Move forced encoding on deterministic encryption to the default encryptor
This commit is contained in:
parent
a8a54a1821
commit
35e88cd6d9
@ -1,3 +1,9 @@
|
|||||||
|
* Move the forcing of clear text encoding to the `ActiveRecord::Encryption::Encryptor`.
|
||||||
|
|
||||||
|
Fixes #42699.
|
||||||
|
|
||||||
|
*J Smith*
|
||||||
|
|
||||||
* `partial_inserts` is now disabled by default in new apps.
|
* `partial_inserts` is now disabled by default in new apps.
|
||||||
|
|
||||||
This will be the default for new apps in Rails 7. To opt in:
|
This will be the default for new apps in Rails 7. To opt in:
|
||||||
|
@ -31,8 +31,6 @@ def deserialize(value)
|
|||||||
end
|
end
|
||||||
|
|
||||||
def serialize(value)
|
def serialize(value)
|
||||||
value = force_encoding_if_needed(value)
|
|
||||||
|
|
||||||
if serialize_with_oldest?
|
if serialize_with_oldest?
|
||||||
serialize_with_oldest(value)
|
serialize_with_oldest(value)
|
||||||
else
|
else
|
||||||
@ -51,18 +49,6 @@ def previous_types # :nodoc:
|
|||||||
end
|
end
|
||||||
|
|
||||||
private
|
private
|
||||||
def force_encoding_if_needed(value)
|
|
||||||
if deterministic? && forced_encoding_for_deterministic_encryption && value && value.encoding != forced_encoding_for_deterministic_encryption
|
|
||||||
value.encode(forced_encoding_for_deterministic_encryption, invalid: :replace, undef: :replace)
|
|
||||||
else
|
|
||||||
value
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
def forced_encoding_for_deterministic_encryption
|
|
||||||
ActiveRecord::Encryption.config.forced_encoding_for_deterministic_encryption
|
|
||||||
end
|
|
||||||
|
|
||||||
def previous_schemes_including_clean_text
|
def previous_schemes_including_clean_text
|
||||||
previous_schemes.including((clean_text_scheme if support_unencrypted_data?)).compact
|
previous_schemes.including((clean_text_scheme if support_unencrypted_data?)).compact
|
||||||
end
|
end
|
||||||
|
@ -32,6 +32,8 @@ class Encryptor
|
|||||||
# +Cipher+-specific options that will be passed to the Cipher configured in
|
# +Cipher+-specific options that will be passed to the Cipher configured in
|
||||||
# +ActiveRecord::Encryption.cipher+
|
# +ActiveRecord::Encryption.cipher+
|
||||||
def encrypt(clear_text, key_provider: default_key_provider, cipher_options: {})
|
def encrypt(clear_text, key_provider: default_key_provider, cipher_options: {})
|
||||||
|
clear_text = force_encoding_if_needed(clear_text) if cipher_options[:deterministic]
|
||||||
|
|
||||||
validate_payload_type(clear_text)
|
validate_payload_type(clear_text)
|
||||||
serialize_message build_encrypted_message(clear_text, key_provider: key_provider, cipher_options: cipher_options)
|
serialize_message build_encrypted_message(clear_text, key_provider: key_provider, cipher_options: cipher_options)
|
||||||
end
|
end
|
||||||
@ -136,6 +138,18 @@ def uncompress(data)
|
|||||||
uncompressed_data.force_encoding(data.encoding)
|
uncompressed_data.force_encoding(data.encoding)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def force_encoding_if_needed(value)
|
||||||
|
if forced_encoding_for_deterministic_encryption && value && value.encoding != forced_encoding_for_deterministic_encryption
|
||||||
|
value.encode(forced_encoding_for_deterministic_encryption, invalid: :replace, undef: :replace)
|
||||||
|
else
|
||||||
|
value
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
def forced_encoding_for_deterministic_encryption
|
||||||
|
ActiveRecord::Encryption.config.forced_encoding_for_deterministic_encryption
|
||||||
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
Loading…
Reference in New Issue
Block a user