rails--rails/activesupport/lib/active_support/message_verifier.rb

require 'active_support/base64'
require 'active_support/core_ext/object/blank'

module ActiveSupport
  # +MessageVerifier+ makes it easy to generate and verify messages which are signed
  # to prevent tampering.
  #
  # This is useful for cases like remember-me tokens and auto-unsubscribe links where the
  # session store isn't suitable or available.
  #
  # Remember Me:
  #   cookies[:remember_me] = @verifier.generate([@user.id, 2.weeks.from_now])
  #
  # In the authentication filter:
  #
  #   id, time = @verifier.verify(cookies[:remember_me])
  #   if time < Time.now
  #     self.current_user = User.find(id)
  #   end
  #
  # By default it uses Marshal to serialize the message. If you want to use another 
  # serialization method, you can set the serializer attribute to something that responds
  # to dump and load, e.g.:
  #
  #   @verifier.serializer = YAML
  class MessageVerifier
    class InvalidSignature < StandardError; end

    def initialize(secret, options = {})
      @secret = secret
      @digest = options[:digest] || 'SHA1'
      @serializer = options[:serializer] || Marshal
    end

    def verify(signed_message)
      raise InvalidSignature if signed_message.blank?

      data, digest = signed_message.split("--")
      if data.present? && digest.present? && secure_compare(digest, generate_digest(data))
        @serializer.load(ActiveSupport::Base64.decode64(data))
      else
        raise InvalidSignature
      end
    end

    def generate(value)
      data = ActiveSupport::Base64.encode64s(@serializer.dump(value))
      "#{data}--#{generate_digest(data)}"
    end

    private
      # constant-time comparison algorithm to prevent timing attacks
      def secure_compare(a, b)
        return false unless a.bytesize == b.bytesize

        l = a.unpack "C#{a.bytesize}"

        res = 0
        b.each_byte { |byte| res |= byte ^ l.shift }
        res == 0
      end

      def generate_digest(data)
        require 'openssl' unless defined?(OpenSSL)
        OpenSSL::HMAC.hexdigest(OpenSSL::Digest.const_get(@digest).new, @secret, data)
      end
  end
end
message_verifier.rb needs active_support/base64 2010-01-01 14:59:51 -05:00			`require 'active_support/base64'`
message_verifier.rb needs active_support/core_ext/object/blank 2010-01-01 15:00:37 -05:00			`require 'active_support/core_ext/object/blank'`
message_verifier.rb needs active_support/base64 2010-01-01 14:59:51 -05:00
Add ActiveSupport::MessageVerifier to aid users who need to store tamper-proof messages in cookies etc. This is particularly useful for things like remember-me tokens in web applications and auto-unsubscribe links in emails. 2008-11-23 09:29:11 -05:00			`module ActiveSupport`
more style changes 2011-03-06 04:44:52 -05:00			`# +MessageVerifier+ makes it easy to generate and verify messages which are signed`
Add ActiveSupport::MessageVerifier to aid users who need to store tamper-proof messages in cookies etc. This is particularly useful for things like remember-me tokens in web applications and auto-unsubscribe links in emails. 2008-11-23 09:29:11 -05:00			`# to prevent tampering.`
Deletes trailing whitespaces (over text files only find * -type f -exec sed 's/[ \t]*$//' -i {} \;) 2010-08-14 01:13:00 -04:00			`#`
Add ActiveSupport::MessageVerifier to aid users who need to store tamper-proof messages in cookies etc. This is particularly useful for things like remember-me tokens in web applications and auto-unsubscribe links in emails. 2008-11-23 09:29:11 -05:00			`# This is useful for cases like remember-me tokens and auto-unsubscribe links where the`
			`# session store isn't suitable or available.`
			`#`
			`# Remember Me:`
Don't need _message as it's in the class name already 2008-11-23 10:33:56 -05:00			`# cookies[:remember_me] = @verifier.generate([@user.id, 2.weeks.from_now])`
Deletes trailing whitespaces (over text files only find * -type f -exec sed 's/[ \t]*$//' -i {} \;) 2010-08-14 01:13:00 -04:00			`#`
Add ActiveSupport::MessageVerifier to aid users who need to store tamper-proof messages in cookies etc. This is particularly useful for things like remember-me tokens in web applications and auto-unsubscribe links in emails. 2008-11-23 09:29:11 -05:00			`# In the authentication filter:`
			`#`
Don't need _message as it's in the class name already 2008-11-23 10:33:56 -05:00			`# id, time = @verifier.verify(cookies[:remember_me])`
Add ActiveSupport::MessageVerifier to aid users who need to store tamper-proof messages in cookies etc. This is particularly useful for things like remember-me tokens in web applications and auto-unsubscribe links in emails. 2008-11-23 09:29:11 -05:00			`# if time < Time.now`
			`# self.current_user = User.find(id)`
			`# end`
Deletes trailing whitespaces (over text files only find * -type f -exec sed 's/[ \t]*$//' -i {} \;) 2010-08-14 01:13:00 -04:00			`#`
Add some documentation for the new serializer property of MessageVerifier and MessageEncryptor. 2011-09-15 13:23:08 -04:00			`# By default it uses Marshal to serialize the message. If you want to use another`
			`# serialization method, you can set the serializer attribute to something that responds`
			`# to dump and load, e.g.:`
			`#`
			`# @verifier.serializer = YAML`
Add ActiveSupport::MessageVerifier to aid users who need to store tamper-proof messages in cookies etc. This is particularly useful for things like remember-me tokens in web applications and auto-unsubscribe links in emails. 2008-11-23 09:29:11 -05:00			`class MessageVerifier`
			`class InvalidSignature < StandardError; end`
Deletes trailing whitespaces (over text files only find * -type f -exec sed 's/[ \t]*$//' -i {} \;) 2010-08-14 01:13:00 -04:00
Use an options hash to specify digest/cipher algorithm and a serializer for MessageVerifier and MessageEncryptor. 2011-09-15 14:27:12 -04:00			`def initialize(secret, options = {})`
Add ActiveSupport::MessageVerifier to aid users who need to store tamper-proof messages in cookies etc. This is particularly useful for things like remember-me tokens in web applications and auto-unsubscribe links in emails. 2008-11-23 09:29:11 -05:00			`@secret = secret`
Use an options hash to specify digest/cipher algorithm and a serializer for MessageVerifier and MessageEncryptor. 2011-09-15 14:27:12 -04:00			`@digest = options[:digest] \|\| 'SHA1'`
			`@serializer = options[:serializer] \|\| Marshal`
Add ActiveSupport::MessageVerifier to aid users who need to store tamper-proof messages in cookies etc. This is particularly useful for things like remember-me tokens in web applications and auto-unsubscribe links in emails. 2008-11-23 09:29:11 -05:00			`end`
Deletes trailing whitespaces (over text files only find * -type f -exec sed 's/[ \t]*$//' -i {} \;) 2010-08-14 01:13:00 -04:00
Don't need _message as it's in the class name already 2008-11-23 10:33:56 -05:00			`def verify(signed_message)`
MessageVerifier#verify raises InvalidSignature if the signature is blank Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net> 2009-10-05 08:27:54 -04:00			`raise InvalidSignature if signed_message.blank?`

Add ActiveSupport::MessageVerifier to aid users who need to store tamper-proof messages in cookies etc. This is particularly useful for things like remember-me tokens in web applications and auto-unsubscribe links in emails. 2008-11-23 09:29:11 -05:00			`data, digest = signed_message.split("--")`
Ensure MessageVerifier raises appropriate exception on tampered data 2009-10-08 21:26:08 -04:00			`if data.present? && digest.present? && secure_compare(digest, generate_digest(data))`
Use an options hash to specify digest/cipher algorithm and a serializer for MessageVerifier and MessageEncryptor. 2011-09-15 14:27:12 -04:00			`@serializer.load(ActiveSupport::Base64.decode64(data))`
Fix timing attack vulnerability in ActiveSupport::MessageVerifier. Use a constant-time comparison algorithm to compare the candidate HMAC with the calculated HMAC to prevent leaking information about the calculated HMAC. Signed-off-by: Michael Koziarski <michael@koziarski.com> 2009-08-13 13:03:08 -04:00			`else`
			`raise InvalidSignature`
Add ActiveSupport::MessageVerifier to aid users who need to store tamper-proof messages in cookies etc. This is particularly useful for things like remember-me tokens in web applications and auto-unsubscribe links in emails. 2008-11-23 09:29:11 -05:00			`end`
			`end`
Deletes trailing whitespaces (over text files only find * -type f -exec sed 's/[ \t]*$//' -i {} \;) 2010-08-14 01:13:00 -04:00
Don't need _message as it's in the class name already 2008-11-23 10:33:56 -05:00			`def generate(value)`
Use an options hash to specify digest/cipher algorithm and a serializer for MessageVerifier and MessageEncryptor. 2011-09-15 14:27:12 -04:00			`data = ActiveSupport::Base64.encode64s(@serializer.dump(value))`
Add ActiveSupport::MessageVerifier to aid users who need to store tamper-proof messages in cookies etc. This is particularly useful for things like remember-me tokens in web applications and auto-unsubscribe links in emails. 2008-11-23 09:29:11 -05:00			`"#{data}--#{generate_digest(data)}"`
			`end`
Deletes trailing whitespaces (over text files only find * -type f -exec sed 's/[ \t]*$//' -i {} \;) 2010-08-14 01:13:00 -04:00
Add ActiveSupport::MessageVerifier to aid users who need to store tamper-proof messages in cookies etc. This is particularly useful for things like remember-me tokens in web applications and auto-unsubscribe links in emails. 2008-11-23 09:29:11 -05:00			`private`
making secure_compare faster [#3195 state:committed] Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net> 2009-09-13 03:32:30 -04:00			`# constant-time comparison algorithm to prevent timing attacks`
			`def secure_compare(a, b)`
			`return false unless a.bytesize == b.bytesize`
Revert "ruby 1.9 friendly secure_compare" because it breaks CI and Sam Ruby's suite This reverts commit 5de75398c495f109772b622291362a98bc6c21d1. 2009-09-12 15:35:03 -04:00
Revert "Improve performance of MessageVerifier while keeping it constant time" This reverts commit 8b05c5207dd5757d55d0c384740db289e6bd5415. 2010-07-13 19:13:37 -04:00			`l = a.unpack "C#{a.bytesize}"`
making secure_compare faster [#3195 state:committed] Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net> 2009-09-13 03:32:30 -04:00
Revert "Improve performance of MessageVerifier while keeping it constant time" This reverts commit 8b05c5207dd5757d55d0c384740db289e6bd5415. 2010-07-13 19:13:37 -04:00			`res = 0`
			`b.each_byte { \|byte\| res \|= byte ^ l.shift }`
			`res == 0`
Fix timing attack vulnerability in ActiveSupport::MessageVerifier. Use a constant-time comparison algorithm to compare the candidate HMAC with the calculated HMAC to prevent leaking information about the calculated HMAC. Signed-off-by: Michael Koziarski <michael@koziarski.com> 2009-08-13 13:03:08 -04:00			`end`

Add ActiveSupport::MessageVerifier to aid users who need to store tamper-proof messages in cookies etc. This is particularly useful for things like remember-me tokens in web applications and auto-unsubscribe links in emails. 2008-11-23 09:29:11 -05:00			`def generate_digest(data)`
Lazy-require OpenSSL 2008-11-23 18:29:03 -05:00			`require 'openssl' unless defined?(OpenSSL)`
Use OpenSSL::Digest.const(...).new instead of OpenSSL::Digest::Digest.new(...) 2009-09-25 01:43:45 -04:00			`OpenSSL::HMAC.hexdigest(OpenSSL::Digest.const_get(@digest).new, @secret, data)`
Add ActiveSupport::MessageVerifier to aid users who need to store tamper-proof messages in cookies etc. This is particularly useful for things like remember-me tokens in web applications and auto-unsubscribe links in emails. 2008-11-23 09:29:11 -05:00			`end`
			`end`
Lazy-require OpenSSL 2008-11-23 18:29:03 -05:00			`end`