aboutsummaryrefslogtreecommitdiffstats
path: root/activesupport
diff options
context:
space:
mode:
authorWillem van Bergen <willem@vanbergen.org>2011-09-15 08:28:53 -0400
committerWillem van Bergen <willem@vanbergen.org>2011-09-15 08:28:53 -0400
commitbffaa888ac4a1ee60a9f93650b9184a9402eff09 (patch)
tree7ac10c00a49fb93ce5ae4e317fc62e6d9c935439 /activesupport
parentda7f0426ec7b0aa053489633c2a8a3da6423654f (diff)
downloadrails-bffaa888ac4a1ee60a9f93650b9184a9402eff09.tar.gz
rails-bffaa888ac4a1ee60a9f93650b9184a9402eff09.tar.bz2
rails-bffaa888ac4a1ee60a9f93650b9184a9402eff09.zip
Custom serializers and deserializers in MessageVerifier and MessageEncryptor.
By default, these classes use Marshal for serializing and deserializing messages. Unfortunately, the Marshal format is closely associated with Ruby internals and even changes between different interpreters. This makes the resulting message very hard to impossible to unserialize messages generated by these classes in other environments like node.js. This patch solves this by allowing you to set your own custom serializer and deserializer lambda functions. By default, it still uses Marshal to be backwards compatible.
Diffstat (limited to 'activesupport')
-rw-r--r--activesupport/lib/active_support/message_encryptor.rb8
-rw-r--r--activesupport/lib/active_support/message_verifier.rb8
-rw-r--r--activesupport/test/message_encryptor_test.rb10
-rw-r--r--activesupport/test/message_verifier_test.rb9
4 files changed, 30 insertions, 5 deletions
diff --git a/activesupport/lib/active_support/message_encryptor.rb b/activesupport/lib/active_support/message_encryptor.rb
index 4f7cd12d48..05d6790075 100644
--- a/activesupport/lib/active_support/message_encryptor.rb
+++ b/activesupport/lib/active_support/message_encryptor.rb
@@ -13,9 +13,13 @@ module ActiveSupport
class InvalidMessage < StandardError; end
OpenSSLCipherError = OpenSSL::Cipher.const_defined?(:CipherError) ? OpenSSL::Cipher::CipherError : OpenSSL::CipherError
+ attr_accessor :serializer, :deserializer
+
def initialize(secret, cipher = 'aes-256-cbc')
@secret = secret
@cipher = cipher
+ @serializer = lambda { |value| Marshal.dump(value) }
+ @deserializer = lambda { |value| Marshal.load(value) }
end
def encrypt(value)
@@ -27,7 +31,7 @@ module ActiveSupport
cipher.key = @secret
cipher.iv = iv
- encrypted_data = cipher.update(Marshal.dump(value))
+ encrypted_data = cipher.update(serializer.call(value))
encrypted_data << cipher.final
[encrypted_data, iv].map {|v| ActiveSupport::Base64.encode64s(v)}.join("--")
@@ -44,7 +48,7 @@ module ActiveSupport
decrypted_data = cipher.update(encrypted_data)
decrypted_data << cipher.final
- Marshal.load(decrypted_data)
+ deserializer.call(decrypted_data)
rescue OpenSSLCipherError, TypeError
raise InvalidMessage
end
diff --git a/activesupport/lib/active_support/message_verifier.rb b/activesupport/lib/active_support/message_verifier.rb
index 8f3946325a..e38e242cfe 100644
--- a/activesupport/lib/active_support/message_verifier.rb
+++ b/activesupport/lib/active_support/message_verifier.rb
@@ -21,9 +21,13 @@ module ActiveSupport
class MessageVerifier
class InvalidSignature < StandardError; end
+ attr_accessor :serializer, :deserializer
+
def initialize(secret, digest = 'SHA1')
@secret = secret
@digest = digest
+ @serializer = lambda { |value| Marshal.dump(value) }
+ @deserializer = lambda { |value| Marshal.load(value) }
end
def verify(signed_message)
@@ -31,14 +35,14 @@ module ActiveSupport
data, digest = signed_message.split("--")
if data.present? && digest.present? && secure_compare(digest, generate_digest(data))
- Marshal.load(ActiveSupport::Base64.decode64(data))
+ deserializer.call(ActiveSupport::Base64.decode64(data))
else
raise InvalidSignature
end
end
def generate(value)
- data = ActiveSupport::Base64.encode64s(Marshal.dump(value))
+ data = ActiveSupport::Base64.encode64s(serializer.call(value))
"#{data}--#{generate_digest(data)}"
end
diff --git a/activesupport/test/message_encryptor_test.rb b/activesupport/test/message_encryptor_test.rb
index e45d5ecd59..bd11b76e60 100644
--- a/activesupport/test/message_encryptor_test.rb
+++ b/activesupport/test/message_encryptor_test.rb
@@ -8,6 +8,7 @@ rescue LoadError, NameError
else
require 'active_support/time'
+require 'active_support/json'
class MessageEncryptorTest < Test::Unit::TestCase
def setup
@@ -38,7 +39,14 @@ class MessageEncryptorTest < Test::Unit::TestCase
message = @encryptor.encrypt_and_sign(@data)
assert_equal @data, @encryptor.decrypt_and_verify(message)
end
-
+
+ def test_alternative_serialization_method
+ @encryptor.serializer = lambda { |value| ActiveSupport::JSON.encode(value) }
+ @encryptor.deserializer = lambda { |value| ActiveSupport::JSON.decode(value) }
+
+ message = @encryptor.encrypt_and_sign({ :foo => 123, 'bar' => Time.local(2010) })
+ assert_equal @encryptor.decrypt_and_verify(message), { "foo" => 123, "bar" => "2010-01-01T00:00:00-05:00" }
+ end
private
def assert_not_decrypted(value)
diff --git a/activesupport/test/message_verifier_test.rb b/activesupport/test/message_verifier_test.rb
index 4821311244..83f34ebc33 100644
--- a/activesupport/test/message_verifier_test.rb
+++ b/activesupport/test/message_verifier_test.rb
@@ -8,6 +8,7 @@ rescue LoadError, NameError
else
require 'active_support/time'
+require 'active_support/json'
class MessageVerifierTest < Test::Unit::TestCase
def setup
@@ -31,6 +32,14 @@ class MessageVerifierTest < Test::Unit::TestCase
assert_not_verified("#{data}--#{hash.reverse}")
assert_not_verified("purejunk")
end
+
+ def test_alternative_serialization_method
+ @verifier.serializer = lambda { |value| ActiveSupport::JSON.encode(value) }
+ @verifier.deserializer = lambda { |value| ActiveSupport::JSON.decode(value) }
+
+ message = @verifier.generate({ :foo => 123, 'bar' => Time.local(2010) })
+ assert_equal @verifier.verify(message), { "foo" => 123, "bar" => "2010-01-01T00:00:00-05:00" }
+ end
def assert_not_verified(message)
assert_raise(ActiveSupport::MessageVerifier::InvalidSignature) do