Class: ActionDispatch::Cookies::EncryptedKeyRotatingCookieJar

Inherits:
AbstractCookieJar show all
Includes:
SerializedCookieJars
Defined in:
lib/action_dispatch/middleware/cookies.rb

Overview

:nodoc:

Constant Summary

Constants included from SerializedCookieJars

SerializedCookieJars::MARSHAL_SIGNATURE, SerializedCookieJars::SERIALIZER

Instance Method Summary collapse

Methods inherited from AbstractCookieJar

#[], #[]=

Methods included from ChainedCookieJars

#encrypted, #permanent, #signed, #signed_or_encrypted

Constructor Details

#initialize(parent_jar) ⇒ EncryptedKeyRotatingCookieJar

Returns a new instance of EncryptedKeyRotatingCookieJar.



597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
# File 'lib/action_dispatch/middleware/cookies.rb', line 597

def initialize(parent_jar)
  super

  if request.use_authenticated_cookie_encryption
    key_len = ActiveSupport::MessageEncryptor.key_len(encrypted_cookie_cipher)
    secret = request.key_generator.generate_key(request.authenticated_encrypted_cookie_salt, key_len)
    @encryptor = ActiveSupport::MessageEncryptor.new(secret, cipher: encrypted_cookie_cipher, serializer: SERIALIZER)
  else
    key_len = ActiveSupport::MessageEncryptor.key_len("aes-256-cbc")
    secret = request.key_generator.generate_key(request.encrypted_cookie_salt, key_len)
    sign_secret = request.key_generator.generate_key(request.encrypted_signed_cookie_salt)
    @encryptor = ActiveSupport::MessageEncryptor.new(secret, sign_secret, cipher: "aes-256-cbc", serializer: SERIALIZER)
  end

  request.cookies_rotations.encrypted.each do |(*secrets)|
    options = secrets.extract_options!
    @encryptor.rotate(*secrets, serializer: SERIALIZER, **options)
  end

  if upgrade_legacy_hmac_aes_cbc_cookies?
    legacy_cipher = "aes-256-cbc"
    secret = request.key_generator.generate_key(request.encrypted_cookie_salt, ActiveSupport::MessageEncryptor.key_len(legacy_cipher))
    sign_secret = request.key_generator.generate_key(request.encrypted_signed_cookie_salt)

    @encryptor.rotate(secret, sign_secret, cipher: legacy_cipher, digest: digest, serializer: SERIALIZER)
  end
end