Commit Graph

4 Commits

Author SHA1 Message Date
Stephen Jolly
27aa222ed3 Stop backfill_encryption double-encoding json/jsonb columns (#2615)
* fix(backfill): stop backfill_encryption double-encoding json/jsonb columns

security:backfill_encryption's plaintext fallback reads jsonb columns via
read_attribute_before_type_cast, which returns the JSON text; assigning
that String to the encrypted setter encrypts the text itself, so the
column thereafter decrypts to a String instead of the original
Array/Hash. Parse the raw value for json/jsonb columns before handing it
to the encryptor. Adds a regression test that fails on main.

Fixes #2611

* fix(backfill): gate backfill on nil-ness so empty values get encrypted

Addresses the Codex review comment on #2615: empty values ({}, [], \"\")
are plaintext that needs encrypting, but the present? gates skipped them,
leaving data the encrypted getters raise on once keys are live. Several
payload columns default to {}. Also applies the same nil-gate to
backfill_sessions user_agent (same idiom; precautionary). Regression
test added.

* docs(security): scope note - backfill doesn't fix any existing double-encoding

Per review: rows corrupted by the pre-fix task decrypt successfully to a
String, so this task cannot distinguish them from legitimately stored
strings; auto-repair would risk mangling valid data for a bounded, shrinking
cohort. Document the limitation and point affected operators at the manual
recovery script in #2611. Also adopt column.type over sql_type substring
matching (review nitpick); behaviour unchanged.
2026-07-08 08:05:49 +02:00
LPW
ee6afb48fd Add encryption support to provider account models (#815)
* Enable encryption for raw payloads in account models.

* Add backfill support for Snaptrade, Coinbase, Coinstats, and Mercury accounts.
2026-02-04 23:40:01 +01:00
LPW
d98711d4ea Rename raw_investments_payload to raw_holdings_payload for Plaid accounts (#760)
* refactor: rename `raw_investments_payload` to `raw_holdings_payload`

- Update references and models to use consistent naming.
- Adjust migrations, tests, and encryption setup accordingly.

* fix: improve safety when accessing raw_holdings_payload keys

- Use `dig` with safe navigation to prevent potential nil errors.
- Add support for decryption from the old column name `raw_investments_payload`.
- Adjust related methods and calculations for consistency.

---------

Co-authored-by: luckyPipewrench <luckypipewrench@proton.me>
2026-01-24 11:16:26 +01:00
soky srm
696ff0966b Initial security fixes (#461)
* Initial sec

* Update PII fields

* FIX add tests

* FIX safely read plaintext data on rake backfill

* Update user.rb

* FIX tests

* encryption_ready? block

* Test conditional to encryption on

---------

Signed-off-by: Juan José Mata <juanjo.mata@gmail.com>
Co-authored-by: Juan José Mata <juanjo.mata@gmail.com>
2026-01-23 22:05:28 +01:00