lib/lockbox/active_storage_extensions.rb in lockbox-0.4.1 vs lib/lockbox/active_storage_extensions.rb in lockbox-0.4.2

@@ -14,18 +14,10 @@
       end
 
       def encrypt_attachable(attachable)
         Utils.encrypt_attachable(record, name, attachable)
       end
-
-      def rebuild_attachable(attachment)
-        {
-          io: StringIO.new(attachment.download),
-          filename: attachment.filename,
-          content_type: attachment.content_type
-        }
-      end
     end
 
     module AttachedOne
       if ActiveStorage::VERSION::MAJOR < 6
         def attach(attachable)
@@ -35,11 +27,11 @@
       end
 
       def rotate_encryption!
         raise "Not encrypted" unless encrypted?
 
-        attach(rebuild_attachable(self)) if attached?
+        attach(Utils.rebuild_attachable(self)) if attached?
 
         true
       end
     end
 
@@ -63,11 +55,11 @@
         # must call to_a - do not change
         previous_attachments = attachments.to_a
 
         attachables =
           previous_attachments.map do |attachment|
-            rebuild_attachable(attachment)
+            Utils.rebuild_attachable(attachment)
           end
 
         ActiveStorage::Attachment.transaction do
           attach(attachables)
           previous_attachments.each(&:purge)
@@ -86,28 +78,34 @@
         super(name, record, attachable)
       end
     end
 
     module Attachment
-      extend ActiveSupport::Concern
-
       def download
         result = super
 
         options = Utils.encrypted_options(record, name)
-        if options
+        # only trust the metadata when migrating
+        # as earlier versions of Lockbox won't have it
+        # and it's not a good practice to trust modifiable data
+        encrypted = options && (!options[:migrating] || blob.metadata["encrypted"])
+        if encrypted
           result = Utils.decrypt_result(record, name, options, result)
         end
 
         result
       end
 
       if ActiveStorage::VERSION::MAJOR >= 6
         def open(**options)
           blob.open(**options) do |file|
             options = Utils.encrypted_options(record, name)
-            if options
+            # only trust the metadata when migrating
+            # as earlier versions of Lockbox won't have it
+            # and it's not a good practice to trust modifiable data
+            encrypted = options && (!options[:migrating] || blob.metadata["encrypted"])
+            if encrypted
               result = Utils.decrypt_result(record, name, options, file.read)
               file.rewind
               # truncate may not be available on all platforms
               # according to the Ruby docs
               # may need to create a new temp file instead
@@ -117,19 +115,9 @@
             end
 
             yield file
           end
         end
-      end
-
-      def mark_analyzed
-        if Utils.encrypted_options(record, name)
-          blob.update!(metadata: blob.metadata.merge(analyzed: true))
-        end
-      end
-
-      included do
-        after_save :mark_analyzed
       end
     end
 
     module Blob
       private