1 files changed, 48 insertions, 0 deletions

diff --git a/activesupport/lib/active_support/key_generator.rb b/activesupport/lib/active_support/key_generator.rb
index 04d170f801..2c8fccec7d 100644
--- a/activesupport/lib/active_support/key_generator.rb
+++ b/activesupport/lib/active_support/key_generator.rb
@@ -1,3 +1,4 @@
+require 'mutex_m'
 require 'openssl'
 
 module ActiveSupport
@@ -20,4 +21,51 @@ module ActiveSupport
       OpenSSL::PKCS5.pbkdf2_hmac_sha1(@secret, salt, @iterations, key_size)
     end
   end
+
+  class CachingKeyGenerator
+    def initialize(key_generator)
+      @key_generator = key_generator
+      @cache_keys = {}.extend(Mutex_m)
+    end
+
+    def generate_key(salt, key_size=64)
+      @cache_keys.synchronize do
+        @cache_keys["#{salt}#{key_size}"] ||= @key_generator.generate_key(salt, key_size)
+      end
+    end
+  end
+
+  class DummyKeyGenerator
+    SECRET_MIN_LENGTH = 30 # Characters
+
+    def initialize(secret)
+      ensure_secret_secure(secret)
+      @secret = secret
+    end
+
+    def generate_key(salt)
+      @secret
+    end
+
+    private
+
+    # To prevent users from using something insecure like "Password" we make sure that the
+    # secret they've provided is at least 30 characters in length.
+    def ensure_secret_secure(secret)
+      if secret.blank?
+        raise ArgumentError, "A secret is required to generate an " +
+          "integrity hash for cookie session data. Use " +
+          "config.secret_key_base = \"some secret phrase of at " +
+          "least #{SECRET_MIN_LENGTH} characters\"" +
+          "in config/initializers/secret_token.rb"
+      end
+
+      if secret.length < SECRET_MIN_LENGTH
+        raise ArgumentError, "Secret should be something secure, " +
+          "like \"#{SecureRandom.hex(16)}\". The value you " +
+          "provided, \"#{secret}\", is shorter than the minimum length " +
+          "of #{SECRET_MIN_LENGTH} characters"
+      end
+    end
+  end
 end