Merge branch 'master' into registry-790

This commit is contained in:
Artur Beljajev 2018-08-27 21:31:31 +03:00
commit fdc77fdd30
12 changed files with 29 additions and 24 deletions

View file

@ -26,7 +26,10 @@ class AuthTokenCreator
def encrypted_token
encryptor = OpenSSL::Cipher::AES.new(256, :CBC)
encryptor.encrypt
encryptor.key = key
# OpenSSL used to automatically shrink oversized keys, it does not do that any longer.
# See: https://github.com/ruby/openssl/issues/116
encryptor.key = key[0..31]
encrypted_bytes = encryptor.update(hashable) + encryptor.final
Base64.urlsafe_encode64(encrypted_bytes)
end

View file

@ -16,7 +16,10 @@ class AuthTokenDecryptor
def decrypt_token
decipher = OpenSSL::Cipher::AES.new(256, :CBC)
decipher.decrypt
decipher.key = key
# OpenSSL used to automatically shrink oversized keys, it does not do that any longer.
# See: https://github.com/ruby/openssl/issues/116
decipher.key = key[0..31]
base64_decoded = Base64.urlsafe_decode64(token.to_s)
plain = decipher.update(base64_decoded) + decipher.final