Specify verification purposes

2022-11-09 12:12:34 -05:00 · 2017-07-23 15:51:01 -05:00 · 2017-07-23 15:51:01 -05:00 · 15efa6720f
commit 15efa6720f
parent 5889560427
6 changed files with 9 additions and 9 deletions
--- a/app/controllers/active_storage/disk_controller.rb
+++ b/app/controllers/active_storage/disk_controller.rb
@ -24,7 +24,7 @@ class ActiveStorage::DiskController < ActionController::Base
    end
    def decode_verified_key
-      ActiveStorage.verifier.verified(params[:encoded_key])
+      ActiveStorage.verifier.verified(params[:encoded_key], purpose: :blob_key)
    end
    def disposition_param
--- a/app/models/active_storage/blob.rb
+++ b/app/models/active_storage/blob.rb
@ -15,7 +15,7 @@ class ActiveStorage::Blob < ActiveRecord::Base
  class << self
    def find_signed(id)
-      find ActiveStorage.verifier.verify(id)
+      find ActiveStorage.verifier.verify(id, purpose: :blob_id)
    end
    def build_after_upload(io:, filename:, content_type: nil, metadata: nil)
@ -39,7 +39,7 @@ class ActiveStorage::Blob < ActiveRecord::Base
  def signed_id
-    ActiveStorage.verifier.generate(id)
+    ActiveStorage.verifier.generate(id, purpose: :blob_id)
  end
  def key
--- a/app/models/active_storage/service/disk_service.rb
+++ b/app/models/active_storage/service/disk_service.rb
@ -53,7 +53,7 @@ class ActiveStorage::Service::DiskService < ActiveStorage::Service
  def url(key, expires_in:, disposition:, filename:)
    instrument :url, key do |payload|
-      verified_key_with_expiration = ActiveStorage.verifier.generate(key, expires_in: expires_in)
+      verified_key_with_expiration = ActiveStorage.verifier.generate(key, expires_in: expires_in, purpose: :blob_key)
      generated_url =
        if defined?(Rails) && defined?(Rails.application)
--- a/app/models/active_storage/variation.rb
+++ b/app/models/active_storage/variation.rb
@ -6,11 +6,11 @@ class ActiveStorage::Variation
  class << self
    def decode(key)
-      new ActiveStorage.verifier.verify(key)
+      new ActiveStorage.verifier.verify(key, purpose: :variation)
    end
    def encode(transformations)
-      ActiveStorage.verifier.generate(transformations)
+      ActiveStorage.verifier.generate(transformations, purpose: :variation)
    end
  end
--- a/test/controllers/disk_controller_test.rb
+++ b/test/controllers/disk_controller_test.rb
@ -11,13 +11,13 @@ class ActiveStorage::DiskControllerTest < ActionController::TestCase
  end
  test "showing blob inline" do
-    get :show, params: { filename: @blob.filename, encoded_key: ActiveStorage.verifier.generate(@blob.key, expires_in: 5.minutes) }
+    get :show, params: { filename: @blob.filename, encoded_key: ActiveStorage.verifier.generate(@blob.key, expires_in: 5.minutes, purpose: :blob_key) }
    assert_equal "inline; filename=\"#{@blob.filename}\"", @response.headers["Content-Disposition"]
    assert_equal "text/plain", @response.headers["Content-Type"]
  end
  test "sending blob as attachment" do
-    get :show, params: { filename: @blob.filename, encoded_key: ActiveStorage.verifier.generate(@blob.key, expires_in: 5.minutes), disposition: :attachment }
+    get :show, params: { filename: @blob.filename, encoded_key: ActiveStorage.verifier.generate(@blob.key, expires_in: 5.minutes, purpose: :blob_key), disposition: :attachment }
    assert_equal "attachment; filename=\"#{@blob.filename}\"", @response.headers["Content-Disposition"]
    assert_equal "text/plain", @response.headers["Content-Type"]
  end
--- a/test/models/blob_test.rb
+++ b/test/models/blob_test.rb
@ -35,6 +35,6 @@ class ActiveStorage::BlobTest < ActiveSupport::TestCase
  private
    def expected_url_for(blob, disposition: :inline)
-      "/rails/active_storage/disk/#{ActiveStorage.verifier.generate(blob.key, expires_in: 5.minutes)}/#{blob.filename}?disposition=#{disposition}"
+      "/rails/active_storage/disk/#{ActiveStorage.verifier.generate(blob.key, expires_in: 5.minutes, purpose: :blob_key)}/#{blob.filename}?disposition=#{disposition}"
    end
 end