From a5502f4a795d6d34d4f05eeefc9f9a653eff0eb0 Mon Sep 17 00:00:00 2001
From: Edouard CHIN <edouard.chin@shopify.com>
Date: Mon, 13 May 2019 16:02:38 +0200
Subject: Allow `on_rotation` in MessageEncryptor to be passed in constructor:

- Use case:

  I'm writing a wrapper around MessageEncryptor to make things easier
  to rotate a secret in our app.

  It works something like
  ```ruby
  crypt = RotatableSecret.new(['old_secret', 'new_secret'])
  crypt.decrypt_and_verify(message)
  ```

  I'd like the caller to not have to care about passing the
  `on_rotation` option and have the wrapper deal with it when
  instantiating the MessageEncryptor object.

  Also, almost all of the time the on_rotation should be the same when
  rotating a secret (logging something or StatsD event) so I think
  it's not worth having to repeat ourselves each time we decrypt a message.
---
 activesupport/lib/active_support/messages/rotator.rb | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

(limited to 'activesupport/lib')

diff --git a/activesupport/lib/active_support/messages/rotator.rb b/activesupport/lib/active_support/messages/rotator.rb
index 823a399d67..50ea7dcd8d 100644
--- a/activesupport/lib/active_support/messages/rotator.rb
+++ b/activesupport/lib/active_support/messages/rotator.rb
@@ -3,11 +3,12 @@
 module ActiveSupport
   module Messages
     module Rotator # :nodoc:
-      def initialize(*, **options)
+      def initialize(*, on_rotation: nil, **options)
         super
 
         @options   = options
         @rotations = []
+        @on_rotation = on_rotation
       end
 
       def rotate(*secrets, **options)
@@ -17,7 +18,7 @@ module ActiveSupport
       module Encryptor
         include Rotator
 
-        def decrypt_and_verify(*args, on_rotation: nil, **options)
+        def decrypt_and_verify(*args, on_rotation: @on_rotation, **options)
           super
         rescue MessageEncryptor::InvalidMessage, MessageVerifier::InvalidSignature
           run_rotations(on_rotation) { |encryptor| encryptor.decrypt_and_verify(*args, options) } || raise
@@ -32,7 +33,7 @@ module ActiveSupport
       module Verifier
         include Rotator
 
-        def verified(*args, on_rotation: nil, **options)
+        def verified(*args, on_rotation: @on_rotation, **options)
           super || run_rotations(on_rotation) { |verifier| verifier.verified(*args, options) }
         end
 
@@ -46,7 +47,7 @@ module ActiveSupport
         def run_rotations(on_rotation)
           @rotations.find do |rotation|
             if message = yield(rotation) rescue next
-              on_rotation.call if on_rotation
+              on_rotation&.call
               return message
             end
           end
-- 
cgit v1.2.3