Class: ActionDispatch::Cookies::EncryptedKeyRotatingCookieJar

Inherits:
AbstractCookieJar show all
Includes:
SerializedCookieJars
Defined in:
actionpack/lib/action_dispatch/middleware/cookies.rb

Overview

:nodoc:

Constant Summary

Constants included from SerializedCookieJars

SerializedCookieJars::MARSHAL_SIGNATURE, SerializedCookieJars::SERIALIZER

Instance Method Summary collapse

Methods inherited from AbstractCookieJar

#[], #[]=

Methods included from ChainedCookieJars

#encrypted, #permanent, #signed, #signed_or_encrypted

Constructor Details

#initialize(parent_jar) ⇒ EncryptedKeyRotatingCookieJar

Returns a new instance of EncryptedKeyRotatingCookieJar.



604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
# File 'actionpack/lib/action_dispatch/middleware/cookies.rb', line 604

def initialize(parent_jar)
  super

  if request.use_authenticated_cookie_encryption
    key_len = ActiveSupport::MessageEncryptor.key_len(encrypted_cookie_cipher)
    secret = request.key_generator.generate_key(request.authenticated_encrypted_cookie_salt, key_len)
    @encryptor = ActiveSupport::MessageEncryptor.new(secret, cipher: encrypted_cookie_cipher, serializer: SERIALIZER)
  else
    key_len = ActiveSupport::MessageEncryptor.key_len("aes-256-cbc")
    secret = request.key_generator.generate_key(request.encrypted_cookie_salt, key_len)
    sign_secret = request.key_generator.generate_key(request.encrypted_signed_cookie_salt)
    @encryptor = ActiveSupport::MessageEncryptor.new(secret, sign_secret, cipher: "aes-256-cbc", serializer: SERIALIZER)
  end

  request.cookies_rotations.encrypted.each do |*secrets, **options|
    @encryptor.rotate(*secrets, serializer: SERIALIZER, **options)
  end

  if upgrade_legacy_hmac_aes_cbc_cookies?
    legacy_cipher = "aes-256-cbc"
    secret = request.key_generator.generate_key(request.encrypted_cookie_salt, ActiveSupport::MessageEncryptor.key_len(legacy_cipher))
    sign_secret = request.key_generator.generate_key(request.encrypted_signed_cookie_salt)

    @encryptor.rotate(secret, sign_secret, cipher: legacy_cipher, digest: digest, serializer: SERIALIZER)
  end
end