1

I am struggling with an issue with a Rails 5.2.4.1 app. Configuration is the following:

  • Ruby 2.6.5
  • Rails 5.2.4.1
    • attr_encrypted 3.1.0

I have a model called Chicken that has 2 attributes: name - which is attr_encrypted and number - which is a normal integer field. Whenever I perform queries to retrieve any other fields except the attr_encrypted one, that still gets attached to the result and it's alway nil:

Chicken.select(:number) => #<ActiveRecord::Relation [#<Chicken id: nil, number: nil, name: nil>]>

Please keep in mind that this is just a test application and the queries that I am trying to execute on the actual app where I have encountered this initially, are more complex.

Is there a way to prevent attr_encrypted from attaching encrypted fields to queries results? Since the current results mean that I have to re-write all the existing queries in the app or add a filter for these types of fields somehow

Adela Tuduce
  • 41
  • 2
  • Does `attr_encrypted ` mess with the query here or is it creating something onlong the lines of `SELECT chickens.number FROM chickens` as expected? It could be that its not actually attaching anything to the result. What you're seeing is just what happens when you inspect a model - it shows all the attributes even if they are not hydrated - look at the id for example. – max Mar 18 '20 at 17:32
  • ActiveRecord creates the attributes on the class level by reading the database schema - they are not created "on the fly" from the results of a database query. If you want just that column use pluck or any of the methods that return raw results instead of models. – max Mar 18 '20 at 17:36
  • If I use directly the raw SQL query and execute it, then no extra information is attached to the result. If I use ActiveRecord `select` method, then yes, that field gets attached to the results. I would use pluck if I would need only that column, but in reality, I have more complex queries that need to be executed and I would have liked to be able to continue having them functional with ActiveRecord handlers. All of this started happening after a Ruby and Rails upgrade. On Ruby 2.2.2 and Rails 5.0.0, this issue was not reproducible. – Adela Tuduce Mar 19 '20 at 06:51
  • Can you create a example that actually reproduces the issue? As I have explained earlier the output from inspecting the model does not indicate anything about the SQL query and "my real application is so complicated" does not tell us anything about whats going on. – max Mar 19 '20 at 09:53

1 Answers1

0

This problem was caused by this change to attr_encrypted. As far as I can tell, there isn't any easy way to remove this attribute without modifications to the library but no one actively works on it so that seems unlikely.

The only options as far as I can see are to:

  • Use another library
  • Override the models attributes method to exclude the value (may produce undesirable results). It will still show in other methods active record provides.
  • Deal with it
  • Something else I haven't been able to find

A few ways you can deal with it:

  • Use a library to generate JSON responses for the frontend to only include attributes you want
  • redefine serializable_hash like devise does to remove attributes. (A lot safer than redefining the attributes method itself.
Qwertie
  • 5,784
  • 12
  • 45
  • 89