Use new rotation signature in cookies.

[ Michael Coyne & Kasper Timm Hansen ]
author: Kasper Timm Hansen <kaspth@gmail.com> 2017-09-24 21:25:59 +0200
committer: Kasper Timm Hansen <kaspth@gmail.com> 2017-09-24 21:25:59 +0200
commit: 9d79d77813c3aca010a5b40cacbd6e68f42ce618 (patch)
tree: 7e6090826a522a474d832c970a80dc8dfd303cb3 /actionpack/lib/action_dispatch/middleware/cookies.rb
parent: b5aa2e0c495b310cbef90b2185ef28cd00745b23 (diff)
download: rails-9d79d77813c3aca010a5b40cacbd6e68f42ce618.tar.gz
rails-9d79d77813c3aca010a5b40cacbd6e68f42ce618.tar.bz2
rails-9d79d77813c3aca010a5b40cacbd6e68f42ce618.zip
1 files changed, 12 insertions, 11 deletions
diff --git a/actionpack/lib/action_dispatch/middleware/cookies.rb b/actionpack/lib/action_dispatch/middleware/cookies.rb
index b3831649a8..06ce0b22f4 100644
--- a/actionpack/lib/action_dispatch/middleware/cookies.rb
+++ b/actionpack/lib/action_dispatch/middleware/cookies.rb
@@ -264,9 +264,9 @@ module ActionDispatch
         end
 
         def upgrade_legacy_hmac_aes_cbc_cookies?
-          request.secret_key_base.present?                       &&
-            request.encrypted_signed_cookie_salt.present?        &&
-            request.encrypted_cookie_salt.present?               &&
+          request.secret_key_base.present? &&
+            request.encrypted_signed_cookie_salt.present? &&
+            request.encrypted_cookie_salt.present? &&
             request.use_authenticated_cookie_encryption
         end
 
@@ -570,12 +570,12 @@ module ActionDispatch
         secret = request.key_generator.generate_key(request.signed_cookie_salt)
         @verifier = ActiveSupport::MessageVerifier.new(secret, digest: signed_cookie_digest, serializer: SERIALIZER)
 
-        request.cookies_rotations.signed.each do |rotation_options|
-          @verifier.rotate serializer: SERIALIZER, **rotation_options
+        request.cookies_rotations.signed.each do |*secrets, **options|
+          @verifier.rotate *secrets, serializer: SERIALIZER, **options
         end
 
         if upgrade_legacy_signed_cookies?
-          @verifier.rotate raw_key: request.secret_token, serializer: SERIALIZER
+          @verifier.rotate request.secret_token, serializer: SERIALIZER
         end
       end
 
@@ -603,14 +603,15 @@ module ActionDispatch
         secret = request.key_generator.generate_key(request.authenticated_encrypted_cookie_salt, key_len)
         @encryptor = ActiveSupport::MessageEncryptor.new(secret, cipher: encrypted_cookie_cipher, serializer: SERIALIZER)
 
-        request.cookies_rotations.encrypted.each do |rotation_options|
-          @encryptor.rotate serializer: SERIALIZER, **rotation_options
+        request.cookies_rotations.encrypted.each do |*secrets, **options|
+          @encryptor.rotate *secrets, serializer: SERIALIZER, **options
         end
 
         if upgrade_legacy_hmac_aes_cbc_cookies?
-          @encryptor.rotate \
-            key_generator: request.key_generator, salt: request.encrypted_cookie_salt, signed_salt: request.encrypted_signed_cookie_salt,
-            cipher: "aes-256-cbc", digest: digest, serializer: SERIALIZER
+          secret = request.key_generator.generate_key(request.encrypted_cookie_salt)
+          sign_secret = request.key_generator.generate_key(request.encrypted_signed_cookie_salt)
+
+          @encryptor.rotate secret, sign_secret, cipher: "aes-256-cbc", digest: digest, serializer: SERIALIZER
         end
 
         if upgrade_legacy_signed_cookies?
author	Kasper Timm Hansen <kaspth@gmail.com>	2017-09-24 21:25:59 +0200
committer	Kasper Timm Hansen <kaspth@gmail.com>	2017-09-24 21:25:59 +0200
commit	9d79d77813c3aca010a5b40cacbd6e68f42ce618 (patch)
tree	7e6090826a522a474d832c970a80dc8dfd303cb3 /actionpack/lib/action_dispatch/middleware/cookies.rb
parent	b5aa2e0c495b310cbef90b2185ef28cd00745b23 (diff)
download	rails-9d79d77813c3aca010a5b40cacbd6e68f42ce618.tar.gz rails-9d79d77813c3aca010a5b40cacbd6e68f42ce618.tar.bz2 rails-9d79d77813c3aca010a5b40cacbd6e68f42ce618.zip