Class: ActiveSupport::SecureCompareRotator

Inherits:
Object
  • Object
show all
Includes:
SecurityUtils
Defined in:
lib/active_support/secure_compare_rotator.rb

Overview

Secure Compare Rotator

The ActiveSupport::SecureCompareRotator is a wrapper around ActiveSupport::SecurityUtils.secure_compare and allows you to rotate a previously defined value to a new one.

It can be used as follow:

rotator = ActiveSupport::SecureCompareRotator.new('new_production_value')
rotator.rotate('previous_production_value')
rotator.secure_compare!('previous_production_value')

One real use case example would be to rotate a basic auth credentials:

class MyController < ApplicationController
  def authenticate_request
    rotator = ActiveSupport::SecureCompareRotator.new('new_password')
    rotator.rotate('old_password')

    authenticate_or_request_with_http_basic do |username, password|
      rotator.secure_compare!(password)
    rescue ActiveSupport::SecureCompareRotator::InvalidMatch
      false
    end
  end
end

Constant Summary collapse

InvalidMatch =
Class.new(StandardError)

Instance Method Summary collapse

Methods included from SecurityUtils

fixed_length_secure_compare, secure_compare

Constructor Details

#initialize(value, on_rotation: nil) ⇒ SecureCompareRotator

Returns a new instance of SecureCompareRotator.



37
38
39
40
41
# File 'lib/active_support/secure_compare_rotator.rb', line 37

def initialize(value, on_rotation: nil)
  @value = value
  @rotate_values = []
  @on_rotation = on_rotation
end

Instance Method Details

#rotate(previous_value) ⇒ Object



43
44
45
# File 'lib/active_support/secure_compare_rotator.rb', line 43

def rotate(previous_value)
  @rotate_values << previous_value
end

#secure_compare!(other_value, on_rotation: @on_rotation) ⇒ Object



47
48
49
50
51
52
53
54
55
56
# File 'lib/active_support/secure_compare_rotator.rb', line 47

def secure_compare!(other_value, on_rotation: @on_rotation)
  if secure_compare(@value, other_value)
    true
  elsif @rotate_values.any? { |value| secure_compare(value, other_value) }
    on_rotation&.call
    true
  else
    raise InvalidMatch
  end
end