Further shift validation to first method access

Author: atyndall

lib/kms_rails/active_record.rb

@@ -14,11 +14,10 @@ def kms_attr(field, key_id:, retain: false, msgpack: false, context_key: nil, co
         include InstanceMethods
 
         real_field = "#{field}_enc"
-        raise RuntimeError, "Field '#{field}' must not be a real column, '#{real_field}' is the real column" if self.column_names.include?(field.to_s)
-        
-        enc = Core.new(key_id: key_id, msgpack: msgpack, context_key: context_key, context_value: context_value)
+        enc        = Core.new(key_id: key_id, msgpack: msgpack, context_key: context_key, context_value: context_value)
 
         define_method "#{field}=" do |data|
+          raise RuntimeError, "Field '#{field}' must not be a real column, '#{real_field}' is the real column" if self.class.column_names.include?(field.to_s)
           raise RuntimeError, "Field '#{real_field}' must exist to store encrypted data" unless self.class.column_names.include?(real_field)
 
           if data.blank? # Just set to nil if nil
@@ -35,11 +34,13 @@ def kms_attr(field, key_id:, retain: false, msgpack: false, context_key: nil, co
         end
 
         define_method "#{real_field}" do
+          raise RuntimeError, "Field '#{field}' must not be a real column, '#{real_field}' is the real column" if self.class.column_names.include?(field.to_s)
           raise RuntimeError, "Field '#{real_field}' must exist to retrieve encrypted data" unless self.class.column_names.include?(real_field)
           Core.to64( get_hash(field) )
         end
 
         define_method "#{field}" do
+          raise RuntimeError, "Field '#{field}' must not be a real column, '#{real_field}' is the real column" if self.class.column_names.include?(field.to_s)
           raise RuntimeError, "Field '#{real_field}' must exist to retrieve decrypted data" unless self.class.column_names.include?(real_field)
 
           hash = get_hash(field)

lib/kms_rails/version.rb

@@ -1,3 +1,3 @@
 module KmsRails
-  VERSION = "0.0.9"
+  VERSION = "0.0.10"
 end

spec/kms_rails/active_record_spec.rb

@@ -73,15 +73,15 @@
       subject { model.new }
 
       it 'throws an exception on retrieve' do
-        expect { subject.the_secret }.to raise_error(RuntimeError)
+        expect { subject.the_secret }.to raise_error(RuntimeError, /must exist to retrieve decrypted data/)
       end
 
       it 'throws an exception on set' do
-        expect { subject.the_secret = 'foo' }.to raise_error(RuntimeError)
+        expect { subject.the_secret = 'foo' }.to raise_error(RuntimeError, /must exist to store encrypted data/)
       end
 
       it 'throws an exception on real retrieve' do
-        expect { subject.the_secret_enc }.to raise_error(RuntimeError)
+        expect { subject.the_secret_enc }.to raise_error(RuntimeError, /must exist to retrieve encrypted data/)
       end
     end
 
@@ -95,10 +95,23 @@
       end
 
       let (:model) { RealFieldModel }
-      subject { model.kms_attr :the_secret, key_id: 'a' }
 
-      it 'throws an exception' do
-        expect { subject }.to raise_error(RuntimeError)
+      before do
+        model.kms_attr :the_secret, key_id: 'a'
+      end
+
+      subject { model.new }
+
+      it 'throws an exception on retrieve' do
+        expect { subject.the_secret }.to raise_error(RuntimeError, /must not be a real column/)
+      end
+
+      it 'throws an exception on set' do
+        expect { subject.the_secret = 'foo' }.to raise_error(RuntimeError, /must not be a real column/)
+      end
+
+      it 'throws an exception on real retrieve' do
+        expect { subject.the_secret_enc }.to raise_error(RuntimeError, /must not be a real column/)
       end
     end
   end