Nest encrypted attribute types within serialized types

Make the order in which `serializes :foo` and `encrypts :foo` are called irrelevant by always nesting the encrypted attribute type inside the serialized type. This required switching from `DelegateClass` to `SimpleDelegator` so that object we are delegating to can be replaced. To ensure that the serialized type survives YAML serialization (there's a test for this), we need to implement init_with to call __setobj__.
djmb · Aug 20, 2024 · ac4c171 · ac4c171
1 parent 1120184
commit ac4c171
Show file tree

Hide file tree

Showing 5 changed files with 36 additions and 10 deletions.
diff --git a/activerecord/lib/active_record/encryption/encryptable_record.rb b/activerecord/lib/active_record/encryption/encryptable_record.rb
@@ -88,7 +88,15 @@ def encrypt_attribute(name, key_provider: nil, key: nil, deterministic: false, s
               scheme = scheme_for key_provider: key_provider, key: key, deterministic: deterministic, support_unencrypted_data: support_unencrypted_data, \
                 downcase: downcase, ignore_case: ignore_case, previous: previous, compress: compress, compressor: compressor, **context_properties
 
-              ActiveRecord::Encryption::EncryptedAttributeType.new(scheme: scheme, cast_type: cast_type, default: columns_hash[name.to_s]&.default)
+              if cast_type.serialized?
+                cast_type.tap do |serialized_type|
+                  serialized_type.replace_serialized_subtype do |current_subtype|
+                    ActiveRecord::Encryption::EncryptedAttributeType.new(scheme: scheme, cast_type: current_subtype, default: columns_hash[name.to_s]&.default)
+                  end
+                end
+              else
+                ActiveRecord::Encryption::EncryptedAttributeType.new(scheme: scheme, cast_type: cast_type, default: columns_hash[name.to_s]&.default)
+              end
             end
 
             preserve_original_encrypted(name) if ignore_case

diff --git a/activerecord/lib/active_record/type/serialized.rb b/activerecord/lib/active_record/type/serialized.rb
@@ -2,7 +2,7 @@
 
 module ActiveRecord
   module Type
-    class Serialized < DelegateClass(ActiveModel::Type::Value) # :nodoc:
+    class Serialized < SimpleDelegator # :nodoc:
       undef to_yaml if method_defined?(:to_yaml)
 
       include ActiveModel::Type::Helpers::Mutable
@@ -12,7 +12,14 @@ class Serialized < DelegateClass(ActiveModel::Type::Value) # :nodoc:
       def initialize(subtype, coder)
         @subtype = subtype
         @coder = coder
-        super(subtype)
+        __setobj__(subtype)
+      end
+
+      def init_with(coder) # :nodoc:
+        # Ensures YAML deserialization calls __setobj__
+        @subtype = coder["subtype"]
+        @coder = coder["coder"]
+        __setobj__(subtype)
       end
 
       def deserialize(value)
@@ -57,6 +64,11 @@ def serialized? # :nodoc:
         true
       end
 
+      def replace_serialized_subtype(&block) # :nodoc:
+        @subtype = block.call(subtype)
+        __setobj__(@subtype)
+      end
+
       private
         def default_value?(value)
           value == coder.load(nil)

diff --git a/activerecord/test/cases/encryption/encryptable_record_test.rb b/activerecord/test/cases/encryption/encryptable_record_test.rb
@@ -92,6 +92,12 @@ class ActiveRecord::Encryption::EncryptableRecordTest < ActiveRecord::Encryption
     assert_encrypted_attribute(traffic_light, :state, states)
   end
 
+  test "encrypts serialized attributes where encrypts is declared first" do
+    states = ["green", "red"]
+    traffic_light = EncryptedFirstTrafficLight.create!(state: states, long_state: states)
+    assert_encrypted_attribute(traffic_light, :state, states)
+  end
+
   test "encrypts store attributes with accessors" do
     traffic_light = EncryptedTrafficLightWithStoreState.create!(color: "red", long_state: ["green", "red"])
     assert_equal "red", traffic_light.color

diff --git a/activerecord/test/models/book_encrypted.rb b/activerecord/test/models/book_encrypted.rb
@@ -53,8 +53,8 @@ class EncryptedBookWithBinary < ActiveRecord::Base
 class EncryptedBookWithSerializedBinary < ActiveRecord::Base
   self.table_name = "encrypted_books"
 
-  encrypts :logo
   serialize :logo, coder: JSON
+  encrypts :logo
 end
 
 class EncryptedBookWithCustomCompressor < ActiveRecord::Base

diff --git a/activerecord/test/models/traffic_light_encrypted.rb b/activerecord/test/models/traffic_light_encrypted.rb
@@ -3,19 +3,19 @@
 
 require "models/traffic_light"
 
-class EncryptedTrafficLight < ActiveRecord::Base
-  self.table_name = "traffic_lights"
-
+class EncryptedTrafficLight < TrafficLight
   encrypts :state
-  serialize :state, type: Array
-  serialize :long_state, type: Array
 end
 
-class EncryptedTrafficLightWithStoreState < ActiveRecord::Base
+class EncryptedFirstTrafficLight < ActiveRecord::Base
   self.table_name = "traffic_lights"
 
   encrypts :state
   serialize :state, type: Array
   serialize :long_state, type: Array
+end
+
+class EncryptedTrafficLightWithStoreState < TrafficLight
   store :state, accessors: %i[ color ], coder: ActiveRecord::Coders::JSON
+  encrypts :state
 end