From 9d79d77813c3aca010a5b40cacbd6e68f42ce618 Mon Sep 17 00:00:00 2001
From: Kasper Timm Hansen <kaspth@gmail.com>
Date: Sun, 24 Sep 2017 21:25:59 +0200
Subject: Use new rotation signature in cookies.

[ Michael Coyne & Kasper Timm Hansen ]
---
 .../lib/action_dispatch/middleware/cookies.rb      | 23 +++++++++++-----------
 1 file changed, 12 insertions(+), 11 deletions(-)

(limited to 'actionpack/lib/action_dispatch/middleware/cookies.rb')

diff --git a/actionpack/lib/action_dispatch/middleware/cookies.rb b/actionpack/lib/action_dispatch/middleware/cookies.rb
index b3831649a8..06ce0b22f4 100644
--- a/actionpack/lib/action_dispatch/middleware/cookies.rb
+++ b/actionpack/lib/action_dispatch/middleware/cookies.rb
@@ -264,9 +264,9 @@ module ActionDispatch
         end
 
         def upgrade_legacy_hmac_aes_cbc_cookies?
-          request.secret_key_base.present?                       &&
-            request.encrypted_signed_cookie_salt.present?        &&
-            request.encrypted_cookie_salt.present?               &&
+          request.secret_key_base.present? &&
+            request.encrypted_signed_cookie_salt.present? &&
+            request.encrypted_cookie_salt.present? &&
             request.use_authenticated_cookie_encryption
         end
 
@@ -570,12 +570,12 @@ module ActionDispatch
         secret = request.key_generator.generate_key(request.signed_cookie_salt)
         @verifier = ActiveSupport::MessageVerifier.new(secret, digest: signed_cookie_digest, serializer: SERIALIZER)
 
-        request.cookies_rotations.signed.each do |rotation_options|
-          @verifier.rotate serializer: SERIALIZER, **rotation_options
+        request.cookies_rotations.signed.each do |*secrets, **options|
+          @verifier.rotate *secrets, serializer: SERIALIZER, **options
         end
 
         if upgrade_legacy_signed_cookies?
-          @verifier.rotate raw_key: request.secret_token, serializer: SERIALIZER
+          @verifier.rotate request.secret_token, serializer: SERIALIZER
         end
       end
 
@@ -603,14 +603,15 @@ module ActionDispatch
         secret = request.key_generator.generate_key(request.authenticated_encrypted_cookie_salt, key_len)
         @encryptor = ActiveSupport::MessageEncryptor.new(secret, cipher: encrypted_cookie_cipher, serializer: SERIALIZER)
 
-        request.cookies_rotations.encrypted.each do |rotation_options|
-          @encryptor.rotate serializer: SERIALIZER, **rotation_options
+        request.cookies_rotations.encrypted.each do |*secrets, **options|
+          @encryptor.rotate *secrets, serializer: SERIALIZER, **options
         end
 
         if upgrade_legacy_hmac_aes_cbc_cookies?
-          @encryptor.rotate \
-            key_generator: request.key_generator, salt: request.encrypted_cookie_salt, signed_salt: request.encrypted_signed_cookie_salt,
-            cipher: "aes-256-cbc", digest: digest, serializer: SERIALIZER
+          secret = request.key_generator.generate_key(request.encrypted_cookie_salt)
+          sign_secret = request.key_generator.generate_key(request.encrypted_signed_cookie_salt)
+
+          @encryptor.rotate secret, sign_secret, cipher: "aes-256-cbc", digest: digest, serializer: SERIALIZER
         end
 
         if upgrade_legacy_signed_cookies?
-- 
cgit v1.2.3