymmetricEncryption.encrypt(value,#{random_iv},#{compress})
               self.#{field_name} = @stored_#{field_name}
               @#{decrypt_as} = value
             end
 
             # Returns the decrypted value for the encrypted field
             # The decrypted value is cached and is only decrypted if the encrypted value has changed
             # If this method is not called, then the encrypted value is never decrypted
             def #{decrypt_as}
               if @stored_#{field_name} != self.#{field_name}
-                @#{decrypt_as} = SymmetricEncryption.decrypt(self.#{field_name})
+                @#{decrypt_as} = ::SymmetricEncryption.decrypt(self.#{field_name})
                 @stored_#{field_name} = self.#{field_name}
               end
               @#{decrypt_as}
             end
           EOS