No need to configure salts

2022-11-09 12:12:34 -05:00 · 2013-11-22 00:02:10 -02:00 · 2013-11-22 00:02:10 -02:00 · f98bd42854
commit f98bd42854
parent 2be4916e8e
3 changed files with 7 additions and 34 deletions
--- a/railties/CHANGELOG.md
+++ b/railties/CHANGELOG.md
@ -6,15 +6,12 @@
        Rails.application.message_verifier.verify(message)
        # => 'my sensible data'

-    It is recommended to not use the same verifier to different things, so you can get different
+    It is recommended not not use the same verifier for different things, so you can get different
    verifiers passing the name argument.

        message = Rails.application.message_verifier('cookies').generate('my sensible cookie data')

-    By default all the verifiers will share the same salt, so messages generates by one can be
-    verifier by another one.
-
-    See the `ActiveSupport::MessageVerifier` documentation to more information.
+    See the `ActiveSupport::MessageVerifier` documentation for more information.

    *Rafael Mendonça França*

--- a/railties/lib/rails/application.rb
+++ b/railties/lib/rails/application.rb
@ -164,7 +164,8 @@ module Rails
    #
    # This verify can be used to generate and verify signed messages in the application.
    #
-    # By default all the verifiers will share the same salt.
+    # It is recommended not to use the same verifier for different things, so you can get different
+    # verifiers passing the +verifier_name+ argument.
    #
    # ==== Parameters
    #
@ -176,15 +177,10 @@ module Rails
    #     Rails.application.message_verifier.verify(message)
    #     # => 'my sensible data'
    #
-    # See the +ActiveSupport::MessageVerifier+ documentation to more information.
+    # See the +ActiveSupport::MessageVerifier+ documentation for more information.
    def message_verifier(verifier_name = 'default')
      @message_verifiers[verifier_name] ||= begin
-        if config.respond_to?(:message_verifier_salt)
-          salt = config.message_verifier_salt
-        end
-
-        salt = salt || 'application verifier'
-        secret = key_generator.generate_key(salt)
+        secret = key_generator.generate_key(verifier_name)
        ActiveSupport::MessageVerifier.new(secret)
      end
    end
--- a/railties/test/application/configuration_test.rb
+++ b/railties/test/application/configuration_test.rb
@ -284,27 +284,7 @@ module ApplicationTests

      assert_equal 'some_value', Rails.application.message_verifier.verify(last_response.body)

-      secret = app.key_generator.generate_key('application verifier')
-      verifier = ActiveSupport::MessageVerifier.new(secret)
-      assert_equal 'some_value', verifier.verify(last_response.body)
-    end
-
-    test "application verifier use the configure salt" do
-      make_basic_app do |app|
-        app.config.secret_key_base = 'b3c631c314c0bbca50c1b2843150fe33'
-        app.config.session_store :disabled
-        app.config.message_verifier_salt = 'another salt'
-      end
-
-      class ::OmgController < ActionController::Base
-        def index
-          render text: Rails.application.message_verifier.generate("some_value")
-        end
-      end
-
-      get "/"
-
-      secret = app.key_generator.generate_key('another salt')
+      secret = app.key_generator.generate_key('default')
      verifier = ActiveSupport::MessageVerifier.new(secret)
      assert_equal 'some_value', verifier.verify(last_response.body)
    end