fixes #3276

app/controllers/maintenance/user/email_notifications_controller.rb

@@ -22,9 +22,9 @@ module Maintenance
       end
 
       def validate_sig
-        digest = OpenSSL::Digest.new("sha256")
+        verifier = ActiveSupport::MessageVerifier.new(Danbooru.config.email_key, digest: "SHA256", serializer: JSON)
-        calc_sig = OpenSSL::HMAC.hexdigest(digest, Danbooru.config.email_key, params[:user_id].to_s)
+        calculated_sig = verifier.generate(params[:user_id].to_s)
-        if calc_sig != params[:sig]
+        if calculated_sig != params[:sig]
           raise VerificationError.new
         end
       end

app/helpers/posts_helper.rb

@@ -22,8 +22,8 @@ module PostsHelper
     
     if params[:ms] == "1" && @post_set.post_count == 0 && @post_set.is_single_tag?
       session_id = session.id
-      digest = OpenSSL::Digest.new("sha256")
+      verifier = ActiveSupport::MessageVerifier.new(Danbooru.config.reportbooru_key, serializer: JSON, digest: "SHA256")
-      sig = OpenSSL::HMAC.hexdigest(digest, Danbooru.config.reportbooru_key, ",#{session_id}")
+      sig = verifier.generate(",#{session_id}")
       return render("posts/partials/index/missed_search_count", session_id: session_id, sig: sig)
     end
   end
@@ -37,8 +37,8 @@ module PostsHelper
       if tags.present?
         key = "ps-#{tags}"
         value = session.id
-        digest = OpenSSL::Digest.new("sha256")
+        verifier = ActiveSupport::MessageVerifier.new(Danbooru.config.reportbooru_key, serializer: JSON, digest: "SHA256")
-        sig = OpenSSL::HMAC.hexdigest(digest, Danbooru.config.reportbooru_key, "#{key},#{value}")
+        sig = verifier.generate("#{key},#{value}")
         return render("posts/partials/index/search_count", key: key, value: value, sig: sig)
       end
     end
@@ -61,8 +61,8 @@ module PostsHelper
 
     key = "uid"
     value = user.id
-    digest = OpenSSL::Digest.new("sha256")
+    verifier = ActiveSupport::MessageVerifier.new(Danbooru.config.reportbooru_key, serializer: JSON, digest: "SHA256")
-    sig = OpenSSL::HMAC.hexdigest(digest, Danbooru.config.reportbooru_key, "#{key},#{value}")
+    sig = verifier.generate("#{key},#{value}")
     render("users/common_searches", user: user, sig: sig)
   end
 

app/helpers/uploads_helper.rb

@@ -3,7 +3,7 @@ module UploadsHelper
     return nil unless Danbooru.config.ccs_server.present?
 
     ref = ImageProxy.fake_referer_for(url)
-    digest = OpenSSL::Digest.new("sha256")
+    verifier = ActiveSupport::MessageVerifier.new(Danbooru.config.ccs_key, serializer: JSON, digest: "SHA256")
-    OpenSSL::HMAC.hexdigest(digest, Danbooru.config.ccs_key, "#{url},#{ref}")
+    verifier.generate("#{url},#{ref}")
   end
 end

app/helpers/users_helper.rb

@@ -1,6 +1,6 @@
 module UsersHelper
   def email_sig(user)
-    digest = OpenSSL::Digest.new("sha256")
+    verifier = ActiveSupport::MessageVerifier.new(Danbooru.config.email_key, serializer: JSON, digest: "SHA256")
-    OpenSSL::HMAC.hexdigest(digest, Danbooru.config.email_key, user.id.to_s)
+    verifier.generate("#{user_id}")
   end
 end

app/logical/reports/uploads.rb

@@ -19,8 +19,8 @@ module Reports
     end
 
     def generate_sig
-      digest = OpenSSL::Digest.new("sha256")
+      verifier = ActiveSupport::MessageVerifier.new(Danbooru.config.reportbooru_key, serializer: JSON, digest: "SHA256")
-      OpenSSL::HMAC.hexdigest(digest, Danbooru.config.reportbooru_key, "#{min_date},#{max_date},#{queries}")
+      verifier.generate("#{min_date},#{max_date},#{queries}")
     end
   end
 end

app/models/dmail.rb

@@ -282,8 +282,8 @@ class Dmail < ApplicationRecord
   end
   
   def key
-    digest = OpenSSL::Digest.new("sha256")
+    verifier = ActiveSupport::MessageVerifier.new(Danbooru.config.email_key, serializer: JSON, digest: "SHA256")
-    OpenSSL::HMAC.hexdigest(digest, Danbooru.config.email_key, "#{title} #{body}")
+    verifier.generate("#{title} #{body}")
   end
   
   def visible_to?(user, key)