Merge pull request #42778 from dark-panda/fix-42699-move-forced-encoding-to-encryptor

Move forced encoding on deterministic encryption to the default encryptor
2021-07-14 12:40:50 -04:00 · 2021-07-14 12:40:50 -04:00 · 7127105cca
parent c18339791f 35e88cd6d9
commit 7127105cca
3 changed files with 20 additions and 14 deletions
--- a/activerecord/CHANGELOG.md
+++ b/activerecord/CHANGELOG.md
@ -1,3 +1,9 @@
+*   Move the forcing of clear text encoding to the `ActiveRecord::Encryption::Encryptor`.
+
+    Fixes #42699.
+
+    *J Smith*
+
 *   `partial_inserts` is now disabled by default in new apps.

    This will be the default for new apps in Rails 7. To opt in:
--- a/activerecord/lib/active_record/encryption/encrypted_attribute_type.rb
+++ b/activerecord/lib/active_record/encryption/encrypted_attribute_type.rb
@ -31,8 +31,6 @@ module ActiveRecord
      end

      def serialize(value)
-        value = force_encoding_if_needed(value)
-
        if serialize_with_oldest?
          serialize_with_oldest(value)
        else
@ -51,18 +49,6 @@ module ActiveRecord
      end

      private
-        def force_encoding_if_needed(value)
-          if deterministic? && forced_encoding_for_deterministic_encryption && value && value.encoding != forced_encoding_for_deterministic_encryption
-            value.encode(forced_encoding_for_deterministic_encryption, invalid: :replace, undef: :replace)
-          else
-            value
-          end
-        end
-
-        def forced_encoding_for_deterministic_encryption
-          ActiveRecord::Encryption.config.forced_encoding_for_deterministic_encryption
-        end
-
        def previous_schemes_including_clean_text
          previous_schemes.including((clean_text_scheme if support_unencrypted_data?)).compact
        end
--- a/activerecord/lib/active_record/encryption/encryptor.rb
+++ b/activerecord/lib/active_record/encryption/encryptor.rb
@ -32,6 +32,8 @@ module ActiveRecord
      #   +Cipher+-specific options that will be passed to the Cipher configured in
      #   +ActiveRecord::Encryption.cipher+
      def encrypt(clear_text, key_provider: default_key_provider, cipher_options: {})
+        clear_text = force_encoding_if_needed(clear_text) if cipher_options[:deterministic]
+
        validate_payload_type(clear_text)
        serialize_message build_encrypted_message(clear_text, key_provider: key_provider, cipher_options: cipher_options)
      end
@ -136,6 +138,18 @@ module ActiveRecord
            uncompressed_data.force_encoding(data.encoding)
          end
        end
+
+        def force_encoding_if_needed(value)
+          if forced_encoding_for_deterministic_encryption && value && value.encoding != forced_encoding_for_deterministic_encryption
+            value.encode(forced_encoding_for_deterministic_encryption, invalid: :replace, undef: :replace)
+          else
+            value
+          end
+        end
+
+        def forced_encoding_for_deterministic_encryption
+          ActiveRecord::Encryption.config.forced_encoding_for_deterministic_encryption
+        end
    end
  end
 end