Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix queries for deterministically encrypted attributed for data migrated from 7.0 #48676

Merged
merged 1 commit into from Jul 17, 2023
Merged

Fix queries for deterministically encrypted attributed for data migrated from 7.0 #48676

merged 1 commit into from Jul 17, 2023

Conversation

jorgemanrubia
Copy link
Contributor

@jorgemanrubia jorgemanrubia commented Jul 6, 2023
edited

#48530 introduced a problem for the system that extends AR queries involving deterministically encrypted attributes. The problem is that this option added the same "previous scheme" for all the attributes, when the only intended ones were the "non deterministic" ones. A side effect of this is that, when encrypting query param values, it was using the wrong encryption scheme.

Fixes #48204 (comment)

Checklist

Before submitting the PR make sure the following are checked:

  • This Pull Request is related to one change. Changes that are unrelated should be opened in separate PRs.
  • Commit message has a detailed description of what changed and why. If this PR fixes a related issue include it in the commit message. Ex: [Fix #issue-number]
  • Tests are added or updated if you fix a bug or add a feature.
  • CHANGELOG files are updated for the changed libraries if there is a behavior change or additional feature. Minor bug fixes and documentation changes should not be included.

@jorgemanrubia jorgemanrubia mentioned this pull request Jul 6, 2023
Closed
@jorgemanrubia jorgemanrubia changed the title Fix a problem with deterministic queries for migrated data from 7.0 Fix queries for deterministically encrypted attributed for data migrated from 7.0 Jul 6, 2023
@jorgemanrubia jorgemanrubia force-pushed the fix-deterministic-encryption-queries branch 2 times, most recently from caf8cb6 to d27fd13 Compare July 6, 2023 10:57
@jorgemanrubia jorgemanrubia requested a review from dhh July 6, 2023 11:24
@duduribeiro
Copy link
Contributor

thanks for this @jorgemanrubia!

@jorgemanrubia jorgemanrubia force-pushed the fix-deterministic-encryption-queries branch from d27fd13 to ba4990f Compare July 7, 2023 13:53
@jorgemanrubia
Fix queries for deterministically encrypted attributed for data migra…
acba68f 
…ted from 7.0.

rails#48530 introduced a problem for the system that extends AR queries involving deterministically encrypted attributes. The problem is that this option added the same "previous scheme" for all the attributes, when the only intended ones were the "non deterministic" ones. A side effect of this is that, when encrypting query param values, it was using the wrong encryption scheme.

Fixes rails#48204 (comment)
@jorgemanrubia jorgemanrubia force-pushed the fix-deterministic-encryption-queries branch from ba4990f to acba68f Compare July 7, 2023 14:06
@dhh dhh merged commit e6d59cd into rails:main Jul 17, 2023
9 checks passed
@tsmartt tsmartt mentioned this pull request Jul 27, 2023
Merged
paulreece pushed a commit to paulreece/rails-paulreece that referenced this pull request Aug 26, 2023
@jorgemanrubia @paulreece
Fix queries for deterministically encrypted attributed for data migra…
80f2a65 
…ted from 7.0. (rails#48676)

rails#48530 introduced a problem for the system that extends AR queries involving deterministically encrypted attributes. The problem is that this option added the same "previous scheme" for all the attributes, when the only intended ones were the "non deterministic" ones. A side effect of this is that, when encrypting query param values, it was using the wrong encryption scheme.

Fixes rails#48204 (comment)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dhh dhh Awaiting requested review from dhh

Assignees
No one assigned
Labels
activerecord
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Upgrade to Rails 7.1 alpha breaks ActiveRecord attribute encryption (deterministic)
3 participants
@jorgemanrubia @duduribeiro @dhh