Add UpgradeSignatureToEncryptionCookieStore

This allows easy upgrading from the old signed Cookie Store <= 3.2
or the deprecated one in 4.0 (the ones that doesn't use key derivation)
to the new one that signs using key derivation

1 files changed, 17 insertions, 0 deletions

diff --git a/actionpack/lib/action_dispatch/middleware/session/cookie_store.rb b/actionpack/lib/action_dispatch/middleware/session/cookie_store.rb
index 55a9314524..d7f83a1cc6 100644
--- a/actionpack/lib/action_dispatch/middleware/session/cookie_store.rb
+++ b/actionpack/lib/action_dispatch/middleware/session/cookie_store.rb
@@ -93,5 +93,22 @@ module ActionDispatch
         request.cookie_jar.encrypted
       end
     end
+
+    # This cookie store helps you upgrading apps that use +CookieStore+ to the new default +EncryptedCookieStore+
+    #
+    # To use this CookieStore set MyApp.config.session_store :upgrade_signature_to_encryption_cookie_store, key: '_myapp_session'
+    # in your config/initializers/session_store.rb
+    class UpgradeSignatureToEncryptionCookieStore < EncryptedCookieStore
+      private
+
+      def get_cookie(env)
+        signed_using_old_secret_cookie_jar(env)[@key] || cookie_jar(env)[@key]
+      end
+
+      def signed_using_old_secret_cookie_jar(env)
+        request = ActionDispatch::Request.new(env)
+        request.cookie_jar.signed_using_old_secret
+      end
+    end
   end
 end