Filter decrypted attributes

e19445a introduced marking
attr_encrypted attributes as virtual attributes to avoid an ActiveRecord
deprecation warning in AR 5.1.  This had the side effect of exposing
the decrypted versions of the attributes in
`ActiveRecord::Base#attributes`.  This is problematic since the method
is leveraged for things like `#as_json` and `respond_with`, meaning a
user could inadvertely expose sensitive info with an action like:

```
  def show
    respond_with @user
  end
```

Author: stevenjackson

lib/attr_encrypted/adapters/active_record.rb

@@ -43,6 +43,12 @@ def assign_attributes(*args)
             def attributes=(*args)
               perform_attribute_assignment :attributes_without_attr_encrypted=, *args
             end
+
+            alias_method :attributes_without_attr_encrypted, :attributes
+            def attributes
+              encrypted_keys = self.class.encrypted_attributes.keys
+              attributes_without_attr_encrypted.reject { |k, _| encrypted_keys.include?(k.to_sym) }
+            end
           end
         end
 

test/active_record_test.rb

@@ -337,4 +337,9 @@ def test_should_evaluate_proc_based_mode
     refute_equal address.encrypted_zipcode, zipcode
     assert_equal address.zipcode, zipcode
   end
+
+  def test_should_filter_decrypted_attributes
+    @person = Person.new(email: 'test@example.com')
+    refute @person.attributes.keys.include? "email"
+  end
 end