0
@@ -0,0 +1 @@
0
+log

0
@@ -2,7 +2,7 @@ class CreditCard < ActiveRecord::Base
0
    include ActiveMerchant::Billing::CreditCardMethods
0
    include ActiveMerchant::Billing::CreditCardMethods::ClassMethods
0
 
0
-   attr_accessor :number, :passphrase
0
+   attr_accessor :number, :passphrase, :iv
0
 
0
    validates_presence_of :name, :number, :street_address, :state, :zip, :country, :number, :city
0
 

0
@@ -1,14 +1,10 @@
0
 development:
0
-  adapter: postgresql
0
+  adapter: sqlite3
0
   encoding: unicode
0
-  database: monkey_charger_development
0
+  database: db/monkey_charger_development.db
0
 
0
 test:
0
-  adapter: postgresql
0
+  adapter: sqlite3
0
   encoding: unicode
0
-  database: monkey_charger_test
0
+  database: db/monkey_charger_test.db
0
 
0
-production:
0
-  adapter: postgresql
0
-  encoding: unicode
0
-  database: monkey_charger_production

0
@@ -7,3 +7,4 @@ Rails::Initializer.run do |config|
0
 end
0
 
0
 require 'lib/big_decimal'
0
+raise "\n\n!!! Make sure to create and modify config/initializers/monkeycharger.rb!  (sample in config/initializers/monkeycharger.rb.example) !!!\n\n" unless File.exist?("config/initializers/monkeycharger.rb")

0
@@ -1 +1,2 @@
0
 schema.rb
0
+*.db

0
@@ -2,32 +2,32 @@ class AddTablesForCaptureRefundVoidAndAuthorizations < ActiveRecord::Migration
0
   def self.up
0
 
0
     create_table :authorizations do |t|
0
-      integer     :credit_card_id
0
-      integer     :transaction_id,  :null => false
0
-      string      :last_four_digits, :null => false
0
-      decimal     :amount,          :null => false
0
-      timestamps!
0
+      t.column :credit_card_id, :integer
0
+      t.column :transaction_id, :integer, :null => false
0
+      t.column :last_four_digits, :string, :null => false      
0
+      t.column :amount, :decimal, :null => false
0
+      t.timestamps
0
     end
0
 
0
     create_table :captures do |t|
0
-      foreign_key :authorization, :ref => true
0
-      integer     :transaction_id, :null => false
0
-      decimal     :amount, :null => false
0
-      timestamps!
0
+      t.column :authorization, :integer, :null => false
0
+      t.column :transaction_id, :integer, :null => false
0
+      t.column :amount, :integer, :null => false
0
+      t.timestamps
0
     end
0
 
0
     create_table :refunds do |t|
0
-      foreign_key :authorization,   :ref => true
0
-      integer     :transaction_id,  :null => false
0
-      decimal     :amount,          :null => false
0
-      timestamps!
0
+      t.column :authorization,  :integer,  :null => false
0
+      t.column :transaction_id, :integer,  :null => false
0
+      t.column :amount, :decimal, :null => false
0
+      t.timestamps
0
     end
0
 
0
     create_table :voids do |t|
0
-      integer :voidee_id,       :null => false
0
-      string  :voidee_type,     :null => false
0
-      integer :transaction_id,  :null => false
0
-      timestamps!
0
+      t.column :voidee_id, :integer,:null => false
0
+      t.column :voidee_type, :string, :null => false
0
+      t.column :transaction_id, :integer,  :null => false
0
+      t.timestamps
0
     end
0
 
0
   end

0
@@ -104,3 +104,23 @@ describe "Editing a saved credit card" do
0
     @card.number.should == '4242424242424242'
0
   end 
0
 end
0
+
0
+describe "A saved credit card" do
0
+  before(:each) do
0
+    @number = "4111111111111111"
0
+    @card = generate_credit_card(:number => @number)
0
+  end
0
+  
0
+  it "an attacker should not be able to decrypt the card number without a passphrase" do
0
+    card = CreditCard.find @card.id
0
+    
0
+    cipher = card.send(:cipher)
0
+    cipher.decrypt
0
+    cipher.key = card.send(:key)
0
+    # cipher.iv = card.iv  NOTE: iv no longer stupidly stored
0
+    cipher.iv = "some random one that shouldn't work"
0
+    data = cipher.update(card.send(:decode_from_base64, card.crypted_number))
0
+    data << cipher.final
0
+    data.should_not == @number
0
+  end
0
+end