Class: Decidim::AttributeEncryptor

Inherits:
Object
  • Object
show all
Defined in:
lib/decidim/attribute_encryptor.rb

Direct Known Subclasses

NewsletterEncryptor

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(secret: "attribute", **options) ⇒ AttributeEncryptor

Returns a new instance of AttributeEncryptor.



7
8
9
10
11
12
13
 
# File 'lib/decidim/attribute_encryptor.rb', line 7

def initialize(secret: "attribute", **options)
  @secret = secret
  @hash_digest_class = options.fetch(:hash_digest_class, Rails.application.config.active_support.hash_digest_class)
  @secret_key_base = options.fetch(:secret_key_base, Rails.application.secret_key_base)
  @key_len = options.fetch(:key_len, ActiveSupport::MessageEncryptor.key_len)
  @is_retry = options.fetch(:is_retry, false)
end

Instance Attribute Details

#hash_digest_classObject (readonly)

Returns the value of attribute hash_digest_class.



5
6
7
 
# File 'lib/decidim/attribute_encryptor.rb', line 5

def hash_digest_class
  @hash_digest_class
end

#is_retryObject (readonly)

Returns the value of attribute is_retry.



5
6
7
 
# File 'lib/decidim/attribute_encryptor.rb', line 5

def is_retry
  @is_retry
end

#key_lenObject (readonly)

Returns the value of attribute key_len.



5
6
7
 
# File 'lib/decidim/attribute_encryptor.rb', line 5

def key_len
  @key_len
end

#secretObject (readonly)

Returns the value of attribute secret.



5
6
7
 
# File 'lib/decidim/attribute_encryptor.rb', line 5

def secret
  @secret
end

#secret_key_baseObject (readonly)

Returns the value of attribute secret_key_base.



5
6
7
 
# File 'lib/decidim/attribute_encryptor.rb', line 5

def secret_key_base
  @secret_key_base
end

Class Method Details

.cryptorObject 



49
50
51
 
# File 'lib/decidim/attribute_encryptor.rb', line 49

def self.cryptor
  @cryptor ||= new(secret: "attribute")
end

.decrypt(string_encrypted) ⇒ Object 



45
46
47
 
# File 'lib/decidim/attribute_encryptor.rb', line 45

def self.decrypt(string_encrypted)
  cryptor.decrypt(string_encrypted)
end

.encrypt(string) ⇒ Object 



41
42
43
 
# File 'lib/decidim/attribute_encryptor.rb', line 41

def self.encrypt(string)
  cryptor.encrypt(string)
end

Instance Method Details

#decrypt(string_encrypted) ⇒ Object 



21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
 
# File 'lib/decidim/attribute_encryptor.rb', line 21

def decrypt(string_encrypted)
  return if string_encrypted.blank?

  # `ActiveSupport::MessageEncryptor` expects all values passed to the
  # `#decrypt_and_verify` method to be instances of String as the message
  # verifier calls `#split` on the value objects: https://git.io/JqfOO.
  # If something else is passed, just return the value as is.
  return string_encrypted unless string_encrypted.is_a?(String)

  encryptor.decrypt_and_verify(string_encrypted)
rescue ActiveSupport::MessageEncryptor::InvalidMessage => e
  # Since we have migrated from SHA1 to SHA256, we need to ensure that any encrypted string not migrated is still being decrypted successfully.
  # There are some resources that are still using SHA1, so we need to retry with the legacy encryptor.
  # Some of those resources are:
  #  - Newsletter unsubscribe links (being sent to users via email)
  raise e if is_retry

  legacy_encryptor.decrypt(string_encrypted)
end

#encrypt(string) ⇒ Object 



15
16
17
18
19
 
# File 'lib/decidim/attribute_encryptor.rb', line 15

def encrypt(string)
  return if string.blank?

  encryptor.encrypt_and_sign(string)
end