diff options
author | Kasper Timm Hansen <kaspth@gmail.com> | 2017-09-24 20:06:38 +0200 |
---|---|---|
committer | Kasper Timm Hansen <kaspth@gmail.com> | 2017-09-24 21:00:03 +0200 |
commit | b5aa2e0c495b310cbef90b2185ef28cd00745b23 (patch) | |
tree | d2137a7daf3328540dfb01e973d6585478ffeb3d /activesupport/lib/active_support/messages | |
parent | 20ba2e762ceab098371122b0c02b4a90239d2ace (diff) | |
download | rails-b5aa2e0c495b310cbef90b2185ef28cd00745b23.tar.gz rails-b5aa2e0c495b310cbef90b2185ef28cd00745b23.tar.bz2 rails-b5aa2e0c495b310cbef90b2185ef28cd00745b23.zip |
Remove advanced key generator rotations from verifier/encryptor.
Noticed that verifiers and encryptors never once mentioned key generators
and salts but only concerned themselves with generated secrets.
Clears up the confusing naming around raw_key and secret as well. And
makes the rotation API follow the constructor signature to the letter.
Diffstat (limited to 'activesupport/lib/active_support/messages')
-rw-r--r-- | activesupport/lib/active_support/messages/rotator.rb | 40 |
1 files changed, 6 insertions, 34 deletions
diff --git a/activesupport/lib/active_support/messages/rotator.rb b/activesupport/lib/active_support/messages/rotator.rb index e18549d735..823a399d67 100644 --- a/activesupport/lib/active_support/messages/rotator.rb +++ b/activesupport/lib/active_support/messages/rotator.rb @@ -10,8 +10,8 @@ module ActiveSupport @rotations = [] end - def rotate(*args) - @rotations << create_rotation(*args) + def rotate(*secrets, **options) + @rotations << build_rotation(*secrets, @options.merge(options)) end module Encryptor @@ -24,27 +24,8 @@ module ActiveSupport end private - def create_rotation(raw_key: nil, raw_signed_key: nil, **options) - options[:cipher] ||= @cipher - - self.class.new \ - raw_key || extract_key(options), - raw_signed_key || extract_signing_key(options), - @options.merge(options.slice(:cipher, :digest, :serializer)) - end - - def extract_key(cipher:, salt:, key_generator: nil, secret: nil, **) - key_generator ||= key_generator_for(secret) - key_generator.generate_key(salt, self.class.key_len(cipher)) - end - - def extract_signing_key(cipher:, signed_salt: nil, key_generator: nil, secret: nil, **) - if cipher.downcase.end_with?("cbc") - raise ArgumentError, "missing signed_salt for signing key generation" unless signed_salt - - key_generator ||= key_generator_for(secret) - key_generator.generate_key(signed_salt) - end + def build_rotation(secret = @secret, sign_secret = @sign_secret, options) + self.class.new(secret, sign_secret, options) end end @@ -56,21 +37,12 @@ module ActiveSupport end private - def create_rotation(raw_key: nil, **options) - self.class.new(raw_key || extract_key(options), @options.merge(options.slice(:digest, :serializer))) - end - - def extract_key(key_generator: nil, secret: nil, salt:) - key_generator ||= key_generator_for(secret) - key_generator.generate_key(salt) + def build_rotation(secret = @secret, options) + self.class.new(secret, options) end end private - def key_generator_for(secret) - ActiveSupport::KeyGenerator.new(secret, iterations: 1000) - end - def run_rotations(on_rotation) @rotations.find do |rotation| if message = yield(rotation) rescue next |