FIX: Do not error when json-serialized cookies are used (#16522)

We intend to switch to the `:json` serializer, which will stringify all keys. However, we need a clean revert path. This commit ensures that our `_t` cookie handling works with both marshal (the current default) and json (the new default) serialization.

lib/auth/default_current_user_provider.rb

@@ -90,7 +90,7 @@ class Auth::DefaultCurrentUserProvider
       request = ActionDispatch::Request.new(env)
       # don't even initialize a cookie jar if we don't have a cookie at all
       if request.cookies[TOKEN_COOKIE].present?
-        request.cookie_jar.encrypted[TOKEN_COOKIE]
+        request.cookie_jar.encrypted[TOKEN_COOKIE]&.with_indifferent_access
       end
     end
   end

spec/lib/auth/default_current_user_provider_spec.rb

@@ -738,4 +738,22 @@ describe Auth::DefaultCurrentUserProvider do
     env = { "HTTP_COOKIE" => "_t=#{cookie}", "REMOTE_ADDR" => ip }
     expect(provider('/', env).current_user).to eq(nil)
   end
+
+  it "copes with json-serialized auth cookies" do
+    # We're switching to :json during the Rails 7 upgrade, but we want a clean revert path
+    # back to Rails 6 if needed
+
+    @provider = provider('/', { # The upcoming default
+      ActionDispatch::Cookies::COOKIES_SERIALIZER => :json,
+      method: "GET",
+    })
+    @provider.log_on_user(user, {}, @provider.cookie_jar)
+    cookie = @provider.cookie_jar["_t"]
+
+    ip = "10.0.0.1"
+    env = { "HTTP_COOKIE" => "_t=#{cookie}", "REMOTE_ADDR" => ip }
+    provider2 = provider('/', env)
+    expect(provider2.current_user).to eq(user)
+    expect(provider2.cookie_jar.encrypted["_t"].keys).to include("user_id", "token") # (strings)
+  end
 end