Infer options from the primary verifier.

Spares users from passing in non-changing values explicitly. [ Michael Coyne & Kasper Timm Hansen ]
author: Kasper Timm Hansen <kaspth@gmail.com> 2017-09-24 19:46:10 +0200
committer: Kasper Timm Hansen <kaspth@gmail.com> 2017-09-24 19:46:10 +0200
commit: 20ba2e762ceab098371122b0c02b4a90239d2ace (patch)
tree: 3e94300b0b921b1224290cbf5a30cd7dc76fa641 /activesupport
parent: 92afe55b179152a5747b70cc5d5375395581b70f (diff)
download: rails-20ba2e762ceab098371122b0c02b4a90239d2ace.tar.gz
rails-20ba2e762ceab098371122b0c02b4a90239d2ace.tar.bz2
rails-20ba2e762ceab098371122b0c02b4a90239d2ace.zip
3 files changed, 27 insertions, 12 deletions
diff --git a/activesupport/lib/active_support/messages/rotator.rb b/activesupport/lib/active_support/messages/rotator.rb
index 21ae643138..e18549d735 100644
--- a/activesupport/lib/active_support/messages/rotator.rb
+++ b/activesupport/lib/active_support/messages/rotator.rb
@@ -3,9 +3,10 @@
 module ActiveSupport
   module Messages
     module Rotator # :nodoc:
-      def initialize(*args)
+      def initialize(*, **options)
         super
 
+        @options   = options
         @rotations = []
       end
 
@@ -24,10 +25,12 @@ module ActiveSupport
 
         private
           def create_rotation(raw_key: nil, raw_signed_key: nil, **options)
+            options[:cipher] ||= @cipher
+
             self.class.new \
               raw_key || extract_key(options),
               raw_signed_key || extract_signing_key(options),
-              options.slice(:cipher, :digest, :serializer)
+              @options.merge(options.slice(:cipher, :digest, :serializer))
           end
 
           def extract_key(cipher:, salt:, key_generator: nil, secret: nil, **)
@@ -53,8 +56,8 @@ module ActiveSupport
         end
 
         private
-          def create_rotation(raw_key: nil, digest: nil, serializer: nil, **options)
-            self.class.new(raw_key || extract_key(options), digest: digest, serializer: serializer)
+          def create_rotation(raw_key: nil, **options)
+            self.class.new(raw_key || extract_key(options), @options.merge(options.slice(:digest, :serializer)))
           end
 
           def extract_key(key_generator: nil, secret: nil, salt:)
diff --git a/activesupport/test/message_encryptor_test.rb b/activesupport/test/message_encryptor_test.rb
index 17baf3550b..915038c854 100644
--- a/activesupport/test/message_encryptor_test.rb
+++ b/activesupport/test/message_encryptor_test.rb
@@ -121,11 +121,23 @@ class MessageEncryptorTest < ActiveSupport::TestCase
     old_message = old_encryptor.encrypt_and_sign("message encrypted with old raw key")
 
     encryptor = ActiveSupport::MessageEncryptor.new(@secret, cipher: "aes-256-gcm")
-    encryptor.rotate raw_key: old_raw_key, cipher: "aes-256-gcm"
+    encryptor.rotate raw_key: old_raw_key
 
     assert_equal "message encrypted with old raw key", encryptor.decrypt_and_verify(old_message)
   end
 
+  def test_rotating_serializer
+    old_raw_key = SecureRandom.random_bytes(32)
+
+    old_message = ActiveSupport::MessageEncryptor.new(old_raw_key, cipher: "aes-256-gcm", serializer: JSON).
+      encrypt_and_sign(ahoy: :hoy)
+
+    encryptor = ActiveSupport::MessageEncryptor.new(@secret, cipher: "aes-256-gcm", serializer: JSON)
+    encryptor.rotate raw_key: old_raw_key
+
+    assert_equal({ "ahoy" => "hoy" }, encryptor.decrypt_and_verify(old_message))
+  end
+
   def test_with_rotated_secret_and_salt
     old_secret, old_salt = SecureRandom.random_bytes(32), "old salt"
     old_raw_key = ActiveSupport::KeyGenerator.new(old_secret, iterations: 1000).generate_key(old_salt, 32)
@@ -134,7 +146,7 @@ class MessageEncryptorTest < ActiveSupport::TestCase
     old_message = old_encryptor.encrypt_and_sign("message encrypted with old secret and salt")
 
     encryptor = ActiveSupport::MessageEncryptor.new(@secret, cipher: "aes-256-gcm")
-    encryptor.rotate secret: old_secret, salt: old_salt, cipher: "aes-256-gcm"
+    encryptor.rotate secret: old_secret, salt: old_salt
 
     assert_equal "message encrypted with old secret and salt", encryptor.decrypt_and_verify(old_message)
   end
@@ -147,7 +159,7 @@ class MessageEncryptorTest < ActiveSupport::TestCase
     old_message = old_encryptor.encrypt_and_sign("message encrypted with old key generator and salt")
 
     encryptor = ActiveSupport::MessageEncryptor.new(@secret, cipher: "aes-256-gcm")
-    encryptor.rotate key_generator: old_key_gen, salt: old_salt, cipher: "aes-256-gcm"
+    encryptor.rotate key_generator: old_key_gen, salt: old_salt
 
     assert_equal "message encrypted with old key generator and salt", encryptor.decrypt_and_verify(old_message)
   end
@@ -227,7 +239,7 @@ class MessageEncryptorTest < ActiveSupport::TestCase
       "message encrypted with old secret, salt, and metadata", purpose: "rotation")
 
     encryptor = ActiveSupport::MessageEncryptor.new(@secret, cipher: "aes-256-gcm")
-    encryptor.rotate secret: old_secret, salt: old_salt, cipher: "aes-256-gcm"
+    encryptor.rotate secret: old_secret, salt: old_salt
 
     assert_equal "message encrypted with old secret, salt, and metadata",
       encryptor.decrypt_and_verify(old_message, purpose: "rotation")
diff --git a/activesupport/test/message_verifier_test.rb b/activesupport/test/message_verifier_test.rb
index 3079c48c02..b43fc4b269 100644
--- a/activesupport/test/message_verifier_test.rb
+++ b/activesupport/test/message_verifier_test.rb
@@ -99,7 +99,7 @@ class MessageVerifierTest < ActiveSupport::TestCase
     old_message = old_verifier.generate("message verified with old raw key")
 
     verifier = ActiveSupport::MessageVerifier.new(@secret, digest: "SHA1")
-    verifier.rotate raw_key: old_raw_key, digest: "SHA1"
+    verifier.rotate raw_key: old_raw_key
 
     assert_equal "message verified with old raw key", verifier.verified(old_message)
   end
@@ -112,7 +112,7 @@ class MessageVerifierTest < ActiveSupport::TestCase
     old_message = old_verifier.generate("message verified with old secret and salt")
 
     verifier = ActiveSupport::MessageVerifier.new(@secret, digest: "SHA1")
-    verifier.rotate secret: old_secret, salt: old_salt, digest: "SHA1"
+    verifier.rotate secret: old_secret, salt: old_salt
 
     assert_equal "message verified with old secret and salt", verifier.verified(old_message)
   end
@@ -125,7 +125,7 @@ class MessageVerifierTest < ActiveSupport::TestCase
     old_message = old_verifier.generate("message verified with old key generator and salt")
 
     verifier = ActiveSupport::MessageVerifier.new(@secret, digest: "SHA1")
-    verifier.rotate key_generator: old_key_gen, salt: old_salt, digest: "SHA1"
+    verifier.rotate key_generator: old_key_gen, salt: old_salt
 
     assert_equal "message verified with old key generator and salt", verifier.verified(old_message)
   end
@@ -175,7 +175,7 @@ class MessageVerifierTest < ActiveSupport::TestCase
       "message verified with old secret, salt, and metadata", purpose: "rotation")
 
     verifier = ActiveSupport::MessageVerifier.new(@secret, digest: "SHA1")
-    verifier.rotate secret: old_secret, salt: old_salt, digest: "SHA1"
+    verifier.rotate secret: old_secret, salt: old_salt
 
     assert_equal "message verified with old secret, salt, and metadata",
       verifier.verified(old_message, purpose: "rotation")
author	Kasper Timm Hansen <kaspth@gmail.com>	2017-09-24 19:46:10 +0200
committer	Kasper Timm Hansen <kaspth@gmail.com>	2017-09-24 19:46:10 +0200
commit	20ba2e762ceab098371122b0c02b4a90239d2ace (patch)
tree	3e94300b0b921b1224290cbf5a30cd7dc76fa641 /activesupport
parent	92afe55b179152a5747b70cc5d5375395581b70f (diff)
download	rails-20ba2e762ceab098371122b0c02b4a90239d2ace.tar.gz rails-20ba2e762ceab098371122b0c02b4a90239d2ace.tar.bz2 rails-20ba2e762ceab098371122b0c02b4a90239d2ace.zip