Make possibile to get different message verifiers

2022-11-09 12:12:34 -05:00 · 2013-11-21 23:42:10 -02:00 · 2013-11-21 23:42:10 -02:00 · 2be4916e8e
commit 2be4916e8e
parent 0a2d004ba1
3 changed files with 37 additions and 10 deletions
--- a/railties/CHANGELOG.md
+++ b/railties/CHANGELOG.md
@ -1,4 +1,4 @@
-*   Add `Application#message_verifier` method to return a application's message verifier.
+*   Add `Application#message_verifier` method to return a message verifier.

    This verifier can be used to generate and verify signed messages in the application.

@ -6,6 +6,14 @@
        Rails.application.message_verifier.verify(message)
        # => 'my sensible data'

+    It is recommended to not use the same verifier to different things, so you can get different
+    verifiers passing the name argument.
+
+        message = Rails.application.message_verifier('cookies').generate('my sensible cookie data')
+
+    By default all the verifiers will share the same salt, so messages generates by one can be
+    verifier by another one.
+
    See the `ActiveSupport::MessageVerifier` documentation to more information.

    *Rafael Mendonça França*
--- a/railties/lib/rails/application.rb
+++ b/railties/lib/rails/application.rb
@ -108,12 +108,13 @@ module Rails

    def initialize(initial_variable_values = {}, &block)
      super()
-      @initialized      = false
-      @reloaders        = []
-      @routes_reloader  = nil
-      @app_env_config   = nil
-      @ordered_railties = nil
-      @railties         = nil
+      @initialized       = false
+      @reloaders         = []
+      @routes_reloader   = nil
+      @app_env_config    = nil
+      @ordered_railties  = nil
+      @railties          = nil
+      @message_verifiers = {}

      add_lib_to_load_path!
      ActiveSupport.run_load_hooks(:before_configuration, self)
@ -159,17 +160,25 @@ module Rails
      end
    end

-    # Return the application's message verifier.
+    # Return a message verifier object.
    #
    # This verify can be used to generate and verify signed messages in the application.
    #
+    # By default all the verifiers will share the same salt.
+    #
+    # ==== Parameters
+    #
+    # * +verifier_name+ - the name of verifier you want to get.
+    #
+    # ==== Examples
+    #
    #     message = Rails.application.message_verifier.generate('my sensible data')
    #     Rails.application.message_verifier.verify(message)
    #     # => 'my sensible data'
    #
    # See the +ActiveSupport::MessageVerifier+ documentation to more information.
-    def message_verifier
-      @message_verifier ||= begin
+    def message_verifier(verifier_name = 'default')
+      @message_verifiers[verifier_name] ||= begin
        if config.respond_to?(:message_verifier_salt)
          salt = config.message_verifier_salt
        end
--- a/railties/test/application/configuration_test.rb
+++ b/railties/test/application/configuration_test.rb
@ -309,6 +309,16 @@ module ApplicationTests
      assert_equal 'some_value', verifier.verify(last_response.body)
    end

+    test "application verifier can build different verifiers" do
+      make_basic_app do |app|
+        app.config.secret_key_base = 'b3c631c314c0bbca50c1b2843150fe33'
+        app.config.session_store :disabled
+      end
+
+      assert_equal Rails.application.message_verifier.object_id, Rails.application.message_verifier.object_id
+      assert_not_equal Rails.application.message_verifier.object_id, Rails.application.message_verifier('text').object_id
+    end
+
    test "protect from forgery is the default in a new app" do
      make_basic_app