diff options
author | Edouard CHIN <edouard.chin@shopify.com> | 2019-05-13 16:02:38 +0200 |
---|---|---|
committer | Edouard CHIN <edouard.chin@shopify.com> | 2019-06-06 15:21:03 +0200 |
commit | a5502f4a795d6d34d4f05eeefc9f9a653eff0eb0 (patch) | |
tree | c9eeacd4f58546e7cfbceb6d164bc812b0655ab1 /activesupport/CHANGELOG.md | |
parent | 648144649a71310fc5950a2ffd6de7c284058108 (diff) | |
download | rails-a5502f4a795d6d34d4f05eeefc9f9a653eff0eb0.tar.gz rails-a5502f4a795d6d34d4f05eeefc9f9a653eff0eb0.tar.bz2 rails-a5502f4a795d6d34d4f05eeefc9f9a653eff0eb0.zip |
Allow `on_rotation` in MessageEncryptor to be passed in constructor:
- Use case:
I'm writing a wrapper around MessageEncryptor to make things easier
to rotate a secret in our app.
It works something like
```ruby
crypt = RotatableSecret.new(['old_secret', 'new_secret'])
crypt.decrypt_and_verify(message)
```
I'd like the caller to not have to care about passing the
`on_rotation` option and have the wrapper deal with it when
instantiating the MessageEncryptor object.
Also, almost all of the time the on_rotation should be the same when
rotating a secret (logging something or StatsD event) so I think
it's not worth having to repeat ourselves each time we decrypt a message.
Diffstat (limited to 'activesupport/CHANGELOG.md')
-rw-r--r-- | activesupport/CHANGELOG.md | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/activesupport/CHANGELOG.md b/activesupport/CHANGELOG.md index 955eb7eef9..29b22bb3f9 100644 --- a/activesupport/CHANGELOG.md +++ b/activesupport/CHANGELOG.md @@ -1,3 +1,20 @@ +* Allow the on_rotation proc used when decrypting/verifying a message to be + be passed at the constructor level. + + Before: + + crypt = ActiveSupport::MessageEncryptor.new('long_secret') + crypt.decrypt_and_verify(encrypted_message, on_rotation: proc { ... }) + crypt.decrypt_and_verify(another_encrypted_message, on_rotation: proc { ... }) + + After: + + crypt = ActiveSupport::MessageEncryptor.new('long_secret', on_rotation: proc { ... }) + crypt.decrypt_and_verify(encrypted_message) + crypt.decrypt_and_verify(another_encrypted_message) + + *Edouard Chin* + * `delegate_missing_to` would raise a `DelegationError` if the object delegated to was `nil`. Now the `allow_nil` option has been added to enable the user to specify they want `nil` returned in this case. |