aboutsummaryrefslogtreecommitdiffstats
path: root/activesupport
diff options
context:
space:
mode:
authorVipul A M <vipulnsward@gmail.com>2013-12-08 00:26:09 +0530
committerVipul A M <vipulnsward@gmail.com>2013-12-12 22:15:42 +0530
commit1f80e8d6856837dd78a4af756e1b26cf06b17fc2 (patch)
treeb069d53715c8950ab9ff965f099ea2682136726c /activesupport
parent76dae289edf33d4b3fc937ecd9d2c77b294d8074 (diff)
downloadrails-1f80e8d6856837dd78a4af756e1b26cf06b17fc2.tar.gz
rails-1f80e8d6856837dd78a4af756e1b26cf06b17fc2.tar.bz2
rails-1f80e8d6856837dd78a4af756e1b26cf06b17fc2.zip
PR #10635 introduces rescue from ArgumentError thrown by `Base64.strict_decode64`.
This broke natural order of things for `StaleSessionCheck#stale_session_check!` which tried auto_loading a class based on `ArgumentError` message , and later retrying the `Marshal#load` of class, successfully allowing auto_loading. This PR tries to fix this behavior by forwarding `ArgumentError` 's not raised by `Base64.strict_decode64` , as is, ahead to `StaleSessionCheck#stale_session_check!`
Diffstat (limited to 'activesupport')
-rw-r--r--activesupport/lib/active_support/message_verifier.rb5
-rw-r--r--activesupport/test/message_verifier_test.rb14
2 files changed, 17 insertions, 2 deletions
diff --git a/activesupport/lib/active_support/message_verifier.rb b/activesupport/lib/active_support/message_verifier.rb
index a35d5980fe..8e6e1dcfeb 100644
--- a/activesupport/lib/active_support/message_verifier.rb
+++ b/activesupport/lib/active_support/message_verifier.rb
@@ -39,8 +39,9 @@ module ActiveSupport
if data.present? && digest.present? && secure_compare(digest, generate_digest(data))
begin
@serializer.load(::Base64.strict_decode64(data))
- rescue ArgumentError
- raise InvalidSignature
+ rescue ArgumentError => argument_error
+ raise InvalidSignature if argument_error.message =~ %r{invalid base64}
+ raise
end
else
raise InvalidSignature
diff --git a/activesupport/test/message_verifier_test.rb b/activesupport/test/message_verifier_test.rb
index f208814468..a5748d28ba 100644
--- a/activesupport/test/message_verifier_test.rb
+++ b/activesupport/test/message_verifier_test.rb
@@ -55,6 +55,20 @@ class MessageVerifierTest < ActiveSupport::TestCase
ActiveSupport.use_standard_json_time_format = prev
end
+ def test_raise_error_when_argument_class_is_not_loaded
+ # To generate the valid message below:
+ #
+ # AutoloadClass = Struct.new(:foo)
+ # valid_message = @verifier.generate(foo: AutoloadClass.new('foo'))
+ #
+ valid_message = "BAh7BjoIZm9vbzonTWVzc2FnZVZlcmlmaWVyVGVzdDo6QXV0b2xvYWRDbGFzcwY6CUBmb29JIghmb28GOgZFVA==--f3ef39a5241c365083770566dc7a9eb5d6ace914"
+ exception = assert_raise(ArgumentError, NameError) do
+ @verifier.verify(valid_message)
+ end
+ assert_includes ["uninitialized constant MessageVerifierTest::AutoloadClass",
+ "undefined class/module MessageVerifierTest::AutoloadClass"], exception.message
+ end
+
def assert_not_verified(message)
assert_raise(ActiveSupport::MessageVerifier::InvalidSignature) do
@verifier.verify(message)