1
0
Fork 0
mirror of https://github.com/rails/rails.git synced 2022-11-09 12:12:34 -05:00
rails--rails/activesupport/lib/active_support/messages/rotator.rb
Kasper Timm Hansen b5aa2e0c49
Remove advanced key generator rotations from verifier/encryptor.
Noticed that verifiers and encryptors never once mentioned key generators
and salts but only concerned themselves with generated secrets.

Clears up the confusing naming around raw_key and secret as well. And
makes the rotation API follow the constructor signature to the letter.
2017-09-24 21:00:03 +02:00

56 lines
1.4 KiB
Ruby

# frozen_string_literal: true
module ActiveSupport
module Messages
module Rotator # :nodoc:
def initialize(*, **options)
super
@options = options
@rotations = []
end
def rotate(*secrets, **options)
@rotations << build_rotation(*secrets, @options.merge(options))
end
module Encryptor
include Rotator
def decrypt_and_verify(*args, on_rotation: nil, **options)
super
rescue MessageEncryptor::InvalidMessage, MessageVerifier::InvalidSignature
run_rotations(on_rotation) { |encryptor| encryptor.decrypt_and_verify(*args, options) } || raise
end
private
def build_rotation(secret = @secret, sign_secret = @sign_secret, options)
self.class.new(secret, sign_secret, options)
end
end
module Verifier
include Rotator
def verified(*args, on_rotation: nil, **options)
super || run_rotations(on_rotation) { |verifier| verifier.verified(*args, options) }
end
private
def build_rotation(secret = @secret, options)
self.class.new(secret, options)
end
end
private
def run_rotations(on_rotation)
@rotations.find do |rotation|
if message = yield(rotation) rescue next
on_rotation.call if on_rotation
return message
end
end
end
end
end
end