Can encrypt files on s3 with :s3_encrypted => true option

af6d343e · Luke Griffiths · 201f02e3 · af6d343e · af6d343e · af6d343e
Commit af6d343e authored Jan 18, 2012 by Luke Griffiths
Hide whitespace changes
Inline Side-by-side

Showing with 78 additions and 0 deletions

lib/paperclip/storage/s3.rb
+3 -0

test/storage/s3_live_test.rb
+36 -0

test/storage/s3_test.rb
+39 -0

No files found.
--- a/lib/paperclip/storage/s3.rb
+++ b/lib/paperclip/storage/s3.rb
@@ -115,6 +115,8 @@ module Paperclip
          @s3_headers[:storage_class] = @options[:s3_storage_class] if @options[:s3_storage_class]
+          @s3_encrypted = @options[:s3_encrypted]
          unless @options[:url].to_s.match(/^:s3.*url$/) || @options[:url] == ":asset_host"
            @options[:path] = @options[:path].gsub(/:url/, @options[:url]).gsub(/^:rails_root\/public\/system/, '')
            @options[:url]  = ":s3_path_url"
@@ -281,6 +283,7 @@ module Paperclip
              :acl => acl
            }
            write_options[:metadata] = @s3_metadata unless @s3_metadata.empty?
+            write_options[:server_side_encryption] = :aes256 if @s3_encrypted
            write_options.merge!(@s3_headers)
            s3_object(style).write(file, write_options)
          rescue AWS::S3::Errors::NoSuchBucket => e

--- a/test/storage/s3_live_test.rb
+++ b/test/storage/s3_live_test.rb
@@ -134,5 +134,41 @@ unless ENV["S3_BUCKET"].blank?
        assert_not_found_response url
      end
    end
+    context "An attachment that uses S3 for storage and uses AES256 encryption" do
+      setup do
+        rebuild_model :styles => { :thumb => "100x100", :square => "32x32#" },
+                      :storage => :s3,
+                      :bucket => ENV["S3_BUCKET"],
+                      :path => ":class/:attachment/:id/:style.:extension",
+                      :s3_credentials => File.new(File.join(File.dirname(__FILE__), "..", "fixtures", "s3.yml")),
+                      :s3_encrypted => true
+        Dummy.delete_all
+        @dummy = Dummy.new
+      end
+      context "when assigned" do
+        setup do
+          @file = File.new(fixture_file('5k.png'), 'rb')
+          @dummy.avatar = @file
+        end
+        teardown do
+          @file.close
+          @dummy.destroy
+        end
+        context "and saved" do
+          setup do
+            @dummy.save
+          end
+          should "be encrypted on S3" do
+            assert @dummy.avatar.s3_object.server_side_encryption?
+          end
+        end
+      end
+    end
  end
 end
--- a/test/storage/s3_test.rb
+++ b/test/storage/s3_test.rb
@@ -684,6 +684,45 @@ class S3Test < Test::Unit::TestCase
    end
  end
+  context "An attachment with S3 storage and using AES256 encryption" do
+    setup do
+      rebuild_model :storage => :s3,
+                    :bucket => "testing",
+                    :path => ":attachment/:style/:basename.:extension",
+                    :s3_credentials => {
+                      'access_key_id' => "12345",
+                      'secret_access_key' => "54321"
+                    },
+                    :s3_encrypted => true
+    end
+    context "when assigned" do
+      setup do
+        @file = File.new(File.join(File.dirname(__FILE__), '..', 'fixtures', '5k.png'), 'rb')
+        @dummy = Dummy.new
+        @dummy.avatar = @file
+      end
+      teardown { @file.close }
+      context "and saved" do
+        setup do
+          object = stub
+          @dummy.avatar.stubs(:s3_object).returns(object)
+          object.expects(:write).with(anything,
+                                      :content_type => "image/png",
+                                      :acl => :public_read,
+                                      :server_side_encryption => :aes256)
+          @dummy.save
+        end
+        should "succeed" do
+          assert true
+        end
+      end
+    end
+  end
  context "An attachment with S3 storage and storage class set using the :storage_class option" do
    setup do
      rebuild_model :storage => :s3,