Trouble with ActiveSupport::MessageEncryptor::InvalidMessage in plugin

The update to 2.9.0.beta5 is causing an issue with my dashboard plugin. Something is triggering an error on one view of the plugin:

Started GET "/pfaffmanager/servers" for at 2022-06-14 17:53:31 +0000
Processing by Pfaffmanager::ServersController#index as HTML
  Rendered default/empty.html.erb within layouts/application (Duration: 0.1ms | Allocations: 29)
  Rendered layout layouts/application.html.erb (Duration: 21.6ms | Allocations: 7109)
Completed 200 OK in 142ms (Views: 23.0ms | ActiveRecord: 0.0ms | Allocations: 37464)
Started GET "/chat/chat_channels.json" for at 2022-06-14 17:53:31 +0000
Processing by DiscourseChat::ChatChannelsController#index as JSON
Started GET "/presence/get?channels%5B%5D=%2Fchat-user%2Fchat%2F1&channels%5B%5D=%2Fchat-user%2Fcore%2F1" for at 2022-06-14 17:53:31 +0000
Processing by PresenceController#get as JSON
  Parameters: {"channels"=>["/chat-user/chat/1", "/chat-user/core/1"]}
Completed 200 OK in 44ms (Views: 1.9ms | ActiveRecord: 0.0ms | Allocations: 5134)
Started GET "/pfaffmanager/servers" for at 2022-06-14 17:53:31 +0000
Completed 200 OK in 94ms (Views: 0.3ms | ActiveRecord: 0.0ms | Allocations: 22124)
Processing by Pfaffmanager::ServersController#index as JSON
Completed 500 Internal Server Error in 113ms (ActiveRecord: 0.0ms | Allocations: 15487)
ActiveSupport::MessageEncryptor::InvalidMessage (ActiveSupport::MessageEncryptor::InvalidMessage)
(eval):9:in `_fast_attributes'
app/controllers/application_controller.rb:543:in `render_json_dump'
app/controllers/application_controller.rb:415:in `block in with_resolved_locale'
app/controllers/application_controller.rb:415:in `with_resolved_locale'
lib/middleware/omniauth_bypass_middleware.rb:71:in `call'
lib/content_security_policy/middleware.rb:12:in `call'
lib/middleware/anonymous_cache.rb:368:in `call'
config/initializers/008-rack-cors.rb:25:in `call'
config/initializers/100-quiet_logger.rb:23:in `call'
config/initializers/100-silence_logger.rb:31:in `call'
lib/middleware/enforce_hostname.rb:23:in `call'
lib/middleware/request_tracker.rb:202:in `call'

This appears to have only in the index view of my plugin, not in any other pages in the plugin or Discourse. I’m not sure where to look. So glad I ran the upgrade on my staging site first!

The above suggested to me that this has to do with the chat plugin, but it’s happening on my dev instance without chat installed.

Wow, and searching google fro ActiveSupport::MessageEncryptor::InvalidMessage "fast_attributes" returns only this topic!

1 Like

My problem seems to have to do with config/master.key (Rails: ActiveSupport::MessageEncryptor::InvalidMessage - Stack Overflow), but I don’t understand why it started happening on this upgrade.

1 Like

We updated to Rails 7, so that’s probably the cause.

1 Like

Thanks, @gerhard!

So at Upgrading Ruby on Rails — Ruby on Rails Guides

I find

(but that says Rails 7.1?)

Is there some way that you know off the top of your head that I can ignore this change in my existing plugin with some obvious-once-you-know-it line in my plugin.rb?

Or maybe I’m going to have to figure out what this means.

EDIT: but on dev adding that line to config/application.rb is not a magic fix.

Sorry. I read a bit further:

So maybe that will solve my immediate problem. Thanks again for your help! Maybe I’ll get it this time.

Well, the key I generate for both rails 6 and rails 7 looks like this:

#<ActiveSupport::KeyGenerator:0x000055870212d4f8 @hash_digest_class=OpenSSL::Digest::SHA1, @iterations=65536, @secret="my-big-secret">

but they encrypt things differently. I was hoping that the hash_digest_class was the issue, but it at least looks like it’s the same on both, but the encrypted string is different. :crying_cat_face:

1 Like

Oh. Darn. No, that’s not it. My production site that’s working is on 7.0.3 and the staging site that’s broken is also on 7.0.3. It’s encrypting stuff differently. I can’t tell, and don’t know how to tell, if it’s that the serializer is differnt or the cypher is different.

Meanwhile, I’ve learned that 7.0 supports encrpypting fields, which will let me rip out some custom code if only I can figure out how to access my encrypted API keys at all. Or maybe I’ll just trash and regenerate them.

As of latext I am getting encryptions like
=> "SUNBZlRURThEZjdVUG8wTzV1eWk0dz09LS1uRGVSQWtPRU9rc1ZCa1Y1d2pyeU5nPT0=--43eab316e6a9ebafc72d4982347abd9c7f6605db"

with 2.9.0.beta4 they look like "FwL/GGvrDHOpQ1bnGiI=--kCLbUxMf/XeMaeWF--/feRN+/l1q3EFdKgyIo+7Q==

I needed to add the old cipher here:

k =,  cipher: "aes-256-cbc")

I still don’t understand why the two instances that both claim to be running 7.0.3 have different results, but a good RTFM of the upgrade docs was a big help. Thanks, Gerhard! It was the nudge I needed.

1 Like