ActiveRecord::Encryption::ExtendedDeterministicQueries

Automatically expand encrypted arguments to support querying both encrypted and unencrypted data

Active Record Encryption supports querying the db using deterministic attributes. For example:

Contact.find_by(email_address: "jorge@hey.com")

The value “jorge@hey.com” will get encrypted automatically to perform the query. But there is a problem while the data is being encrypted. This won’t work. During that time, you need these queries to be:

Contact.find_by(email_address: [ "jorge@hey.com", "<encrypted jorge@hey.com>" ])

This patches ActiveRecord to support this automatically. It addresses both:

ActiveRecord::Base - Used in Contact.find_by_email_address(...)
ActiveRecord::Relation - Used in Contact.internal.find_by_email_address(...)

This module is included if ‘config.active_record.encryption.extend_queries` is `true`.

Namespace

Module

Class

ActiveRecord::Encryption::ExtendedDeterministicQueries::AdditionalValue

Methods

install_support

Class Public methods

install_support()

📝 Source code

# File activerecord/lib/active_record/encryption/extended_deterministic_queries.rb, line 24
      def self.install_support
        # ActiveRecord::Base relies on ActiveRecord::Relation (ActiveRecord::QueryMethods) but it does
        # some prepared statements caching. That's why we need to intercept +ActiveRecord::Base+ as soon
        # as it's invoked (so that the proper prepared statement is cached).
        ActiveRecord::Relation.prepend(RelationQueries)
        ActiveRecord::Base.include(CoreQueries)
        ActiveRecord::Encryption::EncryptedAttributeType.prepend(ExtendedEncryptableType)
      end

🔎 See on GitHub