mirror of
https://github.com/rails/rails.git
synced 2022-11-09 12:12:34 -05:00
Merge pull request #12995 from rails/application-verifier
Add Application#message_verifier method to return a message verifier
This commit is contained in:
commit
4f330b0428
4 changed files with 97 additions and 6 deletions
|
@ -124,6 +124,17 @@ See
|
|||
[active_record/enum.rb](https://github.com/rails/rails/blob/4-1-stable/activerecord/lib/active_record/enum.rb#L2-L42)
|
||||
for a detailed write up.
|
||||
|
||||
### Application message verifier.
|
||||
|
||||
Create a message verifier that can be used to generate and verify signed
|
||||
messages in the application.
|
||||
|
||||
```ruby
|
||||
message = Rails.application.message_verifier('salt').generate('my sensible data')
|
||||
Rails.application.message_verifier('salt').verify(message)
|
||||
# => 'my sensible data'
|
||||
```
|
||||
|
||||
Documentation
|
||||
-------------
|
||||
|
||||
|
@ -164,6 +175,7 @@ for detailed changes.
|
|||
|
||||
* Exposed `MiddlewareStack#unshift` to environment configuration. ([Pull Request](https://github.com/rails/rails/pull/12479))
|
||||
|
||||
* Add `Application#message_verifier` method to return a message verifier. ([Pull Request](https://github.com/rails/rails/pull/12995))
|
||||
|
||||
Action Mailer
|
||||
-------------
|
||||
|
|
|
@ -1,3 +1,20 @@
|
|||
* Add `Application#message_verifier` method to return a message verifier.
|
||||
|
||||
This verifier can be used to generate and verify signed messages in the application.
|
||||
|
||||
message = Rails.application.message_verifier('salt').generate('my sensible data')
|
||||
Rails.application.message_verifier('salt').verify(message)
|
||||
# => 'my sensible data'
|
||||
|
||||
It is recommended not to use the same verifier for different things, so you can get different
|
||||
verifiers passing the name argument.
|
||||
|
||||
message = Rails.application.message_verifier('cookies').generate('my sensible cookie data')
|
||||
|
||||
See the `ActiveSupport::MessageVerifier` documentation for more information.
|
||||
|
||||
*Rafael Mendonça França*
|
||||
|
||||
* The [Spring application
|
||||
preloader](https://github.com/jonleighton/spring) is now installed
|
||||
by default for new applications. It uses the development group of
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
require 'fileutils'
|
||||
require 'active_support/core_ext/object/blank'
|
||||
require 'active_support/key_generator'
|
||||
require 'active_support/message_verifier'
|
||||
require 'rails/engine'
|
||||
|
||||
module Rails
|
||||
|
@ -107,12 +108,13 @@ module Rails
|
|||
|
||||
def initialize(initial_variable_values = {}, &block)
|
||||
super()
|
||||
@initialized = false
|
||||
@reloaders = []
|
||||
@routes_reloader = nil
|
||||
@app_env_config = nil
|
||||
@ordered_railties = nil
|
||||
@railties = nil
|
||||
@initialized = false
|
||||
@reloaders = []
|
||||
@routes_reloader = nil
|
||||
@app_env_config = nil
|
||||
@ordered_railties = nil
|
||||
@railties = nil
|
||||
@message_verifiers = {}
|
||||
|
||||
add_lib_to_load_path!
|
||||
ActiveSupport.run_load_hooks(:before_configuration, self)
|
||||
|
@ -158,6 +160,31 @@ module Rails
|
|||
end
|
||||
end
|
||||
|
||||
# Returns a message verifier object.
|
||||
#
|
||||
# This verifier can be used to generate and verify signed messages in the application.
|
||||
#
|
||||
# It is recommended not to use the same verifier for different things, so you can get different
|
||||
# verifiers passing the +verifier_name+ argument.
|
||||
#
|
||||
# ==== Parameters
|
||||
#
|
||||
# * +salt+ - the salt that will be used to generate the secret key of the verifier.
|
||||
#
|
||||
# ==== Examples
|
||||
#
|
||||
# message = Rails.application.message_verifier('salt').generate('my sensible data')
|
||||
# Rails.application.message_verifier('salt').verify(message)
|
||||
# # => 'my sensible data'
|
||||
#
|
||||
# See the +ActiveSupport::MessageVerifier+ documentation for more information.
|
||||
def message_verifier(salt)
|
||||
@message_verifiers[salt] ||= begin
|
||||
secret = key_generator.generate_key(salt)
|
||||
ActiveSupport::MessageVerifier.new(secret)
|
||||
end
|
||||
end
|
||||
|
||||
# Stores some of the Rails initial environment parameters which
|
||||
# will be used by middlewares and engines to configure themselves.
|
||||
def env_config
|
||||
|
|
|
@ -268,6 +268,41 @@ module ApplicationTests
|
|||
assert_equal 'some_value', verifier.verify(last_response.body)
|
||||
end
|
||||
|
||||
test "application verifier can be used in the entire application" do
|
||||
make_basic_app do |app|
|
||||
app.config.secret_key_base = 'b3c631c314c0bbca50c1b2843150fe33'
|
||||
app.config.session_store :disabled
|
||||
end
|
||||
|
||||
message = app.message_verifier('salt').generate("some_value")
|
||||
|
||||
assert_equal 'some_value', Rails.application.message_verifier('salt').verify(message)
|
||||
|
||||
secret = app.key_generator.generate_key('salt')
|
||||
verifier = ActiveSupport::MessageVerifier.new(secret)
|
||||
assert_equal 'some_value', verifier.verify(message)
|
||||
end
|
||||
|
||||
test "application verifier can build different verifiers" do
|
||||
make_basic_app do |app|
|
||||
app.config.secret_key_base = 'b3c631c314c0bbca50c1b2843150fe33'
|
||||
app.config.session_store :disabled
|
||||
end
|
||||
|
||||
default_verifier = app.message_verifier('salt')
|
||||
text_verifier = app.message_verifier('text')
|
||||
|
||||
message = text_verifier.generate('some_value')
|
||||
|
||||
assert_equal 'some_value', text_verifier.verify(message)
|
||||
assert_raises ActiveSupport::MessageVerifier::InvalidSignature do
|
||||
default_verifier.verify(message)
|
||||
end
|
||||
|
||||
assert_equal default_verifier.object_id, app.message_verifier('salt').object_id
|
||||
assert_not_equal default_verifier.object_id, text_verifier.object_id
|
||||
end
|
||||
|
||||
test "protect from forgery is the default in a new app" do
|
||||
make_basic_app
|
||||
|
||||
|
|
Loading…
Reference in a new issue