Fix the issue that unencrypted plaintext values are versioned with ActiveRecord encryption (since Rails 7) #1422
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…module method There will be multiple places calling this method to determine different behaviours based on the ActiveRecord version that PaperTrail is running on. PR: paper-trail-gem#1422
FunnyHector
pushed a commit
to FunnyHector/paper_trail
that referenced
this pull request
Mar 24, 2023
Since Rails 7, ActiveRecord introduces a built-in encryption mechanism. We need to serialise these values otherwise plaintext values instead of ciphertext are versioned, which makes the encryption meaningless. PR: paper-trail-gem#1422
FunnyHector
force-pushed
the
active-record-encryption-fix
branch
from
578eaac to
8f13bfc
Compare
Since Rails 7, ActiveRecord introduces a built-in encryption mechanism. We need to serialise these values otherwise plaintext values instead of ciphertext are versioned, which makes the encryption meaningless. PR: paper-trail-gem#1422
FunnyHector
force-pushed
the
active-record-encryption-fix
branch
from
8f13bfc to
c765492
Compare
No uncovered lines were added, but more lines were added therefore the denominator got bigger and the coverage dropped a little ¯\_(ツ)_/¯ PR: paper-trail-gem#1422
|
@jaredbeck Sorry for pinging, could this be looked at please? I imagine this would be stopping lots of users from upgrading to Rails 7. |
jaredbeck
approved these changes
May 21, 2023
| end | ||
| end | ||
| end | ||
| end |
| # ActiveRecord since 7.0 has a built-in encryption mechanism | ||
| @encrypted_attributes = | ||
| if PaperTrail.active_record_gte_7_0? | ||
| @item_class.encrypted_attributes&.map(&:to_s) |
There was a problem hiding this comment.
Surprisingly, it seems that rails does not initialize encrypted_attributes to an empty array, and so the safe-navigation operator is warranted.
6 tasks
|
@jaredbeck Thanks for reviewing and merging this! Could I ask about the plan for the new release please? We have been using a monkey patch in production. It'd be good if we could get off the monkey patch and use a released version. |
|
@FunnyHector @jaredbeck could we get a new release including this fix? We need it, I could reference the git commit we want temporarily but I'd prefer official releases 🙂 |
|
Released in 15.0.0 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Since Rails 7, ActiveRecord introduces a built-in encryption mechanism. When versioning encrypted attributes for JSON columns on PostgreSQL, currently the unencrypted values are saved. This makes the encryption meaningless, and stops people from upgrading to Rails 7.
This PR is mainly from the patch that @vccoffey posted at #1392 (comment). Thanks for the original idea.
Fixes #1392.
Check the following boxes:
master(if not - rebase it).code introduces user-observable changes.
and description in grammatically correct, complete sentences.