Automatically expand encrypted arguments to support querying both encrypted and unencrypted data
Encryption supports querying the db using deterministic attributes. For example:
Contact.find_by(email_address: "[email protected]")
The value “[email protected]” will get encrypted automatically to perform the query. But there is a problem while the data is being encrypted. This won't work. During that time, you need these queries to be:
Contact.find_by(email_address: [ "[email protected]", "<encrypted [email protected]>" ])
ActiveRecord to support this automatically. It addresses both:
ActiveRecord::Base: Used in +Contact.find_by_email_address(…)+
ActiveRecord::Relation: Used in +Contact.internal.find_by_email_address(…)+
ActiveRecord::Base relies on
ActiveRecord::QueryMethods) but it does some prepared statements caching. That's why we need to intercept
ActiveRecord::Base as soon as it's invoked (so that the proper prepared statement is cached).
When modifying this file run performance tests in
make sure performance overhead is acceptable.
We will extend this to support previous “encryption context” versions in future iterations
@TODO Experimental. Support for every kind of query is pending @TODO It should not patch anything if not needed (no previous schemes or no support for previous encryption schemes)
# File activerecord/lib/active_record/encryption/extended_deterministic_queries.rb, line 34 def self.install_support ActiveRecord::Relation.prepend(RelationQueries) ActiveRecord::Base.include(CoreQueries) ActiveRecord::Encryption::EncryptedAttributeType.prepend(ExtendedEncryptableType) Arel::Nodes::HomogeneousIn.prepend(InWithAdditionalValues) end
© 2004–2021 David Heinemeier Hansson
Licensed under the MIT License.