mirror of
https://github.com/rails/rails.git
synced 2022-11-09 12:12:34 -05:00
b5aa2e0c49
Noticed that verifiers and encryptors never once mentioned key generators and salts but only concerned themselves with generated secrets. Clears up the confusing naming around raw_key and secret as well. And makes the rotation API follow the constructor signature to the letter.
56 lines
1.4 KiB
Ruby
56 lines
1.4 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
module ActiveSupport
|
|
module Messages
|
|
module Rotator # :nodoc:
|
|
def initialize(*, **options)
|
|
super
|
|
|
|
@options = options
|
|
@rotations = []
|
|
end
|
|
|
|
def rotate(*secrets, **options)
|
|
@rotations << build_rotation(*secrets, @options.merge(options))
|
|
end
|
|
|
|
module Encryptor
|
|
include Rotator
|
|
|
|
def decrypt_and_verify(*args, on_rotation: nil, **options)
|
|
super
|
|
rescue MessageEncryptor::InvalidMessage, MessageVerifier::InvalidSignature
|
|
run_rotations(on_rotation) { |encryptor| encryptor.decrypt_and_verify(*args, options) } || raise
|
|
end
|
|
|
|
private
|
|
def build_rotation(secret = @secret, sign_secret = @sign_secret, options)
|
|
self.class.new(secret, sign_secret, options)
|
|
end
|
|
end
|
|
|
|
module Verifier
|
|
include Rotator
|
|
|
|
def verified(*args, on_rotation: nil, **options)
|
|
super || run_rotations(on_rotation) { |verifier| verifier.verified(*args, options) }
|
|
end
|
|
|
|
private
|
|
def build_rotation(secret = @secret, options)
|
|
self.class.new(secret, options)
|
|
end
|
|
end
|
|
|
|
private
|
|
def run_rotations(on_rotation)
|
|
@rotations.find do |rotation|
|
|
if message = yield(rotation) rescue next
|
|
on_rotation.call if on_rotation
|
|
return message
|
|
end
|
|
end
|
|
end
|
|
end
|
|
end
|
|
end
|