diff options
| author | Stan Hu <stanhu@gmail.com> | 2018-11-27 19:08:53 +0000 |
|---|---|---|
| committer | Stan Hu <stanhu@gmail.com> | 2018-11-27 19:08:53 +0000 |
| commit | 1524a19302cea096ddf2c008abe1307527ae6938 (patch) | |
| tree | d3a65cfcaef06180c7e41cb8a8f96b16dbaf91c9 /config | |
| parent | c88cea8191d67d7eee5d2cc20f1a5a6818834667 (diff) | |
| parent | 6ddefe7cada5268469561c70a8557cf1545684b2 (diff) | |
| download | gitlab-ce-1524a19302cea096ddf2c008abe1307527ae6938.tar.gz | |
Merge branch '53763-fix-encrypt-columns-data-loss' into 'master'
Correctly handle data-loss scenarios when encrypting columns
Closes #53763
See merge request gitlab-org/gitlab-ce!23306
Diffstat (limited to 'config')
| -rw-r--r-- | config/initializers/attr_encrypted_no_db_connection.rb | 24 |
1 files changed, 22 insertions, 2 deletions
diff --git a/config/initializers/attr_encrypted_no_db_connection.rb b/config/initializers/attr_encrypted_no_db_connection.rb index e007666b852..7ad458929db 100644 --- a/config/initializers/attr_encrypted_no_db_connection.rb +++ b/config/initializers/attr_encrypted_no_db_connection.rb @@ -1,7 +1,18 @@ module AttrEncrypted module Adapters module ActiveRecord - module DBConnectionQuerier + module GitlabMonkeyPatches + # Prevent attr_encrypted from defining virtual accessors for encryption + # data when the code and schema are out of sync. See this issue for more + # details: https://github.com/attr-encrypted/attr_encrypted/issues/332 + def attribute_instance_methods_as_symbols_available? + false + end + + # Prevent attr_encrypted from checking out a database connection + # indefinitely. The result of this method is only used when the former + # is true, but it is called unconditionally, so there is still value to + # ensuring the connection is released def attribute_instance_methods_as_symbols # Use with_connection so the connection doesn't stay pinned to the thread. connected = ::ActiveRecord::Base.connection_pool.with_connection(&:active?) rescue false @@ -15,7 +26,16 @@ module AttrEncrypted end end end - prepend DBConnectionQuerier end end end + +# As of v3.1.0, the attr_encrypted gem defines the AttrEncrypted and +# AttrEncrypted::Adapters::ActiveRecord modules, and uses "extend" to mix them +# into the ActiveRecord::Base class. This intervention overrides utility methods +# defined by attr_encrypted to fix two bugs, as detailed above. +# +# The methods are used here: https://github.com/attr-encrypted/attr_encrypted/blob/3.1.0/lib/attr_encrypted.rb#L145-158 +ActiveSupport.on_load(:active_record) do + extend AttrEncrypted::Adapters::ActiveRecord::GitlabMonkeyPatches +end |