omg-activerecord 8.0.0.alpha1

data/lib/active_record/dynamic_matchers.rb

@@ -0,0 +1,121 @@
+# frozen_string_literal: true
+
+module ActiveRecord
+  module DynamicMatchers # :nodoc:
+    private
+      def respond_to_missing?(name, _)
+        if self == Base
+          super
+        else
+          match = Method.match(self, name)
+          match && match.valid? || super
+        end
+      end
+
+      def method_missing(name, ...)
+        match = Method.match(self, name)
+
+        if match && match.valid?
+          match.define
+          send(name, ...)
+        else
+          super
+        end
+      end
+
+      class Method
+        @matchers = []
+
+        class << self
+          attr_reader :matchers
+
+          def match(model, name)
+            klass = matchers.find { |k| k.pattern.match?(name) }
+            klass.new(model, name) if klass
+          end
+
+          def pattern
+            @pattern ||= /\A#{prefix}_([_a-zA-Z]\w*)#{suffix}\Z/
+          end
+
+          def prefix
+            raise NotImplementedError
+          end
+
+          def suffix
+            ""
+          end
+        end
+
+        attr_reader :model, :name, :attribute_names
+
+        def initialize(model, method_name)
+          @model           = model
+          @name            = method_name.to_s
+          @attribute_names = @name.match(self.class.pattern)[1].split("_and_")
+          @attribute_names.map! { |name| @model.attribute_aliases[name] || name }
+        end
+
+        def valid?
+          attribute_names.all? { |name| model.columns_hash[name] || model.reflect_on_aggregation(name.to_sym) }
+        end
+
+        def define
+          model.class_eval <<-CODE, __FILE__, __LINE__ + 1
+            def self.#{name}(#{signature})
+              #{body}
+            end
+          CODE
+        end
+
+        private
+          def body
+            "#{finder}(#{attributes_hash})"
+          end
+
+          # The parameters in the signature may have reserved Ruby words, in order
+          # to prevent errors, we start each param name with `_`.
+          def signature
+            attribute_names.map { |name| "_#{name}" }.join(", ")
+          end
+
+          # Given that the parameters starts with `_`, the finder needs to use the
+          # same parameter name.
+          def attributes_hash
+            "{" + attribute_names.map { |name| ":#{name} => _#{name}" }.join(",") + "}"
+          end
+
+          def finder
+            raise NotImplementedError
+          end
+      end
+
+      class FindBy < Method
+        Method.matchers << self
+
+        def self.prefix
+          "find_by"
+        end
+
+        def finder
+          "find_by"
+        end
+      end
+
+      class FindByBang < Method
+        Method.matchers << self
+
+        def self.prefix
+          "find_by"
+        end
+
+        def self.suffix
+          "!"
+        end
+
+        def finder
+          "find_by!"
+        end
+      end
+  end
+end

data/lib/active_record/encryption/auto_filtered_parameters.rb

@@ -0,0 +1,66 @@
+# frozen_string_literal: true
+
+module ActiveRecord
+  module Encryption
+    class AutoFilteredParameters
+      def initialize(app)
+        @app = app
+        @attributes_by_class = Concurrent::Map.new
+        @collecting = true
+
+        install_collecting_hook
+      end
+
+      def enable
+        apply_collected_attributes
+        @collecting = false
+      end
+
+      private
+        attr_reader :app
+
+        def install_collecting_hook
+          ActiveRecord::Encryption.on_encrypted_attribute_declared do |klass, attribute|
+            attribute_was_declared(klass, attribute)
+          end
+        end
+
+        def attribute_was_declared(klass, attribute)
+          if collecting?
+            collect_for_later(klass, attribute)
+          else
+            apply_filter(klass, attribute)
+          end
+        end
+
+        def apply_collected_attributes
+          @attributes_by_class.each do |klass, attributes|
+            attributes.each do |attribute|
+              apply_filter(klass, attribute)
+            end
+          end
+        end
+
+        def collecting?
+          @collecting
+        end
+
+        def collect_for_later(klass, attribute)
+          @attributes_by_class[klass] ||= Concurrent::Array.new
+          @attributes_by_class[klass] << attribute
+        end
+
+        def apply_filter(klass, attribute)
+          filter = [("#{klass.model_name.element}" if klass.name), attribute.to_s].compact.join(".")
+          unless excluded_from_filter_parameters?(filter)
+            app.config.filter_parameters << filter unless app.config.filter_parameters.include?(filter)
+            klass.filter_attributes += [ attribute ]
+          end
+        end
+
+        def excluded_from_filter_parameters?(filter_parameter)
+          ActiveRecord::Encryption.config.excluded_from_filter_parameters.find { |excluded_filter| excluded_filter.to_s == filter_parameter }
+        end
+    end
+  end
+end

data/lib/active_record/encryption/cipher/aes256_gcm.rb

@@ -0,0 +1,101 @@
+# frozen_string_literal: true
+
+require "openssl"
+
+module ActiveRecord
+  module Encryption
+    class Cipher
+      # A 256-GCM cipher.
+      #
+      # By default it will use random initialization vectors. For deterministic encryption, it will use a SHA-256 hash of
+      # the text to encrypt and the secret.
+      #
+      # See +Encryptor+
+      class Aes256Gcm
+        CIPHER_TYPE = "aes-256-gcm"
+
+        class << self
+          def key_length
+            OpenSSL::Cipher.new(CIPHER_TYPE).key_len
+          end
+
+          def iv_length
+            OpenSSL::Cipher.new(CIPHER_TYPE).iv_len
+          end
+        end
+
+        # When iv not provided, it will generate a random iv on each encryption operation (default and
+        # recommended operation)
+        def initialize(secret, deterministic: false)
+          @secret = secret
+          @deterministic = deterministic
+        end
+
+        def encrypt(clear_text)
+          # This code is extracted from +ActiveSupport::MessageEncryptor+. Not using it directly because we want to control
+          # the message format and only serialize things once at the +ActiveRecord::Encryption::Message+ level. Also, this
+          # cipher is prepared to deal with deterministic/non deterministic encryption modes.
+
+          cipher = OpenSSL::Cipher.new(CIPHER_TYPE)
+          cipher.encrypt
+          cipher.key = @secret
+
+          iv = generate_iv(cipher, clear_text)
+          cipher.iv = iv
+
+          encrypted_data = clear_text.empty? ? clear_text.dup : cipher.update(clear_text)
+          encrypted_data << cipher.final
+
+          ActiveRecord::Encryption::Message.new(payload: encrypted_data).tap do |message|
+            message.headers.iv = iv
+            message.headers.auth_tag = cipher.auth_tag
+          end
+        end
+
+        def decrypt(encrypted_message)
+          encrypted_data = encrypted_message.payload
+          iv = encrypted_message.headers.iv
+          auth_tag = encrypted_message.headers.auth_tag
+
+          # Currently the OpenSSL bindings do not raise an error if auth_tag is
+          # truncated, which would allow an attacker to easily forge it. See
+          # https://github.com/ruby/openssl/issues/63
+          raise ActiveRecord::Encryption::Errors::EncryptedContentIntegrity if auth_tag.nil? || auth_tag.bytes.length != 16
+
+          cipher = OpenSSL::Cipher.new(CIPHER_TYPE)
+
+          cipher.decrypt
+          cipher.key = @secret
+          cipher.iv = iv
+
+          cipher.auth_tag = auth_tag
+          cipher.auth_data = ""
+
+          decrypted_data = encrypted_data.empty? ? encrypted_data : cipher.update(encrypted_data)
+          decrypted_data << cipher.final
+
+          decrypted_data
+        rescue OpenSSL::Cipher::CipherError, TypeError, ArgumentError
+          raise ActiveRecord::Encryption::Errors::Decryption
+        end
+
+        def inspect # :nodoc:
+          "#<#{self.class.name}:#{'%#016x' % (object_id << 1)}>"
+        end
+
+        private
+          def generate_iv(cipher, clear_text)
+            if @deterministic
+              generate_deterministic_iv(clear_text)
+            else
+              cipher.random_iv
+            end
+          end
+
+          def generate_deterministic_iv(clear_text)
+            OpenSSL::HMAC.digest(OpenSSL::Digest::SHA256.new, @secret, clear_text)[0, ActiveRecord::Encryption.cipher.iv_length]
+          end
+      end
+    end
+  end
+end

data/lib/active_record/encryption/cipher.rb

@@ -0,0 +1,53 @@
+# frozen_string_literal: true
+
+module ActiveRecord
+  module Encryption
+    # The algorithm used for encrypting and decrypting +Message+ objects.
+    #
+    # It uses AES-256-GCM. It will generate a random IV for non deterministic encryption (default)
+    # or derive an initialization vector from the encrypted content for deterministic encryption.
+    #
+    # See +Cipher::Aes256Gcm+.
+    class Cipher
+      DEFAULT_ENCODING = Encoding::UTF_8
+
+      # Encrypts the provided text and return an encrypted +Message+.
+      def encrypt(clean_text, key:, deterministic: false)
+        cipher_for(key, deterministic: deterministic).encrypt(clean_text).tap do |message|
+          message.headers.encoding = clean_text.encoding.name unless clean_text.encoding == DEFAULT_ENCODING
+        end
+      end
+
+      # Decrypt the provided +Message+.
+      #
+      # When +key+ is an Array, it will try all the keys raising a
+      # +ActiveRecord::Encryption::Errors::Decryption+ if none works.
+      def decrypt(encrypted_message, key:)
+        try_to_decrypt_with_each(encrypted_message, keys: Array(key)).tap do |decrypted_text|
+          decrypted_text.force_encoding(encrypted_message.headers.encoding || DEFAULT_ENCODING)
+        end
+      end
+
+      def key_length
+        Aes256Gcm.key_length
+      end
+
+      def iv_length
+        Aes256Gcm.iv_length
+      end
+
+      private
+        def try_to_decrypt_with_each(encrypted_text, keys:)
+          keys.each.with_index do |key, index|
+            return cipher_for(key).decrypt(encrypted_text)
+          rescue ActiveRecord::Encryption::Errors::Decryption
+            raise if index == keys.length - 1
+          end
+        end
+
+        def cipher_for(secret, deterministic: false)
+          Aes256Gcm.new(secret, deterministic: deterministic)
+        end
+    end
+  end
+end

data/lib/active_record/encryption/config.rb

@@ -0,0 +1,70 @@
+# frozen_string_literal: true
+
+require "openssl"
+
+module ActiveRecord
+  module Encryption
+    # Container of configuration options
+    class Config
+      attr_accessor :primary_key, :deterministic_key, :store_key_references, :key_derivation_salt, :hash_digest_class,
+                    :support_unencrypted_data, :encrypt_fixtures, :validate_column_size, :add_to_filter_parameters,
+                    :excluded_from_filter_parameters, :extend_queries, :previous_schemes, :forced_encoding_for_deterministic_encryption,
+                    :compressor
+
+      def initialize
+        set_defaults
+      end
+
+      # Configure previous encryption schemes.
+      #
+      #   config.active_record.encryption.previous = [ { key_provider: MyOldKeyProvider.new } ]
+      def previous=(previous_schemes_properties)
+        previous_schemes_properties.each do |properties|
+          add_previous_scheme(**properties)
+        end
+      end
+
+      def support_sha1_for_non_deterministic_encryption=(value)
+        if value && has_primary_key?
+          sha1_key_generator = ActiveRecord::Encryption::KeyGenerator.new(hash_digest_class: OpenSSL::Digest::SHA1)
+          sha1_key_provider = ActiveRecord::Encryption::DerivedSecretKeyProvider.new(primary_key, key_generator: sha1_key_generator)
+          add_previous_scheme key_provider: sha1_key_provider
+        end
+      end
+
+      %w(key_derivation_salt primary_key deterministic_key).each do |key|
+        silence_redefinition_of_method "has_#{key}?"
+        define_method("has_#{key}?") do
+          instance_variable_get(:"@#{key}").presence
+        end
+
+        silence_redefinition_of_method key
+        define_method(key) do
+          public_send("has_#{key}?") or
+            raise Errors::Configuration, "Missing Active Record encryption credential: active_record_encryption.#{key}"
+        end
+      end
+
+      private
+        def set_defaults
+          self.store_key_references = false
+          self.support_unencrypted_data = false
+          self.encrypt_fixtures = false
+          self.validate_column_size = true
+          self.add_to_filter_parameters = true
+          self.excluded_from_filter_parameters = []
+          self.previous_schemes = []
+          self.forced_encoding_for_deterministic_encryption = Encoding::UTF_8
+          self.hash_digest_class = OpenSSL::Digest::SHA1
+          self.compressor = Zlib
+
+          # TODO: Setting to false for now as the implementation is a bit experimental
+          self.extend_queries = false
+        end
+
+        def add_previous_scheme(**properties)
+          previous_schemes << ActiveRecord::Encryption::Scheme.new(**properties)
+        end
+    end
+  end
+end

data/lib/active_record/encryption/configurable.rb

@@ -0,0 +1,60 @@
+# frozen_string_literal: true
+
+module ActiveRecord
+  module Encryption
+    # Configuration API for ActiveRecord::Encryption
+    module Configurable
+      extend ActiveSupport::Concern
+
+      included do
+        mattr_reader :config, default: Config.new
+        mattr_accessor :encrypted_attribute_declaration_listeners
+      end
+
+      class_methods do
+        # Expose getters for context properties
+        Context::PROPERTIES.each do |name|
+          delegate name, to: :context
+        end
+
+        def configure(primary_key: nil, deterministic_key: nil, key_derivation_salt: nil, **properties) # :nodoc:
+          config.primary_key = primary_key
+          config.deterministic_key = deterministic_key
+          config.key_derivation_salt = key_derivation_salt
+
+          # Set the default for this property here instead of in +Config#set_defaults+ as this needs
+          # to happen *after* the keys have been set.
+          properties[:support_sha1_for_non_deterministic_encryption] = true if properties[:support_sha1_for_non_deterministic_encryption].nil?
+
+          properties.each do |name, value|
+            ActiveRecord::Encryption.config.send "#{name}=", value if ActiveRecord::Encryption.config.respond_to?("#{name}=")
+          end
+
+          ActiveRecord::Encryption.reset_default_context
+
+          properties.each do |name, value|
+            ActiveRecord::Encryption.context.send "#{name}=", value if ActiveRecord::Encryption.context.respond_to?("#{name}=")
+          end
+        end
+
+        # Register callback to be invoked when an encrypted attribute is declared.
+        #
+        # === Example
+        #
+        #   ActiveRecord::Encryption.on_encrypted_attribute_declared do |klass, attribute_name|
+        #     ...
+        #   end
+        def on_encrypted_attribute_declared(&block)
+          self.encrypted_attribute_declaration_listeners ||= Concurrent::Array.new
+          self.encrypted_attribute_declaration_listeners << block
+        end
+
+        def encrypted_attribute_was_declared(klass, name) # :nodoc:
+          self.encrypted_attribute_declaration_listeners&.each do |block|
+            block.call(klass, name)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/active_record/encryption/context.rb

@@ -0,0 +1,42 @@
+# frozen_string_literal: true
+
+module ActiveRecord
+  module Encryption
+    # An encryption context configures the different entities used to perform encryption:
+    #
+    # * A key provider
+    # * A key generator
+    # * An encryptor, the facade to encrypt data
+    # * A cipher, the encryption algorithm
+    # * A message serializer
+    class Context
+      PROPERTIES = %i[ key_provider key_generator cipher message_serializer encryptor frozen_encryption ]
+
+      attr_accessor(*PROPERTIES)
+
+      def initialize
+        set_defaults
+      end
+
+      alias frozen_encryption? frozen_encryption
+
+      silence_redefinition_of_method :key_provider
+      def key_provider
+        @key_provider ||= build_default_key_provider
+      end
+
+      private
+        def set_defaults
+          self.frozen_encryption = false
+          self.key_generator = ActiveRecord::Encryption::KeyGenerator.new
+          self.cipher = ActiveRecord::Encryption::Cipher.new
+          self.encryptor = ActiveRecord::Encryption::Encryptor.new
+          self.message_serializer = ActiveRecord::Encryption::MessageSerializer.new
+        end
+
+        def build_default_key_provider
+          ActiveRecord::Encryption::DerivedSecretKeyProvider.new(ActiveRecord::Encryption.config.primary_key)
+        end
+    end
+  end
+end

data/lib/active_record/encryption/contexts.rb

@@ -0,0 +1,76 @@
+# frozen_string_literal: true
+
+module ActiveRecord
+  module Encryption
+    # ActiveRecord::Encryption uses encryption contexts to configure the different entities used to
+    # encrypt/decrypt at a given moment in time.
+    #
+    # By default, the library uses a default encryption context. This is the Context that gets configured
+    # initially via +config.active_record.encryption+ options. Library users can define nested encryption contexts
+    # when running blocks of code.
+    #
+    # See Context.
+    module Contexts
+      extend ActiveSupport::Concern
+
+      included do
+        mattr_accessor :default_context, default: Context.new
+        thread_mattr_accessor :custom_contexts
+      end
+
+      class_methods do
+        # Configures a custom encryption context to use when running the provided block of code.
+        #
+        # It supports overriding all the properties defined in +Context+.
+        #
+        # Example:
+        #
+        #     ActiveRecord::Encryption.with_encryption_context(encryptor: ActiveRecord::Encryption::NullEncryptor.new) do
+        #       ...
+        #     end
+        #
+        # Encryption contexts can be nested.
+        def with_encryption_context(properties)
+          self.custom_contexts ||= []
+          self.custom_contexts << default_context.dup
+          properties.each do |key, value|
+            self.current_custom_context.send("#{key}=", value)
+          end
+
+          yield
+        ensure
+          self.custom_contexts.pop
+        end
+
+        # Runs the provided block in an encryption context where encryption is disabled:
+        #
+        # * Reading encrypted content will return its ciphertexts.
+        # * Writing encrypted content will write its clear text.
+        def without_encryption(&block)
+          with_encryption_context encryptor: ActiveRecord::Encryption::NullEncryptor.new, &block
+        end
+
+        # Runs the provided block in an encryption context where:
+        #
+        # * Reading encrypted content will return its ciphertext.
+        # * Writing encrypted content will fail.
+        def protecting_encrypted_data(&block)
+          with_encryption_context encryptor: ActiveRecord::Encryption::EncryptingOnlyEncryptor.new, frozen_encryption: true, &block
+        end
+
+        # Returns the current context. By default it will return the current context.
+        def context
+          self.current_custom_context || self.default_context
+        end
+
+        def current_custom_context
+          self.custom_contexts&.last
+        end
+
+        def reset_default_context
+          self.default_context = Context.new
+        end
+      end
+    end
+  end
+end

data/lib/active_record/encryption/derived_secret_key_provider.rb

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+module ActiveRecord
+  module Encryption
+    # A KeyProvider that derives keys from passwords.
+    class DerivedSecretKeyProvider < KeyProvider
+      def initialize(passwords, key_generator: ActiveRecord::Encryption.key_generator)
+        super(Array(passwords).collect { |password| derive_key_from(password, using: key_generator) })
+      end
+
+      private
+        def derive_key_from(password, using: key_generator)
+          secret = using.derive_key_from(password)
+          ActiveRecord::Encryption::Key.new(secret)
+        end
+    end
+  end
+end

data/lib/active_record/encryption/deterministic_key_provider.rb

@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+
+module ActiveRecord
+  module Encryption
+    # A KeyProvider that derives keys from passwords.
+    class DeterministicKeyProvider < DerivedSecretKeyProvider
+      def initialize(password)
+        passwords = Array(password)
+        raise ActiveRecord::Encryption::Errors::Configuration, "Deterministic encryption keys can't be rotated" if passwords.length > 1
+        super(passwords)
+      end
+    end
+  end
+end