|
# frozen_string_literal: true |
|
|
|
require 'cgi' |
|
require 'json' |
|
require 'active_support' |
|
|
|
def verify_and_decrypt_session_cookie( |
|
cookie, |
|
escaped: false, |
|
key_generator: Rails.application.key_generator, |
|
secret_key_base: Rails.application.secret_key_base, |
|
config: Rails.application.config.action_dispatch, |
|
authenticated_encrypted_cookie_salt: config.authenticated_encrypted_cookie_salt, |
|
encrypted_cookie_salt: config.encrypted_cookie_salt, |
|
encrypted_signed_cookie_salt: config.encrypted_signed_cookie_salt, |
|
encrypted_cookie_cipher: config.encrypted_cookie_cipher, |
|
cookies_serializer: config.cookies_serializer, |
|
use_authenticated_cookie_encryption: config.use_authenticated_cookie_encryption |
|
) |
|
# cookie: it may need to be unescaped, depending on how it was acquired |
|
cookie = CGI::unescape(cookie) if escaped |
|
|
|
# see ActionDispatch::Cookies::SerializedCookieJars#serializer |
|
serializer = case cookies_serializer |
|
when :marshal; Marshal |
|
when :json, :hybrid; ActionDispatch::Cookies::JsonSerializer |
|
else serializer |
|
end |
|
|
|
# see ActionDispatch::Cookies::ChainedCookieJar#encrypted_cookie_cipher |
|
encrypted_cookie_cipher ||= "aes-256-gcm" |
|
|
|
# see ActionDispatch::Cookies::EncryptedKeyRotatingCookieJar#initialize |
|
if use_authenticated_cookie_encryption |
|
key_len = ActiveSupport::MessageEncryptor.key_len(encrypted_cookie_cipher) |
|
secret = key_generator.generate_key(authenticated_encrypted_cookie_salt, key_len) |
|
encryptor = ActiveSupport::MessageEncryptor.new(secret, cipher: encrypted_cookie_cipher, serializer: serializer) |
|
else |
|
key_len = ActiveSupport::MessageEncryptor.key_len("aes-256-cbc") |
|
secret = key_generator.generate_key(encrypted_cookie_salt, key_len) |
|
sign_secret = key_generator.generate_key(encrypted_signed_cookie_salt) |
|
encryptor = ActiveSupport::MessageEncryptor.new(secret, sign_secret, cipher: "aes-256-cbc", serializer: serializer) |
|
end |
|
|
|
encryptor.decrypt_and_verify(cookie) |
|
end |
Thank you. This worked for me on Rails 5.2 after changing line 39 to use
aes-256-cbc
instead ofaes-255-cbc
.