1
0
Fork 0
mirror of https://github.com/rails/rails.git synced 2022-11-09 12:12:34 -05:00

Revert "revises the release notes about message verifiers [ci skip]"

This reverts commit 293a1a6899.
This commit is contained in:
Xavier Noria 2013-12-19 19:59:48 +01:00
parent 293a1a6899
commit d0829f46db
2 changed files with 9 additions and 12 deletions

View file

@ -1,4 +1,4 @@
Rails.application.message_verifier(:remember_me).generaterequire 'thread_safe'
require 'thread_safe'
require 'openssl'
module ActiveSupport

View file

@ -181,21 +181,18 @@ See its
[documentation](http://api.rubyonrails.org/v4.1.0/classes/ActiveRecord/Enum.html)
for a detailed write up.
### Message Verifiers
### Application Message Verifier
Message verifiers can be used to generate and verify signed messages. This can
be useful to safely transport sensitive data like remember-me tokens and
friends.
The method `Rails.application.message_verifier` returns a new message verifier
that signs messages with a key derived from secret_key_base and the given
message verifier name:
The application message verifier can be used to generate and verify signed
messages in the application. This can be useful for remember-me tokens and
friends:
```ruby
signed_token = Rails.application.message_verifier(:remember_me).generate(token)
Rails.application.message_verifier(:remember_me).verify(signed_token) # => token
signed_message = Rails.application.message_verifier('salt').generate('my sensible data')
Rails.application.message_verifier('salt').verify(signed_message)
# => 'my sensible data'
Rails.application.message_verifier(:remember_me).verify(tampered_token)
Rails.application.message_verifier('salt').verify(tampered_message)
# raises ActiveSupport::MessageVerifier::InvalidSignature
```