diff options
Diffstat (limited to 'actionpack/lib/action_dispatch')
-rw-r--r-- | actionpack/lib/action_dispatch/middleware/cookies.rb | 27 |
1 files changed, 10 insertions, 17 deletions
diff --git a/actionpack/lib/action_dispatch/middleware/cookies.rb b/actionpack/lib/action_dispatch/middleware/cookies.rb index 820df8f499..3ed5f1055f 100644 --- a/actionpack/lib/action_dispatch/middleware/cookies.rb +++ b/actionpack/lib/action_dispatch/middleware/cookies.rb @@ -116,8 +116,6 @@ module ActionDispatch @host = host @secure = secure @cookies = {} - @permanent = PermanentCookieJar.new(self, @secret) - @signed = @secret && SignedCookieJar.new(self, @secret) end alias :closed? :frozen? @@ -195,7 +193,9 @@ module ActionDispatch # # cookies.permanent.signed[:remember_me] = current_user.id # # => Set-Cookie: remember_me=BAhU--848956038e692d7046deab32b7131856ab20e14e; path=/; expires=Sun, 16-Dec-2029 03:24:16 GMT - attr_reader :permanent + def permanent + @permanent ||= PermanentCookieJar.new(self, @secret) + end # Returns a jar that'll automatically generate a signed representation of cookie value and verify it when reading from # the cookie again. This is useful for creating cookies with values that the user is not supposed to change. If a signed @@ -211,8 +211,7 @@ module ActionDispatch # # cookies.signed[:discount] # => 45 def signed - SignedCookieJar.ensure_secret_provided(@secret) - @signed + @signed ||= SignedCookieJar.new(self, @secret) end def write(headers) @@ -229,9 +228,7 @@ module ActionDispatch class PermanentCookieJar < CookieJar #:nodoc: def initialize(parent_jar, secret) - @parent_jar = parent_jar - @secret = secret - @signed = @secret && SignedCookieJar.new(self, @secret) + @parent_jar, @secret = parent_jar, secret end def []=(key, options) @@ -247,8 +244,7 @@ module ActionDispatch end def signed - SignedCookieJar.ensure_secret_provided(@secret) - @signed + @signed ||= SignedCookieJar.new(self, @secret) end def method_missing(method, *arguments, &block) @@ -261,8 +257,7 @@ module ActionDispatch SECRET_MIN_LENGTH = 30 # Characters def initialize(parent_jar, secret) - self.class.ensure_secret_provided(secret) - self.class.ensure_secret_length(secret) + ensure_secret_secure(secret) @parent_jar = parent_jar @verifier = ActiveSupport::MessageVerifier.new(secret) end @@ -294,7 +289,9 @@ module ActionDispatch protected - def self.ensure_secret_provided(secret) + # To prevent users from using something insecure like "Password" we make sure that the + # secret they've provided is at least 30 characters in length. + def ensure_secret_secure(secret) if secret.blank? raise ArgumentError, "A secret is required to generate an " + "integrity hash for cookie session data. Use " + @@ -302,11 +299,7 @@ module ActionDispatch "least #{SECRET_MIN_LENGTH} characters\"" + "in config/initializers/secret_token.rb" end - end - # To prevent users from using something insecure like "Password" we make sure that the - # secret they've provided is at least 30 characters in length. - def self.ensure_secret_length(secret) if secret.length < SECRET_MIN_LENGTH raise ArgumentError, "Secret should be something secure, " + "like \"#{ActiveSupport::SecureRandom.hex(16)}\". The value you " + |