Module: Hestia::SignedCookieJarExtension::ActionPack5

Defined in:
lib/hestia/signed_cookie_jar_extension/action_pack_5.rb

Instance Method Summary collapse

Instance Method Details

#initialize(parent_jar) ⇒ Object

Public: overridden #initialize method

In rails, ‘secrets’ will be given the value of ‘Rails.application.config.secret_token’. That’s the current secret token. This also reads from ‘Rails.application.config.deprecated_secret_token` for deprecated token(s) to use. It can be undefined, a string or an array of string.

parent_jar [ActionDispatch::Cookies] the parent jar creating this signed cookie jar secret [String] current secret token. Used to verify & sign cookies.



15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
 
# File 'lib/hestia/signed_cookie_jar_extension/action_pack_5.rb', line 15

def initialize(parent_jar)
  super

  # Find the deprecated secrets, if there are any
  deprecated_secrets = if Rails.application.config.respond_to?(:deprecated_secret_token)
    # This could be a single string!
    Array(Rails.application.config.deprecated_secret_token)
  else
    []
  end

  # Grab the `config.secret_token` value from its generator
  active_secret = key_generator.generate_key(request.signed_cookie_salt)

  # Take the deprecated secrets through the same generator code
  deprecated_secrets.map do |secret|
    ActiveSupport::LegacyKeyGenerator.new(secret).generate_key(request.signed_cookie_salt)
  end

  serializer = ActiveSupport.version.to_s > "4.1" ? ActiveSupport::MessageEncryptor::NullSerializer : ActionDispatch::Cookies::NullSerializer

  # Finally, override @verifier with our own multi verifier containing all the secrets
  @verifier = Hestia::MessageMultiVerifier.new(current_secret: active_secret, deprecated_secrets: deprecated_secrets, options: {serializer: serializer})
end