From e1ec453025d6613ac290d228872edd5337dd1c2c Mon Sep 17 00:00:00 2001 From: Steve Jackson Date: Wed, 21 Aug 2019 16:22:58 -0500 Subject: [PATCH] Filter decrypted attributes e19445a9ae38ed9a55608d28a80e32126f30efd1 introduced marking attr_encrypted attributes as virtual attributes to avoid an ActiveRecord deprecation warning in AR 5.1. This had the side effect of exposing the decrypted versions of the attributes in `ActiveRecord::Base#attributes`. This is problematic since the method is leveraged for things like `#as_json` and `respond_with`, meaning a user could inadvertely expose sensitive info with an action like: ``` def show respond_with @user end ``` --- lib/attr_encrypted/adapters/active_record.rb | 6 ++++++ test/active_record_test.rb | 5 +++++ 2 files changed, 11 insertions(+) diff --git a/lib/attr_encrypted/adapters/active_record.rb b/lib/attr_encrypted/adapters/active_record.rb index fca9343e..59ce0f28 100644 --- a/lib/attr_encrypted/adapters/active_record.rb +++ b/lib/attr_encrypted/adapters/active_record.rb @@ -43,6 +43,12 @@ def assign_attributes(*args) def attributes=(*args) perform_attribute_assignment :attributes_without_attr_encrypted=, *args end + + alias_method :attributes_without_attr_encrypted, :attributes + def attributes + encrypted_keys = self.class.encrypted_attributes.keys + attributes_without_attr_encrypted.reject { |k, _| encrypted_keys.include?(k.to_sym) } + end end end diff --git a/test/active_record_test.rb b/test/active_record_test.rb index 8ec31aea..7d0d53f4 100644 --- a/test/active_record_test.rb +++ b/test/active_record_test.rb @@ -337,4 +337,9 @@ def test_should_evaluate_proc_based_mode refute_equal address.encrypted_zipcode, zipcode assert_equal address.zipcode, zipcode end + + def test_should_filter_decrypted_attributes + @person = Person.new(email: 'test@example.com') + refute @person.attributes.keys.include? "email" + end end