mirror of
https://github.com/rails/rails.git
synced 2022-11-09 12:12:34 -05:00
Merge pull request #16467 from strzalek/cookies-digest-config-option2
Cookies digest config option (pt. 2) Conflicts: actionpack/CHANGELOG.md actionpack/lib/action_dispatch/middleware/cookies.rb
This commit is contained in:
commit
beff925c32
5 changed files with 68 additions and 5 deletions
|
@ -1,3 +1,8 @@
|
|||
* Add `config.action_dispatch.cookies_digest` option for setting custom
|
||||
digest. The default remains the same - 'SHA1'.
|
||||
|
||||
*Łukasz Strzałkowski*
|
||||
|
||||
* Move `respond_with` (and the class-level `respond_to`) to
|
||||
the `responders` gem.
|
||||
|
||||
|
|
|
@ -90,6 +90,7 @@ module ActionDispatch
|
|||
SECRET_TOKEN = "action_dispatch.secret_token".freeze
|
||||
SECRET_KEY_BASE = "action_dispatch.secret_key_base".freeze
|
||||
COOKIES_SERIALIZER = "action_dispatch.cookies_serializer".freeze
|
||||
COOKIES_DIGEST = "action_dispatch.cookies_digest".freeze
|
||||
|
||||
# Cookies can typically store 4096 bytes.
|
||||
MAX_COOKIE_SIZE = 4096
|
||||
|
@ -216,7 +217,8 @@ module ActionDispatch
|
|||
secret_token: env[SECRET_TOKEN],
|
||||
secret_key_base: env[SECRET_KEY_BASE],
|
||||
upgrade_legacy_signed_cookies: env[SECRET_TOKEN].present? && env[SECRET_KEY_BASE].present?,
|
||||
serializer: env[COOKIES_SERIALIZER]
|
||||
serializer: env[COOKIES_SERIALIZER],
|
||||
digest: env[COOKIES_DIGEST]
|
||||
}
|
||||
end
|
||||
|
||||
|
@ -432,6 +434,10 @@ module ActionDispatch
|
|||
serializer
|
||||
end
|
||||
end
|
||||
|
||||
def digest
|
||||
@options[:digest] || 'SHA1'
|
||||
end
|
||||
end
|
||||
|
||||
class SignedCookieJar #:nodoc:
|
||||
|
@ -442,7 +448,7 @@ module ActionDispatch
|
|||
@parent_jar = parent_jar
|
||||
@options = options
|
||||
secret = key_generator.generate_key(@options[:signed_cookie_salt])
|
||||
@verifier = ActiveSupport::MessageVerifier.new(secret, serializer: ActiveSupport::MessageEncryptor::NullSerializer)
|
||||
@verifier = ActiveSupport::MessageVerifier.new(secret, digest: digest, serializer: ActiveSupport::MessageEncryptor::NullSerializer)
|
||||
end
|
||||
|
||||
def [](name)
|
||||
|
@ -499,7 +505,7 @@ module ActionDispatch
|
|||
@options = options
|
||||
secret = key_generator.generate_key(@options[:encrypted_cookie_salt])
|
||||
sign_secret = key_generator.generate_key(@options[:encrypted_signed_cookie_salt])
|
||||
@encryptor = ActiveSupport::MessageEncryptor.new(secret, sign_secret, serializer: ActiveSupport::MessageEncryptor::NullSerializer)
|
||||
@encryptor = ActiveSupport::MessageEncryptor.new(secret, sign_secret, digest: digest, serializer: ActiveSupport::MessageEncryptor::NullSerializer)
|
||||
end
|
||||
|
||||
def [](name)
|
||||
|
|
|
@ -369,6 +369,35 @@ class CookiesTest < ActionController::TestCase
|
|||
assert_equal 'Jamie', @controller.send(:cookies).permanent[:user_name]
|
||||
end
|
||||
|
||||
def test_signed_cookie_using_default_digest
|
||||
get :set_signed_cookie
|
||||
cookies = @controller.send :cookies
|
||||
assert_not_equal 45, cookies[:user_id]
|
||||
assert_equal 45, cookies.signed[:user_id]
|
||||
|
||||
key_generator = @request.env["action_dispatch.key_generator"]
|
||||
signed_cookie_salt = @request.env["action_dispatch.signed_cookie_salt"]
|
||||
secret = key_generator.generate_key(signed_cookie_salt)
|
||||
|
||||
verifier = ActiveSupport::MessageVerifier.new(secret, serializer: Marshal, digest: 'SHA1')
|
||||
assert_equal verifier.generate(45), cookies[:user_id]
|
||||
end
|
||||
|
||||
def test_signed_cookie_using_custom_digest
|
||||
@request.env["action_dispatch.cookies_digest"] = 'SHA256'
|
||||
get :set_signed_cookie
|
||||
cookies = @controller.send :cookies
|
||||
assert_not_equal 45, cookies[:user_id]
|
||||
assert_equal 45, cookies.signed[:user_id]
|
||||
|
||||
key_generator = @request.env["action_dispatch.key_generator"]
|
||||
signed_cookie_salt = @request.env["action_dispatch.signed_cookie_salt"]
|
||||
secret = key_generator.generate_key(signed_cookie_salt)
|
||||
|
||||
verifier = ActiveSupport::MessageVerifier.new(secret, serializer: Marshal, digest: 'SHA256')
|
||||
assert_equal verifier.generate(45), cookies[:user_id]
|
||||
end
|
||||
|
||||
def test_signed_cookie_using_default_serializer
|
||||
get :set_signed_cookie
|
||||
cookies = @controller.send :cookies
|
||||
|
@ -481,6 +510,27 @@ class CookiesTest < ActionController::TestCase
|
|||
assert_equal 'bar was dumped and loaded', cookies.encrypted[:foo]
|
||||
end
|
||||
|
||||
def test_encrypted_cookie_using_custom_digest
|
||||
@request.env["action_dispatch.cookies_digest"] = 'SHA256'
|
||||
get :set_encrypted_cookie
|
||||
cookies = @controller.send :cookies
|
||||
assert_not_equal 'bar', cookies[:foo]
|
||||
assert_equal 'bar', cookies.encrypted[:foo]
|
||||
|
||||
sign_secret = @request.env["action_dispatch.key_generator"].generate_key(@request.env["action_dispatch.encrypted_signed_cookie_salt"])
|
||||
|
||||
sha1_verifier = ActiveSupport::MessageVerifier.new(sign_secret, serializer: ActionDispatch::Cookies::NullSerializer, digest: 'SHA1')
|
||||
sha256_verifier = ActiveSupport::MessageVerifier.new(sign_secret, serializer: ActionDispatch::Cookies::NullSerializer, digest: 'SHA256')
|
||||
|
||||
assert_raises(ActiveSupport::MessageVerifier::InvalidSignature) do
|
||||
sha1_verifier.verify(cookies[:foo])
|
||||
end
|
||||
|
||||
assert_nothing_raised do
|
||||
sha256_verifier.verify(cookies[:foo])
|
||||
end
|
||||
end
|
||||
|
||||
def test_encrypted_cookie_using_hybrid_serializer_can_migrate_marshal_dumped_value_to_json
|
||||
@request.env["action_dispatch.cookies_serializer"] = :hybrid
|
||||
|
||||
|
|
|
@ -40,6 +40,7 @@ module ActiveSupport
|
|||
# Options:
|
||||
# * <tt>:cipher</tt> - Cipher to use. Can be any cipher returned by
|
||||
# <tt>OpenSSL::Cipher.ciphers</tt>. Default is 'aes-256-cbc'.
|
||||
# * <tt>:digest</tt> - String of digest to use for signing. Default is +SHA1+.
|
||||
# * <tt>:serializer</tt> - Object serializer to use. Default is +Marshal+.
|
||||
def initialize(secret, *signature_key_or_options)
|
||||
options = signature_key_or_options.extract_options!
|
||||
|
@ -47,7 +48,7 @@ module ActiveSupport
|
|||
@secret = secret
|
||||
@sign_secret = sign_secret
|
||||
@cipher = options[:cipher] || 'aes-256-cbc'
|
||||
@verifier = MessageVerifier.new(@sign_secret || @secret, :serializer => NullSerializer)
|
||||
@verifier = MessageVerifier.new(@sign_secret || @secret, digest: options[:digest] || 'SHA1', serializer: NullSerializer)
|
||||
@serializer = options[:serializer] || Marshal
|
||||
end
|
||||
|
||||
|
|
|
@ -256,7 +256,8 @@ module Rails
|
|||
"action_dispatch.signed_cookie_salt" => config.action_dispatch.signed_cookie_salt,
|
||||
"action_dispatch.encrypted_cookie_salt" => config.action_dispatch.encrypted_cookie_salt,
|
||||
"action_dispatch.encrypted_signed_cookie_salt" => config.action_dispatch.encrypted_signed_cookie_salt,
|
||||
"action_dispatch.cookies_serializer" => config.action_dispatch.cookies_serializer
|
||||
"action_dispatch.cookies_serializer" => config.action_dispatch.cookies_serializer,
|
||||
"action_dispatch.cookies_digest" => config.action_dispatch.cookies_digest
|
||||
})
|
||||
end
|
||||
end
|
||||
|
|
Loading…
Reference in a new issue