From 8d1a848e606a86af0665c474e7f030d06a2ab011 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Javi=20Mart=C3=ADn?= Date: Mon, 9 Dec 2024 14:53:33 +0100 Subject: [PATCH] Remove code to rotate non-SHA256 cookies This code was added in commit b3f570512 in order to rotate existing cookies used by Consul Democracy 2.1 and earlier. Since the code was included in Consul Democracy 2.2, existing installation using Consul Democracy 2.2 will have already rotated the old cookies, which means we don't need the cookie rotator anymore. --- .rubocop.yml | 1 - ...tive_storage_message_and_cookie_rotator.rb | 36 ------------------- .../active_storage_message_rotator.rb | 12 +++++++ 3 files changed, 12 insertions(+), 37 deletions(-) delete mode 100644 config/initializers/active_storage_message_and_cookie_rotator.rb create mode 100644 config/initializers/active_storage_message_rotator.rb diff --git a/.rubocop.yml b/.rubocop.yml index 0a5d2c226..d94263840 100644 --- a/.rubocop.yml +++ b/.rubocop.yml @@ -165,7 +165,6 @@ Layout/LineLength: - "config/environments/staging.rb" - "config/initializers/devise.rb" - "config/initializers/backtrace_silencers.rb" - - "config/initializers/active_storage_message_and_cookie_rotator.rb" - "db/migrate/*create_delayed_jobs.rb" - "db/migrate/*create_active_storage_variant_records.active_storage.rb" - "app/models/budget/stats.rb" diff --git a/config/initializers/active_storage_message_and_cookie_rotator.rb b/config/initializers/active_storage_message_and_cookie_rotator.rb deleted file mode 100644 index c6a97ab74..000000000 --- a/config/initializers/active_storage_message_and_cookie_rotator.rb +++ /dev/null @@ -1,36 +0,0 @@ -# This code was copied from: -# https://github.com/hotwired/turbo-rails/blob/v1.4.0/UPGRADING.md#key-digest-changes-in-111 -# Removing this code will make ActiveStorage image URLs generated with Rails 6.1 -# or earlier inaccessible, causing images attached with CKEditor or linked from -# somewhere else not to be rendered. -Rails.application.config.after_initialize do |app| - key_generator = ActiveSupport::KeyGenerator.new( - app.secret_key_base, iterations: 1000, hash_digest_class: OpenSSL::Digest::SHA1 - ) - - app.message_verifier("ActiveStorage").rotate(key_generator.generate_key("ActiveStorage")) -end - -# This code was copied from: -# https://guides.rubyonrails.org/v7.0/upgrading_ruby_on_rails.html#key-generator-digest-class-changing-to-use-sha256 -# TODO: safe to remove after upgrading to Rails 7.1 or releasing a new -# version of Consul Democracy -Rails.application.config.after_initialize do - Rails.application.config.action_dispatch.cookies_rotations.tap do |cookies| - authenticated_encrypted_cookie_salt = Rails.application.config.action_dispatch.authenticated_encrypted_cookie_salt - signed_cookie_salt = Rails.application.config.action_dispatch.signed_cookie_salt - - secret_key_base = Rails.application.secret_key_base - - key_generator = ActiveSupport::KeyGenerator.new( - secret_key_base, iterations: 1000, hash_digest_class: OpenSSL::Digest::SHA1 - ) - key_len = ActiveSupport::MessageEncryptor.key_len - - old_encrypted_secret = key_generator.generate_key(authenticated_encrypted_cookie_salt, key_len) - old_signed_secret = key_generator.generate_key(signed_cookie_salt) - - cookies.rotate :encrypted, old_encrypted_secret - cookies.rotate :signed, old_signed_secret - end -end diff --git a/config/initializers/active_storage_message_rotator.rb b/config/initializers/active_storage_message_rotator.rb new file mode 100644 index 000000000..1a187a42c --- /dev/null +++ b/config/initializers/active_storage_message_rotator.rb @@ -0,0 +1,12 @@ +# This code was copied from: +# https://github.com/hotwired/turbo-rails/blob/v1.4.0/UPGRADING.md#key-digest-changes-in-111 +# Removing this code will make ActiveStorage image URLs generated with Rails 6.1 +# or earlier inaccessible, causing images attached with CKEditor or linked from +# somewhere else not to be rendered. +Rails.application.config.after_initialize do |app| + key_generator = ActiveSupport::KeyGenerator.new( + app.secret_key_base, iterations: 1000, hash_digest_class: OpenSSL::Digest::SHA1 + ) + + app.message_verifier("ActiveStorage").rotate(key_generator.generate_key("ActiveStorage")) +end