1
0
Fork 0
mirror of https://github.com/rails/rails.git synced 2022-11-09 12:12:34 -05:00

No need to configure salts

This commit is contained in:
Rafael Mendonça França 2013-11-22 00:02:10 -02:00
parent 2be4916e8e
commit f98bd42854
3 changed files with 7 additions and 34 deletions

View file

@ -6,15 +6,12 @@
Rails.application.message_verifier.verify(message)
# => 'my sensible data'
It is recommended to not use the same verifier to different things, so you can get different
It is recommended not not use the same verifier for different things, so you can get different
verifiers passing the name argument.
message = Rails.application.message_verifier('cookies').generate('my sensible cookie data')
By default all the verifiers will share the same salt, so messages generates by one can be
verifier by another one.
See the `ActiveSupport::MessageVerifier` documentation to more information.
See the `ActiveSupport::MessageVerifier` documentation for more information.
*Rafael Mendonça França*

View file

@ -164,7 +164,8 @@ module Rails
#
# This verify can be used to generate and verify signed messages in the application.
#
# By default all the verifiers will share the same salt.
# It is recommended not to use the same verifier for different things, so you can get different
# verifiers passing the +verifier_name+ argument.
#
# ==== Parameters
#
@ -176,15 +177,10 @@ module Rails
# Rails.application.message_verifier.verify(message)
# # => 'my sensible data'
#
# See the +ActiveSupport::MessageVerifier+ documentation to more information.
# See the +ActiveSupport::MessageVerifier+ documentation for more information.
def message_verifier(verifier_name = 'default')
@message_verifiers[verifier_name] ||= begin
if config.respond_to?(:message_verifier_salt)
salt = config.message_verifier_salt
end
salt = salt || 'application verifier'
secret = key_generator.generate_key(salt)
secret = key_generator.generate_key(verifier_name)
ActiveSupport::MessageVerifier.new(secret)
end
end

View file

@ -284,27 +284,7 @@ module ApplicationTests
assert_equal 'some_value', Rails.application.message_verifier.verify(last_response.body)
secret = app.key_generator.generate_key('application verifier')
verifier = ActiveSupport::MessageVerifier.new(secret)
assert_equal 'some_value', verifier.verify(last_response.body)
end
test "application verifier use the configure salt" do
make_basic_app do |app|
app.config.secret_key_base = 'b3c631c314c0bbca50c1b2843150fe33'
app.config.session_store :disabled
app.config.message_verifier_salt = 'another salt'
end
class ::OmgController < ActionController::Base
def index
render text: Rails.application.message_verifier.generate("some_value")
end
end
get "/"
secret = app.key_generator.generate_key('another salt')
secret = app.key_generator.generate_key('default')
verifier = ActiveSupport::MessageVerifier.new(secret)
assert_equal 'some_value', verifier.verify(last_response.body)
end