Filter decrypted attributes

e19445a introduced marking attr_encrypted attributes as virtual attributes to avoid an ActiveRecord deprecation warning in AR 5.1. This had the side effect of exposing the decrypted versions of the attributes in `ActiveRecord::Base#attributes`. This is problematic since the method is leveraged for things like `#as_json` and `respond_with`, meaning a user could inadvertely expose sensitive info with an action like: ``` def show respond_with @user end ```
attr-encrypted · Aug 21, 2019 · e1ec453 · e1ec453
1 parent 3e5b7fa
commit e1ec453
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 0 deletions.
diff --git a/lib/attr_encrypted/adapters/active_record.rb b/lib/attr_encrypted/adapters/active_record.rb
@@ -43,6 +43,12 @@ def assign_attributes(*args)
             def attributes=(*args)
               perform_attribute_assignment :attributes_without_attr_encrypted=, *args
             end
+
+            alias_method :attributes_without_attr_encrypted, :attributes
+            def attributes
+              encrypted_keys = self.class.encrypted_attributes.keys
+              attributes_without_attr_encrypted.reject { |k, _| encrypted_keys.include?(k.to_sym) }
+            end
           end
         end
 

diff --git a/test/active_record_test.rb b/test/active_record_test.rb
@@ -337,4 +337,9 @@ def test_should_evaluate_proc_based_mode
     refute_equal address.encrypted_zipcode, zipcode
     assert_equal address.zipcode, zipcode
   end
+
+  def test_should_filter_decrypted_attributes
+    @person = Person.new(email: '[email protected]')
+    refute @person.attributes.keys.include? "email"
+  end
 end