diff options
| author | Santiago Pastorino <santiago@wyeworks.com> | 2012-11-02 11:03:18 -0200 |
|---|---|---|
| committer | Santiago Pastorino <santiago@wyeworks.com> | 2012-11-03 14:57:54 -0200 |
| commit | c2a7956eb7fbc099ea38d21601d215ab3def27fb (patch) | |
| tree | 93bad23997aaeea95320a0b9c21216110e8d6a98 /actionpack/lib/action_dispatch/middleware/cookies.rb | |
| parent | 851e8fe897633f095a0f39a91f8bc75eee7a76aa (diff) | |
| download | rails-c2a7956eb7fbc099ea38d21601d215ab3def27fb.tar.gz rails-c2a7956eb7fbc099ea38d21601d215ab3def27fb.tar.bz2 rails-c2a7956eb7fbc099ea38d21601d215ab3def27fb.zip | |
Move ensure_secret_secure to DummyKeyGenerator
Diffstat (limited to 'actionpack/lib/action_dispatch/middleware/cookies.rb')
| -rw-r--r-- | actionpack/lib/action_dispatch/middleware/cookies.rb | 24 |
1 files changed, 0 insertions, 24 deletions
diff --git a/actionpack/lib/action_dispatch/middleware/cookies.rb b/actionpack/lib/action_dispatch/middleware/cookies.rb index daad64d041..69da24f05b 100644 --- a/actionpack/lib/action_dispatch/middleware/cookies.rb +++ b/actionpack/lib/action_dispatch/middleware/cookies.rb @@ -312,13 +312,11 @@ module ActionDispatch class SignedCookieJar < CookieJar #:nodoc: MAX_COOKIE_SIZE = 4096 # Cookies can typically store 4096 bytes. - SECRET_MIN_LENGTH = 30 # Characters def initialize(parent_jar, key_generator, options = {}) @parent_jar = parent_jar @options = options secret = key_generator.generate_key(@options[:signed_cookie_salt]) - ensure_secret_secure(secret) @verifier = ActiveSupport::MessageVerifier.new(secret) end @@ -345,27 +343,6 @@ module ActionDispatch def method_missing(method, *arguments, &block) @parent_jar.send(method, *arguments, &block) end - - protected - - # To prevent users from using something insecure like "Password" we make sure that the - # secret they've provided is at least 30 characters in length. - def ensure_secret_secure(secret) - if secret.blank? - raise ArgumentError, "A secret is required to generate an " + - "integrity hash for cookie session data. Use " + - "config.secret_token_key = \"some secret phrase of at " + - "least #{SECRET_MIN_LENGTH} characters\"" + - "in config/initializers/secret_token.rb" - end - - if secret.length < SECRET_MIN_LENGTH - raise ArgumentError, "Secret should be something secure, " + - "like \"#{SecureRandom.hex(16)}\". The value you " + - "provided, \"#{secret}\", is shorter than the minimum length " + - "of #{SECRET_MIN_LENGTH} characters" - end - end end class EncryptedCookieJar < SignedCookieJar #:nodoc: @@ -375,7 +352,6 @@ module ActionDispatch secret = key_generator.generate_key(@options[:encrypted_cookie_salt]) sign_secret = key_generator.generate_key(@options[:encrypted_signed_cookie_salt]) @encryptor = ActiveSupport::MessageEncryptor.new(secret, sign_secret) - ensure_secret_secure(secret) end def [](name) |