Add latest changes from gitlab-org/gitlab@master

1 files changed, 9 insertions, 1 deletions

diff --git a/app/models/concerns/token_authenticatable_strategies/encrypted.rb b/app/models/concerns/token_authenticatable_strategies/encrypted.rb
index 4728cb658dc..672402ee4d6 100644
--- a/app/models/concerns/token_authenticatable_strategies/encrypted.rb
+++ b/app/models/concerns/token_authenticatable_strategies/encrypted.rb
@@ -85,10 +85,18 @@ module TokenAuthenticatableStrategies
     end
 
     def find_by_encrypted_token(token, unscoped)
-      encrypted_value = Gitlab::CryptoHelper.aes256_gcm_encrypt(token)
+      nonce = Feature.enabled?(:dynamic_nonce_creation) ? find_hashed_iv(token) : Gitlab::CryptoHelper::AES256_GCM_IV_STATIC
+      encrypted_value = Gitlab::CryptoHelper.aes256_gcm_encrypt(token, nonce: nonce)
+
       relation(unscoped).find_by(encrypted_field => encrypted_value)
     end
 
+    def find_hashed_iv(token)
+      token_record = TokenWithIv.find_by_plaintext_token(token)
+
+      token_record&.iv || Gitlab::CryptoHelper::AES256_GCM_IV_STATIC
+    end
+
     def insecure_strategy
       @insecure_strategy ||= TokenAuthenticatableStrategies::Insecure
         .new(klass, token_field, options)