From 39f8ca64cec8667b66628e970211b4d18abbc373 Mon Sep 17 00:00:00 2001
From: Michael Coyne <mikeycgto@gmail.com>
Date: Sat, 23 Sep 2017 17:16:21 -0400
Subject: Add key rotation message Encryptor and Verifier

Both classes now have a rotate method where new instances are added for
each call. When decryption or verification fails the next rotation
instance is tried.
---
 railties/lib/rails/application.rb | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'railties/lib')

diff --git a/railties/lib/rails/application.rb b/railties/lib/rails/application.rb
index abfec90b6d..f691156921 100644
--- a/railties/lib/rails/application.rb
+++ b/railties/lib/rails/application.rb
@@ -259,8 +259,11 @@ module Rails
           "action_dispatch.encrypted_cookie_salt" => config.action_dispatch.encrypted_cookie_salt,
           "action_dispatch.encrypted_signed_cookie_salt" => config.action_dispatch.encrypted_signed_cookie_salt,
           "action_dispatch.authenticated_encrypted_cookie_salt" => config.action_dispatch.authenticated_encrypted_cookie_salt,
+          "action_dispatch.encrypted_cookie_cipher" => config.action_dispatch.encrypted_cookie_cipher,
+          "action_dispatch.signed_cookie_digest" => config.action_dispatch.signed_cookie_digest,
           "action_dispatch.cookies_serializer" => config.action_dispatch.cookies_serializer,
-          "action_dispatch.cookies_digest" => config.action_dispatch.cookies_digest
+          "action_dispatch.cookies_digest" => config.action_dispatch.cookies_digest,
+          "action_dispatch.cookies_rotations" => config.action_dispatch.cookies_rotations
         )
       end
     end
-- 
cgit v1.2.3


From 8b0af54bbe5ab8b598e980013dd53a50d819b636 Mon Sep 17 00:00:00 2001
From: Michael Coyne <mikeycgto@gmail.com>
Date: Sat, 23 Sep 2017 17:18:01 -0400
Subject: Add key rotation cookies middleware

Using the action_dispatch.cookies_rotations interface, key rotation is
now possible with cookies. Thus the secret_key_base as well as salts,
ciphers, and digests, can be rotated without expiring sessions.
---
 railties/lib/rails/application.rb | 1 +
 1 file changed, 1 insertion(+)

(limited to 'railties/lib')

diff --git a/railties/lib/rails/application.rb b/railties/lib/rails/application.rb
index f691156921..24f5eeae87 100644
--- a/railties/lib/rails/application.rb
+++ b/railties/lib/rails/application.rb
@@ -259,6 +259,7 @@ module Rails
           "action_dispatch.encrypted_cookie_salt" => config.action_dispatch.encrypted_cookie_salt,
           "action_dispatch.encrypted_signed_cookie_salt" => config.action_dispatch.encrypted_signed_cookie_salt,
           "action_dispatch.authenticated_encrypted_cookie_salt" => config.action_dispatch.authenticated_encrypted_cookie_salt,
+          "action_dispatch.use_authenticated_cookie_encryption" => config.action_dispatch.use_authenticated_cookie_encryption,
           "action_dispatch.encrypted_cookie_cipher" => config.action_dispatch.encrypted_cookie_cipher,
           "action_dispatch.signed_cookie_digest" => config.action_dispatch.signed_cookie_digest,
           "action_dispatch.cookies_serializer" => config.action_dispatch.cookies_serializer,
-- 
cgit v1.2.3