Closed alec-c4 closed 6 months ago
Yes, it should be possible to use Lockbox. Since Rodauth doesn't use Active Record models, you'll need to override correct Rodauth methods to perform encryption/decryption.
Assuming the following Lockbox & Blind Index setup:
class Account < ActiveRecord::Base
has_encrypted :email
blind_index :email
end
I believe the following Rodauth configuration should work:
save_account do
account[:email_bidx] = generate_bidx(account[login_column])
account[login_column] = encrypt(account[login_column])
super()
end
account_from_login do |login|
account_table_ds
.where(email_bidx: generate_bidx(login))
.where(account_status_column=>[account_unverified_status_value, account_open_status_value])
.first
end
verify_login_change_old_login { decrypt(super()) }
email_to { decrypt(super()) }
auth_class_eval do
private
def _update_login(login)
super(encrypt(login))
end
def encrypt(string)
Account.generate_email_ciphertext(string)
end
def decrypt(string)
Account.decrypt_email_ciphertext(string)
end
def generate_bidx(email)
Account.generate_email_bidx(email)
end
end
Yes, you just need to override the values Rodauth is writing to the database:
account_unverified_status_value "unverified"
account_open_status_value "verified"
account_closed_status_value "closed"
Hi! I have several questions about rodauth:
1 - is it possible to use it with https://github.com/ankane/lockbox 2 - how to configure rodauth to work with native postgresql enums (e.g. in account statuses)?