Add application verifier

It is an application global verifier that can be used to generate and verify signed messages. See the documentation of ActiveSupport::MessageVerifier for more information.
2022-11-09 12:12:34 -05:00 · 2013-11-19 22:26:52 -02:00 · 2013-11-19 22:26:52 -02:00 · 233001749c
commit 233001749c
parent c9223dc366
2 changed files with 53 additions and 0 deletions
--- a/railties/lib/rails/application.rb
+++ b/railties/lib/rails/application.rb
@ -158,6 +158,18 @@ module Rails
      end
    end

+    def verifier
+      @verifier ||= begin
+        if config.respond_to?(:message_verifier_salt)
+          salt = config.message_verifier_salt
+        end
+
+        salt = salt || 'application verifier'
+        secret = key_generator.generate_key(salt)
+        ActiveSupport::MessageVerifier.new(secret)
+      end
+    end
+
    # Stores some of the Rails initial environment parameters which
    # will be used by middlewares and engines to configure themselves.
    def env_config
--- a/railties/test/application/configuration_test.rb
+++ b/railties/test/application/configuration_test.rb
@ -268,6 +268,47 @@ module ApplicationTests
      assert_equal 'some_value', verifier.verify(last_response.body)
    end

+    test "application verifier can be used in the entire application" do
+      make_basic_app do |app|
+        app.config.secret_key_base = 'b3c631c314c0bbca50c1b2843150fe33'
+        app.config.session_store :disabled
+      end
+
+      class ::OmgController < ActionController::Base
+        def index
+          render text: Rails.application.verifier.generate("some_value")
+        end
+      end
+
+      get "/"
+
+      assert_equal 'some_value', Rails.application.verifier.verify(last_response.body)
+
+      secret = app.key_generator.generate_key('application verifier')
+      verifier = ActiveSupport::MessageVerifier.new(secret)
+      assert_equal 'some_value', verifier.verify(last_response.body)
+    end
+
+    test "application verifier use the configure salt" do
+      make_basic_app do |app|
+        app.config.secret_key_base = 'b3c631c314c0bbca50c1b2843150fe33'
+        app.config.session_store :disabled
+        app.config.message_verifier_salt = 'another salt'
+      end
+
+      class ::OmgController < ActionController::Base
+        def index
+          render text: Rails.application.verifier.generate("some_value")
+        end
+      end
+
+      get "/"
+
+      secret = app.key_generator.generate_key('another salt')
+      verifier = ActiveSupport::MessageVerifier.new(secret)
+      assert_equal 'some_value', verifier.verify(last_response.body)
+    end
+
    test "protect from forgery is the default in a new app" do
      make_basic_app