Decryption casting v2 revert (rails#52693)

* Revert "Switch back to DelegateClass(ActiveModel::Type::Value)"

This reverts commit 91745df.

* Revert "Update docs and changelog"

This reverts commit b234a94.

* Revert "Nest encrypted attribute types within serialized types"

This reverts commit 6a27e7b.

* Revert "Encryption casting with `encrypts` before `serialize`"

This reverts commit 4dd2b22.

Co-authored-by: Rafael Mendonça França <[email protected]>

Author: djmb

activerecord/CHANGELOG.md

@@ -12,16 +12,6 @@
 
     *Justin Talbott*
 
-*   Deserialize database values before decryption
-
-    PostgreSQL binary values (`ActiveRecord::ConnectionAdapters::PostgreSQL::OID::Bytea`)
-    need to be deserialized before they are decrypted.
-
-    Additionally ensure that the order of serialization/deserialization is consistent
-    for `serialize :foo` and `encrypts :foo` whichever order they are declared in.
-
-    *Donal McBreen*
-
 *   Infer default `:inverse_of` option for `delegated_type` definitions.
 
     ```ruby

activerecord/lib/active_record/encryption/encryptable_record.rb

@@ -88,15 +88,7 @@ def encrypt_attribute(name, key_provider: nil, key: nil, deterministic: false, s
               scheme = scheme_for key_provider: key_provider, key: key, deterministic: deterministic, support_unencrypted_data: support_unencrypted_data, \
                 downcase: downcase, ignore_case: ignore_case, previous: previous, compress: compress, compressor: compressor, **context_properties
 
-              type_options = { scheme: scheme, default: columns_hash[name.to_s]&.default }
-
-              if cast_type.serialized?
-                cast_type.replace_serialized_subtype do |current_subtype|
-                  ActiveRecord::Encryption::EncryptedAttributeType.new(cast_type: current_subtype, **type_options)
-                end
-              else
-                ActiveRecord::Encryption::EncryptedAttributeType.new(cast_type: cast_type, **type_options)
-              end
+              ActiveRecord::Encryption::EncryptedAttributeType.new(scheme: scheme, cast_type: cast_type, default: columns_hash[name.to_s]&.default)
             end
 
             preserve_original_encrypted(name) if ignore_case

activerecord/lib/active_record/encryption/encrypted_attribute_type.rb

@@ -33,7 +33,7 @@ def cast(value)
       end
 
       def deserialize(value)
-        decrypt(cast_type.deserialize(value))
+        cast_type.deserialize decrypt(value)
       end
 
       def serialize(value)
@@ -81,7 +81,7 @@ def previous_type?
           @previous_type
         end
 
-        def decrypt(value)
+        def decrypt_as_text(value)
           with_context do
             unless value.nil?
               if @default && @default == value
@@ -99,6 +99,10 @@ def decrypt(value)
           end
         end
 
+        def decrypt(value)
+          text_to_database_type decrypt_as_text(value)
+        end
+
         def try_to_deserialize_with_previous_encrypted_types(value)
           previous_types.each.with_index do |type, index|
             break type.deserialize(value)
@@ -124,11 +128,12 @@ def serialize_with_oldest(value)
         end
 
         def serialize_with_current(value)
-          value = value&.downcase if downcase?
-          cast_type.serialize(encrypt(value.to_s)) unless value.nil?
+          casted_value = cast_type.serialize(value)
+          casted_value = casted_value&.downcase if downcase?
+          encrypt(casted_value.to_s) unless casted_value.nil?
         end
 
-        def encrypt(value)
+        def encrypt_as_text(value)
           with_context do
             if encryptor.binary? && !cast_type.binary?
               raise Errors::Encoding, "Binary encoded data can only be stored in binary columns"
@@ -138,6 +143,10 @@ def encrypt(value)
           end
         end
 
+        def encrypt(value)
+          text_to_database_type encrypt_as_text(value)
+        end
+
         def encryptor
           ActiveRecord::Encryption.encryptor
         end
@@ -153,6 +162,14 @@ def decryption_options
         def clean_text_scheme
           @clean_text_scheme ||= ActiveRecord::Encryption::Scheme.new(downcase: downcase?, encryptor: ActiveRecord::Encryption::NullEncryptor.new)
         end
+
+        def text_to_database_type(value)
+          if value && cast_type.binary?
+            ActiveModel::Type::Binary::Data.new(value)
+          else
+            value
+          end
+        end
     end
   end
 end

activerecord/lib/active_record/type/serialized.rb

@@ -15,13 +15,6 @@ def initialize(subtype, coder)
         super(subtype)
       end
 
-      def init_with(coder) # :nodoc:
-        # Ensures YAML deserialization calls __setobj__
-        @subtype = coder["subtype"]
-        @coder = coder["coder"]
-        __setobj__(subtype)
-      end
-
       def deserialize(value)
         if default_value?(value)
           value
@@ -64,12 +57,6 @@ def serialized? # :nodoc:
         true
       end
 
-      def replace_serialized_subtype(&block) # :nodoc:
-        @subtype = block.call(subtype)
-        __setobj__(@subtype)
-        self
-      end
-
       private
         def default_value?(value)
           value == coder.load(nil)

activerecord/test/cases/encryption/encryptable_record_message_pack_serialized_test.rb

@@ -5,22 +5,19 @@
 require "models/book_encrypted"
 require "active_record/encryption/message_pack_message_serializer"
 
-class ActiveRecord::Encryption::EncryptableRecordMessagePackSerializedTest < ActiveRecord::EncryptionTestCase
+class ActiveRecord::Encryption::EncryptableRecordTest < ActiveRecord::EncryptionTestCase
   fixtures :encrypted_books
 
   test "binary data can be serialized with message pack" do
     all_bytes = (0..255).map(&:chr).join
-    book = EncryptedBookWithBinaryMessagePackSerialized.create!(logo: all_bytes)
-    assert_encrypted_attribute(book, :logo, all_bytes)
+    assert_equal all_bytes, EncryptedBookWithBinaryMessagePackSerialized.create!(logo: all_bytes).logo
   end
 
   test "binary data can be encrypted uncompressed and serialized with message pack" do
-    # Strings below 140 bytes are not compressed
     low_bytes = (0..127).map(&:chr).join
     high_bytes = (128..255).map(&:chr).join
-
-    assert_encrypted_attribute(EncryptedBookWithBinaryMessagePackSerialized.create!(logo: low_bytes), :logo, low_bytes)
-    assert_encrypted_attribute(EncryptedBookWithBinaryMessagePackSerialized.create!(logo: high_bytes), :logo, high_bytes)
+    assert_equal low_bytes, EncryptedBookWithBinaryMessagePackSerialized.create!(logo: low_bytes).logo
+    assert_equal high_bytes, EncryptedBookWithBinaryMessagePackSerialized.create!(logo: high_bytes).logo
   end
 
   test "text columns cannot be serialized with message pack" do

activerecord/test/cases/encryption/encryptable_record_test.rb

@@ -92,12 +92,6 @@ class ActiveRecord::Encryption::EncryptableRecordTest < ActiveRecord::Encryption
     assert_encrypted_attribute(traffic_light, :state, states)
   end
 
-  test "encrypts serialized attributes where encrypts is declared first" do
-    states = ["green", "red"]
-    traffic_light = EncryptedFirstTrafficLight.create!(state: states, long_state: states)
-    assert_encrypted_attribute(traffic_light, :state, states)
-  end
-
   test "encrypts store attributes with accessors" do
     traffic_light = EncryptedTrafficLightWithStoreState.create!(color: "red", long_state: ["green", "red"])
     assert_equal "red", traffic_light.color
@@ -410,13 +404,13 @@ def name
   test "binary data can be encrypted uncompressed" do
     low_bytes = (0..127).map(&:chr).join
     high_bytes = (128..255).map(&:chr).join
-    assert_encrypted_attribute EncryptedBookWithBinary.create!(logo: low_bytes), :logo, low_bytes
-    assert_encrypted_attribute EncryptedBookWithBinary.create!(logo: high_bytes), :logo, high_bytes
+    assert_equal low_bytes, EncryptedBookWithBinary.create!(logo: low_bytes).logo
+    assert_equal high_bytes, EncryptedBookWithBinary.create!(logo: high_bytes).logo
   end
 
   test "serialized binary data can be encrypted" do
     json_bytes = (32..127).map(&:chr)
-    assert_encrypted_attribute EncryptedBookWithSerializedBinary.create!(logo: json_bytes), :logo, json_bytes
+    assert_equal json_bytes, EncryptedBookWithSerializedBinary.create!(logo: json_bytes).logo
   end
 
   test "can compress data with custom compressor" do

activerecord/test/models/traffic_light_encrypted.rb

@@ -7,14 +7,6 @@ class EncryptedTrafficLight < TrafficLight
   encrypts :state
 end
 
-class EncryptedFirstTrafficLight < ActiveRecord::Base
-  self.table_name = "traffic_lights"
-
-  encrypts :state
-  serialize :state, type: Array
-  serialize :long_state, type: Array
-end
-
 class EncryptedTrafficLightWithStoreState < TrafficLight
   store :state, accessors: %i[ color ], coder: ActiveRecord::Coders::JSON
   encrypts :state

guides/source/active_record_encryption.md

@@ -147,7 +147,21 @@ To encrypt Action Text fixtures, you should place them in `fixtures/action_text/
 
 `active_record.encryption` will serialize values using the underlying type before encrypting them, but, unless using a custom `message_serializer`, *they must be serializable as strings*. Structured types like `serialized` are supported out of the box.
 
-If you need to support a custom type, the recommended way is using a [serialized attribute](https://api.rubyonrails.org/classes/ActiveRecord/AttributeMethods/Serialization/ClassMethods.html).
+If you need to support a custom type, the recommended way is using a [serialized attribute](https://api.rubyonrails.org/classes/ActiveRecord/AttributeMethods/Serialization/ClassMethods.html). The declaration of the serialized attribute should go **before** the encryption declaration:
+
+```ruby
+# CORRECT
+class Article < ApplicationRecord
+  serialize :title, type: Title
+  encrypts :title
+end
+
+# INCORRECT
+class Article < ApplicationRecord
+  encrypts :title
+  serialize :title, type: Title
+end
+```
 
 ### Ignoring Case