diff options
| author | Santiago Pastorino <santiago@wyeworks.com> | 2012-11-16 17:17:08 -0200 |
|---|---|---|
| committer | Santiago Pastorino <santiago@wyeworks.com> | 2012-11-16 17:29:26 -0200 |
| commit | 8eefdb6d7056dc0d4d63a5c34a4b12701ba21c88 (patch) | |
| tree | 18e732ac6913c5ee1cc211b19ce54396d569f3ef /actionpack/lib/action_dispatch/middleware | |
| parent | d4b9a3fa706034b1ac2a6f8a479a697d071517a9 (diff) | |
| download | rails-8eefdb6d7056dc0d4d63a5c34a4b12701ba21c88.tar.gz rails-8eefdb6d7056dc0d4d63a5c34a4b12701ba21c88.tar.bz2 rails-8eefdb6d7056dc0d4d63a5c34a4b12701ba21c88.zip | |
Add UpgradeSignatureToEncryptionCookieStore
This allows easy upgrading from the old signed Cookie Store <= 3.2
or the deprecated one in 4.0 (the ones that doesn't use key derivation)
to the new one that signs using key derivation
Diffstat (limited to 'actionpack/lib/action_dispatch/middleware')
| -rw-r--r-- | actionpack/lib/action_dispatch/middleware/cookies.rb | 10 | ||||
| -rw-r--r-- | actionpack/lib/action_dispatch/middleware/session/cookie_store.rb | 17 |
2 files changed, 25 insertions, 2 deletions
diff --git a/actionpack/lib/action_dispatch/middleware/cookies.rb b/actionpack/lib/action_dispatch/middleware/cookies.rb index 7936dcb515..2f148752cb 100644 --- a/actionpack/lib/action_dispatch/middleware/cookies.rb +++ b/actionpack/lib/action_dispatch/middleware/cookies.rb @@ -85,7 +85,7 @@ module ActionDispatch SIGNED_COOKIE_SALT = "action_dispatch.signed_cookie_salt".freeze ENCRYPTED_COOKIE_SALT = "action_dispatch.encrypted_cookie_salt".freeze ENCRYPTED_SIGNED_COOKIE_SALT = "action_dispatch.encrypted_signed_cookie_salt".freeze - + TOKEN_KEY = "action_dispatch.secret_token".freeze # Raised when storing more than 4K of session data. CookieOverflow = Class.new StandardError @@ -112,7 +112,8 @@ module ActionDispatch key_generator = env[GENERATOR_KEY] options = { signed_cookie_salt: env[SIGNED_COOKIE_SALT], encrypted_cookie_salt: env[ENCRYPTED_COOKIE_SALT], - encrypted_signed_cookie_salt: env[ENCRYPTED_SIGNED_COOKIE_SALT] } + encrypted_signed_cookie_salt: env[ENCRYPTED_SIGNED_COOKIE_SALT], + token_key: env[TOKEN_KEY] } host = request.host secure = request.ssl? @@ -251,6 +252,11 @@ module ActionDispatch @signed ||= SignedCookieJar.new(self, @key_generator, @options) end + # Only needed for supporting the +UpgradeSignatureToEncryptionCookieStore+, users and plugin authors should not use this + def signed_using_old_secret #:nodoc: + @signed_using_old_secret ||= SignedCookieJar.new(self, ActiveSupport::DummyKeyGenerator.new(@options[:token_key]), @options) + end + # Returns a jar that'll automatically encrypt cookie values before sending them to the client and will decrypt them for read. # If the cookie was tampered with by the user (or a 3rd party), an ActiveSupport::MessageVerifier::InvalidSignature exception # will be raised. diff --git a/actionpack/lib/action_dispatch/middleware/session/cookie_store.rb b/actionpack/lib/action_dispatch/middleware/session/cookie_store.rb index 55a9314524..d7f83a1cc6 100644 --- a/actionpack/lib/action_dispatch/middleware/session/cookie_store.rb +++ b/actionpack/lib/action_dispatch/middleware/session/cookie_store.rb @@ -93,5 +93,22 @@ module ActionDispatch request.cookie_jar.encrypted end end + + # This cookie store helps you upgrading apps that use +CookieStore+ to the new default +EncryptedCookieStore+ + # + # To use this CookieStore set MyApp.config.session_store :upgrade_signature_to_encryption_cookie_store, key: '_myapp_session' + # in your config/initializers/session_store.rb + class UpgradeSignatureToEncryptionCookieStore < EncryptedCookieStore + private + + def get_cookie(env) + signed_using_old_secret_cookie_jar(env)[@key] || cookie_jar(env)[@key] + end + + def signed_using_old_secret_cookie_jar(env) + request = ActionDispatch::Request.new(env) + request.cookie_jar.signed_using_old_secret + end + end end end |