Make possibile to get different message verifiers

3 files changed, 37 insertions, 10 deletions

diff --git a/railties/CHANGELOG.md b/railties/CHANGELOG.md
index dc753dbeac..85db9f62ed 100644
--- a/railties/CHANGELOG.md
+++ b/railties/CHANGELOG.md
@@ -1,4 +1,4 @@
-*   Add `Application#message_verifier` method to return a application's message verifier.
+*   Add `Application#message_verifier` method to return a message verifier.
 
     This verifier can be used to generate and verify signed messages in the application.
 
@@ -6,6 +6,14 @@
         Rails.application.message_verifier.verify(message)
         # => 'my sensible data'
 
+    It is recommended to not use the same verifier to different things, so you can get different
+    verifiers passing the name argument.
+
+        message = Rails.application.message_verifier('cookies').generate('my sensible cookie data')
+
+    By default all the verifiers will share the same salt, so messages generates by one can be
+    verifier by another one.
+
     See the `ActiveSupport::MessageVerifier` documentation to more information.
 
     *Rafael Mendonça França*
diff --git a/railties/lib/rails/application.rb b/railties/lib/rails/application.rb
index 44d9f67d51..97f3fa8ef3 100644
--- a/railties/lib/rails/application.rb
+++ b/railties/lib/rails/application.rb
@@ -108,12 +108,13 @@ module Rails
 
     def initialize(initial_variable_values = {}, &block)
       super()
-      @initialized      = false
-      @reloaders        = []
-      @routes_reloader  = nil
-      @app_env_config   = nil
-      @ordered_railties = nil
-      @railties         = nil
+      @initialized       = false
+      @reloaders         = []
+      @routes_reloader   = nil
+      @app_env_config    = nil
+      @ordered_railties  = nil
+      @railties          = nil
+      @message_verifiers = {}
 
       add_lib_to_load_path!
       ActiveSupport.run_load_hooks(:before_configuration, self)
@@ -159,17 +160,25 @@ module Rails
       end
     end
 
-    # Return the application's message verifier.
+    # Return a message verifier object.
     #
     # This verify can be used to generate and verify signed messages in the application.
     #
+    # By default all the verifiers will share the same salt.
+    #
+    # ==== Parameters
+    #
+    # * +verifier_name+ - the name of verifier you want to get.
+    #
+    # ==== Examples
+    #
     #     message = Rails.application.message_verifier.generate('my sensible data')
     #     Rails.application.message_verifier.verify(message)
     #     # => 'my sensible data'
     #
     # See the +ActiveSupport::MessageVerifier+ documentation to more information.
-    def message_verifier
-      @message_verifier ||= begin
+    def message_verifier(verifier_name = 'default')
+      @message_verifiers[verifier_name] ||= begin
         if config.respond_to?(:message_verifier_salt)
           salt = config.message_verifier_salt
         end
diff --git a/railties/test/application/configuration_test.rb b/railties/test/application/configuration_test.rb
index 133055218a..8ef584b5ee 100644
--- a/railties/test/application/configuration_test.rb
+++ b/railties/test/application/configuration_test.rb
@@ -309,6 +309,16 @@ module ApplicationTests
       assert_equal 'some_value', verifier.verify(last_response.body)
     end
 
+    test "application verifier can build different verifiers" do
+      make_basic_app do |app|
+        app.config.secret_key_base = 'b3c631c314c0bbca50c1b2843150fe33'
+        app.config.session_store :disabled
+      end
+
+      assert_equal Rails.application.message_verifier.object_id, Rails.application.message_verifier.object_id
+      assert_not_equal Rails.application.message_verifier.object_id, Rails.application.message_verifier('text').object_id
+    end
+
     test "protect from forgery is the default in a new app" do
       make_basic_app