aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--app/controllers/active_storage/disk_controller.rb2
-rw-r--r--app/models/active_storage/blob.rb4
-rw-r--r--app/models/active_storage/service/disk_service.rb2
-rw-r--r--app/models/active_storage/variation.rb4
-rw-r--r--test/controllers/disk_controller_test.rb4
-rw-r--r--test/models/blob_test.rb2
6 files changed, 9 insertions, 9 deletions
diff --git a/app/controllers/active_storage/disk_controller.rb b/app/controllers/active_storage/disk_controller.rb
index 7269239216..a42b4833a7 100644
--- a/app/controllers/active_storage/disk_controller.rb
+++ b/app/controllers/active_storage/disk_controller.rb
@@ -24,7 +24,7 @@ class ActiveStorage::DiskController < ActionController::Base
end
def decode_verified_key
- ActiveStorage.verifier.verified(params[:encoded_key])
+ ActiveStorage.verifier.verified(params[:encoded_key], purpose: :blob_key)
end
def disposition_param
diff --git a/app/models/active_storage/blob.rb b/app/models/active_storage/blob.rb
index 7b45d3ad25..fdf9a2c37d 100644
--- a/app/models/active_storage/blob.rb
+++ b/app/models/active_storage/blob.rb
@@ -15,7 +15,7 @@ class ActiveStorage::Blob < ActiveRecord::Base
class << self
def find_signed(id)
- find ActiveStorage.verifier.verify(id)
+ find ActiveStorage.verifier.verify(id, purpose: :blob_id)
end
def build_after_upload(io:, filename:, content_type: nil, metadata: nil)
@@ -39,7 +39,7 @@ class ActiveStorage::Blob < ActiveRecord::Base
def signed_id
- ActiveStorage.verifier.generate(id)
+ ActiveStorage.verifier.generate(id, purpose: :blob_id)
end
def key
diff --git a/app/models/active_storage/service/disk_service.rb b/app/models/active_storage/service/disk_service.rb
index c7c45e2146..59b180d0e8 100644
--- a/app/models/active_storage/service/disk_service.rb
+++ b/app/models/active_storage/service/disk_service.rb
@@ -53,7 +53,7 @@ class ActiveStorage::Service::DiskService < ActiveStorage::Service
def url(key, expires_in:, disposition:, filename:)
instrument :url, key do |payload|
- verified_key_with_expiration = ActiveStorage.verifier.generate(key, expires_in: expires_in)
+ verified_key_with_expiration = ActiveStorage.verifier.generate(key, expires_in: expires_in, purpose: :blob_key)
generated_url =
if defined?(Rails) && defined?(Rails.application)
diff --git a/app/models/active_storage/variation.rb b/app/models/active_storage/variation.rb
index b37397fcad..45274006a2 100644
--- a/app/models/active_storage/variation.rb
+++ b/app/models/active_storage/variation.rb
@@ -6,11 +6,11 @@ class ActiveStorage::Variation
class << self
def decode(key)
- new ActiveStorage.verifier.verify(key)
+ new ActiveStorage.verifier.verify(key, purpose: :variation)
end
def encode(transformations)
- ActiveStorage.verifier.generate(transformations)
+ ActiveStorage.verifier.generate(transformations, purpose: :variation)
end
end
diff --git a/test/controllers/disk_controller_test.rb b/test/controllers/disk_controller_test.rb
index c427942c57..58c56d2d0b 100644
--- a/test/controllers/disk_controller_test.rb
+++ b/test/controllers/disk_controller_test.rb
@@ -11,13 +11,13 @@ class ActiveStorage::DiskControllerTest < ActionController::TestCase
end
test "showing blob inline" do
- get :show, params: { filename: @blob.filename, encoded_key: ActiveStorage.verifier.generate(@blob.key, expires_in: 5.minutes) }
+ get :show, params: { filename: @blob.filename, encoded_key: ActiveStorage.verifier.generate(@blob.key, expires_in: 5.minutes, purpose: :blob_key) }
assert_equal "inline; filename=\"#{@blob.filename}\"", @response.headers["Content-Disposition"]
assert_equal "text/plain", @response.headers["Content-Type"]
end
test "sending blob as attachment" do
- get :show, params: { filename: @blob.filename, encoded_key: ActiveStorage.verifier.generate(@blob.key, expires_in: 5.minutes), disposition: :attachment }
+ get :show, params: { filename: @blob.filename, encoded_key: ActiveStorage.verifier.generate(@blob.key, expires_in: 5.minutes, purpose: :blob_key), disposition: :attachment }
assert_equal "attachment; filename=\"#{@blob.filename}\"", @response.headers["Content-Disposition"]
assert_equal "text/plain", @response.headers["Content-Type"]
end
diff --git a/test/models/blob_test.rb b/test/models/blob_test.rb
index 45c8b7168f..8a3d0e8124 100644
--- a/test/models/blob_test.rb
+++ b/test/models/blob_test.rb
@@ -35,6 +35,6 @@ class ActiveStorage::BlobTest < ActiveSupport::TestCase
private
def expected_url_for(blob, disposition: :inline)
- "/rails/active_storage/disk/#{ActiveStorage.verifier.generate(blob.key, expires_in: 5.minutes)}/#{blob.filename}?disposition=#{disposition}"
+ "/rails/active_storage/disk/#{ActiveStorage.verifier.generate(blob.key, expires_in: 5.minutes, purpose: :blob_key)}/#{blob.filename}?disposition=#{disposition}"
end
end
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-06 09:00:59 +0000