Class: RailsBase::Encryption

Inherits:

Object

• Object
• RailsBase::Encryption

Extended by:

ServiceLogging

Defined in:

app/services/rails_base/encryption.rb

Constant Summary

SECRET_NAME =

'encryption_service_verifier'

Class Method Summary

• .class_name ⇒ Object

  for service_logging class override.

• .decode(value:, purpose:, url_safe: false) ⇒ Object

  decoded = Encryption.decode(value: token, purpose: :login).

• .encode(value:, purpose:, expires_in: nil, expires_at: nil, url_safe: false) ⇒ Object

  token = Encryption.encode(value: ‘testing Encryption’, purpose: :login).

• .rotate_secret ⇒ Object

  Encryption.rotate_secret.

Methods included from ServiceLogging

aletered_message, class_name, log, log_prefix, logger, service_id

Class Method Details

.class_name ⇒ Object

for service_logging class override

# File 'app/services/rails_base/encryption.rb', line 9

def class_name
  name
end

.decode(value:, purpose:, url_safe: false) ⇒ Object

decoded = Encryption.decode(value: token, purpose: :login)

# File 'app/services/rails_base/encryption.rb', line 35

def decode(value:, purpose:, url_safe: false)
  value = CGI.unescape(value) if url_safe
  params = {}
  params[:purpose] = purpose if purpose
  log(level: :info, msg: "Decoding [#{value}] with params #{params}")
  # TODO: matt-taylor
  # Check if the message is valid and untampered with
  # https://api.rubyonrails.org/classes/ActiveSupport/MessageVerifier.html#method-i-valid_message-3F
  decoded = verifier.verified(value, **params)
  if decoded.nil?
    log(level: :warn, msg: "Failed to decode value: value: #{value}, purpose: #{purpose}")
  end
  decoded
end

.encode(value:, purpose:, expires_in: nil, expires_at: nil, url_safe: false) ⇒ Object

token = Encryption.encode(value: ‘testing Encryption’, purpose: :login)

# File 'app/services/rails_base/encryption.rb', line 13

def encode(value:, purpose:, expires_in: nil, expires_at: nil, url_safe: false)
  # expires_in = 5.minutes if purpose==:user_id_ajax
  params = {}
  params[:purpose] = purpose if purpose

  params[:expires_at] = expires_at if expires_at

  # expires_in takes precedence
  if expires_in
    params[:expires_in] = expires_in
    params.delete :expires_at if expires_at
  end

  raise "expires_at && expires_in are both nil" if expires_in.nil? && expires_at.nil?

  log(level: :info, msg: "Encoding [#{value}] with params #{params}")
  token = verifier.generate(value, **params)
  token = CGI.escape(token) if url_safe
  token
end

.rotate_secret ⇒ Object

Encryption.rotate_secret

# File 'app/services/rails_base/encryption.rb', line 51

def rotate_secret
  if old_secret
    verifier(force: true).rotate(old_secret)
  else
    verifier(force: true)
  end
  log(level: :info, msg: "Rotating secret for Encryption")
end