Feat (API Particulier): new encryption service

2021-06-10 16:52:51 +02:00 · 2021-06-10 16:52:51 +02:00 · 17b659539f
commit 17b659539f
parent 350ce41459
4 changed files with 64 additions and 0 deletions
--- a/app/services/encryption_service.rb
+++ b/app/services/encryption_service.rb
@ -0,0 +1,17 @@
+class EncryptionService
+  def initialize
+    len        = ActiveSupport::MessageEncryptor.key_len
+    salt       = Rails.application.secrets.encryption_service_salt
+    password   = Rails.application.secrets.secret_key_base
+    key        = ActiveSupport::KeyGenerator.new(password).generate_key(salt, len)
+    @encryptor = ActiveSupport::MessageEncryptor.new(key)
+  end
+
+  def encrypt(value)
+    value.blank? ? nil : @encryptor.encrypt_and_sign(value)
+  end
+
+  def decrypt(value)
+    value.blank? ? nil : @encryptor.decrypt_and_verify(value)
+  end
+end
--- a/config/env.example
+++ b/config/env.example
@ -112,3 +112,6 @@ API_EDUCATION_URL="https://data.education.gouv.fr/api/records/1.0"
 # Modifier le nb de tentatives de relance de job si echec
 # MAX_ATTEMPTS_JOBS=25
 # MAX_ATTEMPTS_API_ENTREPRISE_JOBS=5
+
+# Clé de chriffrement des données sensibles en base
+ENCRYPTION_SERVICE_SALT=""
--- a/config/secrets.yml
+++ b/config/secrets.yml
@ -11,6 +11,7 @@
 # if you're sharing your code publicly.
 defaults: &defaults
  secret_key_base: <%= ENV["SECRET_KEY_BASE"] %>
+  encryption_service_salt: <%= ENV["ENCRYPTION_SERVICE_SALT"] %>
  signing_key: <%= ENV["SIGNING_KEY"] %>
  otp_secret_key: <%= ENV["OTP_SECRET_KEY"] %>
  basic_auth:
@ -75,6 +76,7 @@ development:
 test:
  <<: *defaults
  secret_key_base: aa52abc3f3a629d04a61e9899a24c12f52b24c679cbf45f8ec0cdcc64ab9526d673adca84212882dff3911ac98e0c32ec4729ca7b3429ba18ef4dfd1bd18bc7a
+  encryption_service_salt: QUDyMoXyw2YXU8pHnpts3w9MyMpsMQ6BgP62obgCf7PQv
  signing_key: aef3153a9829fa4ba10acb02927ac855df6b92795b1ad265d654443c4b14a017
  otp_secret_key: 78ddda3679dc0ba2c99f50bcff04f49d862358dbeb7ead50368fdd6de14392be884ee10a204a0375b4b382e1a842fafe40d7858b7ab4796ec3a67c518d31112b
  api_entreprise:
--- a/spec/services/encryption_service_spec.rb
+++ b/spec/services/encryption_service_spec.rb
@ -0,0 +1,42 @@
+describe EncryptionService do
+  describe "#encrypt" do
+    subject { EncryptionService.new.encrypt(value) }
+
+    context "with a nil value" do
+      let(:value) { nil }
+
+      it { expect(subject).to be_nil }
+    end
+
+    context "with a string value" do
+      let(:value) { "The quick brown fox jumps over the lazy dog" }
+
+      it { expect(subject).to be_instance_of(String) }
+      it { expect(subject).to be_present }
+      it { expect(subject).not_to eq(value) }
+    end
+  end
+
+  describe "#decrypt" do
+    subject { EncryptionService.new.decrypt(encrypted_value) }
+
+    context "with a nil value" do
+      let(:encrypted_value) { nil }
+
+      it { expect(subject).to be_nil }
+    end
+
+    context "with a string value" do
+      let (:value) { "The quick brown fox jumps over the lazy dog" }
+      let(:encrypted_value) { EncryptionService.new.encrypt(value) }
+
+      it { expect(subject).to eq(value) }
+    end
+
+    context "with an invalid value" do
+      let(:encrypted_value) { "Gur dhvpx oebja sbk whzcf bire gur ynml qbt" }
+
+      it { expect { subject }.to raise_exception StandardError }
+    end
+  end
+end