RubyGems - activerecord - Versions diffs - 6.1.4.1 → 7.0.0.alpha1 - Mend

activerecord 6.1.4.1 → 7.0.0.alpha1

Potentially problematic release.

This version of activerecord might be problematic. Click here for more details.

Files changed (218) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +729 -1161
data/MIT-LICENSE +1 -1
data/README.rdoc +1 -1
data/lib/active_record/aggregations.rb +1 -1
data/lib/active_record/association_relation.rb +0 -10
data/lib/active_record/associations/association.rb +31 -9
data/lib/active_record/associations/association_scope.rb +1 -3
data/lib/active_record/associations/belongs_to_association.rb +15 -4
data/lib/active_record/associations/belongs_to_polymorphic_association.rb +10 -2
data/lib/active_record/associations/builder/association.rb +8 -2
data/lib/active_record/associations/builder/belongs_to.rb +19 -6
data/lib/active_record/associations/builder/collection_association.rb +1 -1
data/lib/active_record/associations/builder/has_many.rb +3 -2
data/lib/active_record/associations/builder/has_one.rb +2 -1
data/lib/active_record/associations/builder/singular_association.rb +2 -2
data/lib/active_record/associations/collection_association.rb +24 -25
data/lib/active_record/associations/collection_proxy.rb +8 -3
data/lib/active_record/associations/disable_joins_association_scope.rb +59 -0
data/lib/active_record/associations/has_many_association.rb +1 -1
data/lib/active_record/associations/has_many_through_association.rb +2 -1
data/lib/active_record/associations/has_one_association.rb +10 -7
data/lib/active_record/associations/has_one_through_association.rb +1 -1
data/lib/active_record/associations/preloader/association.rb +161 -49
data/lib/active_record/associations/preloader/batch.rb +51 -0
data/lib/active_record/associations/preloader/branch.rb +147 -0
data/lib/active_record/associations/preloader/through_association.rb +37 -11
data/lib/active_record/associations/preloader.rb +46 -110
data/lib/active_record/associations/singular_association.rb +8 -2
data/lib/active_record/associations/through_association.rb +1 -1
data/lib/active_record/associations.rb +76 -81
data/lib/active_record/asynchronous_queries_tracker.rb +57 -0
data/lib/active_record/attribute_assignment.rb +1 -1
data/lib/active_record/attribute_methods/before_type_cast.rb +7 -2
data/lib/active_record/attribute_methods/dirty.rb +41 -16
data/lib/active_record/attribute_methods/primary_key.rb +2 -2
data/lib/active_record/attribute_methods/query.rb +2 -2
data/lib/active_record/attribute_methods/read.rb +7 -5
data/lib/active_record/attribute_methods/serialization.rb +66 -12
data/lib/active_record/attribute_methods/time_zone_conversion.rb +4 -3
data/lib/active_record/attribute_methods/write.rb +7 -10
data/lib/active_record/attribute_methods.rb +6 -9
data/lib/active_record/attributes.rb +24 -35
data/lib/active_record/autosave_association.rb +3 -18
data/lib/active_record/base.rb +19 -1
data/lib/active_record/callbacks.rb +2 -2
data/lib/active_record/connection_adapters/abstract/connection_handler.rb +312 -0
data/lib/active_record/connection_adapters/abstract/connection_pool/queue.rb +209 -0
data/lib/active_record/connection_adapters/abstract/connection_pool/reaper.rb +76 -0
data/lib/active_record/connection_adapters/abstract/connection_pool.rb +31 -558
data/lib/active_record/connection_adapters/abstract/database_statements.rb +45 -21
data/lib/active_record/connection_adapters/abstract/query_cache.rb +24 -12
data/lib/active_record/connection_adapters/abstract/quoting.rb +14 -7
data/lib/active_record/connection_adapters/abstract/schema_creation.rb +4 -17
data/lib/active_record/connection_adapters/abstract/schema_definitions.rb +30 -9
data/lib/active_record/connection_adapters/abstract/schema_statements.rb +60 -16
data/lib/active_record/connection_adapters/abstract/transaction.rb +3 -3
data/lib/active_record/connection_adapters/abstract_adapter.rb +112 -66
data/lib/active_record/connection_adapters/abstract_mysql_adapter.rb +96 -81
data/lib/active_record/connection_adapters/mysql/database_statements.rb +33 -21
data/lib/active_record/connection_adapters/mysql/quoting.rb +16 -1
data/lib/active_record/connection_adapters/mysql/schema_statements.rb +3 -0
data/lib/active_record/connection_adapters/mysql2_adapter.rb +12 -6
data/lib/active_record/connection_adapters/pool_config.rb +1 -3
data/lib/active_record/connection_adapters/postgresql/database_statements.rb +19 -12
data/lib/active_record/connection_adapters/postgresql/oid/date.rb +8 -0
data/lib/active_record/connection_adapters/postgresql/oid/date_time.rb +5 -0
data/lib/active_record/connection_adapters/postgresql/oid/hstore.rb +53 -14
data/lib/active_record/connection_adapters/postgresql/oid/range.rb +1 -1
data/lib/active_record/connection_adapters/postgresql/oid/timestamp.rb +15 -0
data/lib/active_record/connection_adapters/postgresql/oid/timestamp_with_time_zone.rb +28 -0
data/lib/active_record/connection_adapters/postgresql/oid/type_map_initializer.rb +18 -6
data/lib/active_record/connection_adapters/postgresql/oid.rb +2 -0
data/lib/active_record/connection_adapters/postgresql/quoting.rb +6 -6
data/lib/active_record/connection_adapters/postgresql/referential_integrity.rb +32 -0
data/lib/active_record/connection_adapters/postgresql/schema_definitions.rb +5 -1
data/lib/active_record/connection_adapters/postgresql/schema_statements.rb +12 -12
data/lib/active_record/connection_adapters/postgresql_adapter.rb +157 -100
data/lib/active_record/connection_adapters/schema_cache.rb +26 -3
data/lib/active_record/connection_adapters/sqlite3/database_statements.rb +23 -17
data/lib/active_record/connection_adapters/sqlite3/schema_statements.rb +4 -2
data/lib/active_record/connection_adapters/sqlite3_adapter.rb +61 -30
data/lib/active_record/connection_adapters.rb +6 -5
data/lib/active_record/connection_handling.rb +20 -38
data/lib/active_record/core.rb +113 -112
data/lib/active_record/database_configurations/database_config.rb +12 -0
data/lib/active_record/database_configurations/hash_config.rb +27 -1
data/lib/active_record/database_configurations/url_config.rb +2 -2
data/lib/active_record/database_configurations.rb +18 -9
data/lib/active_record/delegated_type.rb +33 -11
data/lib/active_record/destroy_association_async_job.rb +1 -1
data/lib/active_record/disable_joins_association_relation.rb +39 -0
data/lib/active_record/dynamic_matchers.rb +1 -1
data/lib/active_record/encryption/cipher/aes256_gcm.rb +98 -0
data/lib/active_record/encryption/cipher.rb +53 -0
data/lib/active_record/encryption/config.rb +44 -0
data/lib/active_record/encryption/configurable.rb +61 -0
data/lib/active_record/encryption/context.rb +35 -0
data/lib/active_record/encryption/contexts.rb +72 -0
data/lib/active_record/encryption/derived_secret_key_provider.rb +12 -0
data/lib/active_record/encryption/deterministic_key_provider.rb +14 -0
data/lib/active_record/encryption/encryptable_record.rb +208 -0
data/lib/active_record/encryption/encrypted_attribute_type.rb +140 -0
data/lib/active_record/encryption/encrypted_fixtures.rb +38 -0
data/lib/active_record/encryption/encrypting_only_encryptor.rb +12 -0
data/lib/active_record/encryption/encryptor.rb +155 -0
data/lib/active_record/encryption/envelope_encryption_key_provider.rb +55 -0
data/lib/active_record/encryption/errors.rb +15 -0
data/lib/active_record/encryption/extended_deterministic_queries.rb +160 -0
data/lib/active_record/encryption/extended_deterministic_uniqueness_validator.rb +29 -0
data/lib/active_record/encryption/key.rb +28 -0
data/lib/active_record/encryption/key_generator.rb +42 -0
data/lib/active_record/encryption/key_provider.rb +46 -0
data/lib/active_record/encryption/message.rb +33 -0
data/lib/active_record/encryption/message_serializer.rb +80 -0
data/lib/active_record/encryption/null_encryptor.rb +21 -0
data/lib/active_record/encryption/properties.rb +76 -0
data/lib/active_record/encryption/read_only_null_encryptor.rb +24 -0
data/lib/active_record/encryption/scheme.rb +99 -0
data/lib/active_record/encryption.rb +55 -0
data/lib/active_record/enum.rb +41 -41
data/lib/active_record/errors.rb +66 -3
data/lib/active_record/fixture_set/file.rb +15 -1
data/lib/active_record/fixture_set/table_row.rb +40 -5
data/lib/active_record/fixture_set/table_rows.rb +4 -4
data/lib/active_record/fixtures.rb +16 -11
data/lib/active_record/future_result.rb +139 -0
data/lib/active_record/gem_version.rb +4 -4
data/lib/active_record/inheritance.rb +55 -17
data/lib/active_record/insert_all.rb +34 -5
data/lib/active_record/integration.rb +1 -1
data/lib/active_record/internal_metadata.rb +3 -5
data/lib/active_record/legacy_yaml_adapter.rb +1 -1
data/lib/active_record/locking/optimistic.rb +10 -9
data/lib/active_record/log_subscriber.rb +6 -2
data/lib/active_record/middleware/database_selector/resolver.rb +6 -10
data/lib/active_record/middleware/database_selector.rb +8 -3
data/lib/active_record/migration/command_recorder.rb +4 -4
data/lib/active_record/migration/compatibility.rb +83 -1
data/lib/active_record/migration/join_table.rb +1 -1
data/lib/active_record/migration.rb +109 -79
data/lib/active_record/model_schema.rb +46 -32
data/lib/active_record/nested_attributes.rb +3 -3
data/lib/active_record/no_touching.rb +2 -2
data/lib/active_record/null_relation.rb +2 -6
data/lib/active_record/persistence.rb +134 -45
data/lib/active_record/query_cache.rb +2 -2
data/lib/active_record/query_logs.rb +203 -0
data/lib/active_record/querying.rb +15 -5
data/lib/active_record/railtie.rb +117 -17
data/lib/active_record/railties/controller_runtime.rb +1 -1
data/lib/active_record/railties/databases.rake +80 -56
data/lib/active_record/readonly_attributes.rb +11 -0
data/lib/active_record/reflection.rb +45 -44
data/lib/active_record/relation/batches/batch_enumerator.rb +19 -5
data/lib/active_record/relation/batches.rb +3 -3
data/lib/active_record/relation/calculations.rb +41 -28
data/lib/active_record/relation/delegation.rb +6 -6
data/lib/active_record/relation/finder_methods.rb +32 -23
data/lib/active_record/relation/merger.rb +20 -13
data/lib/active_record/relation/predicate_builder.rb +1 -6
data/lib/active_record/relation/query_attribute.rb +5 -11
data/lib/active_record/relation/query_methods.rb +232 -49
data/lib/active_record/relation/record_fetch_warning.rb +2 -2
data/lib/active_record/relation/spawn_methods.rb +2 -2
data/lib/active_record/relation/where_clause.rb +10 -6
data/lib/active_record/relation.rb +166 -77
data/lib/active_record/result.rb +17 -2
data/lib/active_record/runtime_registry.rb +2 -4
data/lib/active_record/sanitization.rb +11 -7
data/lib/active_record/schema_dumper.rb +3 -3
data/lib/active_record/schema_migration.rb +0 -4
data/lib/active_record/scoping/default.rb +61 -12
data/lib/active_record/scoping/named.rb +3 -11
data/lib/active_record/scoping.rb +40 -22
data/lib/active_record/serialization.rb +1 -1
data/lib/active_record/signed_id.rb +1 -1
data/lib/active_record/tasks/database_tasks.rb +107 -23
data/lib/active_record/tasks/mysql_database_tasks.rb +1 -1
data/lib/active_record/tasks/postgresql_database_tasks.rb +14 -11
data/lib/active_record/test_databases.rb +1 -1
data/lib/active_record/test_fixtures.rb +4 -4
data/lib/active_record/timestamp.rb +3 -4
data/lib/active_record/transactions.rb +9 -14
data/lib/active_record/translation.rb +2 -2
data/lib/active_record/type/adapter_specific_registry.rb +32 -7
data/lib/active_record/type/hash_lookup_type_map.rb +34 -1
data/lib/active_record/type/internal/timezone.rb +2 -2
data/lib/active_record/type/serialized.rb +1 -1
data/lib/active_record/type/type_map.rb +17 -20
data/lib/active_record/type.rb +1 -2
data/lib/active_record/validations/associated.rb +1 -1
data/lib/active_record.rb +170 -2
data/lib/arel/attributes/attribute.rb +0 -8
data/lib/arel/crud.rb +18 -22
data/lib/arel/delete_manager.rb +2 -4
data/lib/arel/insert_manager.rb +2 -3
data/lib/arel/nodes/casted.rb +1 -1
data/lib/arel/nodes/delete_statement.rb +8 -13
data/lib/arel/nodes/insert_statement.rb +2 -2
data/lib/arel/nodes/select_core.rb +2 -2
data/lib/arel/nodes/select_statement.rb +2 -2
data/lib/arel/nodes/update_statement.rb +3 -2
data/lib/arel/predications.rb +1 -1
data/lib/arel/select_manager.rb +10 -4
data/lib/arel/table.rb +0 -1
data/lib/arel/tree_manager.rb +0 -12
data/lib/arel/update_manager.rb +2 -4
data/lib/arel/visitors/dot.rb +80 -90
data/lib/arel/visitors/mysql.rb +6 -1
data/lib/arel/visitors/postgresql.rb +0 -10
data/lib/arel/visitors/to_sql.rb +43 -2
data/lib/arel.rb +1 -1
data/lib/rails/generators/active_record/application_record/templates/application_record.rb.tt +1 -1
data/lib/rails/generators/active_record/model/templates/abstract_base_class.rb.tt +1 -1
data/lib/rails/generators/active_record/model/templates/model.rb.tt +1 -1
data/lib/rails/generators/active_record/model/templates/module.rb.tt +2 -2
metadata +55 -16

data/lib/active_record/encryption/encrypted_fixtures.rb ADDED Viewed

@@ -0,0 +1,38 @@
+# frozen_string_literal: true
+module ActiveRecord
+  module Encryption
+    module EncryptedFixtures
+      def initialize(fixture, model_class)
+        @clean_values = {}
+        encrypt_fixture_data(fixture, model_class)
+        process_preserved_original_columns(fixture, model_class)
+        super
+      end
+      private
+        def encrypt_fixture_data(fixture, model_class)
+          model_class&.encrypted_attributes&.each do |attribute_name|
+            if clean_value = fixture[attribute_name.to_s]
+              @clean_values[attribute_name.to_s] = clean_value
+              type = model_class.type_for_attribute(attribute_name)
+              encrypted_value = type.serialize(clean_value)
+              fixture[attribute_name.to_s] = encrypted_value
+            end
+          end
+        end
+        def process_preserved_original_columns(fixture, model_class)
+          model_class&.encrypted_attributes&.each do |attribute_name|
+            if source_attribute_name = model_class.source_attribute_from_preserved_attribute(attribute_name)
+              clean_value = @clean_values[source_attribute_name.to_s]
+              type = model_class.type_for_attribute(attribute_name)
+              encrypted_value = type.serialize(clean_value)
+              fixture[attribute_name.to_s] = encrypted_value
+            end
+          end
+        end
+    end
+  end
+end

data/lib/active_record/encryption/encrypting_only_encryptor.rb ADDED Viewed

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+module ActiveRecord
+  module Encryption
+    # An encryptor that can encrypt data but can't decrypt it.
+    class EncryptingOnlyEncryptor < Encryptor
+      def decrypt(encrypted_text, key_provider: nil, cipher_options: {})
+        encrypted_text
+      end
+    end
+  end
+end

data/lib/active_record/encryption/encryptor.rb ADDED Viewed

@@ -0,0 +1,155 @@
+# frozen_string_literal: true
+require "openssl"
+require "zlib"
+require "active_support/core_ext/numeric"
+module ActiveRecord
+  module Encryption
+    # An encryptor exposes the encryption API that +ActiveRecord::Encryption::EncryptedAttributeType+
+    # uses for encrypting and decrypting attribute values.
+    #
+    # It interacts with a +KeyProvider+ for getting the keys, and delegate to
+    # +ActiveRecord::Encryption::Cipher+ the actual encryption algorithm.
+    class Encryptor
+      # Encrypts +clean_text+ and returns the encrypted result
+      #
+      # Internally, it will:
+      #
+      # 1. Create a new +ActiveRecord::Encryption::Message+
+      # 2. Compress and encrypt +clean_text+ as the message payload
+      # 3. Serialize it with +ActiveRecord::Encryption.message_serializer+ (+ActiveRecord::Encryption::SafeMarshal+
+      #    by default)
+      # 4. Encode the result with Base 64
+      #
+      # === Options
+      #
+      # [:key_provider]
+      #   Key provider to use for the encryption operation. It will default to
+      #   +ActiveRecord::Encryption.key_provider+ when not provided
+      #
+      # [:cipher_options]
+      #   +Cipher+-specific options that will be passed to the Cipher configured in
+      #   +ActiveRecord::Encryption.cipher+
+      def encrypt(clear_text, key_provider: default_key_provider, cipher_options: {})
+        clear_text = force_encoding_if_needed(clear_text) if cipher_options[:deterministic]
+        validate_payload_type(clear_text)
+        serialize_message build_encrypted_message(clear_text, key_provider: key_provider, cipher_options: cipher_options)
+      end
+      # Decrypts a +clean_text+ and returns the result as clean text
+      #
+      # === Options
+      #
+      # [:key_provider]
+      #   Key provider to use for the encryption operation. It will default to
+      #   +ActiveRecord::Encryption.key_provider+ when not provided
+      #
+      # [:cipher_options]
+      #   +Cipher+-specific options that will be passed to the Cipher configured in
+      #   +ActiveRecord::Encryption.cipher+
+      def decrypt(encrypted_text, key_provider: default_key_provider, cipher_options: {})
+        message = deserialize_message(encrypted_text)
+        keys = key_provider.decryption_keys(message)
+        raise Errors::Decryption unless keys.present?
+        uncompress_if_needed(cipher.decrypt(message, key: keys.collect(&:secret), **cipher_options), message.headers.compressed)
+      rescue *(ENCODING_ERRORS + DECRYPT_ERRORS)
+        raise Errors::Decryption
+      end
+      # Returns whether the text is encrypted or not
+      def encrypted?(text)
+        deserialize_message(text)
+        true
+      rescue Errors::Encoding, *DECRYPT_ERRORS
+        false
+      end
+      private
+        DECRYPT_ERRORS = [OpenSSL::Cipher::CipherError, Errors::EncryptedContentIntegrity, Errors::Decryption]
+        ENCODING_ERRORS = [EncodingError, Errors::Encoding]
+        THRESHOLD_TO_JUSTIFY_COMPRESSION = 140.bytes
+        def default_key_provider
+          ActiveRecord::Encryption.key_provider
+        end
+        def validate_payload_type(clear_text)
+          unless clear_text.is_a?(String)
+            raise ActiveRecord::Encryption::Errors::ForbiddenClass, "The encryptor can only encrypt string values (#{clear_text.class})"
+          end
+        end
+        def cipher
+          ActiveRecord::Encryption.cipher
+        end
+        def build_encrypted_message(clear_text, key_provider:, cipher_options:)
+          key = key_provider.encryption_key
+          clear_text, was_compressed = compress_if_worth_it(clear_text)
+          cipher.encrypt(clear_text, key: key.secret, **cipher_options).tap do |message|
+            message.headers.add(key.public_tags)
+            message.headers.compressed = true if was_compressed
+          end
+        end
+        def serialize_message(message)
+          serializer.dump(message)
+        end
+        def deserialize_message(message)
+          raise Errors::Encoding unless message.is_a?(String)
+          serializer.load message
+        rescue ArgumentError, TypeError, Errors::ForbiddenClass
+          raise Errors::Encoding
+        end
+        def serializer
+          ActiveRecord::Encryption.message_serializer
+        end
+        # Under certain threshold, ZIP compression is actually worse that not compressing
+        def compress_if_worth_it(string)
+          if string.bytesize > THRESHOLD_TO_JUSTIFY_COMPRESSION
+            [compress(string), true]
+          else
+            [string, false]
+          end
+        end
+        def compress(data)
+          Zlib::Deflate.deflate(data).tap do |compressed_data|
+            compressed_data.force_encoding(data.encoding)
+          end
+        end
+        def uncompress_if_needed(data, compressed)
+          if compressed
+            uncompress(data)
+          else
+            data
+          end
+        end
+        def uncompress(data)
+          Zlib::Inflate.inflate(data).tap do |uncompressed_data|
+            uncompressed_data.force_encoding(data.encoding)
+          end
+        end
+        def force_encoding_if_needed(value)
+          if forced_encoding_for_deterministic_encryption && value && value.encoding != forced_encoding_for_deterministic_encryption
+            value.encode(forced_encoding_for_deterministic_encryption, invalid: :replace, undef: :replace)
+          else
+            value
+          end
+        end
+        def forced_encoding_for_deterministic_encryption
+          ActiveRecord::Encryption.config.forced_encoding_for_deterministic_encryption
+        end
+    end
+  end
+end

data/lib/active_record/encryption/envelope_encryption_key_provider.rb ADDED Viewed

@@ -0,0 +1,55 @@
+# frozen_string_literal: true
+module ActiveRecord
+  module Encryption
+    # Implements a simple envelope encryption approach where:
+    #
+    # * It generates a random data-encryption key for each encryption operation
+    # * It stores the generated key along with the encrypted payload. It encrypts this key
+    #   with the master key provided in the credential +active_record.encryption.master key+
+    #
+    # This provider can work with multiple master keys. It will use the last one for encrypting.
+    #
+    # When `config.store_key_references` is true, it will also store a reference to
+    # the specific master key that was used to encrypt the data-encryption key. When not set,
+    # it will try all the configured master keys looking for the right one, in order to
+    # return the right decryption key.
+    class EnvelopeEncryptionKeyProvider
+      def encryption_key
+        random_secret = generate_random_secret
+        ActiveRecord::Encryption::Key.new(random_secret).tap do |key|
+          key.public_tags.encrypted_data_key = encrypt_data_key(random_secret)
+          key.public_tags.encrypted_data_key_id = active_primary_key.id if ActiveRecord::Encryption.config.store_key_references
+        end
+      end
+      def decryption_keys(encrypted_message)
+        secret = decrypt_data_key(encrypted_message)
+        secret ? [ActiveRecord::Encryption::Key.new(secret)] : []
+      end
+      def active_primary_key
+        @active_primary_key ||= primary_key_provider.encryption_key
+      end
+      private
+        def encrypt_data_key(random_secret)
+          ActiveRecord::Encryption.cipher.encrypt(random_secret, key: active_primary_key.secret)
+        end
+        def decrypt_data_key(encrypted_message)
+          encrypted_data_key = encrypted_message.headers.encrypted_data_key
+          key = primary_key_provider.decryption_keys(encrypted_message)&.collect(&:secret)
+          ActiveRecord::Encryption.cipher.decrypt encrypted_data_key, key: key if key
+        end
+        def primary_key_provider
+          @primary_key_provider ||= DerivedSecretKeyProvider.new(ActiveRecord::Encryption.config.primary_key)
+        end
+        def generate_random_secret
+          ActiveRecord::Encryption.key_generator.generate_random_key
+        end
+    end
+  end
+end

data/lib/active_record/encryption/errors.rb ADDED Viewed

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+module ActiveRecord
+  module Encryption
+    module Errors
+      class Base < StandardError; end
+      class Encoding < Base; end
+      class Decryption < Base; end
+      class Encryption < Base; end
+      class Configuration < Base; end
+      class ForbiddenClass < Base; end
+      class EncryptedContentIntegrity < Base; end
+    end
+  end
+end

data/lib/active_record/encryption/extended_deterministic_queries.rb ADDED Viewed

@@ -0,0 +1,160 @@
+# frozen_string_literal: true
+# Automatically expand encrypted arguments to support querying both encrypted and unencrypted data
+#
+# Active Record Encryption supports querying the db using deterministic attributes. For example:
+#
+#   Contact.find_by(email_address: "jorge@hey.com")
+#
+# The value "jorge@hey.com" will get encrypted automatically to perform the query. But there is
+# a problem while the data is being encrypted. This won't work. During that time, you need these
+# queries to be:
+#
+#   Contact.find_by(email_address: [ "jorge@hey.com", "<encrypted jorge@hey.com>" ])
+#
+# This patches ActiveRecord to support this automatically. It addresses both:
+#
+# * ActiveRecord::Base: Used in +Contact.find_by_email_address(...)+
+# * ActiveRecord::Relation: Used in +Contact.internal.find_by_email_address(...)+
+#
+# +ActiveRecord::Base+ relies on +ActiveRecord::Relation+ (+ActiveRecord::QueryMethods+) but it does
+# some prepared statements caching. That's why we need to intercept +ActiveRecord::Base+ as soon
+# as it's invoked (so that the proper prepared statement is cached).
+#
+# When modifying this file run performance tests in +test/performance/extended_deterministic_queries_performance_test.rb+ to
+#   make sure performance overhead is acceptable.
+#
+# We will extend this to support previous "encryption context" versions in future iterations
+#
+# @TODO Experimental. Support for every kind of query is pending
+# @TODO It should not patch anything if not needed (no previous schemes or no support for previous encryption schemes)
+module ActiveRecord
+  module Encryption
+    module ExtendedDeterministicQueries
+      def self.install_support
+        ActiveRecord::Relation.prepend(RelationQueries)
+        ActiveRecord::Base.include(CoreQueries)
+        ActiveRecord::Encryption::EncryptedAttributeType.prepend(ExtendedEncryptableType)
+        Arel::Nodes::HomogeneousIn.prepend(InWithAdditionalValues)
+      end
+      module EncryptedQueryArgumentProcessor
+        extend ActiveSupport::Concern
+        private
+          def process_encrypted_query_arguments(args, check_for_additional_values)
+            if args.is_a?(Array) && (options = args.first).is_a?(Hash)
+              self.deterministic_encrypted_attributes&.each do |attribute_name|
+                type = type_for_attribute(attribute_name)
+                if !type.previous_types.empty? && value = options[attribute_name]
+                  options[attribute_name] = process_encrypted_query_argument(value, check_for_additional_values, type)
+                end
+              end
+            end
+          end
+          def process_encrypted_query_argument(value, check_for_additional_values, type)
+            return value if check_for_additional_values && value.is_a?(Array) && value.last.is_a?(AdditionalValue)
+            case value
+            when String, Array
+              list = Array(value)
+              list + list.flat_map do |each_value|
+                if check_for_additional_values && each_value.is_a?(AdditionalValue)
+                  each_value
+                else
+                  additional_values_for(each_value, type)
+                end
+              end
+            else
+              value
+            end
+          end
+          def additional_values_for(value, type)
+            type.previous_types.collect do |additional_type|
+              AdditionalValue.new(value, additional_type)
+            end
+          end
+      end
+      module RelationQueries
+        include EncryptedQueryArgumentProcessor
+        def where(*args)
+          process_encrypted_query_arguments_if_needed(args)
+          super
+        end
+        def exists?(*args)
+          process_encrypted_query_arguments_if_needed(args)
+          super
+        end
+        def find_or_create_by(attributes, &block)
+          find_by(attributes.dup) || create(attributes, &block)
+        end
+        def find_or_create_by!(attributes, &block)
+          find_by(attributes.dup) || create!(attributes, &block)
+        end
+        private
+          def process_encrypted_query_arguments_if_needed(args)
+            process_encrypted_query_arguments(args, true) unless self.deterministic_encrypted_attributes&.empty?
+          end
+      end
+      module CoreQueries
+        extend ActiveSupport::Concern
+        class_methods do
+          include EncryptedQueryArgumentProcessor
+          def find_by(*args)
+            process_encrypted_query_arguments(args, false) unless self.deterministic_encrypted_attributes&.empty?
+            super
+          end
+        end
+      end
+      class AdditionalValue
+        attr_reader :value, :type
+        def initialize(value, type)
+          @type = type
+          @value = process(value)
+        end
+        private
+          def process(value)
+            type.serialize(value)
+          end
+      end
+      module ExtendedEncryptableType
+        def serialize(data)
+          if data.is_a?(AdditionalValue)
+            data.value
+          else
+            super
+          end
+        end
+      end
+      module InWithAdditionalValues
+        def proc_for_binds
+          -> value { ActiveModel::Attribute.with_cast_value(attribute.name, value, encryption_aware_type_caster) }
+        end
+        def encryption_aware_type_caster
+          if attribute.type_caster.is_a?(ActiveRecord::Encryption::EncryptedAttributeType)
+            attribute.type_caster.cast_type
+          else
+            attribute.type_caster
+          end
+        end
+      end
+    end
+  end
+end

data/lib/active_record/encryption/extended_deterministic_uniqueness_validator.rb ADDED Viewed

@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+module ActiveRecord
+  module Encryption
+    module ExtendedDeterministicUniquenessValidator
+      def self.install_support
+        ActiveRecord::Validations::UniquenessValidator.prepend(EncryptedUniquenessValidator)
+      end
+      module EncryptedUniquenessValidator
+        def validate_each(record, attribute, value)
+          super(record, attribute, value)
+          klass = record.class
+          if klass.deterministic_encrypted_attributes&.each do |attribute_name|
+            encrypted_type = klass.type_for_attribute(attribute_name)
+            [ encrypted_type, *encrypted_type.previous_types ].each do |type|
+              encrypted_value = type.serialize(value)
+              ActiveRecord::Encryption.without_encryption do
+                super(record, attribute, encrypted_value)
+              end
+            end
+          end
+          end
+        end
+      end
+    end
+  end
+end