RubyGems - activerecord - Versions diffs - 5.2.8 → 7.0.2 - Mend

activerecord 5.2.8 → 7.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of activerecord might be problematic. Click here for more details.

Files changed (364) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +1393 -587
data/MIT-LICENSE +3 -1
data/README.rdoc +7 -5
data/examples/performance.rb +1 -1
data/lib/active_record/aggregations.rb +10 -9
data/lib/active_record/association_relation.rb +22 -12
data/lib/active_record/associations/alias_tracker.rb +19 -16
data/lib/active_record/associations/association.rb +122 -47
data/lib/active_record/associations/association_scope.rb +24 -24
data/lib/active_record/associations/belongs_to_association.rb +67 -49
data/lib/active_record/associations/belongs_to_polymorphic_association.rb +16 -7
data/lib/active_record/associations/builder/association.rb +52 -23
data/lib/active_record/associations/builder/belongs_to.rb +44 -61
data/lib/active_record/associations/builder/collection_association.rb +17 -19
data/lib/active_record/associations/builder/has_and_belongs_to_many.rb +17 -41
data/lib/active_record/associations/builder/has_many.rb +10 -3
data/lib/active_record/associations/builder/has_one.rb +35 -3
data/lib/active_record/associations/builder/singular_association.rb +5 -3
data/lib/active_record/associations/collection_association.rb +59 -50
data/lib/active_record/associations/collection_proxy.rb +32 -23
data/lib/active_record/associations/disable_joins_association_scope.rb +59 -0
data/lib/active_record/associations/foreign_association.rb +20 -0
data/lib/active_record/associations/has_many_association.rb +27 -14
data/lib/active_record/associations/has_many_through_association.rb +26 -19
data/lib/active_record/associations/has_one_association.rb +52 -37
data/lib/active_record/associations/has_one_through_association.rb +6 -6
data/lib/active_record/associations/join_dependency/join_association.rb +44 -22
data/lib/active_record/associations/join_dependency/join_part.rb +5 -5
data/lib/active_record/associations/join_dependency.rb +97 -62
data/lib/active_record/associations/preloader/association.rb +220 -60
data/lib/active_record/associations/preloader/batch.rb +48 -0
data/lib/active_record/associations/preloader/branch.rb +147 -0
data/lib/active_record/associations/preloader/through_association.rb +85 -40
data/lib/active_record/associations/preloader.rb +44 -105
data/lib/active_record/associations/singular_association.rb +9 -17
data/lib/active_record/associations/through_association.rb +4 -4
data/lib/active_record/associations.rb +207 -66
data/lib/active_record/asynchronous_queries_tracker.rb +60 -0
data/lib/active_record/attribute_assignment.rb +17 -19
data/lib/active_record/attribute_methods/before_type_cast.rb +19 -8
data/lib/active_record/attribute_methods/dirty.rb +141 -47
data/lib/active_record/attribute_methods/primary_key.rb +22 -27
data/lib/active_record/attribute_methods/query.rb +6 -10
data/lib/active_record/attribute_methods/read.rb +15 -55
data/lib/active_record/attribute_methods/serialization.rb +77 -18
data/lib/active_record/attribute_methods/time_zone_conversion.rb +16 -18
data/lib/active_record/attribute_methods/write.rb +18 -37
data/lib/active_record/attribute_methods.rb +90 -153
data/lib/active_record/attributes.rb +38 -12
data/lib/active_record/autosave_association.rb +50 -50
data/lib/active_record/base.rb +23 -18
data/lib/active_record/callbacks.rb +159 -44
data/lib/active_record/coders/yaml_column.rb +12 -3
data/lib/active_record/connection_adapters/abstract/connection_handler.rb +292 -0
data/lib/active_record/connection_adapters/abstract/connection_pool/queue.rb +209 -0
data/lib/active_record/connection_adapters/abstract/connection_pool/reaper.rb +76 -0
data/lib/active_record/connection_adapters/abstract/connection_pool.rb +92 -464
data/lib/active_record/connection_adapters/abstract/database_limits.rb +5 -51
data/lib/active_record/connection_adapters/abstract/database_statements.rb +209 -164
data/lib/active_record/connection_adapters/abstract/query_cache.rb +38 -22
data/lib/active_record/connection_adapters/abstract/quoting.rb +103 -82
data/lib/active_record/connection_adapters/abstract/savepoints.rb +3 -3
data/lib/active_record/connection_adapters/abstract/schema_creation.rb +140 -110
data/lib/active_record/connection_adapters/abstract/schema_definitions.rb +236 -94
data/lib/active_record/connection_adapters/abstract/schema_dumper.rb +16 -5
data/lib/active_record/connection_adapters/abstract/schema_statements.rb +456 -159
data/lib/active_record/connection_adapters/abstract/transaction.rb +169 -78
data/lib/active_record/connection_adapters/abstract_adapter.rb +367 -162
data/lib/active_record/connection_adapters/abstract_mysql_adapter.rb +311 -327
data/lib/active_record/connection_adapters/column.rb +33 -11
data/lib/active_record/connection_adapters/deduplicable.rb +29 -0
data/lib/active_record/connection_adapters/legacy_pool_manager.rb +35 -0
data/lib/active_record/connection_adapters/mysql/column.rb +1 -1
data/lib/active_record/connection_adapters/mysql/database_statements.rb +113 -45
data/lib/active_record/connection_adapters/mysql/explain_pretty_printer.rb +1 -2
data/lib/active_record/connection_adapters/mysql/quoting.rb +71 -5
data/lib/active_record/connection_adapters/mysql/schema_creation.rb +34 -10
data/lib/active_record/connection_adapters/mysql/schema_definitions.rb +48 -32
data/lib/active_record/connection_adapters/mysql/schema_dumper.rb +25 -8
data/lib/active_record/connection_adapters/mysql/schema_statements.rb +143 -19
data/lib/active_record/connection_adapters/mysql/type_metadata.rb +14 -9
data/lib/active_record/connection_adapters/mysql2_adapter.rb +63 -22
data/lib/active_record/connection_adapters/pool_config.rb +73 -0
data/lib/active_record/connection_adapters/pool_manager.rb +47 -0
data/lib/active_record/connection_adapters/postgresql/column.rb +53 -28
data/lib/active_record/connection_adapters/postgresql/database_statements.rb +56 -63
data/lib/active_record/connection_adapters/postgresql/oid/array.rb +1 -2
data/lib/active_record/connection_adapters/postgresql/oid/bit.rb +1 -4
data/lib/active_record/connection_adapters/postgresql/oid/cidr.rb +3 -5
data/lib/active_record/connection_adapters/postgresql/oid/date.rb +10 -2
data/lib/active_record/connection_adapters/postgresql/oid/date_time.rb +15 -2
data/lib/active_record/connection_adapters/postgresql/oid/enum.rb +0 -1
data/lib/active_record/connection_adapters/postgresql/oid/hstore.rb +54 -16
data/lib/active_record/connection_adapters/postgresql/oid/interval.rb +49 -0
data/lib/active_record/connection_adapters/postgresql/oid/legacy_point.rb +3 -4
data/lib/active_record/connection_adapters/postgresql/oid/macaddr.rb +25 -0
data/lib/active_record/connection_adapters/postgresql/oid/oid.rb +1 -1
data/lib/active_record/connection_adapters/postgresql/oid/point.rb +3 -4
data/lib/active_record/connection_adapters/postgresql/oid/range.rb +25 -7
data/lib/active_record/connection_adapters/postgresql/oid/specialized_string.rb +1 -1
data/lib/active_record/connection_adapters/postgresql/oid/timestamp.rb +15 -0
data/lib/active_record/connection_adapters/postgresql/oid/timestamp_with_time_zone.rb +30 -0
data/lib/active_record/connection_adapters/postgresql/oid/type_map_initializer.rb +26 -12
data/lib/active_record/connection_adapters/postgresql/oid/uuid.rb +15 -3
data/lib/active_record/connection_adapters/postgresql/oid.rb +4 -0
data/lib/active_record/connection_adapters/postgresql/quoting.rb +89 -52
data/lib/active_record/connection_adapters/postgresql/referential_integrity.rb +34 -2
data/lib/active_record/connection_adapters/postgresql/schema_creation.rb +39 -4
data/lib/active_record/connection_adapters/postgresql/schema_definitions.rb +128 -91
data/lib/active_record/connection_adapters/postgresql/schema_dumper.rb +25 -1
data/lib/active_record/connection_adapters/postgresql/schema_statements.rb +149 -113
data/lib/active_record/connection_adapters/postgresql/type_metadata.rb +31 -26
data/lib/active_record/connection_adapters/postgresql/utils.rb +0 -1
data/lib/active_record/connection_adapters/postgresql_adapter.rb +386 -182
data/lib/active_record/connection_adapters/schema_cache.rb +161 -22
data/lib/active_record/connection_adapters/sql_type_metadata.rb +17 -6
data/lib/active_record/connection_adapters/sqlite3/database_statements.rb +152 -0
data/lib/active_record/connection_adapters/sqlite3/quoting.rb +65 -18
data/lib/active_record/connection_adapters/sqlite3/schema_creation.rb +5 -1
data/lib/active_record/connection_adapters/sqlite3/schema_statements.rb +92 -26
data/lib/active_record/connection_adapters/sqlite3_adapter.rb +251 -204
data/lib/active_record/connection_adapters/statement_pool.rb +0 -1
data/lib/active_record/connection_adapters.rb +53 -0
data/lib/active_record/connection_handling.rb +292 -38
data/lib/active_record/core.rb +385 -158
data/lib/active_record/counter_cache.rb +8 -30
data/lib/active_record/database_configurations/connection_url_resolver.rb +100 -0
data/lib/active_record/database_configurations/database_config.rb +83 -0
data/lib/active_record/database_configurations/hash_config.rb +154 -0
data/lib/active_record/database_configurations/url_config.rb +53 -0
data/lib/active_record/database_configurations.rb +256 -0
data/lib/active_record/delegated_type.rb +250 -0
data/lib/active_record/destroy_association_async_job.rb +36 -0
data/lib/active_record/disable_joins_association_relation.rb +39 -0
data/lib/active_record/dynamic_matchers.rb +4 -5
data/lib/active_record/encryption/cipher/aes256_gcm.rb +98 -0
data/lib/active_record/encryption/cipher.rb +53 -0
data/lib/active_record/encryption/config.rb +44 -0
data/lib/active_record/encryption/configurable.rb +61 -0
data/lib/active_record/encryption/context.rb +35 -0
data/lib/active_record/encryption/contexts.rb +72 -0
data/lib/active_record/encryption/derived_secret_key_provider.rb +12 -0
data/lib/active_record/encryption/deterministic_key_provider.rb +14 -0
data/lib/active_record/encryption/encryptable_record.rb +208 -0
data/lib/active_record/encryption/encrypted_attribute_type.rb +140 -0
data/lib/active_record/encryption/encrypted_fixtures.rb +38 -0
data/lib/active_record/encryption/encrypting_only_encryptor.rb +12 -0
data/lib/active_record/encryption/encryptor.rb +155 -0
data/lib/active_record/encryption/envelope_encryption_key_provider.rb +55 -0
data/lib/active_record/encryption/errors.rb +15 -0
data/lib/active_record/encryption/extended_deterministic_queries.rb +160 -0
data/lib/active_record/encryption/extended_deterministic_uniqueness_validator.rb +28 -0
data/lib/active_record/encryption/key.rb +28 -0
data/lib/active_record/encryption/key_generator.rb +42 -0
data/lib/active_record/encryption/key_provider.rb +46 -0
data/lib/active_record/encryption/message.rb +33 -0
data/lib/active_record/encryption/message_serializer.rb +90 -0
data/lib/active_record/encryption/null_encryptor.rb +21 -0
data/lib/active_record/encryption/properties.rb +76 -0
data/lib/active_record/encryption/read_only_null_encryptor.rb +24 -0
data/lib/active_record/encryption/scheme.rb +99 -0
data/lib/active_record/encryption.rb +55 -0
data/lib/active_record/enum.rb +130 -51
data/lib/active_record/errors.rb +129 -23
data/lib/active_record/explain.rb +10 -6
data/lib/active_record/explain_registry.rb +11 -6
data/lib/active_record/explain_subscriber.rb +1 -1
data/lib/active_record/fixture_set/file.rb +22 -15
data/lib/active_record/fixture_set/model_metadata.rb +32 -0
data/lib/active_record/fixture_set/render_context.rb +17 -0
data/lib/active_record/fixture_set/table_row.rb +187 -0
data/lib/active_record/fixture_set/table_rows.rb +46 -0
data/lib/active_record/fixtures.rb +206 -490
data/lib/active_record/future_result.rb +139 -0
data/lib/active_record/gem_version.rb +3 -3
data/lib/active_record/inheritance.rb +104 -37
data/lib/active_record/insert_all.rb +278 -0
data/lib/active_record/integration.rb +69 -18
data/lib/active_record/internal_metadata.rb +24 -9
data/lib/active_record/legacy_yaml_adapter.rb +3 -36
data/lib/active_record/locking/optimistic.rb +41 -26
data/lib/active_record/locking/pessimistic.rb +18 -8
data/lib/active_record/log_subscriber.rb +46 -35
data/lib/active_record/middleware/database_selector/resolver/session.rb +48 -0
data/lib/active_record/middleware/database_selector/resolver.rb +88 -0
data/lib/active_record/middleware/database_selector.rb +82 -0
data/lib/active_record/middleware/shard_selector.rb +60 -0
data/lib/active_record/migration/command_recorder.rb +96 -44
data/lib/active_record/migration/compatibility.rb +246 -64
data/lib/active_record/migration/join_table.rb +1 -2
data/lib/active_record/migration.rb +266 -187
data/lib/active_record/model_schema.rb +165 -52
data/lib/active_record/nested_attributes.rb +17 -19
data/lib/active_record/no_touching.rb +11 -4
data/lib/active_record/null_relation.rb +2 -7
data/lib/active_record/persistence.rb +467 -92
data/lib/active_record/query_cache.rb +21 -4
data/lib/active_record/query_logs.rb +138 -0
data/lib/active_record/querying.rb +51 -24
data/lib/active_record/railtie.rb +224 -57
data/lib/active_record/railties/console_sandbox.rb +2 -4
data/lib/active_record/railties/controller_runtime.rb +31 -36
data/lib/active_record/railties/databases.rake +369 -101
data/lib/active_record/readonly_attributes.rb +15 -0
data/lib/active_record/reflection.rb +170 -137
data/lib/active_record/relation/batches/batch_enumerator.rb +44 -14
data/lib/active_record/relation/batches.rb +46 -37
data/lib/active_record/relation/calculations.rb +168 -96
data/lib/active_record/relation/delegation.rb +37 -52
data/lib/active_record/relation/finder_methods.rb +79 -58
data/lib/active_record/relation/from_clause.rb +5 -1
data/lib/active_record/relation/merger.rb +50 -51
data/lib/active_record/relation/predicate_builder/array_handler.rb +13 -13
data/lib/active_record/relation/predicate_builder/association_query_value.rb +5 -9
data/lib/active_record/relation/predicate_builder/basic_object_handler.rb +1 -2
data/lib/active_record/relation/predicate_builder/polymorphic_array_value.rb +11 -10
data/lib/active_record/relation/predicate_builder/range_handler.rb +3 -23
data/lib/active_record/relation/predicate_builder/relation_handler.rb +1 -1
data/lib/active_record/relation/predicate_builder.rb +58 -46
data/lib/active_record/relation/query_attribute.rb +9 -10
data/lib/active_record/relation/query_methods.rb +685 -208
data/lib/active_record/relation/record_fetch_warning.rb +9 -11
data/lib/active_record/relation/spawn_methods.rb +10 -10
data/lib/active_record/relation/where_clause.rb +108 -64
data/lib/active_record/relation.rb +515 -151
data/lib/active_record/result.rb +78 -42
data/lib/active_record/runtime_registry.rb +9 -13
data/lib/active_record/sanitization.rb +29 -44
data/lib/active_record/schema.rb +37 -31
data/lib/active_record/schema_dumper.rb +74 -23
data/lib/active_record/schema_migration.rb +7 -9
data/lib/active_record/scoping/default.rb +62 -17
data/lib/active_record/scoping/named.rb +17 -32
data/lib/active_record/scoping.rb +70 -41
data/lib/active_record/secure_token.rb +16 -8
data/lib/active_record/serialization.rb +6 -4
data/lib/active_record/signed_id.rb +116 -0
data/lib/active_record/statement_cache.rb +49 -6
data/lib/active_record/store.rb +88 -9
data/lib/active_record/suppressor.rb +13 -17
data/lib/active_record/table_metadata.rb +42 -43
data/lib/active_record/tasks/database_tasks.rb +352 -94
data/lib/active_record/tasks/mysql_database_tasks.rb +37 -39
data/lib/active_record/tasks/postgresql_database_tasks.rb +41 -39
data/lib/active_record/tasks/sqlite_database_tasks.rb +14 -17
data/lib/active_record/test_databases.rb +24 -0
data/lib/active_record/test_fixtures.rb +287 -0
data/lib/active_record/timestamp.rb +44 -34
data/lib/active_record/touch_later.rb +23 -22
data/lib/active_record/transactions.rb +67 -128
data/lib/active_record/translation.rb +3 -3
data/lib/active_record/type/adapter_specific_registry.rb +34 -19
data/lib/active_record/type/hash_lookup_type_map.rb +34 -2
data/lib/active_record/type/internal/timezone.rb +2 -2
data/lib/active_record/type/serialized.rb +7 -4
data/lib/active_record/type/time.rb +10 -0
data/lib/active_record/type/type_map.rb +17 -21
data/lib/active_record/type/unsigned_integer.rb +0 -1
data/lib/active_record/type.rb +9 -5
data/lib/active_record/type_caster/connection.rb +15 -15
data/lib/active_record/type_caster/map.rb +8 -8
data/lib/active_record/validations/associated.rb +2 -3
data/lib/active_record/validations/numericality.rb +35 -0
data/lib/active_record/validations/uniqueness.rb +39 -31
data/lib/active_record/validations.rb +4 -3
data/lib/active_record.rb +209 -32
data/lib/arel/alias_predication.rb +9 -0
data/lib/arel/attributes/attribute.rb +33 -0
data/lib/arel/collectors/bind.rb +29 -0
data/lib/arel/collectors/composite.rb +39 -0
data/lib/arel/collectors/plain_string.rb +20 -0
data/lib/arel/collectors/sql_string.rb +27 -0
data/lib/arel/collectors/substitute_binds.rb +35 -0
data/lib/arel/crud.rb +48 -0
data/lib/arel/delete_manager.rb +32 -0
data/lib/arel/errors.rb +9 -0
data/lib/arel/expressions.rb +29 -0
data/lib/arel/factory_methods.rb +49 -0
data/lib/arel/filter_predications.rb +9 -0
data/lib/arel/insert_manager.rb +48 -0
data/lib/arel/math.rb +45 -0
data/lib/arel/nodes/and.rb +32 -0
data/lib/arel/nodes/ascending.rb +23 -0
data/lib/arel/nodes/binary.rb +126 -0
data/lib/arel/nodes/bind_param.rb +44 -0
data/lib/arel/nodes/case.rb +55 -0
data/lib/arel/nodes/casted.rb +62 -0
data/lib/arel/nodes/comment.rb +29 -0
data/lib/arel/nodes/count.rb +12 -0
data/lib/arel/nodes/delete_statement.rb +44 -0
data/lib/arel/nodes/descending.rb +23 -0
data/lib/arel/nodes/equality.rb +15 -0
data/lib/arel/nodes/extract.rb +24 -0
data/lib/arel/nodes/false.rb +16 -0
data/lib/arel/nodes/filter.rb +10 -0
data/lib/arel/nodes/full_outer_join.rb +8 -0
data/lib/arel/nodes/function.rb +45 -0
data/lib/arel/nodes/grouping.rb +11 -0
data/lib/arel/nodes/homogeneous_in.rb +76 -0
data/lib/arel/nodes/in.rb +15 -0
data/lib/arel/nodes/infix_operation.rb +92 -0
data/lib/arel/nodes/inner_join.rb +8 -0
data/lib/arel/nodes/insert_statement.rb +37 -0
data/lib/arel/nodes/join_source.rb +20 -0
data/lib/arel/nodes/matches.rb +18 -0
data/lib/arel/nodes/named_function.rb +23 -0
data/lib/arel/nodes/node.rb +51 -0
data/lib/arel/nodes/node_expression.rb +13 -0
data/lib/arel/nodes/ordering.rb +27 -0
data/lib/arel/nodes/outer_join.rb +8 -0
data/lib/arel/nodes/over.rb +15 -0
data/lib/arel/nodes/regexp.rb +16 -0
data/lib/arel/nodes/right_outer_join.rb +8 -0
data/lib/arel/nodes/select_core.rb +67 -0
data/lib/arel/nodes/select_statement.rb +41 -0
data/lib/arel/nodes/sql_literal.rb +19 -0
data/lib/arel/nodes/string_join.rb +11 -0
data/lib/arel/nodes/table_alias.rb +31 -0
data/lib/arel/nodes/terminal.rb +16 -0
data/lib/arel/nodes/true.rb +16 -0
data/lib/arel/nodes/unary.rb +44 -0
data/lib/arel/nodes/unary_operation.rb +20 -0
data/lib/arel/nodes/unqualified_column.rb +22 -0
data/lib/arel/nodes/update_statement.rb +46 -0
data/lib/arel/nodes/values_list.rb +9 -0
data/lib/arel/nodes/window.rb +126 -0
data/lib/arel/nodes/with.rb +11 -0
data/lib/arel/nodes.rb +71 -0
data/lib/arel/order_predications.rb +13 -0
data/lib/arel/predications.rb +258 -0
data/lib/arel/select_manager.rb +276 -0
data/lib/arel/table.rb +117 -0
data/lib/arel/tree_manager.rb +60 -0
data/lib/arel/update_manager.rb +48 -0
data/lib/arel/visitors/dot.rb +298 -0
data/lib/arel/visitors/mysql.rb +99 -0
data/lib/arel/visitors/postgresql.rb +110 -0
data/lib/arel/visitors/sqlite.rb +38 -0
data/lib/arel/visitors/to_sql.rb +955 -0
data/lib/arel/visitors/visitor.rb +45 -0
data/lib/arel/visitors.rb +13 -0
data/lib/arel/window_predications.rb +9 -0
data/lib/arel.rb +55 -0
data/lib/rails/generators/active_record/application_record/application_record_generator.rb +0 -1
data/lib/rails/generators/active_record/application_record/templates/application_record.rb.tt +1 -1
data/lib/rails/generators/active_record/migration/migration_generator.rb +3 -5
data/lib/rails/generators/active_record/migration/templates/create_table_migration.rb.tt +3 -1
data/lib/rails/generators/active_record/migration/templates/migration.rb.tt +7 -5
data/lib/rails/generators/active_record/migration.rb +19 -2
data/lib/rails/generators/active_record/model/model_generator.rb +39 -2
data/lib/rails/generators/active_record/model/templates/abstract_base_class.rb.tt +7 -0
data/lib/rails/generators/active_record/model/templates/model.rb.tt +10 -1
data/lib/rails/generators/active_record/model/templates/module.rb.tt +2 -2
data/lib/rails/generators/active_record/multi_db/multi_db_generator.rb +16 -0
data/lib/rails/generators/active_record/multi_db/templates/multi_db.rb.tt +44 -0
metadata +162 -32
data/lib/active_record/attribute_decorators.rb +0 -90
data/lib/active_record/collection_cache_key.rb +0 -53
data/lib/active_record/connection_adapters/connection_specification.rb +0 -287
data/lib/active_record/connection_adapters/determine_if_preparable_visitor.rb +0 -33
data/lib/active_record/define_callbacks.rb +0 -22
data/lib/active_record/relation/predicate_builder/base_handler.rb +0 -19
data/lib/active_record/relation/where_clause_factory.rb +0 -34

data/lib/active_record/encryption/key_provider.rb ADDED Viewed

@@ -0,0 +1,46 @@
+# frozen_string_literal: true
+module ActiveRecord
+  module Encryption
+    # A +KeyProvider+ serves keys:
+    #
+    # * An encryption key
+    # * A list of potential decryption keys. Serving multiple decryption keys supports rotation-schemes
+    #   where new keys are added but old keys need to continue working
+    class KeyProvider
+      def initialize(keys)
+        @keys = Array(keys)
+      end
+      # Returns the first key in the list as the active key to perform encryptions
+      #
+      # When +ActiveRecord::Encryption.config.store_key_references+ is true, the key will include
+      # a public tag referencing the key itself. That key will be stored in the public
+      # headers of the encrypted message
+      def encryption_key
+        @encryption_key ||= @keys.last.tap do |key|
+          key.public_tags.encrypted_data_key_id = key.id if ActiveRecord::Encryption.config.store_key_references
+        end
+        @encryption_key
+      end
+      # Returns the list of decryption keys
+      #
+      # When the message holds a reference to its encryption key, it will return an array
+      # with that key. If not, it will return the list of keys.
+      def decryption_keys(encrypted_message)
+        if encrypted_message.headers.encrypted_data_key_id
+          keys_grouped_by_id[encrypted_message.headers.encrypted_data_key_id]
+        else
+          @keys
+        end
+      end
+      private
+        def keys_grouped_by_id
+          @keys_grouped_by_id ||= @keys.group_by(&:id)
+        end
+    end
+  end
+end

data/lib/active_record/encryption/message.rb ADDED Viewed

@@ -0,0 +1,33 @@
+# frozen_string_literal: true
+module ActiveRecord
+  module Encryption
+    # A message defines the structure of the data we store in encrypted attributes. It contains:
+    #
+    # * An encrypted payload
+    # * A list of unencrypted headers
+    #
+    # See +Encryptor#encrypt+
+    class Message
+      attr_accessor :payload, :headers
+      def initialize(payload: nil, headers: {})
+        validate_payload_type(payload)
+        @payload = payload
+        @headers = Properties.new(headers)
+      end
+      def ==(other_message)
+        payload == other_message.payload && headers == other_message.headers
+      end
+      private
+        def validate_payload_type(payload)
+          unless payload.is_a?(String) || payload.nil?
+            raise ActiveRecord::Encryption::Errors::ForbiddenClass, "Only string payloads allowed"
+          end
+        end
+    end
+  end
+end

data/lib/active_record/encryption/message_serializer.rb ADDED Viewed

@@ -0,0 +1,90 @@
+# frozen_string_literal: true
+module ActiveRecord
+  module Encryption
+    # A message serializer that serializes +Messages+ with JSON.
+    #
+    # The generated structure is pretty simple:
+    #
+    #   {
+    #     p: <payload>,
+    #     h: {
+    #       header1: value1,
+    #       header2: value2,
+    #       ...
+    #     }
+    #   }
+    #
+    # Both the payload and the header values are encoded with Base64
+    # to prevent JSON parsing errors and encoding issues when
+    # storing the resulting serialized data.
+    class MessageSerializer
+      def load(serialized_content)
+        data = JSON.parse(serialized_content)
+        parse_message(data, 1)
+      rescue JSON::ParserError
+        raise ActiveRecord::Encryption::Errors::Encoding
+      end
+      def dump(message)
+        raise ActiveRecord::Encryption::Errors::ForbiddenClass unless message.is_a?(ActiveRecord::Encryption::Message)
+        JSON.dump message_to_json(message)
+      end
+      private
+        def parse_message(data, level)
+          validate_message_data_format(data, level)
+          ActiveRecord::Encryption::Message.new(payload: decode_if_needed(data["p"]), headers: parse_properties(data["h"], level))
+        end
+        def validate_message_data_format(data, level)
+          if level > 2
+            raise ActiveRecord::Encryption::Errors::Decryption, "More than one level of hash nesting in headers is not supported"
+          end
+          unless data.is_a?(Hash) && data.has_key?("p")
+            raise ActiveRecord::Encryption::Errors::Decryption, "Invalid data format: hash without payload"
+          end
+        end
+        def parse_properties(headers, level)
+          ActiveRecord::Encryption::Properties.new.tap do |properties|
+            headers&.each do |key, value|
+              properties[key] = value.is_a?(Hash) ? parse_message(value, level + 1) : decode_if_needed(value)
+            end
+          end
+        end
+        def message_to_json(message)
+          {
+            p: encode_if_needed(message.payload),
+            h: headers_to_json(message.headers)
+          }
+        end
+        def headers_to_json(headers)
+          headers.transform_values do |value|
+            value.is_a?(ActiveRecord::Encryption::Message) ? message_to_json(value) : encode_if_needed(value)
+          end
+        end
+        def encode_if_needed(value)
+          if value.is_a?(String)
+            ::Base64.strict_encode64 value
+          else
+            value
+          end
+        end
+        def decode_if_needed(value)
+          if value.is_a?(String)
+            ::Base64.strict_decode64(value)
+          else
+            value
+          end
+        rescue ArgumentError, TypeError
+          raise Errors::Encoding
+        end
+    end
+  end
+end

data/lib/active_record/encryption/null_encryptor.rb ADDED Viewed

@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+module ActiveRecord
+  module Encryption
+    # An encryptor that won't decrypt or encrypt. It will just return the passed
+    # values
+    class NullEncryptor
+      def encrypt(clean_text, key_provider: nil, cipher_options: {})
+        clean_text
+      end
+      def decrypt(encrypted_text, key_provider: nil, cipher_options: {})
+        encrypted_text
+      end
+      def encrypted?(text)
+        false
+      end
+    end
+  end
+end

data/lib/active_record/encryption/properties.rb ADDED Viewed

@@ -0,0 +1,76 @@
+# frozen_string_literal: true
+module ActiveRecord
+  module Encryption
+    # This is a wrapper for a hash of encryption properties. It is used by
+    # +Key+ (public tags) and +Message+ (headers).
+    #
+    # Since properties are serialized in messages, it is important for storage
+    # efficiency to keep their keys as short as possible. It defines accessors
+    # for common properties that will keep these keys very short while exposing
+    # a readable name.
+    #
+    #   message.headers.encrypted_data_key # instead of message.headers[:k]
+    #
+    # See +Properties#DEFAULT_PROPERTIES+, +Key+, +Message+
+    class Properties
+      ALLOWED_VALUE_CLASSES = [String, ActiveRecord::Encryption::Message, Numeric, TrueClass, FalseClass, Symbol, NilClass]
+      delegate_missing_to :data
+      delegate :==, to: :data
+      # For each entry it generates an accessor exposing the full name
+      DEFAULT_PROPERTIES = {
+        encrypted_data_key: "k",
+        encrypted_data_key_id: "i",
+        compressed: "c",
+        iv: "iv",
+        auth_tag: "at",
+        encoding: "e"
+      }
+      DEFAULT_PROPERTIES.each do |name, key|
+        define_method name do
+          self[key.to_sym]
+        end
+        define_method "#{name}=" do |value|
+          self[key.to_sym] = value
+        end
+      end
+      def initialize(initial_properties = {})
+        @data = {}
+        add(initial_properties)
+      end
+      # Set a value for a given key
+      #
+      # It will raise an +EncryptedContentIntegrity+ if the value exists
+      def []=(key, value)
+        raise Errors::EncryptedContentIntegrity, "Properties can't be overridden: #{key}" if key?(key)
+        validate_value_type(value)
+        data[key] = value
+      end
+      def validate_value_type(value)
+        unless ALLOWED_VALUE_CLASSES.find { |klass| value.is_a?(klass) }
+          raise ActiveRecord::Encryption::Errors::ForbiddenClass, "Can't store a #{value.class}, only properties of type #{ALLOWED_VALUE_CLASSES.inspect} are allowed"
+        end
+      end
+      def add(other_properties)
+        other_properties.each do |key, value|
+          self[key.to_sym] = value
+        end
+      end
+      def to_h
+        data
+      end
+      private
+        attr_reader :data
+    end
+  end
+end

data/lib/active_record/encryption/read_only_null_encryptor.rb ADDED Viewed

@@ -0,0 +1,24 @@
+# frozen_string_literal: true
+module ActiveRecord
+  module Encryption
+    # A +NullEncryptor+ that will raise an error when trying to encrypt data
+    #
+    # This is useful when you want to reveal ciphertexts for debugging purposes
+    # and you want to make sure you won't overwrite any encryptable attribute with
+    # the wrong content.
+    class ReadOnlyNullEncryptor
+      def encrypt(clean_text, key_provider: nil, cipher_options: {})
+        raise Errors::Encryption, "This encryptor is read-only"
+      end
+      def decrypt(encrypted_text, key_provider: nil, cipher_options: {})
+        encrypted_text
+      end
+      def encrypted?(text)
+        false
+      end
+    end
+  end
+end

data/lib/active_record/encryption/scheme.rb ADDED Viewed

@@ -0,0 +1,99 @@
+# frozen_string_literal: true
+module ActiveRecord
+  module Encryption
+    # A container of attribute encryption options.
+    #
+    # It validates and serves attribute encryption options.
+    #
+    # See +EncryptedAttributeType+, +Context+
+    class Scheme
+      attr_accessor :previous_schemes
+      def initialize(key_provider: nil, key: nil, deterministic: nil, downcase: nil, ignore_case: nil,
+                     previous_schemes: nil, **context_properties)
+        # Initializing all attributes to +nil+ as we want to allow a "not set" semantics so that we
+        # can merge schemes without overriding values with defaults. See +#merge+
+        @key_provider_param = key_provider
+        @key = key
+        @deterministic = deterministic
+        @downcase = downcase || ignore_case
+        @ignore_case = ignore_case
+        @previous_schemes_param = previous_schemes
+        @previous_schemes = Array.wrap(previous_schemes)
+        @context_properties = context_properties
+        validate_config!
+      end
+      def ignore_case?
+        @ignore_case
+      end
+      def downcase?
+        @downcase
+      end
+      def deterministic?
+        @deterministic
+      end
+      def fixed?
+        # by default deterministic encryption is fixed
+        @fixed ||= @deterministic && (!@deterministic.is_a?(Hash) || @deterministic[:fixed])
+      end
+      def key_provider
+        @key_provider ||= begin
+          validate_keys!
+          @key_provider_param || build_key_provider
+        end
+      end
+      def merge(other_scheme)
+        self.class.new(**to_h.merge(other_scheme.to_h))
+      end
+      def to_h
+        { key_provider: @key_provider_param, key: @key, deterministic: @deterministic, downcase: @downcase, ignore_case: @ignore_case,
+          previous_schemes: @previous_schemes_param, **@context_properties }.compact
+      end
+      def with_context(&block)
+        if @context_properties.present?
+          ActiveRecord::Encryption.with_encryption_context(**@context_properties, &block)
+        else
+          block.call
+        end
+      end
+      private
+        def validate_config!
+          raise Errors::Configuration, "ignore_case: can only be used with deterministic encryption" if @ignore_case && !@deterministic
+          raise Errors::Configuration, "key_provider: and key: can't be used simultaneously" if @key_provider_param && @key
+        end
+        def validate_keys!
+          validate_credential :key_derivation_salt
+          validate_credential :primary_key, "needs to be configured to use non-deterministic encryption" unless @deterministic
+          validate_credential :deterministic_key, "needs to be configured to use deterministic encryption" if @deterministic
+        end
+        def validate_credential(key, error_message = "is not configured")
+          unless ActiveRecord::Encryption.config.public_send(key).present?
+            raise Errors::Configuration, "#{key} #{error_message}. Please configure it via credential "\
+              "active_record_encryption.#{key} or by setting config.active_record.encryption.#{key}"
+          end
+        end
+        def build_key_provider
+          return DerivedSecretKeyProvider.new(@key) if @key.present?
+          if @deterministic && (deterministic_key = ActiveRecord::Encryption.config.deterministic_key)
+            DeterministicKeyProvider.new(deterministic_key)
+          end
+        end
+    end
+  end
+end

data/lib/active_record/encryption.rb ADDED Viewed

@@ -0,0 +1,55 @@
+# frozen_string_literal: true
+require "active_support/core_ext/module"
+require "active_support/core_ext/array"
+module ActiveRecord
+  module Encryption
+    extend ActiveSupport::Autoload
+    eager_autoload do
+      autoload :Cipher
+      autoload :Config
+      autoload :Configurable
+      autoload :Context
+      autoload :Contexts
+      autoload :DerivedSecretKeyProvider
+      autoload :EncryptableRecord
+      autoload :EncryptedAttributeType
+      autoload :EncryptedFixtures
+      autoload :EncryptingOnlyEncryptor
+      autoload :DeterministicKeyProvider
+      autoload :Encryptor
+      autoload :EnvelopeEncryptionKeyProvider
+      autoload :Errors
+      autoload :ExtendedDeterministicQueries
+      autoload :ExtendedDeterministicUniquenessValidator
+      autoload :Key
+      autoload :KeyGenerator
+      autoload :KeyProvider
+      autoload :Message
+      autoload :MessageSerializer
+      autoload :NullEncryptor
+      autoload :Properties
+      autoload :ReadOnlyNullEncryptor
+      autoload :Scheme
+    end
+    class Cipher
+      extend ActiveSupport::Autoload
+      eager_autoload do
+        autoload :Aes256Gcm
+      end
+    end
+    include Configurable
+    include Contexts
+    def self.eager_load!
+      super
+      Cipher.eager_load!
+    end
+  end
+end