model.rb in lockbox-0.4.7

- old
+ new

@@ -85,10 +85,13 @@
               def attributes
                 # load attributes
                 # essentially a no-op if already loaded
                 # an exception is thrown if decryption fails
                 self.class.lockbox_attributes.each do |_, lockbox_attribute|
+                  # don't try to decrypt if no decryption key given
+                  next if lockbox_attribute[:algorithm] == "hybrid" && lockbox_attribute[:decryption_key].nil?
+
                   # it is possible that the encrypted attribute is not loaded, eg.
                   # if the record was fetched partially (`User.select(:id).first`).
                   # accessing a not loaded attribute raises an `ActiveModel::MissingAttributeError`.
                   send(lockbox_attribute[:attribute]) if has_attribute?(lockbox_attribute[:encrypted_attribute])
                 end
@@ -261,15 +264,16 @@
           end
 
           define_method("#{name}=") do |message|
             # decrypt first for dirty tracking
             # don't raise error if can't decrypt previous
-            begin
-              send(name)
-            rescue Lockbox::DecryptionError
-              # this is expected for hybrid cryptography
-              warn "[lockbox] Decrypting previous value failed" unless options[:algorithm] == "hybrid"
-              nil
+            # don't try to decrypt if no decryption key given
+            unless options[:algorithm] == "hybrid" && options[:decryption_key].nil?
+              begin
+                send(name)
+              rescue Lockbox::DecryptionError
+                warn "[lockbox] Decrypting previous value failed"
+              end
             end
 
             send("lockbox_direct_#{name}=", message)
 
             # warn every time, as this should be addressed