lockbox 1.4.0 → 2.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c227a11280d70eaaa03e7c81649bee696c2c88ab9a1825503f7db4e9af5d2d12
-  data.tar.gz: 52a2969568229aefa391a093c93ae1771d021ddc2396d3e4f65ec2f509a82c41
+  metadata.gz: 732b29630e94d7e05292a10ff4106f05152418a335fb7a5e7da9b5a632c05856
+  data.tar.gz: 8d7d40d7d4f8bb5ecc4737c4664a87bfc33d1f331b0a46d36ebc6a3ce5573ee2
 SHA512:
-  metadata.gz: 1734e1db6d559ed4221e81b30ca6a13db348a6089f58581376ce4cf16019a5787f8dd1b80abd1534ef2c82e294db4db1d8cb30089413d4e2e009544d3185d350
-  data.tar.gz: d5bdb1947c5fac19038fe21651bf35d32d675eba024569ec085b015ad991a9c1ea5e65437df908f78e0083486726032571c6dee364fe92a95a7447e33495cf83
+  metadata.gz: 11ba243e0e997a3140a5f3682f38023b9dcf29fdd9c181ea9f693404b4204bd7e83a4caef669126ff9fe432882773ff8f52e129117c201f0dc6eae7de9539849
+  data.tar.gz: 206197fbff415597cb816f77d9354fc8b2ee0c60ceccfb1b5414a44cf19a14b1b9224e09d1c7b0148a9ecb4b0d6673f70f2f35008b6a105bab8e02a55fdf81ce

data/CHANGELOG.md

@@ -1,3 +1,24 @@
+## 2.1.0 (2025-10-15)
+
+- Added warning for `download_chunk` method
+- Fixed error for `download` method with block
+- Dropped support for Active Record < 7.1 and Ruby < 3.2
+
+## 2.0.1 (2024-12-29)
+
+- Added support for Ruby 3.4
+
+## 2.0.0 (2024-10-26)
+
+- Improved `attributes`, `attribute_names`, and `has_attribute?` when ciphertext attributes not loaded
+- Removed deprecated `lockbox_encrypts` (use `has_encrypted` instead)
+- Dropped support for Active Record < 7 and Ruby < 3.1
+- Dropped support for Mongoid < 8
+
+## 1.4.1 (2024-09-09)
+
+- Fixed error message for previews for Active Storage 7.1.4
+
 ## 1.4.0 (2024-08-09)
 
 - Added support for Active Record 7.2

data/LICENSE.txt

@@ -1,6 +1,6 @@
 The MIT License (MIT)
 
-Copyright (c) 2018-2024 Andrew Kane
+Copyright (c) 2018-2025 Andrew Kane
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

data/README.md

@@ -35,7 +35,7 @@ Set the following environment variable with your key (you can use this one in de
 LOCKBOX_MASTER_KEY=0000000000000000000000000000000000000000000000000000000000000000
 ```
 
-or add it to your credentials for each environment (`rails credentials:edit --environment <env>` for Rails 6+)
+or add it to your credentials for each environment (`rails credentials:edit --environment <env>`)
 
 ```yml
 lockbox:
@@ -72,7 +72,7 @@ Then follow the instructions below for the data you want to encrypt.
 Create a migration with:
 
 ```ruby
-class AddEmailCiphertextToUsers < ActiveRecord::Migration[7.1]
+class AddEmailCiphertextToUsers < ActiveRecord::Migration[8.0]
   def change
     add_column :users, :email_ciphertext, :text
   end
@@ -251,7 +251,7 @@ User.decrypt_email_ciphertext(user.email_ciphertext)
 Create a migration with:
 
 ```ruby
-class AddBodyCiphertextToRichTexts < ActiveRecord::Migration[7.1]
+class AddBodyCiphertextToRichTexts < ActiveRecord::Migration[8.0]
   def change
     add_column :action_text_rich_texts, :body_ciphertext, :text
   end
@@ -382,7 +382,7 @@ Encryption is applied to all versions after processing.
 You can mount the uploader [as normal](https://github.com/carrierwaveuploader/carrierwave#activerecord). With Active Record, this involves creating a migration:
 
 ```ruby
-class AddLicenseToUsers < ActiveRecord::Migration[7.1]
+class AddLicenseToUsers < ActiveRecord::Migration[8.0]
   def change
     add_column :users, :license, :string
   end
@@ -910,7 +910,7 @@ end
 You can use `binary` columns for the ciphertext instead of `text` columns.
 
 ```ruby
-class AddEmailCiphertextToUsers < ActiveRecord::Migration[7.1]
+class AddEmailCiphertextToUsers < ActiveRecord::Migration[8.0]
   def change
     add_column :users, :email_ciphertext, :binary
   end
@@ -961,7 +961,7 @@ end
 Create a migration with:
 
 ```ruby
-class MigrateToLockbox < ActiveRecord::Migration[7.1]
+class MigrateToLockbox < ActiveRecord::Migration[8.0]
   def change
     add_column :users, :name_ciphertext, :text
     add_column :users, :email_ciphertext, :text
@@ -994,7 +994,7 @@ end
 Then remove the previous gem from your Gemfile and drop its columns.
 
 ```ruby
-class RemovePreviousEncryptedColumns < ActiveRecord::Migration[7.1]
+class RemovePreviousEncryptedColumns < ActiveRecord::Migration[8.0]
   def change
     remove_column :users, :encrypted_name, :text
     remove_column :users, :encrypted_name_iv, :text
@@ -1004,18 +1004,6 @@ class RemovePreviousEncryptedColumns < ActiveRecord::Migration[7.1]
 end
 ```
 
-## Upgrading
-
-### 1.0.0
-
-`encrypts` is now deprecated in favor of `has_encrypted` to avoid conflicting with Active Record encryption.
-
-```ruby
-class User < ApplicationRecord
-  has_encrypted :email
-end
-```
-
 ## History
 
 View the [changelog](https://github.com/ankane/lockbox/blob/master/CHANGELOG.md)

data/lib/generators/lockbox/audits_generator.rb

@@ -29,11 +29,7 @@ module Lockbox
       # use connection_config instead of connection.adapter
       # so database connection isn't needed
       def adapter
-        if ActiveRecord::VERSION::STRING.to_f >= 6.1
-          ActiveRecord::Base.connection_db_config.adapter.to_s
-        else
-          ActiveRecord::Base.connection_config[:adapter].to_s
-        end
+        ActiveRecord::Base.connection_db_config.adapter.to_s
       end
     end
   end

data/lib/lockbox/active_storage_extensions.rb

@@ -34,13 +34,6 @@ module Lockbox
     end
 
     module AttachedOne
-      if ActiveStorage::VERSION::MAJOR < 6
-        def attach(attachable)
-          attachable = encrypt_attachable(attachable) if encrypted?
-          super(attachable)
-        end
-      end
-
       def rotate_encryption!
         raise "Not encrypted" unless encrypted?
 
@@ -51,19 +44,6 @@ module Lockbox
     end
 
     module AttachedMany
-      if ActiveStorage::VERSION::MAJOR < 6
-        def attach(*attachables)
-          if encrypted?
-            attachables =
-              attachables.flatten.collect do |attachable|
-                encrypt_attachable(attachable)
-              end
-          end
-
-          super(attachables)
-        end
-      end
-
       def rotate_encryption!
         raise "Not encrypted" unless encrypted?
 
@@ -100,7 +80,7 @@ module Lockbox
 
     module Attachment
       def download
-        result = super
+        result = super(&nil)
 
         options = Utils.encrypted_options(record, name)
         # only trust the metadata when migrating
@@ -111,45 +91,70 @@ module Lockbox
           result = Utils.decrypt_result(record, name, options, result)
         end
 
-        result
+        if block_given?
+          io = StringIO.new(result)
+          chunk_size = 5.megabytes
+          while (chunk = io.read(chunk_size))
+            yield chunk
+          end
+        else
+          result
+        end
+      end
+
+      def download_chunk(...)
+        # TODO raise error in 3.0
+        warn "[lockbox] WARNING: download_chunk not supported for encrypted files" if Utils.encrypted_options(record, name)
+        super
       end
 
-      def variant(*args)
+      def variant(...)
         raise Lockbox::Error, "Variant not supported for encrypted files" if Utils.encrypted_options(record, name)
         super
       end
 
-      def preview(*args)
+      def preview(...)
         raise Lockbox::Error, "Preview not supported for encrypted files" if Utils.encrypted_options(record, name)
         super
       end
 
-      if ActiveStorage::VERSION::MAJOR >= 6
-        def open(**options)
-          blob.open(**options) do |file|
-            options = Utils.encrypted_options(record, name)
-            # only trust the metadata when migrating
-            # as earlier versions of Lockbox won't have it
-            # and it's not a good practice to trust modifiable data
-            encrypted = options && (!options[:migrating] || blob.metadata["encrypted"])
-            if encrypted
-              result = Utils.decrypt_result(record, name, options, file.read)
-              file.rewind
-              # truncate may not be available on all platforms
-              # according to the Ruby docs
-              # may need to create a new temp file instead
-              file.truncate(0)
-              file.write(result)
-              file.rewind
-            end
-
-            yield file
+      if ActiveStorage::VERSION::STRING.to_f == 7.1 && ActiveStorage.version >= "7.1.4"
+        def transform_variants_later
+          blob.instance_variable_set(:@lockbox_encrypted, true) if Utils.encrypted_options(record, name)
+          super
+        end
+      end
+
+      def open(**options)
+        blob.open(**options) do |file|
+          options = Utils.encrypted_options(record, name)
+          # only trust the metadata when migrating
+          # as earlier versions of Lockbox won't have it
+          # and it's not a good practice to trust modifiable data
+          encrypted = options && (!options[:migrating] || blob.metadata["encrypted"])
+          if encrypted
+            result = Utils.decrypt_result(record, name, options, file.read)
+            file.rewind
+            # truncate may not be available on all platforms
+            # according to the Ruby docs
+            # may need to create a new temp file instead
+            file.truncate(0)
+            file.write(result)
+            file.rewind
           end
+
+          yield file
         end
       end
     end
 
     module Blob
+      if ActiveStorage::VERSION::STRING.to_f == 7.1 && ActiveStorage.version >= "7.1.4"
+        def preview_image_needed_before_processing_variants?
+          !instance_variable_defined?(:@lockbox_encrypted) && super
+        end
+      end
+
       private
 
       def extract_content_type(io)

data/lib/lockbox/encryptor.rb

@@ -15,12 +15,12 @@ module Lockbox
     def encrypt(message, **options)
       message = check_string(message)
       ciphertext = @boxes.first.encrypt(message, **options)
-      ciphertext = Base64.strict_encode64(ciphertext) if @encode
+      ciphertext = [ciphertext].pack("m0") if @encode
       ciphertext
     end
 
     def decrypt(ciphertext, **options)
-      ciphertext = Base64.decode64(ciphertext) if @encode
+      ciphertext = ciphertext.unpack1("m") if @encode
       ciphertext = check_string(ciphertext)
 
       # ensure binary

data/lib/lockbox/model.rb

@@ -60,7 +60,7 @@ module Lockbox
         class_eval do
           # Lockbox uses custom inspect
           # but this could be useful for other gems
-          if activerecord && ActiveRecord::VERSION::MAJOR >= 6
+          if activerecord
             # only add virtual attribute
             # need to use regexp since strings do partial matching
             # also, need to use += instead of <<
@@ -114,12 +114,6 @@ module Lockbox
                   k = lockbox_encrypted_attributes[k]
                 elsif values.key?(k)
                   v = respond_to?(:attribute_for_inspect) ? attribute_for_inspect(k) : values[k].inspect
-
-                  # fix for https://github.com/rails/rails/issues/40725
-                  # TODO only apply to Active Record 6.0
-                  if respond_to?(:inspection_filter, true) && v != "nil"
-                    v = inspection_filter.filter_param(k, v)
-                  end
                 else
                   next
                 end
@@ -148,7 +142,40 @@ module Lockbox
                     end
                   end
                 end
-                super
+
+                # remove attributes that do not have a ciphertext attribute
+                attributes = super
+                self.class.lockbox_attributes.each do |k, lockbox_attribute|
+                  if !attributes.include?(lockbox_attribute[:encrypted_attribute].to_s)
+                    attributes.delete(k.to_s)
+                    attributes.delete(lockbox_attribute[:attribute])
+                  end
+                end
+                attributes
+              end
+
+              # remove attribute names that do not have a ciphertext attribute
+              def attribute_names
+                # hash preserves key order
+                names_set = super.to_h { |v| [v, true] }
+                self.class.lockbox_attributes.each do |k, lockbox_attribute|
+                  if !names_set.include?(lockbox_attribute[:encrypted_attribute].to_s)
+                    names_set.delete(k.to_s)
+                    names_set.delete(lockbox_attribute[:attribute])
+                  end
+                end
+                names_set.keys
+              end
+
+              # check the ciphertext attribute for encrypted attributes
+              def has_attribute?(attr_name)
+                attr_name = attr_name.to_s
+                _, lockbox_attribute = self.class.lockbox_attributes.find { |_, la| la[:attribute] == attr_name }
+                if lockbox_attribute
+                  super(lockbox_attribute[:encrypted_attribute])
+                else
+                  super
+                end
               end
 
               # needed for in-place modifications
@@ -232,71 +259,69 @@ module Lockbox
                 result
               end
 
-              if ActiveRecord::VERSION::MAJOR >= 6
-                if ActiveRecord::VERSION::STRING.to_f >= 7.2
-                  def self.insert(attributes, **options)
-                    super(lockbox_map_record_attributes(attributes), **options)
-                  end
-
-                  def self.insert!(attributes, **options)
-                    super(lockbox_map_record_attributes(attributes), **options)
-                  end
-
-                  def self.upsert(attributes, **options)
-                    super(lockbox_map_record_attributes(attributes, check_readonly: true), **options)
-                  end
+              if ActiveRecord::VERSION::STRING.to_f >= 7.2
+                def self.insert(attributes, **options)
+                  super(lockbox_map_record_attributes(attributes), **options)
                 end
 
-                def self.insert_all(attributes, **options)
-                  super(lockbox_map_attributes(attributes), **options)
+                def self.insert!(attributes, **options)
+                  super(lockbox_map_record_attributes(attributes), **options)
                 end
 
-                def self.insert_all!(attributes, **options)
-                  super(lockbox_map_attributes(attributes), **options)
+                def self.upsert(attributes, **options)
+                  super(lockbox_map_record_attributes(attributes, check_readonly: true), **options)
                 end
+              end
 
-                def self.upsert_all(attributes, **options)
-                  super(lockbox_map_attributes(attributes, check_readonly: true), **options)
-                end
+              def self.insert_all(attributes, **options)
+                super(lockbox_map_attributes(attributes), **options)
+              end
 
-                # private
-                # does not try to handle :returning option for simplicity
-                def self.lockbox_map_attributes(records, check_readonly: false)
-                  return records unless records.is_a?(Array)
+              def self.insert_all!(attributes, **options)
+                super(lockbox_map_attributes(attributes), **options)
+              end
 
-                  records.map do |attributes|
-                    lockbox_map_record_attributes(attributes, check_readonly: false)
-                  end
-                end
+              def self.upsert_all(attributes, **options)
+                super(lockbox_map_attributes(attributes, check_readonly: true), **options)
+              end
 
-                # private
-                def self.lockbox_map_record_attributes(attributes, check_readonly: false)
-                  return attributes unless attributes.is_a?(Hash)
+              # private
+              # does not try to handle :returning option for simplicity
+              def self.lockbox_map_attributes(records, check_readonly: false)
+                return records unless records.is_a?(Array)
 
-                  # transform keys like Active Record
-                  attributes = attributes.transform_keys do |key|
-                    n = key.to_s
-                    attribute_aliases[n] || n
-                  end
+                records.map do |attributes|
+                  lockbox_map_record_attributes(attributes, check_readonly: false)
+                end
+              end
 
-                  lockbox_attributes = self.lockbox_attributes.slice(*attributes.keys.map(&:to_sym))
-                  lockbox_attributes.each do |key, lockbox_attribute|
-                    attribute = key.to_s
-                    # check read only
-                    # users should mark both plaintext and ciphertext columns
-                    if check_readonly && readonly_attributes.include?(attribute) && !readonly_attributes.include?(lockbox_attribute[:encrypted_attribute].to_s)
-                      warn "[lockbox] WARNING: Mark attribute as readonly: #{lockbox_attribute[:encrypted_attribute]}"
-                    end
+              # private
+              def self.lockbox_map_record_attributes(attributes, check_readonly: false)
+                return attributes unless attributes.is_a?(Hash)
+
+                # transform keys like Active Record
+                attributes = attributes.transform_keys do |key|
+                  n = key.to_s
+                  attribute_aliases[n] || n
+                end
 
-                    message = attributes[attribute]
-                    attributes.delete(attribute) unless lockbox_attribute[:migrating]
-                    encrypted_attribute = lockbox_attribute[:encrypted_attribute]
-                    ciphertext = send("generate_#{encrypted_attribute}", message)
-                    attributes[encrypted_attribute] = ciphertext
+                lockbox_attributes = self.lockbox_attributes.slice(*attributes.keys.map(&:to_sym))
+                lockbox_attributes.each do |key, lockbox_attribute|
+                  attribute = key.to_s
+                  # check read only
+                  # users should mark both plaintext and ciphertext columns
+                  if check_readonly && readonly_attributes.include?(attribute) && !readonly_attributes.include?(lockbox_attribute[:encrypted_attribute].to_s)
+                    warn "[lockbox] WARNING: Mark attribute as readonly: #{lockbox_attribute[:encrypted_attribute]}"
                   end
 
-                  attributes
+                  message = attributes[attribute]
+                  attributes.delete(attribute) unless lockbox_attribute[:migrating]
+                  encrypted_attribute = lockbox_attribute[:encrypted_attribute]
+                  ciphertext = send("generate_#{encrypted_attribute}", message)
+                  attributes[encrypted_attribute] = ciphertext
                 end
+
+                attributes
               end
             else
               def reload
@@ -327,13 +352,8 @@ module Lockbox
             elsif attributes_to_define_after_schema_loads.key?(name.to_s)
               opt = attributes_to_define_after_schema_loads[name.to_s][1]
 
-              has_default =
-                if ActiveRecord::VERSION::MAJOR >= 7
-                  # not ideal, since NO_DEFAULT_PROVIDED is private
-                  opt != ActiveRecord::Attributes::ClassMethods.const_get(:NO_DEFAULT_PROVIDED)
-                else
-                  opt.is_a?(Hash) && opt.key?(:default)
-                end
+              # not ideal, since NO_DEFAULT_PROVIDED is private
+              has_default = opt != ActiveRecord::Attributes::ClassMethods.const_get(:NO_DEFAULT_PROVIDED)
 
               if has_default
                 warn "[lockbox] WARNING: attributes with `:default` option are not supported. Use `after_initialize` instead."
@@ -357,24 +377,13 @@ module Lockbox
 
               attribute name, attribute_type
 
-              if ActiveRecord::VERSION::STRING.to_f >= 7.1
-                case options[:type]
-                when :json
-                  serialize name, coder: JSON
-                when :hash
-                  serialize name, type: Hash, coder: default_column_serializer || YAML
-                when :array
-                  serialize name, type: Array, coder: default_column_serializer || YAML
-                end
-              else
-                case options[:type]
-                when :json
-                  serialize name, JSON
-                when :hash
-                  serialize name, Hash
-                when :array
-                  serialize name, Array
-                end
+              case options[:type]
+              when :json
+                serialize name, coder: JSON
+              when :hash
+                serialize name, type: Hash, coder: default_column_serializer || YAML
+              when :array
+                serialize name, type: Array, coder: default_column_serializer || YAML
               end
             elsif ActiveRecord::VERSION::STRING.to_f >= 7.2
               decorate_attributes([name]) do |attr_name, cast_type|
@@ -408,21 +417,14 @@ module Lockbox
               else
                 attribute name, :string
               end
-            else
+            elsif attributes_to_define_after_schema_loads[name.to_s].first.is_a?(Proc)
               # hack for Active Record 6.1+ to set string type after serialize
               # otherwise, type gets set to ActiveModel::Type::Value
               # which always returns false for changed_in_place?
               # earlier versions of Active Record take the previous code path
-              if ActiveRecord::VERSION::STRING.to_f >= 7.0 && attributes_to_define_after_schema_loads[name.to_s].first.is_a?(Proc)
-                attribute_type = attributes_to_define_after_schema_loads[name.to_s].first.call(nil)
-                if attribute_type.is_a?(ActiveRecord::Type::Serialized) && attribute_type.subtype.nil?
-                  attribute name, ActiveRecord::Type::Serialized.new(ActiveRecord::Type::String.new, attribute_type.coder)
-                end
-              elsif ActiveRecord::VERSION::STRING.to_f >= 6.1 && attributes_to_define_after_schema_loads[name.to_s].first.is_a?(Proc)
-                attribute_type = attributes_to_define_after_schema_loads[name.to_s].first.call
-                if attribute_type.is_a?(ActiveRecord::Type::Serialized) && attribute_type.subtype.nil?
-                  attribute name, ActiveRecord::Type::Serialized.new(ActiveRecord::Type::String.new, attribute_type.coder)
-                end
+              attribute_type = attributes_to_define_after_schema_loads[name.to_s].first.call(nil)
+              if attribute_type.is_a?(ActiveRecord::Type::Serialized) && attribute_type.subtype.nil?
+                attribute name, ActiveRecord::Type::Serialized.new(ActiveRecord::Type::String.new, attribute_type.coder)
               end
             end
 
@@ -581,7 +583,6 @@ module Lockbox
               case options[:type]
               when :boolean
                 message = ActiveRecord::Type::Boolean.new.serialize(message)
-                message = nil if message == "" # for Active Record < 5.2
                 message = message ? "t" : "f" unless message.nil?
               when :date
                 message = ActiveRecord::Type::Date.new.serialize(message)
@@ -589,7 +590,6 @@ module Lockbox
                 message = message.strftime("%Y-%m-%d") unless message.nil?
               when :datetime
                 message = ActiveRecord::Type::DateTime.new.serialize(message)
-                message = nil unless message.respond_to?(:iso8601) # for Active Record < 5.2
                 message = message.iso8601(9) unless message.nil?
               when :time
                 message = ActiveRecord::Type::Time.new.serialize(message)
@@ -606,14 +606,7 @@ module Lockbox
                 # double precision, big endian
                 message = [message].pack("G") unless message.nil?
               when :decimal
-                message =
-                  if ActiveRecord::VERSION::MAJOR >= 6
-                    ActiveRecord::Type::Decimal.new.serialize(message)
-                  else
-                    # issue with serialize in Active Record < 6
-                    # https://github.com/rails/rails/commit/a741208f80dd33420a56486bd9ed2b0b9862234a
-                    ActiveRecord::Type::Decimal.new.cast(message)
-                  end
+                message = ActiveRecord::Type::Decimal.new.serialize(message)
                 # Postgres stores 4 decimal digits in 2 bytes
                 # plus 3 to 8 bytes of overhead
                 # but use string for simplicity
@@ -716,12 +709,6 @@ module Lockbox
       end
     end
 
-    def lockbox_encrypts(*attributes, **options)
-      deprecator = ActiveSupport::VERSION::STRING.to_f >= 7.2 ? ActiveSupport.deprecator : ActiveSupport::Deprecation
-      deprecator.warn("`#{__callee__}` is deprecated in favor of `has_encrypted`")
-      has_encrypted(*attributes, **options)
-    end
-
     module Attached
       def encrypts_attached(*attributes, **options)
         attributes.each do |name|

data/lib/lockbox/railtie.rb

@@ -12,32 +12,15 @@ module Lockbox
         require "lockbox/active_storage_extensions"
 
         ActiveStorage::Attached.prepend(Lockbox::ActiveStorageExtensions::Attached)
-        if ActiveStorage::VERSION::MAJOR >= 6
-          ActiveStorage::Attached::Changes::CreateOne.prepend(Lockbox::ActiveStorageExtensions::CreateOne)
-        end
+        ActiveStorage::Attached::Changes::CreateOne.prepend(Lockbox::ActiveStorageExtensions::CreateOne)
         ActiveStorage::Attached::One.prepend(Lockbox::ActiveStorageExtensions::AttachedOne)
         ActiveStorage::Attached::Many.prepend(Lockbox::ActiveStorageExtensions::AttachedMany)
 
-        # use load hooks when possible
-        if ActiveStorage::VERSION::MAJOR >= 7
-          ActiveSupport.on_load(:active_storage_attachment) do
-            prepend Lockbox::ActiveStorageExtensions::Attachment
-          end
-          ActiveSupport.on_load(:active_storage_blob) do
-            prepend Lockbox::ActiveStorageExtensions::Blob
-          end
-        elsif ActiveStorage::VERSION::MAJOR >= 6
-          ActiveSupport.on_load(:active_storage_attachment) do
-            include Lockbox::ActiveStorageExtensions::Attachment
-          end
-          ActiveSupport.on_load(:active_storage_blob) do
-            prepend Lockbox::ActiveStorageExtensions::Blob
-          end
-        else
-          app.config.to_prepare do
-            ActiveStorage::Attachment.include(Lockbox::ActiveStorageExtensions::Attachment)
-            ActiveStorage::Blob.prepend(Lockbox::ActiveStorageExtensions::Blob)
-          end
+        ActiveSupport.on_load(:active_storage_attachment) do
+          prepend Lockbox::ActiveStorageExtensions::Attachment
+        end
+        ActiveSupport.on_load(:active_storage_blob) do
+          prepend Lockbox::ActiveStorageExtensions::Blob
         end
       end
     end

data/lib/lockbox/version.rb

@@ -1,3 +1,3 @@
 module Lockbox
-  VERSION = "1.4.0"
+  VERSION = "2.1.0"
 end

data/lib/lockbox.rb

@@ -1,5 +1,4 @@
 # stdlib
-require "base64"
 require "openssl"
 require "securerandom"
 require "stringio"
@@ -99,8 +98,12 @@ end
 if defined?(ActiveSupport.on_load)
   ActiveSupport.on_load(:active_record) do
     ar_version = ActiveRecord::VERSION::STRING.to_f
-    if ar_version < 5.2
-      if ar_version >= 5
+    if ar_version < 7.1
+      if ar_version >= 7.0
+        raise Lockbox::Error, "Active Record #{ActiveRecord::VERSION::STRING} requires Lockbox < 2.1"
+      elsif ar_version >= 5.2
+        raise Lockbox::Error, "Active Record #{ActiveRecord::VERSION::STRING} requires Lockbox < 2"
+      elsif ar_version >= 5
         raise Lockbox::Error, "Active Record #{ActiveRecord::VERSION::STRING} requires Lockbox < 0.7"
       else
         raise Lockbox::Error, "Active Record #{ActiveRecord::VERSION::STRING} not supported"
@@ -109,12 +112,19 @@ if defined?(ActiveSupport.on_load)
 
     extend Lockbox::Model
     extend Lockbox::Model::Attached
-    singleton_class.alias_method(:encrypts, :lockbox_encrypts) if ActiveRecord::VERSION::MAJOR < 7
     ActiveRecord::Relation.prepend Lockbox::Calculations
   end
 
   ActiveSupport.on_load(:mongoid) do
+    mongoid_version = Mongoid::VERSION.to_i
+    if mongoid_version < 8
+      if mongoid_version >= 6
+        raise Lockbox::Error, "Mongoid #{Mongoid::VERSION} requires Lockbox < 2"
+      else
+        raise Lockbox::Error, "Mongoid #{Mongoid::VERSION} not supported"
+      end
+    end
+
     Mongoid::Document::ClassMethods.include(Lockbox::Model)
-    Mongoid::Document::ClassMethods.alias_method(:encrypts, :lockbox_encrypts)
   end
 end

metadata

@@ -1,16 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: lockbox
 version: !ruby/object:Gem::Version
-  version: 1.4.0
+  version: 2.1.0
 platform: ruby
 authors:
 - Andrew Kane
-autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-08-10 00:00:00.000000000 Z
+date: 1980-01-02 00:00:00.000000000 Z
 dependencies: []
-description:
 email: andrew@ankane.org
 executables: []
 extensions: []
@@ -43,7 +41,6 @@ homepage: https://github.com/ankane/lockbox
 licenses:
 - MIT
 metadata: {}
-post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -51,15 +48,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '2.6'
+      version: '3.2'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.5.11
-signing_key:
+rubygems_version: 3.6.9
 specification_version: 4
 summary: Modern encryption for Ruby and Rails
 test_files: []