Module: ActiveRecord::Encryption::ExtendedDeterministicQueries

Defined in:
lib/active_record/encryption/extended_deterministic_queries.rb

Overview

Automatically expand encrypted arguments to support querying both encrypted and unencrypted data

Active Record Encryption supports querying the db using deterministic attributes. For example:

Contact.find_by(email_address: "[email protected]")

The value “[email protected]” will get encrypted automatically to perform the query. But there is a problem while the data is being encrypted. This won’t work. During that time, you need these queries to be:

Contact.find_by(email_address: [ "[email protected]", "<encrypted [email protected]>" ])

This patches ActiveRecord to support this automatically. It addresses both:

  • ActiveRecord::Base: Used in Contact.find_by_email_address(…)

  • ActiveRecord::Relation: Used in Contact.internal.find_by_email_address(…)

ActiveRecord::Base relies on ActiveRecord::Relation (ActiveRecord::QueryMethods) but it does some prepared statements caching. That’s why we need to intercept ActiveRecord::Base as soon as it’s invoked (so that the proper prepared statement is cached).

When modifying this file run performance tests in test/performance/extended_deterministic_queries_performance_test.rb to

make sure performance overhead is acceptable.

We will extend this to support previous “encryption context” versions in future iterations

Defined Under Namespace

Modules: CoreQueries, EncryptedQueryArgumentProcessor, ExtendedEncryptableType, InWithAdditionalValues, RelationQueries Classes: AdditionalValue

Class Method Summary collapse

Class Method Details

.install_supportObject



34
35
36
37
38
39
# File 'lib/active_record/encryption/extended_deterministic_queries.rb', line 34

def self.install_support
  ActiveRecord::Relation.prepend(RelationQueries)
  ActiveRecord::Base.include(CoreQueries)
  ActiveRecord::Encryption::EncryptedAttributeType.prepend(ExtendedEncryptableType)
  Arel::Nodes::HomogeneousIn.prepend(InWithAdditionalValues)
end