Initial security fixes (#461)

* Initial sec * Update PII fields * FIX add tests * FIX safely read plaintext data on rake backfill * Update user.rb * FIX tests * encryption_ready? block * Test conditional to encryption on --------- Signed-off-by: Juan José Mata <juanjo.mata@gmail.com> Co-authored-by: Juan José Mata <juanjo.mata@gmail.com>
2026-04-19 03:54:08 +00:00 · 2026-01-23 22:05:28 +01:00
parent 71f10c5e4a
commit 696ff0966b
21 changed files with 645 additions and 55 deletions
--- a/app/models/api_key.rb
+++ b/app/models/api_key.rb
@@ -1,8 +1,12 @@
 class ApiKey < ApplicationRecord
+  include Encryptable
+
  belongs_to :user

-  # Use Rails built-in encryption for secure storage
-  encrypts :display_key, deterministic: true
+  # Encrypt display_key if ActiveRecord encryption is configured
+  if encryption_ready?
+    encrypts :display_key, deterministic: true
+  end

  # Constants
  SOURCES = [ "web", "mobile" ].freeze