attr_encrypted

108 views
Skip to first unread message

Mark Sobkowicz

unread,
Mar 15, 2011, 10:01:18 AM3/15/11
to Hobo Users
I'm trying to use the gem attr_encrypted in my rails app. I *think* my problem may be with hobo, but I'm not sure.

attr_encrypted allows you to store encrypted data in the database, in a transparent way. In the model, you say:

attr_encrypted :email, :key => "some key"

and you make the database field

encrypted_email :string

This works fabulously in the console. Here is some console output:

Loading development environment (Rails 3.0.3)
>> c = Customer.new
=> #<Customer id: nil, name: nil, address: nil, csz: nil, encrypted_email: nil, created_at: nil, updated_at: nil>
>> c.name = "Bob"
=> "Bob"
>> c.email = "b...@bob.com"
=> "b...@bob.com"
>> c.encrypted_email
=> "D+SyaYNgZjs47txfEnbTYQ==\n"
>> c.email
=> "b...@bob.com"
>> c.save
=> true
>> d = Customer.find_by_name("bob")
=> nil
>> d = Customer.find_by_name("Bob")
=> #<Customer id: 4, name: "Bob", address: nil, csz: nil, encrypted_email: "D+SyaYNgZjs47txfEnbTYQ==\n", created_at: "2011-03-15 13:55:49", updated_at: "2011-03-15 13:55:49">
>> d.email
=> "b...@bob.com"
>>


And it works in my DRYML forms, but only if the record already exists. If the form is for a new record, I get an error in the form

<field-list fields="name, address, csz, email" param/> doesn't work. If I remove 'email' from this list, it does work (no surprise). Any ideas?

Mark


Mark Sobkowicz

unread,
Mar 15, 2011, 10:13:01 AM3/15/11
to Hobo Users
My somewhat inelegant solution (so far) was to change the Customer new controller to

hobo_new
@customer.email = ""

which seems to work.

Mark

Matt Jones

unread,
Mar 15, 2011, 10:59:33 AM3/15/11
to hobo...@googlegroups.com

On Mar 15, 2011, at 10:01 AM, Mark Sobkowicz wrote:

I suspect this may have to do with field-list not being able to figure out what type 'email' is supposed to be. Try adding:

attr_accessor :email, :type => :string

*before* the attr_encrypted call. The net result will be attr_encrypted overwriting the accessor methods from attr_accessor, but the field type will now be declared.

--Matt Jones

Mark Sobkowicz

unread,
Mar 15, 2011, 12:01:52 PM3/15/11
to hobo...@googlegroups.com
Thanks. That worked, and seems likely to be more robust than putting it in the controller.

Mark

> --
> You received this message because you are subscribed to the Google Groups "Hobo Users" group.
> To post to this group, send email to hobo...@googlegroups.com.
> To unsubscribe from this group, send email to hobousers+...@googlegroups.com.
> For more options, visit this group at http://groups.google.com/group/hobousers?hl=en.
>

Mark Sobkowicz

unread,
Mar 15, 2011, 1:07:41 PM3/15/11
to hobo...@googlegroups.com
So now I'd like to search on my encrypted data. I've limited the scope of the problem, so I just want to encrypt the search field entry and search on "encrypted_first_name" and "encrypted_last_name". I don't need to use LIKE in the search - I think that might be nearly impossible, anyway. I'd like to use the nifty javascript in hobo-rapid.js, and just replace the SQL, really. And is there a way to modify the search without mucking up the actual gem? (I'm using 1.3pre29)

On Mar 15, 2011, at 10:59 AM, Matt Jones wrote:

Reply all
Reply to author
Forward
0 new messages