Specify verification purposes

app/controllers/active_storage/disk_controller.rb

@@ -24,7 +24,7 @@ class ActiveStorage::DiskController < ActionController::Base
     end
 
     def decode_verified_key
-      ActiveStorage.verifier.verified(params[:encoded_key])
+      ActiveStorage.verifier.verified(params[:encoded_key], purpose: :blob_key)
     end
 
     def disposition_param

app/models/active_storage/blob.rb

@@ -15,7 +15,7 @@ class ActiveStorage::Blob < ActiveRecord::Base
 
   class << self
     def find_signed(id)
-      find ActiveStorage.verifier.verify(id)
+      find ActiveStorage.verifier.verify(id, purpose: :blob_id)
     end
 
     def build_after_upload(io:, filename:, content_type: nil, metadata: nil)
@@ -39,7 +39,7 @@ class ActiveStorage::Blob < ActiveRecord::Base
 
 
   def signed_id
-    ActiveStorage.verifier.generate(id)
+    ActiveStorage.verifier.generate(id, purpose: :blob_id)
   end
 
   def key

app/models/active_storage/service/disk_service.rb

@@ -53,7 +53,7 @@ class ActiveStorage::Service::DiskService < ActiveStorage::Service
 
   def url(key, expires_in:, disposition:, filename:)
     instrument :url, key do |payload|
-      verified_key_with_expiration = ActiveStorage.verifier.generate(key, expires_in: expires_in)
+      verified_key_with_expiration = ActiveStorage.verifier.generate(key, expires_in: expires_in, purpose: :blob_key)
 
       generated_url =
         if defined?(Rails) && defined?(Rails.application)

app/models/active_storage/variation.rb

@@ -6,11 +6,11 @@ class ActiveStorage::Variation
 
   class << self
     def decode(key)
-      new ActiveStorage.verifier.verify(key)
+      new ActiveStorage.verifier.verify(key, purpose: :variation)
     end
 
     def encode(transformations)
-      ActiveStorage.verifier.generate(transformations)
+      ActiveStorage.verifier.generate(transformations, purpose: :variation)
     end
   end
 

test/controllers/disk_controller_test.rb

@@ -11,13 +11,13 @@ class ActiveStorage::DiskControllerTest < ActionController::TestCase
   end
 
   test "showing blob inline" do
-    get :show, params: { filename: @blob.filename, encoded_key: ActiveStorage.verifier.generate(@blob.key, expires_in: 5.minutes) }
+    get :show, params: { filename: @blob.filename, encoded_key: ActiveStorage.verifier.generate(@blob.key, expires_in: 5.minutes, purpose: :blob_key) }
     assert_equal "inline; filename=\"#{@blob.filename}\"", @response.headers["Content-Disposition"]
     assert_equal "text/plain", @response.headers["Content-Type"]
   end
 
   test "sending blob as attachment" do
-    get :show, params: { filename: @blob.filename, encoded_key: ActiveStorage.verifier.generate(@blob.key, expires_in: 5.minutes), disposition: :attachment }
+    get :show, params: { filename: @blob.filename, encoded_key: ActiveStorage.verifier.generate(@blob.key, expires_in: 5.minutes, purpose: :blob_key), disposition: :attachment }
     assert_equal "attachment; filename=\"#{@blob.filename}\"", @response.headers["Content-Disposition"]
     assert_equal "text/plain", @response.headers["Content-Type"]
   end

test/models/blob_test.rb

@@ -35,6 +35,6 @@ class ActiveStorage::BlobTest < ActiveSupport::TestCase
 
   private
     def expected_url_for(blob, disposition: :inline)
-      "/rails/active_storage/disk/#{ActiveStorage.verifier.generate(blob.key, expires_in: 5.minutes)}/#{blob.filename}?disposition=#{disposition}"
+      "/rails/active_storage/disk/#{ActiveStorage.verifier.generate(blob.key, expires_in: 5.minutes, purpose: :blob_key)}/#{blob.filename}?disposition=#{disposition}"
     end
 end