activerecord 6.1.6 → 7.1.2

data/lib/active_record/delegated_type.rb

@@ -3,7 +3,7 @@
 require "active_support/core_ext/string/inquiry"
 
 module ActiveRecord
-  # == Delegated types
+  # = Delegated types
   #
   # Class hierarchies can map to relational database tables in many ways. Active Record, for example, offers
   # purely abstract classes, where the superclass doesn't persist any attributes, and single-table inheritance,
@@ -51,10 +51,9 @@ module ActiveRecord
   #     end
   #   end
   #
-  #   # Schema: messages[ id, subject ]
+  #   # Schema: messages[ id, subject, body ]
   #   class Message < ApplicationRecord
   #     include Entryable
-  #     has_rich_text :content
   #   end
   #
   #   # Schema: comments[ id, content ]
@@ -66,7 +65,7 @@ module ActiveRecord
   # resides in the +Entry+ "superclass". But the +Entry+ absolutely can stand alone in terms of querying capacity
   # in particular. You can now easily do things like:
   #
-  #   Account.entries.order(created_at: :desc).limit(50)
+  #   Account.find(1).entries.order(created_at: :desc).limit(50)
   #
   # Which is exactly what you want when displaying both comments and messages together. The entry itself can
   # be rendered as its delegated type easily, like so:
@@ -76,7 +75,9 @@ module ActiveRecord
   #
   #   # entries/entryables/_message.html.erb
   #   <div class="message">
-  #     Posted on <%= entry.created_at %> by <%= entry.creator.name %>: <%= entry.message.content %>
+  #     <div class="subject"><%= entry.message.subject %></div>
+  #     <p><%= entry.message.body %></p>
+  #     <i>Posted on <%= entry.created_at %> by <%= entry.creator.name %></i>
   #   </div>
   #
   #   # entries/entryables/_comment.html.erb
@@ -135,7 +136,22 @@ module ActiveRecord
   #     end
   #   end
   #
-  # Now you can list a bunch of entries, call +Entry#title+, and polymorphism will provide you with the answer.
+  # Now you can list a bunch of entries, call <tt>Entry#title</tt>, and polymorphism will provide you with the answer.
+  #
+  # == Nested Attributes
+  #
+  # Enabling nested attributes on a delegated_type association allows you to
+  # create the entry and message in one go:
+  #
+  #   class Entry < ApplicationRecord
+  #     delegated_type :entryable, types: %w[ Message Comment ]
+  #     accepts_nested_attributes_for :entryable
+  #   end
+  #
+  #   params = { entry: { entryable_type: 'Message', entryable_attributes: { subject: 'Smiling' } } }
+  #   entry = Entry.create(params[:entry])
+  #   entry.entryable.id # => 2
+  #   entry.entryable.subject # => 'Smiling'
   module DelegatedType
     # Defines this as a class that'll delegate its type for the passed +role+ to the class references in +types+.
     # That'll create a polymorphic +belongs_to+ relationship to that +role+, and it'll add all the delegated
@@ -156,8 +172,6 @@ module ActiveRecord
     #   Entry#comment         # => returns the comment record, when entryable_type == "Comment", otherwise nil
     #   Entry#comment_id      # => returns entryable_id, when entryable_type == "Comment", otherwise nil
     #
-    # The +options+ are passed directly to the +belongs_to+ call, so this is where you declare +dependent+ etc.
-    #
     # You can also declare namespaced types:
     #
     #   class Entry < ApplicationRecord
@@ -167,26 +181,58 @@ module ActiveRecord
     #   Entry.access_notice_messages
     #   entry.access_notice_message
     #   entry.access_notice_message?
+    #
+    # === Options
+    #
+    # The +options+ are passed directly to the +belongs_to+ call, so this is where you declare +dependent+ etc.
+    # The following options can be included to specialize the behavior of the delegated type convenience methods.
+    #
+    # [:foreign_key]
+    #   Specify the foreign key used for the convenience methods. By default this is guessed to be the passed
+    #   +role+ with an "_id" suffix. So a class that defines a
+    #   <tt>delegated_type :entryable, types: %w[ Message Comment ]</tt> association will use "entryable_id" as
+    #   the default <tt>:foreign_key</tt>.
+    # [:foreign_type]
+    #   Specify the column used to store the associated object's type. By default this is inferred to be the passed
+    #   +role+ with a "_type" suffix. A class that defines a
+    #   <tt>delegated_type :entryable, types: %w[ Message Comment ]</tt> association will use "entryable_type" as
+    #   the default <tt>:foreign_type</tt>.
+    # [:primary_key]
+    #   Specify the method that returns the primary key of associated object used for the convenience methods.
+    #   By default this is +id+.
+    #
+    # Option examples:
+    #   class Entry < ApplicationRecord
+    #     delegated_type :entryable, types: %w[ Message Comment ], primary_key: :uuid, foreign_key: :entryable_uuid
+    #   end
+    #
+    #   Entry#message_uuid      # => returns entryable_uuid, when entryable_type == "Message", otherwise nil
+    #   Entry#comment_uuid      # => returns entryable_uuid, when entryable_type == "Comment", otherwise nil
     def delegated_type(role, types:, **options)
       belongs_to role, options.delete(:scope), **options.merge(polymorphic: true)
-      define_delegated_type_methods role, types: types
+      define_delegated_type_methods role, types: types, options: options
     end
 
     private
-      def define_delegated_type_methods(role, types:)
-        role_type = "#{role}_type"
-        role_id   = "#{role}_id"
+      def define_delegated_type_methods(role, types:, options:)
+        primary_key = options[:primary_key] || "id"
+        role_type = options[:foreign_type] || "#{role}_type"
+        role_id   = options[:foreign_key] || "#{role}_id"
 
         define_method "#{role}_class" do
-          public_send("#{role}_type").constantize
+          public_send(role_type).constantize
         end
 
         define_method "#{role}_name" do
           public_send("#{role}_class").model_name.singular.inquiry
         end
 
+        define_method "build_#{role}" do |*params|
+          public_send("#{role}=", public_send("#{role}_class").new(*params))
+        end
+
         types.each do |type|
-          scope_name = type.tableize.gsub("/", "_")
+          scope_name = type.tableize.tr("/", "_")
           singular   = scope_name.singularize
           query      = "#{singular}?"
 
@@ -200,7 +246,7 @@ module ActiveRecord
             public_send(role) if public_send(query)
           end
 
-          define_method "#{singular}_id" do
+          define_method "#{singular}_#{primary_key}" do
             public_send(role_id) if public_send(query)
           end
         end

data/lib/active_record/deprecator.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+module ActiveRecord
+  def self.deprecator # :nodoc:
+    @deprecator ||= ActiveSupport::Deprecation.new
+  end
+end

data/lib/active_record/destroy_association_async_job.rb

@@ -4,9 +4,11 @@ module ActiveRecord
   class DestroyAssociationAsyncError < StandardError
   end
 
+  # = Active Record Destroy Association Async Job
+  #
   # Job to destroy the records associated with a destroyed record in background.
   class DestroyAssociationAsyncJob < ActiveJob::Base
-    queue_as { ActiveRecord::Base.queues[:destroy] }
+    queue_as { ActiveRecord.queues[:destroy] }
 
     discard_on ActiveJob::DeserializationError
 

data/lib/active_record/disable_joins_association_relation.rb

@@ -0,0 +1,39 @@
+# frozen_string_literal: true
+
+module ActiveRecord
+  class DisableJoinsAssociationRelation < Relation # :nodoc:
+    attr_reader :ids, :key
+
+    def initialize(klass, key, ids)
+      @ids = ids.uniq
+      @key = key
+      super(klass)
+    end
+
+    def limit(value)
+      records.take(value)
+    end
+
+    def first(limit = nil)
+      if limit
+        records.limit(limit).first
+      else
+        records.first
+      end
+    end
+
+    def load
+      super
+      records = @records
+
+      records_by_id = records.group_by do |record|
+        record[key]
+      end
+
+      records = ids.flat_map { |id| records_by_id[id] }
+      records.compact!
+
+      @records = records
+    end
+  end
+end

data/lib/active_record/dynamic_matchers.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 module ActiveRecord
-  module DynamicMatchers #:nodoc:
+  module DynamicMatchers # :nodoc:
     private
       def respond_to_missing?(name, _)
         if self == Base

data/lib/active_record/encryption/auto_filtered_parameters.rb

@@ -0,0 +1,66 @@
+# frozen_string_literal: true
+
+module ActiveRecord
+  module Encryption
+    class AutoFilteredParameters
+      def initialize(app)
+        @app = app
+        @attributes_by_class = Concurrent::Map.new
+        @collecting = true
+
+        install_collecting_hook
+      end
+
+      def enable
+        apply_collected_attributes
+        @collecting = false
+      end
+
+      private
+        attr_reader :app
+
+        def install_collecting_hook
+          ActiveRecord::Encryption.on_encrypted_attribute_declared do |klass, attribute|
+            attribute_was_declared(klass, attribute)
+          end
+        end
+
+        def attribute_was_declared(klass, attribute)
+          if collecting?
+            collect_for_later(klass, attribute)
+          else
+            apply_filter(klass, attribute)
+          end
+        end
+
+        def apply_collected_attributes
+          @attributes_by_class.each do |klass, attributes|
+            attributes.each do |attribute|
+              apply_filter(klass, attribute)
+            end
+          end
+        end
+
+        def collecting?
+          @collecting
+        end
+
+        def collect_for_later(klass, attribute)
+          @attributes_by_class[klass] ||= Concurrent::Array.new
+          @attributes_by_class[klass] << attribute
+        end
+
+        def apply_filter(klass, attribute)
+          filter = [("#{klass.model_name.element}" if klass.name), attribute.to_s].compact.join(".")
+          unless excluded_from_filter_parameters?(filter)
+            app.config.filter_parameters << filter unless app.config.filter_parameters.include?(filter)
+            klass.filter_attributes += [ attribute ]
+          end
+        end
+
+        def excluded_from_filter_parameters?(filter_parameter)
+          ActiveRecord::Encryption.config.excluded_from_filter_parameters.find { |excluded_filter| excluded_filter.to_s == filter_parameter }
+        end
+    end
+  end
+end

data/lib/active_record/encryption/cipher/aes256_gcm.rb

@@ -0,0 +1,101 @@
+# frozen_string_literal: true
+
+require "openssl"
+
+module ActiveRecord
+  module Encryption
+    class Cipher
+      # A 256-GCM cipher.
+      #
+      # By default it will use random initialization vectors. For deterministic encryption, it will use a SHA-256 hash of
+      # the text to encrypt and the secret.
+      #
+      # See +Encryptor+
+      class Aes256Gcm
+        CIPHER_TYPE = "aes-256-gcm"
+
+        class << self
+          def key_length
+            OpenSSL::Cipher.new(CIPHER_TYPE).key_len
+          end
+
+          def iv_length
+            OpenSSL::Cipher.new(CIPHER_TYPE).iv_len
+          end
+        end
+
+        # When iv not provided, it will generate a random iv on each encryption operation (default and
+        # recommended operation)
+        def initialize(secret, deterministic: false)
+          @secret = secret
+          @deterministic = deterministic
+        end
+
+        def encrypt(clear_text)
+          # This code is extracted from +ActiveSupport::MessageEncryptor+. Not using it directly because we want to control
+          # the message format and only serialize things once at the +ActiveRecord::Encryption::Message+ level. Also, this
+          # cipher is prepared to deal with deterministic/non deterministic encryption modes.
+
+          cipher = OpenSSL::Cipher.new(CIPHER_TYPE)
+          cipher.encrypt
+          cipher.key = @secret
+
+          iv = generate_iv(cipher, clear_text)
+          cipher.iv = iv
+
+          encrypted_data = clear_text.empty? ? clear_text.dup : cipher.update(clear_text)
+          encrypted_data << cipher.final
+
+          ActiveRecord::Encryption::Message.new(payload: encrypted_data).tap do |message|
+            message.headers.iv = iv
+            message.headers.auth_tag = cipher.auth_tag
+          end
+        end
+
+        def decrypt(encrypted_message)
+          encrypted_data = encrypted_message.payload
+          iv = encrypted_message.headers.iv
+          auth_tag = encrypted_message.headers.auth_tag
+
+          # Currently the OpenSSL bindings do not raise an error if auth_tag is
+          # truncated, which would allow an attacker to easily forge it. See
+          # https://github.com/ruby/openssl/issues/63
+          raise ActiveRecord::Encryption::Errors::EncryptedContentIntegrity if auth_tag.nil? || auth_tag.bytes.length != 16
+
+          cipher = OpenSSL::Cipher.new(CIPHER_TYPE)
+
+          cipher.decrypt
+          cipher.key = @secret
+          cipher.iv = iv
+
+          cipher.auth_tag = auth_tag
+          cipher.auth_data = ""
+
+          decrypted_data = encrypted_data.empty? ? encrypted_data : cipher.update(encrypted_data)
+          decrypted_data << cipher.final
+
+          decrypted_data
+        rescue OpenSSL::Cipher::CipherError, TypeError, ArgumentError
+          raise ActiveRecord::Encryption::Errors::Decryption
+        end
+
+        def inspect # :nodoc:
+          "#<#{self.class.name}:#{'%#016x' % (object_id << 1)}>"
+        end
+
+        private
+          def generate_iv(cipher, clear_text)
+            if @deterministic
+              generate_deterministic_iv(clear_text)
+            else
+              cipher.random_iv
+            end
+          end
+
+          def generate_deterministic_iv(clear_text)
+            OpenSSL::HMAC.digest(OpenSSL::Digest::SHA256.new, @secret, clear_text)[0, ActiveRecord::Encryption.cipher.iv_length]
+          end
+      end
+    end
+  end
+end

data/lib/active_record/encryption/cipher.rb

@@ -0,0 +1,53 @@
+# frozen_string_literal: true
+
+module ActiveRecord
+  module Encryption
+    # The algorithm used for encrypting and decrypting +Message+ objects.
+    #
+    # It uses AES-256-GCM. It will generate a random IV for non deterministic encryption (default)
+    # or derive an initialization vector from the encrypted content for deterministic encryption.
+    #
+    # See +Cipher::Aes256Gcm+.
+    class Cipher
+      DEFAULT_ENCODING = Encoding::UTF_8
+
+      # Encrypts the provided text and return an encrypted +Message+.
+      def encrypt(clean_text, key:, deterministic: false)
+        cipher_for(key, deterministic: deterministic).encrypt(clean_text).tap do |message|
+          message.headers.encoding = clean_text.encoding.name unless clean_text.encoding == DEFAULT_ENCODING
+        end
+      end
+
+      # Decrypt the provided +Message+.
+      #
+      # When +key+ is an Array, it will try all the keys raising a
+      # +ActiveRecord::Encryption::Errors::Decryption+ if none works.
+      def decrypt(encrypted_message, key:)
+        try_to_decrypt_with_each(encrypted_message, keys: Array(key)).tap do |decrypted_text|
+          decrypted_text.force_encoding(encrypted_message.headers.encoding || DEFAULT_ENCODING)
+        end
+      end
+
+      def key_length
+        Aes256Gcm.key_length
+      end
+
+      def iv_length
+        Aes256Gcm.iv_length
+      end
+
+      private
+        def try_to_decrypt_with_each(encrypted_text, keys:)
+          keys.each.with_index do |key, index|
+            return cipher_for(key).decrypt(encrypted_text)
+          rescue ActiveRecord::Encryption::Errors::Decryption
+            raise if index == keys.length - 1
+          end
+        end
+
+        def cipher_for(secret, deterministic: false)
+          Aes256Gcm.new(secret, deterministic: deterministic)
+        end
+    end
+  end
+end

data/lib/active_record/encryption/config.rb

@@ -0,0 +1,68 @@
+# frozen_string_literal: true
+
+require "openssl"
+
+module ActiveRecord
+  module Encryption
+    # Container of configuration options
+    class Config
+      attr_accessor :primary_key, :deterministic_key, :store_key_references, :key_derivation_salt, :hash_digest_class,
+                    :support_unencrypted_data, :encrypt_fixtures, :validate_column_size, :add_to_filter_parameters,
+                    :excluded_from_filter_parameters, :extend_queries, :previous_schemes, :forced_encoding_for_deterministic_encryption
+
+      def initialize
+        set_defaults
+      end
+
+      # Configure previous encryption schemes.
+      #
+      #   config.active_record.encryption.previous = [ { key_provider: MyOldKeyProvider.new } ]
+      def previous=(previous_schemes_properties)
+        previous_schemes_properties.each do |properties|
+          add_previous_scheme(**properties)
+        end
+      end
+
+      def support_sha1_for_non_deterministic_encryption=(value)
+        if value && has_primary_key?
+          sha1_key_generator = ActiveRecord::Encryption::KeyGenerator.new(hash_digest_class: OpenSSL::Digest::SHA1)
+          sha1_key_provider = ActiveRecord::Encryption::DerivedSecretKeyProvider.new(primary_key, key_generator: sha1_key_generator)
+          add_previous_scheme key_provider: sha1_key_provider
+        end
+      end
+
+      %w(key_derivation_salt primary_key deterministic_key).each do |key|
+        silence_redefinition_of_method "has_#{key}?"
+        define_method("has_#{key}?") do
+          instance_variable_get(:"@#{key}").presence
+        end
+
+        silence_redefinition_of_method key
+        define_method(key) do
+          public_send("has_#{key}?") or
+            raise Errors::Configuration, "Missing Active Record encryption credential: active_record_encryption.#{key}"
+        end
+      end
+
+      private
+        def set_defaults
+          self.store_key_references = false
+          self.support_unencrypted_data = false
+          self.encrypt_fixtures = false
+          self.validate_column_size = true
+          self.add_to_filter_parameters = true
+          self.excluded_from_filter_parameters = []
+          self.previous_schemes = []
+          self.forced_encoding_for_deterministic_encryption = Encoding::UTF_8
+          self.hash_digest_class = OpenSSL::Digest::SHA1
+
+          # TODO: Setting to false for now as the implementation is a bit experimental
+          self.extend_queries = false
+        end
+
+        def add_previous_scheme(**properties)
+          previous_schemes << ActiveRecord::Encryption::Scheme.new(**properties)
+        end
+    end
+  end
+end

data/lib/active_record/encryption/configurable.rb

@@ -0,0 +1,60 @@
+# frozen_string_literal: true
+
+module ActiveRecord
+  module Encryption
+    # Configuration API for ActiveRecord::Encryption
+    module Configurable
+      extend ActiveSupport::Concern
+
+      included do
+        mattr_reader :config, default: Config.new
+        mattr_accessor :encrypted_attribute_declaration_listeners
+      end
+
+      class_methods do
+        # Expose getters for context properties
+        Context::PROPERTIES.each do |name|
+          delegate name, to: :context
+        end
+
+        def configure(primary_key: nil, deterministic_key: nil, key_derivation_salt: nil, **properties) # :nodoc:
+          config.primary_key = primary_key
+          config.deterministic_key = deterministic_key
+          config.key_derivation_salt = key_derivation_salt
+
+          # Set the default for this property here instead of in +Config#set_defaults+ as this needs
+          # to happen *after* the keys have been set.
+          properties[:support_sha1_for_non_deterministic_encryption] = true if properties[:support_sha1_for_non_deterministic_encryption].nil?
+
+          properties.each do |name, value|
+            ActiveRecord::Encryption.config.send "#{name}=", value if ActiveRecord::Encryption.config.respond_to?("#{name}=")
+          end
+
+          ActiveRecord::Encryption.reset_default_context
+
+          properties.each do |name, value|
+            ActiveRecord::Encryption.context.send "#{name}=", value if ActiveRecord::Encryption.context.respond_to?("#{name}=")
+          end
+        end
+
+        # Register callback to be invoked when an encrypted attribute is declared.
+        #
+        # === Example
+        #
+        #   ActiveRecord::Encryption.on_encrypted_attribute_declared do |klass, attribute_name|
+        #     ...
+        #   end
+        def on_encrypted_attribute_declared(&block)
+          self.encrypted_attribute_declaration_listeners ||= Concurrent::Array.new
+          self.encrypted_attribute_declaration_listeners << block
+        end
+
+        def encrypted_attribute_was_declared(klass, name) # :nodoc:
+          self.encrypted_attribute_declaration_listeners&.each do |block|
+            block.call(klass, name)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/active_record/encryption/context.rb

@@ -0,0 +1,42 @@
+# frozen_string_literal: true
+
+module ActiveRecord
+  module Encryption
+    # An encryption context configures the different entities used to perform encryption:
+    #
+    # * A key provider
+    # * A key generator
+    # * An encryptor, the facade to encrypt data
+    # * A cipher, the encryption algorithm
+    # * A message serializer
+    class Context
+      PROPERTIES = %i[ key_provider key_generator cipher message_serializer encryptor frozen_encryption ]
+
+      attr_accessor(*PROPERTIES)
+
+      def initialize
+        set_defaults
+      end
+
+      alias frozen_encryption? frozen_encryption
+
+      silence_redefinition_of_method :key_provider
+      def key_provider
+        @key_provider ||= build_default_key_provider
+      end
+
+      private
+        def set_defaults
+          self.frozen_encryption = false
+          self.key_generator = ActiveRecord::Encryption::KeyGenerator.new
+          self.cipher = ActiveRecord::Encryption::Cipher.new
+          self.encryptor = ActiveRecord::Encryption::Encryptor.new
+          self.message_serializer = ActiveRecord::Encryption::MessageSerializer.new
+        end
+
+        def build_default_key_provider
+          ActiveRecord::Encryption::DerivedSecretKeyProvider.new(ActiveRecord::Encryption.config.primary_key)
+        end
+    end
+  end
+end

data/lib/active_record/encryption/contexts.rb

@@ -0,0 +1,76 @@
+# frozen_string_literal: true
+
+module ActiveRecord
+  module Encryption
+    # ActiveRecord::Encryption uses encryption contexts to configure the different entities used to
+    # encrypt/decrypt at a given moment in time.
+    #
+    # By default, the library uses a default encryption context. This is the Context that gets configured
+    # initially via +config.active_record.encryption+ options. Library users can define nested encryption contexts
+    # when running blocks of code.
+    #
+    # See Context.
+    module Contexts
+      extend ActiveSupport::Concern
+
+      included do
+        mattr_accessor :default_context, default: Context.new
+        thread_mattr_accessor :custom_contexts
+      end
+
+      class_methods do
+        # Configures a custom encryption context to use when running the provided block of code.
+        #
+        # It supports overriding all the properties defined in +Context+.
+        #
+        # Example:
+        #
+        #     ActiveRecord::Encryption.with_encryption_context(encryptor: ActiveRecord::Encryption::NullEncryptor.new) do
+        #       ...
+        #     end
+        #
+        # Encryption contexts can be nested.
+        def with_encryption_context(properties)
+          self.custom_contexts ||= []
+          self.custom_contexts << default_context.dup
+          properties.each do |key, value|
+            self.current_custom_context.send("#{key}=", value)
+          end
+
+          yield
+        ensure
+          self.custom_contexts.pop
+        end
+
+        # Runs the provided block in an encryption context where encryption is disabled:
+        #
+        # * Reading encrypted content will return its ciphertexts.
+        # * Writing encrypted content will write its clear text.
+        def without_encryption(&block)
+          with_encryption_context encryptor: ActiveRecord::Encryption::NullEncryptor.new, &block
+        end
+
+        # Runs the provided block in an encryption context where:
+        #
+        # * Reading encrypted content will return its ciphertext.
+        # * Writing encrypted content will fail.
+        def protecting_encrypted_data(&block)
+          with_encryption_context encryptor: ActiveRecord::Encryption::EncryptingOnlyEncryptor.new, frozen_encryption: true, &block
+        end
+
+        # Returns the current context. By default it will return the current context.
+        def context
+          self.current_custom_context || self.default_context
+        end
+
+        def current_custom_context
+          self.custom_contexts&.last
+        end
+
+        def reset_default_context
+          self.default_context = Context.new
+        end
+      end
+    end
+  end
+end