diff --git a/app/controllers/maintenance/user/email_notifications_controller.rb b/app/controllers/maintenance/user/email_notifications_controller.rb index e2f00a53b..85736687a 100644 --- a/app/controllers/maintenance/user/email_notifications_controller.rb +++ b/app/controllers/maintenance/user/email_notifications_controller.rb @@ -22,9 +22,9 @@ module Maintenance end def validate_sig - digest = OpenSSL::Digest.new("sha256") - calc_sig = OpenSSL::HMAC.hexdigest(digest, Danbooru.config.email_key, params[:user_id].to_s) - if calc_sig != params[:sig] + verifier = ActiveSupport::MessageVerifier.new(Danbooru.config.email_key, digest: "SHA256", serializer: JSON) + calculated_sig = verifier.generate(params[:user_id].to_s) + if calculated_sig != params[:sig] raise VerificationError.new end end diff --git a/app/helpers/posts_helper.rb b/app/helpers/posts_helper.rb index 15a4e34d1..ed58356f1 100644 --- a/app/helpers/posts_helper.rb +++ b/app/helpers/posts_helper.rb @@ -22,8 +22,8 @@ module PostsHelper if params[:ms] == "1" && @post_set.post_count == 0 && @post_set.is_single_tag? session_id = session.id - digest = OpenSSL::Digest.new("sha256") - sig = OpenSSL::HMAC.hexdigest(digest, Danbooru.config.reportbooru_key, ",#{session_id}") + verifier = ActiveSupport::MessageVerifier.new(Danbooru.config.reportbooru_key, serializer: JSON, digest: "SHA256") + sig = verifier.generate(",#{session_id}") return render("posts/partials/index/missed_search_count", session_id: session_id, sig: sig) end end @@ -37,8 +37,8 @@ module PostsHelper if tags.present? key = "ps-#{tags}" value = session.id - digest = OpenSSL::Digest.new("sha256") - sig = OpenSSL::HMAC.hexdigest(digest, Danbooru.config.reportbooru_key, "#{key},#{value}") + verifier = ActiveSupport::MessageVerifier.new(Danbooru.config.reportbooru_key, serializer: JSON, digest: "SHA256") + sig = verifier.generate("#{key},#{value}") return render("posts/partials/index/search_count", key: key, value: value, sig: sig) end end @@ -61,8 +61,8 @@ module PostsHelper key = "uid" value = user.id - digest = OpenSSL::Digest.new("sha256") - sig = OpenSSL::HMAC.hexdigest(digest, Danbooru.config.reportbooru_key, "#{key},#{value}") + verifier = ActiveSupport::MessageVerifier.new(Danbooru.config.reportbooru_key, serializer: JSON, digest: "SHA256") + sig = verifier.generate("#{key},#{value}") render("users/common_searches", user: user, sig: sig) end diff --git a/app/helpers/uploads_helper.rb b/app/helpers/uploads_helper.rb index bf9a89ac5..8b3441644 100644 --- a/app/helpers/uploads_helper.rb +++ b/app/helpers/uploads_helper.rb @@ -3,7 +3,7 @@ module UploadsHelper return nil unless Danbooru.config.ccs_server.present? ref = ImageProxy.fake_referer_for(url) - digest = OpenSSL::Digest.new("sha256") - OpenSSL::HMAC.hexdigest(digest, Danbooru.config.ccs_key, "#{url},#{ref}") + verifier = ActiveSupport::MessageVerifier.new(Danbooru.config.ccs_key, serializer: JSON, digest: "SHA256") + verifier.generate("#{url},#{ref}") end end diff --git a/app/helpers/users_helper.rb b/app/helpers/users_helper.rb index 93a2e4ac8..7a79457e8 100644 --- a/app/helpers/users_helper.rb +++ b/app/helpers/users_helper.rb @@ -1,6 +1,6 @@ module UsersHelper def email_sig(user) - digest = OpenSSL::Digest.new("sha256") - OpenSSL::HMAC.hexdigest(digest, Danbooru.config.email_key, user.id.to_s) + verifier = ActiveSupport::MessageVerifier.new(Danbooru.config.email_key, serializer: JSON, digest: "SHA256") + verifier.generate("#{user_id}") end end diff --git a/app/logical/reports/uploads.rb b/app/logical/reports/uploads.rb index 517eb0fb1..d786f933d 100644 --- a/app/logical/reports/uploads.rb +++ b/app/logical/reports/uploads.rb @@ -19,8 +19,8 @@ module Reports end def generate_sig - digest = OpenSSL::Digest.new("sha256") - OpenSSL::HMAC.hexdigest(digest, Danbooru.config.reportbooru_key, "#{min_date},#{max_date},#{queries}") + verifier = ActiveSupport::MessageVerifier.new(Danbooru.config.reportbooru_key, serializer: JSON, digest: "SHA256") + verifier.generate("#{min_date},#{max_date},#{queries}") end end end diff --git a/app/models/dmail.rb b/app/models/dmail.rb index 677303268..586e91813 100644 --- a/app/models/dmail.rb +++ b/app/models/dmail.rb @@ -282,8 +282,8 @@ class Dmail < ApplicationRecord end def key - digest = OpenSSL::Digest.new("sha256") - OpenSSL::HMAC.hexdigest(digest, Danbooru.config.email_key, "#{title} #{body}") + verifier = ActiveSupport::MessageVerifier.new(Danbooru.config.email_key, serializer: JSON, digest: "SHA256") + verifier.generate("#{title} #{body}") end def visible_to?(user, key)