Perform self-serialization once metadata is involved.

Adds support for metadata even when using ActiveSupport::MessageEncryptor::NullSerializer.
author: Kasper Timm Hansen <kaspth@gmail.com> 2017-08-09 21:48:25 +0200
committer: Kasper Timm Hansen <kaspth@gmail.com> 2017-08-13 20:40:59 +0200
commit: e9275965f286dd82d173192c185275c136d56d9e (patch)
tree: bcfa84065d0a3f5662c20c78b9df4489bf4a0b09 /activesupport/lib
parent: 7c89948c416fbc32b59e33a0ab454545b4f6fed7 (diff)
download: rails-e9275965f286dd82d173192c185275c136d56d9e.tar.gz
rails-e9275965f286dd82d173192c185275c136d56d9e.tar.bz2
rails-e9275965f286dd82d173192c185275c136d56d9e.zip
3 files changed, 42 insertions, 26 deletions
diff --git a/activesupport/lib/active_support/message_encryptor.rb b/activesupport/lib/active_support/message_encryptor.rb
index 090d51933a..952306b482 100644
--- a/activesupport/lib/active_support/message_encryptor.rb
+++ b/activesupport/lib/active_support/message_encryptor.rb
@@ -121,14 +121,13 @@ module ActiveSupport
     # Encrypt and sign a message. We need to sign the message in order to avoid
     # padding attacks. Reference: http://www.limited-entropy.com/padding-oracle-attacks.
     def encrypt_and_sign(value, expires_at: nil, expires_in: nil, purpose: nil)
-      data = Messages::Metadata.wrap(value, expires_at: expires_at, expires_in: expires_in, purpose: purpose)
-      verifier.generate(_encrypt(data))
+      verifier.generate(_encrypt(value, expires_at: expires_at, expires_in: expires_in, purpose: purpose))
     end
 
     # Decrypt and verify a message. We need to verify the message in order to
     # avoid padding attacks. Reference: http://www.limited-entropy.com/padding-oracle-attacks.
     def decrypt_and_verify(data, purpose: nil)
-      Messages::Metadata.verify(_decrypt(verifier.verify(data)), purpose)
+      _decrypt(verifier.verify(data), purpose)
     end
 
     # Given a cipher, returns the key length of the cipher to help generate the key of desired size
@@ -137,7 +136,7 @@ module ActiveSupport
     end
 
     private
-      def _encrypt(value)
+      def _encrypt(value, **metadata_options)
         cipher = new_cipher
         cipher.encrypt
         cipher.key = @secret
@@ -146,7 +145,7 @@ module ActiveSupport
         iv = cipher.random_iv
         cipher.auth_data = "" if aead_mode?
 
-        encrypted_data = cipher.update(@serializer.dump(value))
+        encrypted_data = cipher.update(Messages::Metadata.wrap(@serializer.dump(value), metadata_options))
         encrypted_data << cipher.final
 
         blob = "#{::Base64.strict_encode64 encrypted_data}--#{::Base64.strict_encode64 iv}"
@@ -154,7 +153,7 @@ module ActiveSupport
         blob
       end
 
-      def _decrypt(encrypted_message)
+      def _decrypt(encrypted_message, purpose)
         cipher = new_cipher
         encrypted_data, iv, auth_tag = encrypted_message.split("--".freeze).map { |v| ::Base64.strict_decode64(v) }
 
@@ -174,7 +173,8 @@ module ActiveSupport
         decrypted_data = cipher.update(encrypted_data)
         decrypted_data << cipher.final
 
-        @serializer.load(decrypted_data)
+        message = Messages::Metadata.verify(decrypted_data, purpose)
+        @serializer.load(message) if message
       rescue OpenSSLCipherError, TypeError, ArgumentError
         raise InvalidMessage
       end
diff --git a/activesupport/lib/active_support/message_verifier.rb b/activesupport/lib/active_support/message_verifier.rb
index fdd2185f7f..7110d6d2c9 100644
--- a/activesupport/lib/active_support/message_verifier.rb
+++ b/activesupport/lib/active_support/message_verifier.rb
@@ -124,7 +124,8 @@ module ActiveSupport
       if valid_message?(signed_message)
         begin
           data = signed_message.split("--".freeze)[0]
-          Messages::Metadata.verify(@serializer.load(decode(data)), purpose)
+          message = Messages::Metadata.verify(decode(data), purpose)
+          @serializer.load(message) if message
         rescue ArgumentError => argument_error
           return if argument_error.message.include?("invalid base64")
           raise
@@ -156,7 +157,7 @@ module ActiveSupport
     #   verifier = ActiveSupport::MessageVerifier.new 's3Krit'
     #   verifier.generate 'a private message' # => "BAhJIhRwcml2YXRlLW1lc3NhZ2UGOgZFVA==--e2d724331ebdee96a10fb99b089508d1c72bd772"
     def generate(value, expires_at: nil, expires_in: nil, purpose: nil)
-      data = encode(@serializer.dump(Messages::Metadata.wrap(value, expires_at: expires_at, expires_in: expires_in, purpose: purpose)))
+      data = encode(Messages::Metadata.wrap(@serializer.dump(value), expires_at: expires_at, expires_in: expires_in, purpose: purpose))
       "#{data}--#{generate_digest(data)}"
     end
 
diff --git a/activesupport/lib/active_support/messages/metadata.rb b/activesupport/lib/active_support/messages/metadata.rb
index a45aecfcd0..e97caac766 100644
--- a/activesupport/lib/active_support/messages/metadata.rb
+++ b/activesupport/lib/active_support/messages/metadata.rb
@@ -5,27 +5,25 @@ require "time"
 module ActiveSupport
   module Messages #:nodoc:
     class Metadata #:nodoc:
-      def initialize(expires_at, purpose)
-        @expires_at, @purpose = expires_at, purpose.to_s
+      def initialize(message, expires_at = nil, purpose = nil)
+        @message, @expires_at, @purpose = message, expires_at, purpose
+      end
+
+      def as_json(options = {})
+        { _rails: { message: @message, exp: @expires_at, pur: @purpose } }
       end
 
       class << self
         def wrap(message, expires_at: nil, expires_in: nil, purpose: nil)
           if expires_at || expires_in || purpose
-            { "value" => message, "_rails" => { "exp" => pick_expiry(expires_at, expires_in), "pur" => purpose } }
+            JSON.encode new(encode(message), pick_expiry(expires_at, expires_in), purpose)
           else
             message
           end
         end
 
         def verify(message, purpose)
-          metadata = extract_metadata(message)
-
-          if metadata.nil?
-            message if purpose.nil?
-          elsif metadata.match?(purpose) && metadata.fresh?
-            message["value"]
-          end
+          extract_metadata(message).verify(purpose)
         end
 
         private
@@ -38,19 +36,36 @@ module ActiveSupport
           end
 
           def extract_metadata(message)
-            if message.is_a?(Hash) && message.key?("_rails")
-              new(message["_rails"]["exp"], message["_rails"]["pur"])
+            data = JSON.decode(message) rescue nil
+
+            if data.is_a?(Hash) && data.key?("_rails")
+              new(decode(data["_rails"]["message"]), data["_rails"]["exp"], data["_rails"]["pur"])
+            else
+              new(message)
             end
           end
-      end
 
-      def match?(purpose)
-        @purpose == purpose.to_s
+          def encode(message)
+            ::Base64.strict_encode64(message)
+          end
+
+          def decode(message)
+            ::Base64.strict_decode64(message)
+          end
       end
 
-      def fresh?
-        @expires_at.nil? || Time.now.utc < Time.iso8601(@expires_at)
+      def verify(purpose)
+        @message if match?(purpose) && fresh?
       end
+
+      private
+        def match?(purpose)
+          @purpose.to_s == purpose.to_s
+        end
+
+        def fresh?
+          @expires_at.nil? || Time.now.utc < Time.iso8601(@expires_at)
+        end
     end
   end
 end
author	Kasper Timm Hansen <kaspth@gmail.com>	2017-08-09 21:48:25 +0200
committer	Kasper Timm Hansen <kaspth@gmail.com>	2017-08-13 20:40:59 +0200
commit	e9275965f286dd82d173192c185275c136d56d9e (patch)
tree	bcfa84065d0a3f5662c20c78b9df4489bf4a0b09 /activesupport/lib
parent	7c89948c416fbc32b59e33a0ab454545b4f6fed7 (diff)
download	rails-e9275965f286dd82d173192c185275c136d56d9e.tar.gz rails-e9275965f286dd82d173192c185275c136d56d9e.tar.bz2 rails-e9275965f286dd82d173192c185275c136d56d9e.zip