diff options
Diffstat (limited to 'activesupport/lib/active_support/key_generator.rb')
-rw-r--r-- | activesupport/lib/active_support/key_generator.rb | 48 |
1 files changed, 48 insertions, 0 deletions
diff --git a/activesupport/lib/active_support/key_generator.rb b/activesupport/lib/active_support/key_generator.rb index 04d170f801..2c8fccec7d 100644 --- a/activesupport/lib/active_support/key_generator.rb +++ b/activesupport/lib/active_support/key_generator.rb @@ -1,3 +1,4 @@ +require 'mutex_m' require 'openssl' module ActiveSupport @@ -20,4 +21,51 @@ module ActiveSupport OpenSSL::PKCS5.pbkdf2_hmac_sha1(@secret, salt, @iterations, key_size) end end + + class CachingKeyGenerator + def initialize(key_generator) + @key_generator = key_generator + @cache_keys = {}.extend(Mutex_m) + end + + def generate_key(salt, key_size=64) + @cache_keys.synchronize do + @cache_keys["#{salt}#{key_size}"] ||= @key_generator.generate_key(salt, key_size) + end + end + end + + class DummyKeyGenerator + SECRET_MIN_LENGTH = 30 # Characters + + def initialize(secret) + ensure_secret_secure(secret) + @secret = secret + end + + def generate_key(salt) + @secret + end + + private + + # To prevent users from using something insecure like "Password" we make sure that the + # secret they've provided is at least 30 characters in length. + def ensure_secret_secure(secret) + if secret.blank? + raise ArgumentError, "A secret is required to generate an " + + "integrity hash for cookie session data. Use " + + "config.secret_key_base = \"some secret phrase of at " + + "least #{SECRET_MIN_LENGTH} characters\"" + + "in config/initializers/secret_token.rb" + end + + if secret.length < SECRET_MIN_LENGTH + raise ArgumentError, "Secret should be something secure, " + + "like \"#{SecureRandom.hex(16)}\". The value you " + + "provided, \"#{secret}\", is shorter than the minimum length " + + "of #{SECRET_MIN_LENGTH} characters" + end + end + end end |