[Fix rails#48685] Make the encryptor agnostic of the type of data to decrypt

maximerety · eileencodes · commit d0f3b007b25f · 2024-01-05T13:05:15.000-05:00
It is the role of the underlying serializer to accept or reject the data
to decrypt depending on its type. This behavior mirrors what is done at
encryption, where the serializer asserts that the input is an
ActiveRecord::Encryption::Message.

This change allows for a wider variety of custom serializers, but does
not change the behavior when using the default MessageSerializer class.
Indeed, the default message serializer will raise a TypeError when
invoking JSON.parse on any non-String input. This error will subsequently
be translated into an ActiveRecord::Encryption::Errors::Encoding error
by the encryptor, which does not change the current behavior at the
encryptor level.

A new test asserts that the default MessageSerializer is able to reject
unexpected data types on its own at decryption time, just as it does at
encryption time (test already present). The test also asserts that an
exception is translated into an ActiveRecord::Encryption::Error::Encoding
error at the encryptor level.
diff --git a/activerecord/CHANGELOG.md b/activerecord/CHANGELOG.md
@@ -1,3 +1,13 @@
+*   Make `ActiveRecord::Encryption::Encryptor` agnostic of the serialization format used for encrypted data.
+
+    Previously, the encryptor instance only allowed an encrypted value serialized as a `String` to be passed to the message serializer.
+
+    Now, the encryptor lets the configured `message_serializer` decide which types of serialized encrypted values are supported. A custom serialiser is therefore allowed to serialize `ActiveRecord::Encryption::Message` objects using a type other than `String`.
+
+    The default `ActiveRecord::Encryption::MessageSerializer` already ensures that only `String` objects are passed for deserialization.
+
+    *Maxime Réty*
+
 *   Fix `encrypted_attribute?` to take into account context properties passed to `encrypts`.
 
     *Maxime Réty*
diff --git a/activerecord/lib/active_record/encryption/encryptor.rb b/activerecord/lib/active_record/encryption/encryptor.rb
@@ -100,7 +100,6 @@ def serialize_message(message)
         end
 
         def deserialize_message(message)
-          raise Errors::Encoding unless message.is_a?(String)
           serializer.load message
         rescue ArgumentError, TypeError, Errors::ForbiddenClass
           raise Errors::Encoding
diff --git a/activerecord/test/cases/encryption/encryptor_test.rb b/activerecord/test/cases/encryption/encryptor_test.rb
@@ -12,7 +12,13 @@ class ActiveRecord::Encryption::EncryptorTest < ActiveRecord::EncryptionTestCase
     assert_encrypt_text("my secret text")
   end
 
-  test "decrypt and invalid string will raise a Decryption error" do
+  test "trying to decrypt something else than a string will raise a Decryption error" do
+    assert_raises(ActiveRecord::Encryption::Errors::Decryption) do
+      @encryptor.decrypt(:it_can_only_decrypt_strings)
+    end
+  end
+
+  test "decrypt an invalid string will raise a Decryption error" do
     assert_raises(ActiveRecord::Encryption::Errors::Decryption) do
       @encryptor.decrypt("some test that does not make sense")
     end
diff --git a/activerecord/test/cases/encryption/message_serializer_test.rb b/activerecord/test/cases/encryption/message_serializer_test.rb
@@ -29,13 +29,13 @@ class ActiveRecord::Encryption::MessageSerializerTest < ActiveRecord::Encryption
     assert_nothing_raised { @serializer.load(class_loading_payload) }
   end
 
-  test "detects random JSON data and raises an invalid dencryption error" do
+  test "detects random JSON data and raises a decryption error" do
     assert_raises ActiveRecord::Encryption::Errors::Decryption do
       @serializer.load JSON.dump("hey there")
     end
   end
 
-  test "detects random JSON hashes and raises an invalid decryption error" do
+  test "detects random JSON hashes and raises a decryption error" do
     assert_raises ActiveRecord::Encryption::Errors::Decryption do
       @serializer.load JSON.dump({ some: "other data" })
     end
@@ -47,6 +47,12 @@ class ActiveRecord::Encryption::MessageSerializerTest < ActiveRecord::Encryption
     end
   end
 
+  test "raises a TypeError when trying to deserialize other data types" do
+    assert_raises TypeError do
+      @serializer.load(:it_can_only_deserialize_strings)
+    end
+  end
+
   test "raises ForbiddenClass when trying to serialize other data types" do
     assert_raises ActiveRecord::Encryption::Errors::ForbiddenClass do
       @serializer.dump("it can only serialize messages!")
diff --git a/guides/source/active_record_encryption.md b/guides/source/active_record_encryption.md
@@ -145,7 +145,7 @@ To encrypt Action Text fixtures, you should place them in `fixtures/action_text/
 
 ### Supported Types
 
-`active_record.encryption` will serialize values using the underlying type before encrypting them, but *they must be serializable as strings*. Structured types like `serialized` are supported out of the box.
+`active_record.encryption` will serialize values using the underlying type before encrypting them, but, unless using a custom `message_serializer`, *they must be serializable as strings*. Structured types like `serialized` are supported out of the box.
 
 If you need to support a custom type, the recommended way is using a [serialized attribute](https://api.rubyonrails.org/classes/ActiveRecord/AttributeMethods/Serialization/ClassMethods.html). The declaration of the serialized attribute should go **before** the encryption declaration:
 
