reuse shared secret logic

callum-oakley · callum-oakley · commit f19a52a9456a · 2020-10-20T10:05:32.000+01:00
diff --git a/lib/pusher/channel.rb b/lib/pusher/channel.rb
@@ -180,7 +180,7 @@ def shared_secret(encryption_master_key)
       secret_string = @name + encryption_master_key
       digest = OpenSSL::Digest::SHA256.new
       digest << secret_string
-      Base64.strict_encode64(digest.digest)
+      digest.digest
     end
 
     private
diff --git a/lib/pusher/client.rb b/lib/pusher/client.rb
@@ -377,7 +377,9 @@ def authenticate(channel_name, socket_id, custom_data = nil)
       channel_instance = channel(channel_name)
       r = channel_instance.authenticate(socket_id, custom_data)
       if channel_name.match(/^private-encrypted-/)
-        r[:shared_secret] = channel_instance.shared_secret(encryption_master_key)
+        r[:shared_secret] = Base64.strict_encode64(
+          channel_instance.shared_secret(encryption_master_key)
+        )
       end
       r
     end
@@ -466,15 +468,15 @@ def encode_data(data)
 
     # Encrypts a message with a key derived from the master key and channel
     # name
-    def encrypt(channel, encoded_data)
+    def encrypt(channel_name, encoded_data)
       raise ConfigurationError, :encryption_master_key unless @encryption_master_key
 
       # Only now load rbnacl, so that people that aren't using it don't need to
       # install libsodium
       require_rbnacl
 
       secret_box = RbNaCl::SecretBox.new(
-        RbNaCl::Hash.sha256(channel + @encryption_master_key)
+        channel(channel_name).shared_secret(@encryption_master_key)
       )
 
       nonce = RbNaCl::Random.random_bytes(secret_box.nonce_bytes)
diff --git a/spec/channel_spec.rb b/spec/channel_spec.rb
@@ -176,7 +176,9 @@ def authentication_string(*data)
     it 'should return a shared_secret based on the channel name and encryption master key' do
       key = '3W1pfB/Etr+ZIlfMWwZP3gz8jEeCt4s2pe6Vpr+2c3M='
       shared_secret = @channel.shared_secret(key)
-      expect(shared_secret).to eq("6zeEp/chneRPS1cbK/hGeG860UhHomxSN6hTgzwT20I=")
+      expect(Base64.strict_encode64(shared_secret)).to eq(
+        "6zeEp/chneRPS1cbK/hGeG860UhHomxSN6hTgzwT20I="
+      )
     end
 
     it 'should return nil if missing encryption master key' do
diff --git a/spec/client_spec.rb b/spec/client_spec.rb
@@ -179,7 +179,7 @@
     describe 'can set encryption_master_key_base64' do
       it "sets encryption_master_key" do
         @client.encryption_master_key_base64 =
-          Base64.encode64(encryption_master_key)
+          Base64.strict_encode64(encryption_master_key)
 
         expect(@client.encryption_master_key).to eq(encryption_master_key)
       end
@@ -191,7 +191,7 @@
         @client.key    = '12345678900000001'
         @client.secret = '12345678900000001'
         @client.encryption_master_key_base64 =
-          Base64.encode64(encryption_master_key)
+          Base64.strict_encode64(encryption_master_key)
       end
 
       describe '#[]' do
