From 7e25fd0f6cdc20278d0f680a7d3de09e33186aa3 Mon Sep 17 00:00:00 2001
From: Justin Collins <justin.collins@gusto.com>
Date: Wed, 18 Mar 2020 09:07:28 -0700
Subject: [PATCH] Fix decryption IV

---
 lib/encryption.rb           |  2 +-
 spec/lib/encryption_spec.rb | 24 ++++++++++++++++++++++++
 2 files changed, 25 insertions(+), 1 deletion(-)
 create mode 100644 spec/lib/encryption_spec.rb

diff --git a/lib/encryption.rb b/lib/encryption.rb
index bf654e6..431ec8e 100644
--- a/lib/encryption.rb
+++ b/lib/encryption.rb
@@ -15,7 +15,7 @@ module Encryption
      aes = OpenSSL::Cipher.new(cipher_type)
      aes.decrypt
      aes.key = key[0..31]
-     aes.iv = iv[0.15] if iv != nil
+     aes.iv = iv[0..15] if iv != nil
      decoded = Base64.strict_decode64("#{val}")
      aes.update("#{decoded}") + aes.final
   end
diff --git a/spec/lib/encryption_spec.rb b/spec/lib/encryption_spec.rb
new file mode 100644
index 0000000..c039df7
--- /dev/null
+++ b/spec/lib/encryption_spec.rb
@@ -0,0 +1,24 @@
+# frozen_string_literal: true
+require "spec_helper"
+require_relative "../../lib/encryption"
+
+describe Encryption do
+  let(:value) {
+    allow(Encryption).to receive(:key).and_return(SecureRandom.bytes(32))
+    allow(Encryption).to receive(:iv).and_return(SecureRandom.bytes(16))
+
+    "OMG PII"
+  }
+
+  it "encrypts values" do
+    encrypted = Encryption.encrypt_sensitive_value(value)
+    expect(Base64.decode64(encrypted)).not_to eq(value)
+  end
+
+  it "decrypts values" do
+    encrypted = Encryption.encrypt_sensitive_value(value)
+    decrypted = Encryption.decrypt_sensitive_value(encrypted)
+
+    expect(decrypted).to eq(value)
+  end
+end