aboutsummaryrefslogtreecommitdiffstats
path: root/activesupport/lib/active_support/messages
diff options
context:
space:
mode:
authorKasper Timm Hansen <kaspth@gmail.com>2017-09-24 20:06:38 +0200
committerKasper Timm Hansen <kaspth@gmail.com>2017-09-24 21:00:03 +0200
commitb5aa2e0c495b310cbef90b2185ef28cd00745b23 (patch)
treed2137a7daf3328540dfb01e973d6585478ffeb3d /activesupport/lib/active_support/messages
parent20ba2e762ceab098371122b0c02b4a90239d2ace (diff)
downloadrails-b5aa2e0c495b310cbef90b2185ef28cd00745b23.tar.gz
rails-b5aa2e0c495b310cbef90b2185ef28cd00745b23.tar.bz2
rails-b5aa2e0c495b310cbef90b2185ef28cd00745b23.zip
Remove advanced key generator rotations from verifier/encryptor.
Noticed that verifiers and encryptors never once mentioned key generators and salts but only concerned themselves with generated secrets. Clears up the confusing naming around raw_key and secret as well. And makes the rotation API follow the constructor signature to the letter.
Diffstat (limited to 'activesupport/lib/active_support/messages')
-rw-r--r--activesupport/lib/active_support/messages/rotator.rb40
1 files changed, 6 insertions, 34 deletions
diff --git a/activesupport/lib/active_support/messages/rotator.rb b/activesupport/lib/active_support/messages/rotator.rb
index e18549d735..823a399d67 100644
--- a/activesupport/lib/active_support/messages/rotator.rb
+++ b/activesupport/lib/active_support/messages/rotator.rb
@@ -10,8 +10,8 @@ module ActiveSupport
@rotations = []
end
- def rotate(*args)
- @rotations << create_rotation(*args)
+ def rotate(*secrets, **options)
+ @rotations << build_rotation(*secrets, @options.merge(options))
end
module Encryptor
@@ -24,27 +24,8 @@ module ActiveSupport
end
private
- def create_rotation(raw_key: nil, raw_signed_key: nil, **options)
- options[:cipher] ||= @cipher
-
- self.class.new \
- raw_key || extract_key(options),
- raw_signed_key || extract_signing_key(options),
- @options.merge(options.slice(:cipher, :digest, :serializer))
- end
-
- def extract_key(cipher:, salt:, key_generator: nil, secret: nil, **)
- key_generator ||= key_generator_for(secret)
- key_generator.generate_key(salt, self.class.key_len(cipher))
- end
-
- def extract_signing_key(cipher:, signed_salt: nil, key_generator: nil, secret: nil, **)
- if cipher.downcase.end_with?("cbc")
- raise ArgumentError, "missing signed_salt for signing key generation" unless signed_salt
-
- key_generator ||= key_generator_for(secret)
- key_generator.generate_key(signed_salt)
- end
+ def build_rotation(secret = @secret, sign_secret = @sign_secret, options)
+ self.class.new(secret, sign_secret, options)
end
end
@@ -56,21 +37,12 @@ module ActiveSupport
end
private
- def create_rotation(raw_key: nil, **options)
- self.class.new(raw_key || extract_key(options), @options.merge(options.slice(:digest, :serializer)))
- end
-
- def extract_key(key_generator: nil, secret: nil, salt:)
- key_generator ||= key_generator_for(secret)
- key_generator.generate_key(salt)
+ def build_rotation(secret = @secret, options)
+ self.class.new(secret, options)
end
end
private
- def key_generator_for(secret)
- ActiveSupport::KeyGenerator.new(secret, iterations: 1000)
- end
-
def run_rotations(on_rotation)
@rotations.find do |rotation|
if message = yield(rotation) rescue next