diff options
Diffstat (limited to 'app/models/concerns/token_authenticatable_strategies')
| -rw-r--r-- | app/models/concerns/token_authenticatable_strategies/encrypted.rb | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/app/models/concerns/token_authenticatable_strategies/encrypted.rb b/app/models/concerns/token_authenticatable_strategies/encrypted.rb index 4728cb658dc..672402ee4d6 100644 --- a/app/models/concerns/token_authenticatable_strategies/encrypted.rb +++ b/app/models/concerns/token_authenticatable_strategies/encrypted.rb @@ -85,10 +85,18 @@ module TokenAuthenticatableStrategies end def find_by_encrypted_token(token, unscoped) - encrypted_value = Gitlab::CryptoHelper.aes256_gcm_encrypt(token) + nonce = Feature.enabled?(:dynamic_nonce_creation) ? find_hashed_iv(token) : Gitlab::CryptoHelper::AES256_GCM_IV_STATIC + encrypted_value = Gitlab::CryptoHelper.aes256_gcm_encrypt(token, nonce: nonce) + relation(unscoped).find_by(encrypted_field => encrypted_value) end + def find_hashed_iv(token) + token_record = TokenWithIv.find_by_plaintext_token(token) + + token_record&.iv || Gitlab::CryptoHelper::AES256_GCM_IV_STATIC + end + def insecure_strategy @insecure_strategy ||= TokenAuthenticatableStrategies::Insecure .new(klass, token_field, options) |