Add config option for cookies digest

You can now configure custom digest for cookies in the same way as `serializer`: config.action_dispatch.cookies_digest = 'SHA256'
author: Łukasz Strzałkowski <lukasz.strzalkowski@gmail.com> 2014-08-12 21:57:51 +0200
committer: Łukasz Strzałkowski <lukasz.strzalkowski@gmail.com> 2014-08-12 21:57:51 +0200
commit: 29be3f5d8386fc9a8a67844fa9b7d6860574e715 (patch)
tree: ad7d10df5e8f0507bf8cd9462b59d60edd3a95e6 /actionpack/lib/action_dispatch/middleware/cookies.rb
parent: c69e21d36b3a14f6894fb768ffeb165bd8d7c533 (diff)
download: rails-29be3f5d8386fc9a8a67844fa9b7d6860574e715.tar.gz
rails-29be3f5d8386fc9a8a67844fa9b7d6860574e715.tar.bz2
rails-29be3f5d8386fc9a8a67844fa9b7d6860574e715.zip
1 files changed, 9 insertions, 3 deletions
diff --git a/actionpack/lib/action_dispatch/middleware/cookies.rb b/actionpack/lib/action_dispatch/middleware/cookies.rb
index ac9e5effe2..0f088c5539 100644
--- a/actionpack/lib/action_dispatch/middleware/cookies.rb
+++ b/actionpack/lib/action_dispatch/middleware/cookies.rb
@@ -90,6 +90,7 @@ module ActionDispatch
     SECRET_TOKEN = "action_dispatch.secret_token".freeze
     SECRET_KEY_BASE = "action_dispatch.secret_key_base".freeze
     COOKIES_SERIALIZER = "action_dispatch.cookies_serializer".freeze
+    COOKIES_DIGEST = "action_dispatch.cookies_digest".freeze
 
     # Cookies can typically store 4096 bytes.
     MAX_COOKIE_SIZE = 4096
@@ -212,7 +213,8 @@ module ActionDispatch
           secret_token: env[SECRET_TOKEN],
           secret_key_base: env[SECRET_KEY_BASE],
           upgrade_legacy_signed_cookies: env[SECRET_TOKEN].present? && env[SECRET_KEY_BASE].present?,
-          serializer: env[COOKIES_SERIALIZER]
+          serializer: env[COOKIES_SERIALIZER],
+          digest: env[COOKIES_DIGEST]
         }
       end
 
@@ -441,6 +443,10 @@ module ActionDispatch
             serializer
           end
         end
+
+        def digest
+          @options[:digest] || 'SHA1'
+        end
     end
 
     class SignedCookieJar #:nodoc:
@@ -451,7 +457,7 @@ module ActionDispatch
         @parent_jar = parent_jar
         @options = options
         secret = key_generator.generate_key(@options[:signed_cookie_salt])
-        @verifier = ActiveSupport::MessageVerifier.new(secret, serializer: NullSerializer)
+        @verifier = ActiveSupport::MessageVerifier.new(secret, digest: digest, serializer: NullSerializer)
       end
 
       def [](name)
@@ -508,7 +514,7 @@ module ActionDispatch
         @options = options
         secret = key_generator.generate_key(@options[:encrypted_cookie_salt])
         sign_secret = key_generator.generate_key(@options[:encrypted_signed_cookie_salt])
-        @encryptor = ActiveSupport::MessageEncryptor.new(secret, sign_secret, serializer: NullSerializer)
+        @encryptor = ActiveSupport::MessageEncryptor.new(secret, sign_secret, digest: digest, serializer: NullSerializer)
       end
 
       def [](name)
author	Łukasz Strzałkowski <lukasz.strzalkowski@gmail.com>	2014-08-12 21:57:51 +0200
committer	Łukasz Strzałkowski <lukasz.strzalkowski@gmail.com>	2014-08-12 21:57:51 +0200
commit	29be3f5d8386fc9a8a67844fa9b7d6860574e715 (patch)
tree	ad7d10df5e8f0507bf8cd9462b59d60edd3a95e6 /actionpack/lib/action_dispatch/middleware/cookies.rb
parent	c69e21d36b3a14f6894fb768ffeb165bd8d7c533 (diff)
download	rails-29be3f5d8386fc9a8a67844fa9b7d6860574e715.tar.gz rails-29be3f5d8386fc9a8a67844fa9b7d6860574e715.tar.bz2 rails-29be3f5d8386fc9a8a67844fa9b7d6860574e715.zip