Automatically expand encrypted arguments to support querying both encrypted and unencrypted data
Active Record Encryption supports querying the db using deterministic attributes. For example:
The value “firstname.lastname@example.org” will get encrypted automatically to perform the query. But there is a problem while the data is being encrypted. This won't work. During that time, you need these queries to be:
Contact.find_by(email_address: [ "email@example.com", "<encrypted firstname.lastname@example.org>" ])
ActiveRecord to support this automatically. It addresses both:
ActiveRecord::Base: Used in +Contact.find_by_email_address(…)+
ActiveRecord::Relation: Used in +Contact.internal.find_by_email_address(…)+
ActiveRecord::Base relies on
ActiveRecord::QueryMethods) but it does some prepared statements caching. That's why we need to intercept
ActiveRecord::Base as soon as it's invoked (so that the proper prepared statement is cached).
When modifying this file run performance tests in
make sure performance overhead is acceptable.
We will extend this to support previous “encryption context” versions in future iterations
@TODO Experimental. Support for every kind of query is pending @TODO It should not patch anything if not needed (no previous schemes or no support for previous encryption schemes)