From d0829f46db6721015ded0955bbdf55309fff266c Mon Sep 17 00:00:00 2001 From: Xavier Noria Date: Thu, 19 Dec 2013 19:59:48 +0100 Subject: [PATCH] Revert "revises the release notes about message verifiers [ci skip]" This reverts commit 293a1a68992ba3e3e80f9f0f685e866ff79bf11a. --- .../lib/active_support/key_generator.rb | 2 +- guides/source/4_1_release_notes.md | 19 ++++++++----------- 2 files changed, 9 insertions(+), 12 deletions(-) diff --git a/activesupport/lib/active_support/key_generator.rb b/activesupport/lib/active_support/key_generator.rb index 23967f9b92..598c46bce5 100644 --- a/activesupport/lib/active_support/key_generator.rb +++ b/activesupport/lib/active_support/key_generator.rb @@ -1,4 +1,4 @@ -Rails.application.message_verifier(:remember_me).generaterequire 'thread_safe' +require 'thread_safe' require 'openssl' module ActiveSupport diff --git a/guides/source/4_1_release_notes.md b/guides/source/4_1_release_notes.md index 1ff9ae4aa8..40ab1a1d33 100644 --- a/guides/source/4_1_release_notes.md +++ b/guides/source/4_1_release_notes.md @@ -181,21 +181,18 @@ See its [documentation](http://api.rubyonrails.org/v4.1.0/classes/ActiveRecord/Enum.html) for a detailed write up. -### Message Verifiers +### Application Message Verifier -Message verifiers can be used to generate and verify signed messages. This can -be useful to safely transport sensitive data like remember-me tokens and -friends. - -The method `Rails.application.message_verifier` returns a new message verifier -that signs messages with a key derived from secret_key_base and the given -message verifier name: +The application message verifier can be used to generate and verify signed +messages in the application. This can be useful for remember-me tokens and +friends: ```ruby -signed_token = Rails.application.message_verifier(:remember_me).generate(token) -Rails.application.message_verifier(:remember_me).verify(signed_token) # => token +signed_message = Rails.application.message_verifier('salt').generate('my sensible data') +Rails.application.message_verifier('salt').verify(signed_message) +# => 'my sensible data' -Rails.application.message_verifier(:remember_me).verify(tampered_token) +Rails.application.message_verifier('salt').verify(tampered_message) # raises ActiveSupport::MessageVerifier::InvalidSignature ```