Method: ActiveSupport::MessageEncryptor#decrypt_and_verify

Defined in:

activesupport/lib/active_support/message_encryptor.rb

#decrypt_and_verify(message, **options) ⇒ Object

Decrypt and verify a message. We need to verify the message in order to avoid padding attacks. Reference: www.limited-entropy.com/padding-oracle-attacks/.

Options

:purpose

The purpose that the message was generated with. If the purpose does not match, decrypt_and_verify will return nil.

message = encryptor.encrypt_and_sign("hello", purpose: "greeting")
encryptor.decrypt_and_verify(message, purpose: "greeting") # => "hello"
encryptor.decrypt_and_verify(message)                      # => nil

message = encryptor.encrypt_and_sign("bye")
encryptor.decrypt_and_verify(message)                      # => "bye"
encryptor.decrypt_and_verify(message, purpose: "greeting") # => nil

# File 'activesupport/lib/active_support/message_encryptor.rb', line 241

def decrypt_and_verify(message, **options)
  catch_and_raise :invalid_message_format, as: InvalidMessage do
    catch_and_raise :invalid_message_serialization, as: InvalidMessage do
      catch_and_ignore :invalid_message_content do
        read_message(message, **options)
      end
    end
  end
end