diff options
author | José Valim <jose.valim@gmail.com> | 2011-09-15 10:50:19 -0700 |
---|---|---|
committer | José Valim <jose.valim@gmail.com> | 2011-09-15 10:50:19 -0700 |
commit | 28300f4ea86642eba5d60f5a64b9ea221f794031 (patch) | |
tree | 5d12c8e7fb9e3c7037a2ebe873bf46882ba1a3db /activesupport/lib/active_support/message_verifier.rb | |
parent | 06c3ca8173add65c4eeaa1942195348e6ebb0574 (diff) | |
parent | 2d30d4cb888e2da7c1f0a8828b467d2e21c90cfa (diff) | |
download | rails-28300f4ea86642eba5d60f5a64b9ea221f794031.tar.gz rails-28300f4ea86642eba5d60f5a64b9ea221f794031.tar.bz2 rails-28300f4ea86642eba5d60f5a64b9ea221f794031.zip |
Merge pull request #3035 from wvanbergen/master
Make API for custom message serializers nicer.
Diffstat (limited to 'activesupport/lib/active_support/message_verifier.rb')
-rw-r--r-- | activesupport/lib/active_support/message_verifier.rb | 16 |
1 files changed, 10 insertions, 6 deletions
diff --git a/activesupport/lib/active_support/message_verifier.rb b/activesupport/lib/active_support/message_verifier.rb index e38e242cfe..0181070479 100644 --- a/activesupport/lib/active_support/message_verifier.rb +++ b/activesupport/lib/active_support/message_verifier.rb @@ -18,16 +18,20 @@ module ActiveSupport # self.current_user = User.find(id) # end # + # By default it uses Marshal to serialize the message. If you want to use another + # serialization method, you can set the serializer attribute to something that responds + # to dump and load, e.g.: + # + # @verifier.serializer = YAML class MessageVerifier class InvalidSignature < StandardError; end - attr_accessor :serializer, :deserializer + attr_accessor :serializer - def initialize(secret, digest = 'SHA1') + def initialize(secret, digest = 'SHA1', serializer = Marshal) @secret = secret @digest = digest - @serializer = lambda { |value| Marshal.dump(value) } - @deserializer = lambda { |value| Marshal.load(value) } + @serializer = serializer end def verify(signed_message) @@ -35,14 +39,14 @@ module ActiveSupport data, digest = signed_message.split("--") if data.present? && digest.present? && secure_compare(digest, generate_digest(data)) - deserializer.call(ActiveSupport::Base64.decode64(data)) + serializer.load(ActiveSupport::Base64.decode64(data)) else raise InvalidSignature end end def generate(value) - data = ActiveSupport::Base64.encode64s(serializer.call(value)) + data = ActiveSupport::Base64.encode64s(serializer.dump(value)) "#{data}--#{generate_digest(data)}" end |