Skip to content

Instantly share code, notes, and snippets.

@flanker

flanker/verify_and_decrypt_session_cookie60beta1.rb

Forked from yiichou/verify_and_decrypt_session_cookie60beta1.rb
Last active August 21, 2021 01:39
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save flanker/fecb6248d9d88b3698558aff246d2fed to your computer and use it in GitHub Desktop.
Save flanker/fecb6248d9d88b3698558aff246d2fed to your computer and use it in GitHub Desktop.
Download ZIP
Decrypt Rails 6.0 beta session cookies
Raw
verify_and_decrypt_session_cookie60beta1.rb
# decode rails session
def verify_and_decrypt_session_cookie(session_value, secret_key_base = Rails.application.secret_key_base)
serializer = ActiveSupport::MessageEncryptor::NullSerializer
key_generator = ActiveSupport::KeyGenerator.new(secret_key_base, iterations: 1000)
secret = key_generator.generate_key('encrypted cookie', 32)
sign_secret = key_generator.generate_key("signed encrypted cookie")
encryptor = ActiveSupport::MessageEncryptor.new(secret, sign_secret, cipher: "aes-256-cbc", serializer: serializer)
encryptor.decrypt_and_verify(CGI::unescape session_value)
end
# decode signed cookies
def decode_signed_cookies(cookie_original_value = 'ORIGINAL_VALUE_FROM_YOUR_HTTP_PAYLOAD')
cookie_payload_value = cookie_original_value.split('--').first
decoded_payload_string = Base64.decode64(cookie_payload_value)
decoded_payload = JSON.parse(decoded_payload_string)
encoded_message = decoded_payload['_rails']['message']
Base64.decode64 encoded_message
end
# sign cookies
def sign_cookies(value)
cookie_value = URI.unescape(value)
secret = Rails.application.secret_key_base
key = OpenSSL::PKCS5.pbkdf2_hmac_sha1(secret, "signed cookie", 1000, 64)
digest = OpenSSL::HMAC.hexdigest(OpenSSL::Digest.const_get("SHA1").new, key, cookie_value)
end
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment