Comments (7)
Created a serialize
branch if you want to try it out: https://github.com/ankane/lockbox/compare/serialize
from lockbox.
Just pushed to master.
from lockbox.
Hey @tappleby, makes sense to me. It'd be nice to get Lockbox to play nicely with Rails serialized fields (if possible) so no additional options/custom serialization code is needed. I'll look into this when I have a chance.
from lockbox.
Awesome, will try it out when I get a chance.
from lockbox.
Did a quick test locally, seemed to work. Did run into 1 issue, although I also have hit this with attr_encrypted
.
If you modify the serialized hash directly, the encrypted payload will not be updated:
irb(main):031:0> record.secrets
=> {"foo"=>"bar", "bin"=>"baz"}
irb(main):032:0> record.secrets['new'] = 'secret'
irb(main):033:0> record.changes
=> {"secrets"=>[{"foo"=>"bar", "bin"=>"baz"}, {"foo"=>"bar", "bin"=>"baz", "new"=>"secret"}]}
irb(main):034:0> record.save!
(1.0ms) BEGIN
Record Update (1.4ms) UPDATE "records" SET "updated_at" = $1 WHERE "records"."id" = $2 [["updated_at", "2019-07-14 19:55:50.233443"], ["id", 1]]
(2.6ms) COMMIT
=> true
irb(main):035:0> record.secrets
=> {"foo"=>"bar", "bin"=>"baz", "new"=>"secret"}
irb(main):036:0> record.reload
irb(main):037:0> record.secrets
=> {"foo"=>"bar", "bin"=>"baz"}
The work around is to always assign the property:
irb(main):052:0> record.secrets = record.secrets.merge(new: 'secret')
irb(main):053:0> record.save!
irb(main):054:0> record.reload
irb(main):055:0> record.secrets
=> {"foo"=>"bar", "bin"=>"baz", "new"=>"secret"}
from lockbox.
Might be able to handle this automatically using a save callback:
before_save do
self.class.lockbox_attributes.values.each do |lockbox_attribute|
attribute = lockbox_attribute[:attribute]
if changed.include?(attribute) && self.class.attribute_types[attribute].is_a?(ActiveRecord::Type::Serialized)
send("#{attribute}=", send(attribute))
end
end
end
This could end up re-encrypting the same payload in some cases. I had tried to only re-assign the attribute when lockbox_attribute[:encrypted_attribute]
was not changed but this was not reliable since the encrypted column could be changed for a different value.
from lockbox.
Nice catch. Added the after_save
callback to the types2
branch (which will supersede the serialize
branch). I think the slight performance hit of potentially encrypting twice is worth it for more intuitive behavior.
from lockbox.
Related Issues (20)
- Rotating master key gives ActiveRecord::RecordNotSaved HOT 1
- Decryption using PHP is not Working HOT 4
- Access to the unencrypted attachable when using ActiveStorage HOT 2
- [Question] - Migrating from `attr_encrypted` with `marshal: true` HOT 3
- Lockbox raises MissingAttributeError when encrypted attribute is backed by store_attribute when using select HOT 1
- `Lockbox.rotate` bypasses `default_scope` if passed a model HOT 1
- GCM-SIV HOT 1
- Devise Invalid Credentials after table name changed HOT 3
- Search in encrypted data HOT 1
- Unable to rotate encryption for fields having custom key_table HOT 2
- Idea: console1984 integration
- Missing keyword: :coder error for Rails 7.1 when using `has_encrypted :name, type: :array` HOT 3
- Corrupted strings on save + reload with multi-byte UTF-8 characters with ActionText::RichText on Rails 7.1 HOT 5
- Idea: Don't return virtual attributes in attribute methods unless the ciphertext attribute is present HOT 2
- update_all doesnt work with Lockbox after deleting old column. HOT 2
- How to force migration again.
- Use with bcrypt HOT 1
- Can't use `Lockbox.migrate(User)`: can't convert Date to String (`v.1.3.3`) HOT 1
- How to access encrypted values from rails console? HOT 1
- Create a migration that includes `Lockbox.migrate(User)` HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from lockbox.