diff options
| author | Lukasz Sarnacki <lukesarnacki@gmail.com> | 2014-01-10 12:57:50 +0100 |
|---|---|---|
| committer | Lukasz Sarnacki <lukesarnacki@gmail.com> | 2014-01-29 17:05:00 +0100 |
| commit | b23ffd0dac895aa3fd3afd8d9be36794941731b2 (patch) | |
| tree | a287df4bfcaff9c0838d3f4062a02fd1e5134b9f /actionpack/lib/action_dispatch/middleware/cookies.rb | |
| parent | f142527eb30626904cb1e655a1a28801f08b8acf (diff) | |
| download | rails-b23ffd0dac895aa3fd3afd8d9be36794941731b2.tar.gz rails-b23ffd0dac895aa3fd3afd8d9be36794941731b2.tar.bz2 rails-b23ffd0dac895aa3fd3afd8d9be36794941731b2.zip | |
Allow session serializer key in config.session_store
MessageEncryptor has :serializer option, where any serializer object can
be passed. This commit make it possible to set this serializer from configuration
level.
There are predefined serializers (:marshal_serializer, :json_serialzier)
and custom serializer can be passed as String, Symbol (camelized and
constantized in ActionDispatch::Session namepspace) or serializer object.
Default :json_serializer was also added to generators to provide secure
defalt.
Diffstat (limited to 'actionpack/lib/action_dispatch/middleware/cookies.rb')
| -rw-r--r-- | actionpack/lib/action_dispatch/middleware/cookies.rb | 16 |
1 files changed, 14 insertions, 2 deletions
diff --git a/actionpack/lib/action_dispatch/middleware/cookies.rb b/actionpack/lib/action_dispatch/middleware/cookies.rb index fe110d7938..f9f034952e 100644 --- a/actionpack/lib/action_dispatch/middleware/cookies.rb +++ b/actionpack/lib/action_dispatch/middleware/cookies.rb @@ -89,6 +89,7 @@ module ActionDispatch ENCRYPTED_SIGNED_COOKIE_SALT = "action_dispatch.encrypted_signed_cookie_salt".freeze SECRET_TOKEN = "action_dispatch.secret_token".freeze SECRET_KEY_BASE = "action_dispatch.secret_key_base".freeze + SESSION_SERIALIZER = "action_dispatch.session_serializer".freeze # Cookies can typically store 4096 bytes. MAX_COOKIE_SIZE = 4096 @@ -210,7 +211,8 @@ module ActionDispatch encrypted_signed_cookie_salt: env[ENCRYPTED_SIGNED_COOKIE_SALT] || '', secret_token: env[SECRET_TOKEN], secret_key_base: env[SECRET_KEY_BASE], - upgrade_legacy_signed_cookies: env[SECRET_TOKEN].present? && env[SECRET_KEY_BASE].present? + upgrade_legacy_signed_cookies: env[SECRET_TOKEN].present? && env[SECRET_KEY_BASE].present?, + session_serializer: env[SESSION_SERIALIZER] } end @@ -435,7 +437,7 @@ module ActionDispatch @options = options secret = key_generator.generate_key(@options[:encrypted_cookie_salt]) sign_secret = key_generator.generate_key(@options[:encrypted_signed_cookie_salt]) - @encryptor = ActiveSupport::MessageEncryptor.new(secret, sign_secret) + @encryptor = ActiveSupport::MessageEncryptor.new(secret, sign_secret, serializer: serializer) end def [](name) @@ -462,6 +464,16 @@ module ActionDispatch rescue ActiveSupport::MessageVerifier::InvalidSignature, ActiveSupport::MessageEncryptor::InvalidMessage nil end + + def serializer + serializer = @options[:session_serializer] || :marshal_serializer + case serializer + when Symbol, String + ActionDispatch::Session.const_get(serializer.to_s.camelize) + else + serializer + end + end end # UpgradeLegacyEncryptedCookieJar is used by ActionDispatch::Session::CookieStore |