Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Doesn't play nice with ActiveRecord::Dirty #9

Open
bryanp opened this issue Nov 26, 2013 · 7 comments
Open

Doesn't play nice with ActiveRecord::Dirty #9

bryanp opened this issue Nov 26, 2013 · 7 comments

Comments

@bryanp
Copy link

bryanp commented Nov 26, 2013

For example's sake, foo is secure:

o = SomeModel.first
o.foo
# => 'one'

o.foo = 'two'
o.foo
# => 'two'

o.changes
# => {"foo"=> ["jEZjjBbnjDDjbK4G3RR3eNMrQqWvW32vAVUssdQsn-yhZvroRTc6u7f-_K_PY9-r6FqUkinG9PDy9cjGRGq42w==|CjeZg4VWzalY5tLpkQ-q9A==|fa6e59b9614566bf29ac4a86b05e0bd885fbd67226b18271c3a6d03c4be8512b", 'two']}

o.foo_was
# => "jEZjjBbnjDDjbK4G3RR3eNMrQqWvW32vAVUssdQsn-yhZvroRTc6u7f-_K_PY9-r6FqUkinG9PDy9cjGRGq42w==|CjeZg4VWzalY5tLpkQ-q9A==|fa6e59b9614566bf29ac4a86b05e0bd885fbd67226b18271c3a6d03c4be8512b"
@neilmiddleton
Copy link
Owner

Ah, I see what you're saying - that the changes value isn't showing as encypted / decrypted?

PR's welcome ;)

@bryanp
Copy link
Author

bryanp commented Nov 26, 2013

Honestly a bit unsure how to proceed. AR uses read_attribute to get the old value instead of calling the getter. This will always return the encrypted data. Ideas?

@dmathieu
Copy link
Contributor

With a bit of refactoring, we might be able to achieve a similar behavior by overriding attribute_will_change!, which could store the unencrypted value and change it to the encrypted one in the attributes.
If run after ActiveModel::Dirty's attribute_will_change!, dirty would then store the unencrypted values.

@bryanp
Copy link
Author

bryanp commented Nov 26, 2013

From the hour or so of digging I did, attribute_will_change! isn't called under normal circumstances. Unless I misunderstand what you're saying, the change would need to be in (or by overriding) ActiveRecord::AttributeMethods::Dirty#write_attribute.

To confirm it would work I changed this line:

old = clone_attribute_value(:read_attribute, attr)

to:

old = send(attr).clone

It does work for my test case. Obviously a real solution would need to go a bit further :)

@dmathieu
Copy link
Contributor

Actually, we're already overriding read and write attribute.
https://github.com/neilmiddleton/attr_secure/blob/master/lib/attr_secure/adapters/active_record.rb#L11

However, we're calling write_attribute, while rails, internally, in the dynamic setter it defines for each attributes, is calling write_store_attribute.
Perhaps calling it instead would go through the full stack appropriately and solve this issue?

@bryanp
Copy link
Author

bryanp commented Nov 26, 2013

Possible. Would take me some digging to understand the first arg to write_store_attribute though. Do you happen to have any insight there?

@dmathieu
Copy link
Contributor

My bad, this wasn't the right way to look into. Feel free to keep investigating. I'll also take a look into it soon.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@dmathieu @bryanp @neilmiddleton