attr_encrypted seems to break serialized attributes

[tfe]

Just observed the following behavior:

1. declared a attr_encrypted
2. declared a serialize :attribute below it

After that, my serialized fields weren't being de-serialized. Accessing the attribute yielded the YAML string instead of the deserialized object (Array in my case).

Moving the attr_encrypted call to after the serialize call seems to have fixed that specific problem. Makes me worry about more hidden issues though.

This is on Rails 2.3.2 and Ruby 1.8.7.

[florent]

I've seen the exact same behaviour with a Rails 3/Ruby 1.9.2 app.
Another solution to make things work:

after_initialize do
  unserialize_attribute('serialized_attribute')
end

Note for those who (would) wonder how attr_encrypted works in a Rails 3 app: I'm using the fork from cgod

[shuber]

I was running into the same issue before which is why I added the :marshal => true option to handle serialization.

We may be able to add some type of serialization related logic to the ActiveRecord adapter e.g. do_something_special if serialized_attributes.include?(attribute)

[warnickr]

So, what is the best way to handle serialized encrypted attributes right now for Rails 2.3.11? I've tried changing the ordering of serialize and attr_encrypted, and I have tried adding :marshal => true, but nothing seems to work.

[shuber]

@warnickr I'd recommend sticking with the :marshal => true option since its associated tests seem to be working with ActiveRecord 2.3.11 - we'll just need to figure out why it's not working in your particular case first.

Did you remove the call to serialize :attribute when you added the :marshal => true option?

[warnickr]

I ended up modifying the gem to support serialized attributes in Rails. It is working for what I need it for and I would be happy to submit my changes.

[shuber]

That'd be great, thanks!

[warnickr]

Great. I will add some tests and make a pull request.

[sbfaulkner]

Is there any reason to continue using serialize if using attr_encrypted? Wouldn't you just use the :marshal option on attr_encrypted and stop using serialize? (we can certainly update the documentation/README to make this clearer)

Thanks!

[troy]

As far as anyone knows, does attr_encrypted still break serialize in Rails 3.2?

Obviously with :marshal, serialize is much less necessary, and #46 makes it sound like a workaround is to declare the attributes in a specific order, but I'm wondering about surprises down the road.

[billymonk]

Hi @troy,

The problem still exists in Rails 3.2. The workaround in #46 does fix the problem but obviously that's not what we want long term.

PR #22 provides a solution but it doesn't seem to be working for me in a 3.2 application and when I clone the repository a lot of the tests are broken.

We'll keep you posted.

[sbfaulkner]

FYI... we have found a potential fix for this (and #46)

the ActiveRecord attr_encrypted adapter adds accessor methods before invoking the base attr_encrypted functionality so that it can detect the attributes. Unfortunately, this means that they are defined before the serializers are set up too. We either need to change the way that attributes are detected (ie. not add the accessor methods), or unload the accessor methods when done, so that things like serializers load correctly.

fix coming soon...