nevans/verify_and_decrypt_session_cookie.rb

## verify_and_decrypt_session_cookie.rb
# frozen_string_literal: true

require 'cgi'
require 'json'
require 'active_support'

def verify_and_decrypt_session_cookie(
  cookie,
  escaped: false,
  key_generator:   Rails.application.key_generator,
  secret_key_base: Rails.application.secret_key_base,
  config:          Rails.application.config.action_dispatch,
  authenticated_encrypted_cookie_salt: config.authenticated_encrypted_cookie_salt,
  encrypted_cookie_salt:               config.encrypted_cookie_salt,
  encrypted_signed_cookie_salt:        config.encrypted_signed_cookie_salt,
  encrypted_cookie_cipher:             config.encrypted_cookie_cipher,
  cookies_serializer:                  config.cookies_serializer,
  use_authenticated_cookie_encryption: config.use_authenticated_cookie_encryption
)
  # cookie: it may need to be unescaped, depending on how it was acquired
  cookie = CGI::unescape(cookie) if escaped

  # see ActionDispatch::Cookies::SerializedCookieJars#serializer
  serializer = case cookies_serializer
  when :marshal; Marshal
  when :json, :hybrid; ActionDispatch::Cookies::JsonSerializer
  else serializer
  end

  # see ActionDispatch::Cookies::ChainedCookieJar#encrypted_cookie_cipher
  encrypted_cookie_cipher ||= "aes-256-gcm"

  # see ActionDispatch::Cookies::EncryptedKeyRotatingCookieJar#initialize
  if use_authenticated_cookie_encryption
    key_len = ActiveSupport::MessageEncryptor.key_len(encrypted_cookie_cipher)
    secret = key_generator.generate_key(authenticated_encrypted_cookie_salt, key_len)
    encryptor = ActiveSupport::MessageEncryptor.new(secret, cipher: encrypted_cookie_cipher, serializer: serializer)
  else
    key_len = ActiveSupport::MessageEncryptor.key_len("aes-256-cbc")
    secret = key_generator.generate_key(encrypted_cookie_salt, key_len)
    sign_secret = key_generator.generate_key(encrypted_signed_cookie_salt)
    encryptor = ActiveSupport::MessageEncryptor.new(secret, sign_secret, cipher: "aes-256-cbc", serializer: serializer)
  end

  encryptor.decrypt_and_verify(cookie)
end
	# frozen_string_literal: true

	require 'cgi'
	require 'json'
	require 'active_support'

	def verify_and_decrypt_session_cookie(
	cookie,
	escaped: false,
	key_generator: Rails.application.key_generator,
	secret_key_base: Rails.application.secret_key_base,
	config: Rails.application.config.action_dispatch,
	authenticated_encrypted_cookie_salt: config.authenticated_encrypted_cookie_salt,
	encrypted_cookie_salt: config.encrypted_cookie_salt,
	encrypted_signed_cookie_salt: config.encrypted_signed_cookie_salt,
	encrypted_cookie_cipher: config.encrypted_cookie_cipher,
	cookies_serializer: config.cookies_serializer,
	use_authenticated_cookie_encryption: config.use_authenticated_cookie_encryption
	)
	# cookie: it may need to be unescaped, depending on how it was acquired
	cookie = CGI::unescape(cookie) if escaped

	# see ActionDispatch::Cookies::SerializedCookieJars#serializer
	serializer = case cookies_serializer
	when :marshal; Marshal
	when :json, :hybrid; ActionDispatch::Cookies::JsonSerializer
	else serializer
	end

	# see ActionDispatch::Cookies::ChainedCookieJar#encrypted_cookie_cipher
	encrypted_cookie_cipher \|\|= "aes-256-gcm"

	# see ActionDispatch::Cookies::EncryptedKeyRotatingCookieJar#initialize
	if use_authenticated_cookie_encryption
	key_len = ActiveSupport::MessageEncryptor.key_len(encrypted_cookie_cipher)
	secret = key_generator.generate_key(authenticated_encrypted_cookie_salt, key_len)
	encryptor = ActiveSupport::MessageEncryptor.new(secret, cipher: encrypted_cookie_cipher, serializer: serializer)
	else
	key_len = ActiveSupport::MessageEncryptor.key_len("aes-256-cbc")
	secret = key_generator.generate_key(encrypted_cookie_salt, key_len)
	sign_secret = key_generator.generate_key(encrypted_signed_cookie_salt)
	encryptor = ActiveSupport::MessageEncryptor.new(secret, sign_secret, cipher: "aes-256-cbc", serializer: serializer)
	end

	encryptor.decrypt_and_verify(cookie)
	end