Feat (API Particulier): new encryption service

This commit is contained in:
François Vantomme 2021-06-10 16:52:51 +02:00 committed by simon lehericey
parent 350ce41459
commit 17b659539f
4 changed files with 64 additions and 0 deletions

View file

@ -0,0 +1,17 @@
class EncryptionService
def initialize
len = ActiveSupport::MessageEncryptor.key_len
salt = Rails.application.secrets.encryption_service_salt
password = Rails.application.secrets.secret_key_base
key = ActiveSupport::KeyGenerator.new(password).generate_key(salt, len)
@encryptor = ActiveSupport::MessageEncryptor.new(key)
end
def encrypt(value)
value.blank? ? nil : @encryptor.encrypt_and_sign(value)
end
def decrypt(value)
value.blank? ? nil : @encryptor.decrypt_and_verify(value)
end
end

View file

@ -112,3 +112,6 @@ API_EDUCATION_URL="https://data.education.gouv.fr/api/records/1.0"
# Modifier le nb de tentatives de relance de job si echec # Modifier le nb de tentatives de relance de job si echec
# MAX_ATTEMPTS_JOBS=25 # MAX_ATTEMPTS_JOBS=25
# MAX_ATTEMPTS_API_ENTREPRISE_JOBS=5 # MAX_ATTEMPTS_API_ENTREPRISE_JOBS=5
# Clé de chriffrement des données sensibles en base
ENCRYPTION_SERVICE_SALT=""

View file

@ -11,6 +11,7 @@
# if you're sharing your code publicly. # if you're sharing your code publicly.
defaults: &defaults defaults: &defaults
secret_key_base: <%= ENV["SECRET_KEY_BASE"] %> secret_key_base: <%= ENV["SECRET_KEY_BASE"] %>
encryption_service_salt: <%= ENV["ENCRYPTION_SERVICE_SALT"] %>
signing_key: <%= ENV["SIGNING_KEY"] %> signing_key: <%= ENV["SIGNING_KEY"] %>
otp_secret_key: <%= ENV["OTP_SECRET_KEY"] %> otp_secret_key: <%= ENV["OTP_SECRET_KEY"] %>
basic_auth: basic_auth:
@ -75,6 +76,7 @@ development:
test: test:
<<: *defaults <<: *defaults
secret_key_base: aa52abc3f3a629d04a61e9899a24c12f52b24c679cbf45f8ec0cdcc64ab9526d673adca84212882dff3911ac98e0c32ec4729ca7b3429ba18ef4dfd1bd18bc7a secret_key_base: aa52abc3f3a629d04a61e9899a24c12f52b24c679cbf45f8ec0cdcc64ab9526d673adca84212882dff3911ac98e0c32ec4729ca7b3429ba18ef4dfd1bd18bc7a
encryption_service_salt: QUDyMoXyw2YXU8pHnpts3w9MyMpsMQ6BgP62obgCf7PQv
signing_key: aef3153a9829fa4ba10acb02927ac855df6b92795b1ad265d654443c4b14a017 signing_key: aef3153a9829fa4ba10acb02927ac855df6b92795b1ad265d654443c4b14a017
otp_secret_key: 78ddda3679dc0ba2c99f50bcff04f49d862358dbeb7ead50368fdd6de14392be884ee10a204a0375b4b382e1a842fafe40d7858b7ab4796ec3a67c518d31112b otp_secret_key: 78ddda3679dc0ba2c99f50bcff04f49d862358dbeb7ead50368fdd6de14392be884ee10a204a0375b4b382e1a842fafe40d7858b7ab4796ec3a67c518d31112b
api_entreprise: api_entreprise:

View file

@ -0,0 +1,42 @@
describe EncryptionService do
describe "#encrypt" do
subject { EncryptionService.new.encrypt(value) }
context "with a nil value" do
let(:value) { nil }
it { expect(subject).to be_nil }
end
context "with a string value" do
let(:value) { "The quick brown fox jumps over the lazy dog" }
it { expect(subject).to be_instance_of(String) }
it { expect(subject).to be_present }
it { expect(subject).not_to eq(value) }
end
end
describe "#decrypt" do
subject { EncryptionService.new.decrypt(encrypted_value) }
context "with a nil value" do
let(:encrypted_value) { nil }
it { expect(subject).to be_nil }
end
context "with a string value" do
let (:value) { "The quick brown fox jumps over the lazy dog" }
let(:encrypted_value) { EncryptionService.new.encrypt(value) }
it { expect(subject).to eq(value) }
end
context "with an invalid value" do
let(:encrypted_value) { "Gur dhvpx oebja sbk whzcf bire gur ynml qbt" }
it { expect { subject }.to raise_exception StandardError }
end
end
end