diff options
| author | Rafael Mendonça França <rafaelmfranca@gmail.com> | 2013-11-19 22:26:52 -0200 |
|---|---|---|
| committer | Rafael Mendonça França <rafaelmfranca@gmail.com> | 2013-12-04 22:55:47 -0200 |
| commit | 233001749cd00e147f93c17c17e49e5f6094721e (patch) | |
| tree | 887eaa813f3f35b63c10acf62b7cae8d89d576c8 /railties | |
| parent | c9223dc366f17b61d0cffeff14a7e670ece9d0d4 (diff) | |
| download | rails-233001749cd00e147f93c17c17e49e5f6094721e.tar.gz rails-233001749cd00e147f93c17c17e49e5f6094721e.tar.bz2 rails-233001749cd00e147f93c17c17e49e5f6094721e.zip | |
Add application verifier
It is an application global verifier that can be used to generate and
verify signed messages.
See the documentation of ActiveSupport::MessageVerifier for more
information.
Diffstat (limited to 'railties')
| -rw-r--r-- | railties/lib/rails/application.rb | 12 | ||||
| -rw-r--r-- | railties/test/application/configuration_test.rb | 41 |
2 files changed, 53 insertions, 0 deletions
diff --git a/railties/lib/rails/application.rb b/railties/lib/rails/application.rb index d1e88cfafd..ccd97af655 100644 --- a/railties/lib/rails/application.rb +++ b/railties/lib/rails/application.rb @@ -158,6 +158,18 @@ module Rails end end + def verifier + @verifier ||= begin + if config.respond_to?(:message_verifier_salt) + salt = config.message_verifier_salt + end + + salt = salt || 'application verifier' + secret = key_generator.generate_key(salt) + ActiveSupport::MessageVerifier.new(secret) + end + end + # Stores some of the Rails initial environment parameters which # will be used by middlewares and engines to configure themselves. def env_config diff --git a/railties/test/application/configuration_test.rb b/railties/test/application/configuration_test.rb index 03a735b1c1..e532190252 100644 --- a/railties/test/application/configuration_test.rb +++ b/railties/test/application/configuration_test.rb @@ -268,6 +268,47 @@ module ApplicationTests assert_equal 'some_value', verifier.verify(last_response.body) end + test "application verifier can be used in the entire application" do + make_basic_app do |app| + app.config.secret_key_base = 'b3c631c314c0bbca50c1b2843150fe33' + app.config.session_store :disabled + end + + class ::OmgController < ActionController::Base + def index + render text: Rails.application.verifier.generate("some_value") + end + end + + get "/" + + assert_equal 'some_value', Rails.application.verifier.verify(last_response.body) + + secret = app.key_generator.generate_key('application verifier') + verifier = ActiveSupport::MessageVerifier.new(secret) + assert_equal 'some_value', verifier.verify(last_response.body) + end + + test "application verifier use the configure salt" do + make_basic_app do |app| + app.config.secret_key_base = 'b3c631c314c0bbca50c1b2843150fe33' + app.config.session_store :disabled + app.config.message_verifier_salt = 'another salt' + end + + class ::OmgController < ActionController::Base + def index + render text: Rails.application.verifier.generate("some_value") + end + end + + get "/" + + secret = app.key_generator.generate_key('another salt') + verifier = ActiveSupport::MessageVerifier.new(secret) + assert_equal 'some_value', verifier.verify(last_response.body) + end + test "protect from forgery is the default in a new app" do make_basic_app |