attr_encrypted seems to break serialized attributes #11

tfe opened this Issue Aug 15, 2010 · 11 comments


None yet
7 participants

tfe commented Aug 15, 2010

Just observed the following behavior:

  1. declared a attr_encrypted
  2. declared a serialize :attribute below it

After that, my serialized fields weren't being de-serialized. Accessing the attribute yielded the YAML string instead of the deserialized object (Array in my case).

Moving the attr_encrypted call to after the serialize call seems to have fixed that specific problem. Makes me worry about more hidden issues though.

This is on Rails 2.3.2 and Ruby 1.8.7.

florent commented Sep 14, 2010

I've seen the exact same behaviour with a Rails 3/Ruby 1.9.2 app.
Another solution to make things work:

after_initialize do

Note for those who (would) wonder how attr_encrypted works in a Rails 3 app: I'm using the fork from cgod


shuber commented Mar 8, 2011

I was running into the same issue before which is why I added the :marshal => true option to handle serialization.

We may be able to add some type of serialization related logic to the ActiveRecord adapter e.g. do_something_special if serialized_attributes.include?(attribute)

So, what is the best way to handle serialized encrypted attributes right now for Rails 2.3.11? I've tried changing the ordering of serialize and attr_encrypted, and I have tried adding :marshal => true, but nothing seems to work.


shuber commented Apr 19, 2011

@warnickr I'd recommend sticking with the :marshal => true option since its associated tests seem to be working with ActiveRecord 2.3.11 - we'll just need to figure out why it's not working in your particular case first.

Did you remove the call to serialize :attribute when you added the :marshal => true option?

I ended up modifying the gem to support serialized attributes in Rails. It is working for what I need it for and I would be happy to submit my changes.


shuber commented Apr 20, 2011

That'd be great, thanks!

Great. I will add some tests and make a pull request.


sbfaulkner commented Sep 12, 2012

Is there any reason to continue using serialize if using attr_encrypted? Wouldn't you just use the :marshal option on attr_encrypted and stop using serialize? (we can certainly update the documentation/README to make this clearer)


troy commented Jul 9, 2013

As far as anyone knows, does attr_encrypted still break serialize in Rails 3.2?

Obviously with :marshal, serialize is much less necessary, and #46 makes it sound like a workaround is to declare the attributes in a specific order, but I'm wondering about surprises down the road.


billymonk commented Jul 23, 2013

Hi @troy,

The problem still exists in Rails 3.2. The workaround in #46 does fix the problem but obviously that's not what we want long term.

PR #22 provides a solution but it doesn't seem to be working for me in a 3.2 application and when I clone the repository a lot of the tests are broken.

We'll keep you posted.

troy referenced this issue in tacoapp/privacy-policy Jul 25, 2013


Your use of attr_encryptor on Heroku #2


sbfaulkner commented Aug 2, 2013

FYI... we have found a potential fix for this (and #46)

the ActiveRecord attr_encrypted adapter adds accessor methods before invoking the base attr_encrypted functionality so that it can detect the attributes. Unfortunately, this means that they are defined before the serializers are set up too. We either need to change the way that attributes are detected (ie. not add the accessor methods), or unload the accessor methods when done, so that things like serializers load correctly.

fix coming soon...

@billymonk billymonk pushed a commit to billymonk/attr_encrypted that referenced this issue Aug 13, 2013

Billy Monk Add test to replicate #11 and #46. 05c4b4f

@billymonk billymonk pushed a commit to billymonk/attr_encrypted that referenced this issue Aug 13, 2013

Billy Monk Undefine attribute methods after we're done with them. Fixes #11 and #46

@billymonk billymonk pushed a commit to billymonk/attr_encrypted that referenced this issue Aug 13, 2013

Billy Monk Add test to replicate #11 and #46. 3739a62

@saghaulor saghaulor referenced this issue Feb 2, 2015

@saghaulor saghaulor Added method to return array of instance_methods_as_symbols.
- In the ActiveRecord adapter, we want to let ActiveRecord call
  define_attribute_methods. If we call it, we're calling it too early, which
  causes the wrong accessor methods to be created. This was the problem
  that was being encountered with serialize. That problem is documented
- By letting ActiveRecord define accessor methods, things behave as they
  should. Namely, ActiveRecord checks to see if an attribute already has
  accessor methods defined before defining them. Using something like
  serialize, accessors are written, and then ActiveRecord sees this and
  doesn't define the accessor methods. So the attr_encrypted and
  serialize accessors work as expected, as well as normal accessors.
- We add the column names to the instance_methods_as_symbols array so
  that attr_encrypted will not define accessor methods for the columns,
  we let ActiveRecord do this for us, as it should.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment