Class: TokenAuthenticatableStrategies::EncryptionHelper

Inherits:

Object

• Object
• TokenAuthenticatableStrategies::EncryptionHelper

Defined in:

app/models/concerns/token_authenticatable_strategies/encryption_helper.rb

Constant Summary

DYNAMIC_NONCE_IDENTIFIER =

"|"

NONCE_SIZE =

12

Class Method Summary

• .decrypt_token(token) ⇒ Object
• .encrypt_token(plaintext_token) ⇒ Object

Class Method Details

.decrypt_token(token) ⇒ Object

# File 'app/models/concerns/token_authenticatable_strategies/encryption_helper.rb', line 8

def self.decrypt_token(token)
  return unless token

  # The pattern of the token is "#{DYNAMIC_NONCE_IDENTIFIER}#{token}#{iv_of_12_characters}"
  if token.start_with?(DYNAMIC_NONCE_IDENTIFIER) && token.size > NONCE_SIZE + DYNAMIC_NONCE_IDENTIFIER.size
    token_to_decrypt = token[1...-NONCE_SIZE]
    iv = token[-NONCE_SIZE..]

    Gitlab::CryptoHelper.aes256_gcm_decrypt(token_to_decrypt, nonce: iv)
  else
    Gitlab::CryptoHelper.aes256_gcm_decrypt(token)
  end
end

.encrypt_token(plaintext_token) ⇒ Object

# File 'app/models/concerns/token_authenticatable_strategies/encryption_helper.rb', line 22

def self.encrypt_token(plaintext_token)
  iv = ::Digest::SHA256.hexdigest(plaintext_token).bytes.take(NONCE_SIZE).pack('c*')
  token = Gitlab::CryptoHelper.aes256_gcm_encrypt(plaintext_token, nonce: iv)
  "#{DYNAMIC_NONCE_IDENTIFIER}#{token}#{iv}"
end