Encrypt database (#194)

* initialize encryption

* encrypt user data

* update avo

* encrypt fixtures

* update user name on sign in

app/avo/resources/user.rb

@@ -1,17 +1,15 @@
 class Avo::Resources::User < Avo::BaseResource
+  self.title = :name
   self.includes = []
-  # self.search = {
-  #   query: -> { query.ransack(id_eq: params[:q], m: "or").result(distinct: false) }
-  # }
+  self.search = {
+    query: -> { query.where(email: params[:q]) }
+  }
 
   def fields
     field :id, as: :id, link_to_record: true
     field :email, as: :text, link_to_record: true
-    field :first_name, as: :text, link_to_record: true
-    field :last_name, as: :text, link_to_record: true
-    # field :verified, as: :boolean
+    field :name, as: :text, link_to_record: true
     field :admin, as: :boolean
-    # field :sessions, as: :has_many, use_resource: Avo::Resources::Session
     field :sessions, as: :has_many
     field :connected_accounts, as: :has_many
   end

app/controllers/sessions/omniauth_controller.rb

@@ -19,6 +19,7 @@ def create
     end
 
     if @user.persisted?
+      @user.update(name: name) if name.present?
       session_record = @user.sessions.create!
       cookies.signed.permanent[:session_token] = {value: session_record.id, httponly: true}
 
@@ -42,6 +43,10 @@ def token
     @token ||= omniauth.credentials&.token
   end
 
+  def name
+    @name ||= omniauth.info&.try(:name)
+  end
+
   def redirect_to_path
     query_params["redirect_to"] || root_path
   end

app/models/connected_account.rb

@@ -16,4 +16,6 @@
 # rubocop:enable Layout/LineLength
 class ConnectedAccount < ApplicationRecord
   belongs_to :user
+
+  encrypts :access_token
 end

app/models/user.rb

@@ -6,12 +6,11 @@
 #  id              :integer          not null, primary key
 #  email           :string           not null
 #  password_digest :string           not null
-#  first_name      :string           default(""), not null
-#  last_name       :string           default(""), not null
 #  verified        :boolean          default(FALSE), not null
 #  admin           :boolean          default(FALSE), not null
 #  created_at      :datetime         not null
 #  updated_at      :datetime         not null
+#  name            :string
 #
 # rubocop:enable Layout/LineLength
 class User < ApplicationRecord
@@ -26,6 +25,9 @@ class User < ApplicationRecord
   validates :email, presence: true, uniqueness: true, format: {with: URI::MailTo::EMAIL_REGEXP}
   validates :password, allow_nil: true, length: {minimum: 6}
 
+  encrypts :email, deterministic: true
+  encrypts :name
+
   before_validation if: -> { email.present? } do
     self.email = email.downcase.strip
   end

config/application.rb

@@ -40,6 +40,9 @@ class Application < Rails::Application
 
     config.active_job.queue_adapter = :solid_queue
     config.solid_queue.connects_to = {database: {writing: :queue}}
+
+    # to remove once encrytion completed
+    config.active_record.encryption.support_unencrypted_data = true
   end
 end
 

config/credentials/development.key

@@ -0,0 +1 @@
+72f8f5453ad7bc95d52e0210095a943d

config/credentials/development.yml.enc

@@ -0,0 +1 @@
+0IEwrEW40oNn/MYRx0ePkPgpvrg+0Kidnh01ZteKFXLckIjQCShmdUXeYe7Mky5RBhDXwMj/01vw6gLQjLuQoW+5yUUxbBwnd9bx9cNtR/dE9kJ4Wz9W7wKnvw4/t28COf7jOoyS97ibcP+rk/FKx0KHM1DLMO2ZK8ypxElJ+3ZjKulEjAfdgutGGLcXi8gQkbj06brDJdUJkHxBy0g006Xh3U6a6bvzabLzTFGeyyn7pJEOLo3FIOtgkCqaNslLbK+5a4OA3hiF5dRmNeJoe8z7EusU1Nr3hnKIrFHLKbGjspzGIby4hEEEcrSiR3CDDrT51Sqanw/jaOyAgSp6lJBrui4zAU9aNFwWb6wInxoh+Y2qOWDo1KF7Nc65WeM6dn/ojsWLZ8p3lwDsQWROf5a81Q8Gw9I4deZYh7nxIPiTHytMy+sF9TG4MNxsU1tQNFpLKcLGDusIAvBip5zaEWCMcmoUzNnRWsFqealfLVDtOKHu7/h8bMD6Am/GgnX1vdwqsHUgjtc0fw==--n33h9L0ZA83CjkxK--xoKDkI9CocR60YXb2G+jjQ==

config/credentials/production.yml.enc

@@ -1 +1 @@
-WBvbeR4/188BtGYFaDnKI+CBK9cgcTxXO7YaJ+QIHw5uqFe7m/9gyidB0hj67S9Fk6J9TARlGIR3GmSBAzVqxjJ9hRLwhStbz+pW5hQJr4KDpVVa4kdmmLDTPdm+vu/iy/Jb0VXnpOwqtEeQUI95NfntXXPX5GhkkUhuP2qNwJ3gEn3WBHpokVlH49N8/TyIFIyp+AX6LP3TQSYbHK+9CBTURa7NQc7M05L9T8Vo971jttJR3cyBZZ66kM5bib68nBD6L6/eWWLOeD35fH8WHa15/1/fNXlqGE0BFNXES9XZeNiFxO7/WsjaNxw0GKuDNA6k0kKkByz7WFTINHLHPqNAE0ThZBVKvU8lbwZrjnoOeacmW0f6nmG4g66n89KATcmbeztx1RFSuQL61d62lHUMnfNDhA+pZq+An3plW6t1X+D48rbZKFYmrqnGkLzhiGMf9YLL/g5O3wrNSxmBeXEEzJtiPRLAu0LZloGkok80cE/MVAXnKPSLdVIm11El0uwWL64bCWWl9tZozmw3ow5mOWp6zjLgxUE=--1HLRAp7hT27xL740--bCUKZM/4OMA8enUVKO6p3g==
+3tXp4oep4HtWHaxibGu+xASgvhZotDVxVTMmZvDUOyStzk/NXXYJw4l+sa14kzjkKskz8JRxlU1ZlXjsNW6zpsFEfgYd9P15h/6vYj/wrlmBesUg3n4WU1hmzA2lSFCdU2GKXrfQCibDF4iGN/pTcJ3LEOBG/68e+2VOo0qFyTNcdr6wTtPArWeKdo/B3V554SWHc6C8TTGOXMvJS0HdVistc4zIC2QXaeTe13g+VXOEhTj4EhJWt/jVoy3hoOPE81CvEtzcYulWmcZC8cu4dPcjYebw/rimXpfaQ+92Cbzcw8IHeT4XpsImmn67GRt1v7yLJHvwK02rrW6H2UCI29/HjA3pMqXLyl2j+MjOZA2dr0USCRAAw/yVaD7Wz6zFME3HJHTGsFAbvLtX+qqcR28DfmqzC6oduR5aaFzfhzwB/oHm51QYbuK0yxeJyDrHdaToATmymp6H+u44//p+kDhWEvfm7/bLxtMqYolV+ZRDP4ZCDm8i/QNzPKJBkzyP4CD1FZ2xY59m80SaTdftF8ZDRtxu7Rak/gnp9ffgQYX95+N2emlD0Yw97raVPJpzB0uZMn3PPYHhIFAl2he+N3NIAFORACVaEZgNKqHqvLq1ivp5s8TgTPL2D5mRXWrnyOsqubEKiEGnohSi+KVXK1tKvvn7ZEJFalgOH8uUWRF4QZ9sizNQgT6CAcO3f0cnCWSwAyPldDPgs1HK0wQI5+l35SwL5TFeOvlSDFglnM5BhUGkk1fgKyr2Tco8OIEC0Xvb9M2Os4miCqcq3EcbTS8t4w==--nIPvQJXLLB0T8w+a--M8o+3kdCe5GyCSTpNB7Nyw==

config/credentials/test.key

@@ -0,0 +1 @@
+5fab4be5ef069dd2127b084bb86c4c70

config/credentials/test.yml.enc

@@ -0,0 +1 @@
+1p8Eh6KdkpRPCf1hKjd2tkgZcqhVBKobvqZrmuzJvFjFP50aTzjpz0CgWDQ7JexX3Bk8EC5G3Hl4Gwgr3PUOXQtDGt+aEjTFA804UZOmP7N3A8Ub6SIy2pvpY0cuV2y5ln5FL/0wz/eDZd+qU1Fex1N/dk4fIIXQRNksBHbdlm5P1yGmioqPlrSC2HN+YAukX7zo463B1DFH9Yj+PNZPD2uiwYx4CZUPrHfvM8uGHdoRVg2MdIolLJ3HNLOtASBJ5neVLGheLKHdEJEND6QEPSZWb7XCkuV8obFE+yAWldChVvHKpNg4KUeU9R/wue+vL00Eklx6Pu8NezQaSFAIGxycP5fwdmpjhpqLe0b4LXzPST9KBJIyK885FW8Y22Q/RtNiKt+xzuWdcW7opnkJrkK/XWW0WxqNrWSsWjE392nqEoY2oU974TRWNuj8+HP9Lw==--BwXZhJwNKzNmfCWc--CWN1LSxp+nX4qAQCiuDYig==

config/environments/test.rb

@@ -67,4 +67,7 @@
   config.action_controller.raise_on_missing_callback_actions = true
 
   config.active_job.queue_adapter = :test
+
+  # encryption
+  config.active_record.encryption.encrypt_fixtures = true
 end

db/migrate/20240912163015_add_name_to_user.rb

@@ -0,0 +1,7 @@
+class AddNameToUser < ActiveRecord::Migration[7.2]
+  def change
+    add_column :users, :name, :string
+    remove_column :users, :first_name, :string
+    remove_column :users, :last_name, :string
+  end
+end

db/migrate/20240912163159_encrypt_user_fields.rb

@@ -0,0 +1,13 @@
+class EncryptUserFields < ActiveRecord::Migration[7.2]
+  def up
+    User.all.each do |user|
+      user.encrypt
+    end
+  end
+
+  def down
+    User.all.each do |user|
+      user.decrypt
+    end
+  end
+end

db/migrate/20240912164120_encrypt_connected_account_field.rb

@@ -0,0 +1,13 @@
+class EncryptConnectedAccountField < ActiveRecord::Migration[7.2]
+  def up
+    ConnectedAccount.all.each do |connected_account|
+      connected_account.encrypt
+    end
+  end
+
+  def down
+    ConnectedAccount.all.each do |connected_account|
+      connected_account.decrypt
+    end
+  end
+end

test/fixtures/users.yml

@@ -6,12 +6,11 @@
 #  id              :integer          not null, primary key
 #  email           :string           not null
 #  password_digest :string           not null
-#  first_name      :string           default(""), not null
-#  last_name       :string           default(""), not null
 #  verified        :boolean          default(FALSE), not null
 #  admin           :boolean          default(FALSE), not null
 #  created_at      :datetime         not null
 #  updated_at      :datetime         not null
+#  name            :string
 #
 # rubocop:enable Layout/LineLength