I got the following error bignum too big to convert intolong'`

at:

  def swapper_map(index)
    array = (0..9).to_a
    10.times.collect.with_index do |i|
      array.rotate!(index + i ^ spin).pop # array.rotate!(241241319064) generates the error
    end
  end

I'm using Rails 3.2 so I know that could be it, but I thought reporting would be useful. I'll investigate and come back if I have results.

To cut down on the time for HTTPS requests, wouldn't it be better to save the random IDs in the database and index them?

It seems that only find method is working when using obfuscated ids, thus not allowing to respond with nil if object is not found in the database. could you please fix that?

EDIT: Never mind. though I might suggest tweaking find method to accept another parameter "obfuscated" because keeping track of where the ids are normal and where they are scrambled is quite hard.

Somewhat related to #34.

Account model has obfuscated ID.

User.rb
has_many :accounts, through: :memberships

AccountsController#show
@account = current_user.accounts.find(params[:id])

Error
Couldn't find Account with 'id'=0364209871 [WHERE "memberships"."user_id" = ?]

Workaround suggested in #34 works fine with direct find i.e. Account.find_by_id(params[:id]) but fails to find the account via association.

Environment:
I am running Ruby 1.9.3, Rails 3.2.15 and postgres db

I have to separate models, with different obfuscate_id spin:

class Promotion < ActiveRecord::Base
   obfuscate_id spin: 33549763
end

class Survey < ActiveRecord::Base
  obfuscate_id spin: 73549763
end

I am getting the following error when I have obfuscate_id spin: 12345678 in two or more models:

ActiveRecord::StatementInvalid: PG::Error: ERROR:  value "8867469274" is out of range for type integer
: SELECT  "table_name".* FROM "table_name"  WHERE "table_name"."id" = $1 LIMIT 1

This only happens on the update of the model.

when bundle log this

Bundler could not find compatible versions for gem "rails":
  In Gemfile:
    obfuscate_id (>= 0) ruby depends on
      rails (~> 3.2.1) ruby

    rails (4.1.7)

It looks like the id doesn't get deobfuscated before performing update_attributes.

I'm using:

bill = Bill.find(Bill.deobfuscate_id(params[:id]))
bill.update_attributes(bill_params)

and I get

ActiveRecord::StatementInvalid: PG::NumericValueOutOfRange: ERROR: value "4903661204" is out of range for type integer

I'm using ActionMailer to deliver mails on model creation. My controller code looks like this:

if @flaw.save
  render :show, status: :created

  FlawMailer.user_email(@flaw).deliver_later
  FlawMailer.reported_email(@flaw).deliver_later
else
...

I'm using deliver_later as I don't want the HTTP response by mailing concerns. However, this doesn't work and throws an error, apparently it's trying to use the obfuscated id to look up the Flaw model (even though I'm passing it as a parameter:

[ActiveJob] Enqueued ActionMailer::DeliveryJob (Job ID: 61049335-05ca-452e-8161-205b7c4bde72) to Inline(mailers) with arguments: "FlawMailer", "user_email", "deliver_now", gid://app/Flaw/18
[ActiveJob]   Flaw Load (0.3ms)  SELECT  "flaws".* FROM "flaws" WHERE "flaws"."id" = ?  ORDER BY created_at DESC LIMIT 1  [["id", 1928367482]]
Completed 500 Internal Server Error in 1596ms (Views: 26.2ms | ActiveRecord: 3.8ms)

ActiveRecord::RecordNotFound (Couldn't find Flaw with 'id'=1928367482):
  app/controllers/flaws_controller.rb:19:in `create'

When I use deliver_now instead, this problem vanishes. So there seems to be some incompatibilities between this gem and ActionMailer's deliver_later method.

Im just curious if somebody maintains this gem? 🤔

It still have to rails 5 support at least 🤷‍♂️

In my app I pass the Obfuscated ID to my pagination and want to find Posts using it.

e.g.

before = ObfuscateId.deobfuscate_id(before)
@posts = Post.where('id < ?', before).order('created_at desc').limit(10)

But I get an error undefined method 'deobfuscate_id' for ObfuscateId:Module

Hi.

resources :users do
  resources :signups do
    resources :meters
  end
end

When I want to create a new meter for a signup, it fails:

ActiveRecord::RecordNotFound in MetersController#edit

Couldn't find Meter with id=2890815067 [WHERE "meters"."signup_id" = 4]

Request

Parameters:

{"user_id"=>"9680417952",
"signup_id"=>"0681924370",
"id"=>"2890815067"}

This occurs when I want to edit an existing meter or delete it.

Add this to spec/models/post_spec.rb and it will fail:

describe Post do
  describe "Reloading a record" do
  ....
    context "while locking" do
      it "does not throw an error" do
        expect(lambda { subject.lock! }).to_not raise_error
      end
    end

I have a PR #54 that fixes this but also wanted to leave the issue here formally.

I found a bug with using accepts_nested_attributes_for and setting the id of a related model. In this case AR doesn't call your find method and the id isn't deobfuscated.

Do you have any idea how to fix that in the gem?

When upgrading to Rails 5, bundler works for all my other gems - but when I add obfuscate_id, this is the error I get:

bundle update
Fetching gem metadata from https://rubygems.org/.........
Fetching version metadata from https://rubygems.org/...
Fetching dependency metadata from https://rubygems.org/..
Resolving dependencies.............................................................................................................................................................................................................................................................................................................................................................................................................
Bundler could not find compatible versions for gem "rack":
  In Gemfile:
    rails (= 5.0.0.beta3) ruby depends on
      actioncable (= 5.0.0.beta3) ruby depends on
        actionpack (= 5.0.0.beta3) ruby depends on
          rack (~> 2.x) ruby

    rails (= 5.0.0.beta3) ruby depends on
      actioncable (= 5.0.0.beta3) ruby depends on
        actionpack (= 5.0.0.beta3) ruby depends on
          rack-test (~> 0.6.3) ruby depends on
            rack (>= 1.0) ruby

    sass-rails (>= 0) ruby depends on
      sprockets (< 4.0, >= 2.8) ruby depends on
        rack (< 3, > 1) ruby

    capybara (>= 0) ruby depends on
      rack (>= 1.0.0) ruby

    passenger (>= 0) ruby depends on
      rack (>= 0) ruby

    thin (>= 0) ruby depends on
      rack (~> 1.0) ruby
Bundler could not find compatible versions for gem "rails":
  In Gemfile:
    obfuscate_id (>= 0) ruby depends on
      rails (~> 3.2.1) ruby

    rails (= 5.0.0.beta3) ruby

#28

RubyGems.org doesn't report a license for your gem. This is because it is not specified in the gemspec of your last release.

via e.g.

spec.license = 'MIT'
# or
spec.licenses = ['MIT', 'GPL-2']

Including a license in your gemspec is an easy way for rubygems.org and other tools to check how your gem is licensed. As you can imagine, scanning your repository for a LICENSE file or parsing the README, and then attempting to identify the license or licenses is much more difficult and more error prone. So, even for projects that already specify a license, including a license in your gemspec is a good practice. See, for example, how rubygems.org uses the gemspec to display the rails gem license.

There is even a License Finder gem to help companies/individuals ensure all gems they use meet their licensing needs. This tool depends on license information being available in the gemspec. This is an important enough issue that even Bundler now generates gems with a default 'MIT' license.

I hope you'll consider specifying a license in your gemspec. If not, please just close the issue with a nice message. In either case, I'll follow up. Thanks for your time!

Appendix:

If you need help choosing a license (sorry, I haven't checked your readme or looked for a license file), GitHub has created a license picker tool. Code without a license specified defaults to 'All rights reserved'-- denying others all rights to use of the code.
Here's a list of the license names I've found and their frequencies

p.s. In case you're wondering how I found you and why I made this issue, it's because I'm collecting stats on gems (I was originally looking for download data) and decided to collect license metadata,too, and make issues for gemspecs not specifying a license as a public service :). See the previous link or my blog post about this project for more information.

This gem worked fine, but it broke when I upgraded from rails 3.2 to rails 4.1. I installed the gem from Github to get the latest version, but now I get an error when I call find on the obfuscated id. Not sure if I'm doing something wrong.

This code:

 Answer.find("0183759926")

...results in the following SQL

SELECT "answers".* FROM "answers" WHERE "answers"."id" IN (1862, '--- {}
') ORDER BY answers.updated_at DESC

which is obviously broken. What needs to be done to fix it?

I'm using obfuscate_id on most of my models and everything's been working great so far. But when I try the following line: TransactionQueue.group(:user).sum(:amount) I get the error ActiveRecord::RecordNotFound: Couldn't find User with an out of range ID Both User and TransactionQueue use obfuscated_id

class TransactionQueue < ActiveRecord::Base
  obfuscate_id :spin => 123
  belongs_to :project
  belongs_to :user
  belongs_to :reward_tier
  belongs_to :release
  scope :monthly_transaction_queues, -> { where(type: 'MonthlyTransactionQueue') }
  scope :release_transaction_queues, -> { where(race: 'ReleaseTransactionQueue') }

  # We will need a way to know which subscriptions will subclass the Subscription model
  def self.types
    %w(MonthlyTransactionQueue ReleaseTransactionQueue)
  end

end

This is useful for APIs or passing an array of IDs to the view.

I propose adding a class method, something like this:

Post.all.obfuscate_ids
# Returns array of obfuscated IDs

Thoughts?

Rails no longer passes the options hash through from reload to find, which breaks the mechanism obfuscate_id is using to reload. (Tested on ActiveRecord 4.0.9)

Obfuscate_id's override relies on the :no_obfuscated_id being passed to find, but this no longer gets passed.

def reload(options = nil)
  options = (options || {}).merge(:no_obfuscated_id => true)
  super(options)
end

As a result, calling .reload on an object tries to .find the object and deobfuscates an already deobfuscated ID, causing it to fail.

I get this error in the swapper_map/swap method. However, if I supply a custom spin it works just fine.

Since you generate the default spin by its model name I should probably tell you the name to reproduce it. It happened in the "Employee"-Model.

You pointed one of this limitation
This is not security. obfuscate_id was created to lightly mask record id numbers for the casual user. If you need to really secure your database ids (hint, you probably don't), you need to use real encryption like AES.

So it means the obfuscated ids can be reverse engineered to lookup the exact id in the db? From brute-force?

You also said, using AES would be much better but it isnt recommended. Thats contradicting on its own.

In gist, if the app needs to be secure, what are the measures?

I don't know if this can be considered bug, but when you're using obfuscate_id with active_admin, the batch actions can't find records.

Could someone help me on that? (just telling if is a bug or not... i can make a PR for that)

👍

Hashids is a library to obfuscate ids in short and nice format. It would be great if obfuscate_id could support more encode/decode algorithms like this and even some others.

Saying that I have a model Product.

Then the fixture load function products(:one) would not load anything because the fixture ID is not generated by obfuscate_id but some CRC32.

Option :no_obfuscated_id doest not fix this problem as products() does not directly go to the find method.

My fix is disable obfuscate_id on Rails.test.

Maybe you have better ideas on this.

For use in a javascript or html file for example.

@operation.id of course does not work.

Thank you

Thanks for making this gem. It's awesome. I tried adding a spin in my model, but it didn't seem to make a difference. I'm fine using it as it, but figured I'd let you know.

I have an ApplicationController that all controllers extend.

In this ApplicationController, I try to do:

def current_user
@current_user ||= User.find(session[:user_id]) if session[:user_id]
end

If my user model uses the obfuscate_id, this ApplicationController throws an error on current_user:

Couldn't find User with id=5164061535

Any ideas if this is an issue / fault with the gem or am I doing this wrong?
Thanks.

Hi!

We're trying to use your library within our app. I followed your instructions and added obfuscate_id to my model. Controller / Views seem to work properly but not our test suite. The issue comes while using reloadmethod on any loaded object, giving a lot of errors like ActiveRecord::RecordNotFound: Couldn't find User with id=1084515574

On my console:

u= Model.last

u.id
=> 891

u.reload
=> ActiveRecord::RecordNotFound: Couldn't find Model with id=5084735574

Any ideas?