Merge pull request #76 from FundingCircle/gdpreng-894_override_attrib…

…utes_legacy Override .attributes method on legacy EncryptedModel and adds .unencr…
FundingCircle · May 2, 2019 · 56989b2 · 56989b2
2 parents 0a3898b + 2263c4b
commit 56989b2
Show file tree

Hide file tree

Showing 4 changed files with 102 additions and 1 deletion.
diff --git a/lib/vault/latest/encrypted_model.rb b/lib/vault/latest/encrypted_model.rb
@@ -390,6 +390,11 @@ def __vault_encrypt_attribute!(attribute, options, in_after_save: false)
           { column => ciphertext }
         end
 
+        def unencrypted_attributes
+          encrypted_attributes = self.class.__vault_attributes.values.map {|x| x[:encrypted_column].to_s }
+          attributes.delete_if { |attribute| encrypted_attributes.include?(attribute) }
+        end
+
         # Override the reload method to reload the Vault attributes. This will
         # ensure that we always have the most recent data from Vault when we
         # reload a record from the database.

diff --git a/lib/vault/legacy/encrypted_model.rb b/lib/vault/legacy/encrypted_model.rb
@@ -286,6 +286,15 @@ def __vault_load_attributes!
           end
         end
 
+        def attributes
+          super.tap do |attrs|
+            missing_keys = self.class.__vault_attributes.keys.map(&:to_s) - attrs.keys
+            missing_keys.each do |key|
+              attrs.store(key, public_send(key))
+            end
+          end
+        end
+
         # Decrypt and load a single attribute from Vault.
         def __vault_load_attribute!(attribute, options)
           key        = options[:key]
@@ -370,6 +379,11 @@ def __vault_encrypt_attribute!(attribute, options)
           { column => ciphertext }
         end
 
+        def unencrypted_attributes
+          encrypted_attributes = self.class.__vault_attributes.values.map {|x| x[:encrypted_column].to_s }
+          attributes.delete_if { |attribute| encrypted_attributes.include?(attribute) }
+        end
+
         # Override the reload method to reload the Vault attributes. This will
         # ensure that we always have the most recent data from Vault when we
         # reload a record from the database.

diff --git a/spec/dummy/app/models/person.rb b/spec/dummy/app/models/person.rb
@@ -3,9 +3,11 @@
 class Person < ActiveRecord::Base
   include Vault::EncryptedModel
 
-  vault_attribute :date_of_birth_plaintext, type: :date
+  vault_attribute :date_of_birth_plaintext, type: :date, encrypted_column: :date_of_birth_encrypted
   vault_attribute_proxy :date_of_birth, :date_of_birth_plaintext
 
+  vault_attribute :passport_number, encrypted_column: :passport_number_encrypted
+
   vault_attribute :county_plaintext, encrypted_column: :county_encrypted
   vault_attribute_proxy :county, :county_plaintext
 

diff --git a/spec/unit/encrypted_model_spec.rb b/spec/unit/encrypted_model_spec.rb
@@ -134,6 +134,86 @@
     end
   end
 
+  describe '#attributes' do
+    let(:person) { Person.new }
+
+    it 'returns all attributes' do
+      expect(person.attributes).to eq(
+        "business_card" => nil,
+        "business_card_encrypted" => nil,
+        "cc_encrypted" => nil,
+        "county" => nil,
+        "county_encrypted" => nil,
+        "county_plaintext" => nil,
+        "created_at" => nil,
+        "credit_card" => nil,
+        "date_of_birth" => nil,
+        "date_of_birth_encrypted" => nil,
+        "date_of_birth_plaintext" => nil,
+        "details" => nil,
+        "details_encrypted" => nil,
+        "driving_licence_number" => nil,
+        "driving_licence_number_encrypted" => nil,
+        "email" => nil,
+        "email_encrypted" => nil,
+        "favorite_color" => nil,
+        "favorite_color_encrypted" => nil,
+        "float_data" => nil,
+        "float_data_encrypted" => nil,
+        "id" => nil,
+        "integer_data" => nil,
+        "integer_data_encrypted" => nil,
+        "ip_address" => nil,
+        "ip_address_encrypted" => nil,
+        "name" => nil,
+        "non_ascii" => nil,
+        "non_ascii_encrypted" => nil,
+        'passport_number' => nil,
+        "passport_number_encrypted" => nil,
+        "ssn" => nil,
+        "ssn_encrypted" => nil,
+        "state" => nil,
+        "state_encrypted" => nil,
+        "state_plaintext" => nil,
+        "time_data" => nil,
+        "time_data_encrypted" => nil,
+        "updated_at" => nil
+      )
+    end
+  end
+
+  describe '#unencrypted_attributes' do
+    let(:person) { Person.new }
+
+    it 'returns all attributes apart from encrypted fields' do
+      expect(person.unencrypted_attributes).to eq(
+        'business_card' => nil,
+        'county' => nil,
+        'county_plaintext' => nil,
+        'created_at' => nil,
+        'credit_card' => nil,
+        'date_of_birth' => nil,
+        'date_of_birth_plaintext' => nil,
+        'details' => nil,
+        'driving_licence_number' => nil,
+        'email' => nil,
+        'favorite_color' => nil,
+        'float_data' => nil,
+        'id' => nil,
+        'integer_data' => nil,
+        'ip_address' => nil,
+        'name' => nil,
+        'non_ascii' => nil,
+        'passport_number' => nil,
+        'ssn' => nil,
+        'state' => nil,
+        'state_plaintext' => nil,
+        'time_data' => nil,
+        'updated_at' => nil
+      )
+    end
+  end
+
   describe '#vault_persist_before_save!' do
     context "when not used" do
       # Person hasn't had `vault_persist_before_save!` called on it