aboutsummaryrefslogtreecommitdiffstats
path: root/activesupport/lib/active_support/message_verifier.rb
diff options
context:
space:
mode:
Diffstat (limited to 'activesupport/lib/active_support/message_verifier.rb')
-rw-r--r--activesupport/lib/active_support/message_verifier.rb16
1 files changed, 10 insertions, 6 deletions
diff --git a/activesupport/lib/active_support/message_verifier.rb b/activesupport/lib/active_support/message_verifier.rb
index e38e242cfe..0181070479 100644
--- a/activesupport/lib/active_support/message_verifier.rb
+++ b/activesupport/lib/active_support/message_verifier.rb
@@ -18,16 +18,20 @@ module ActiveSupport
# self.current_user = User.find(id)
# end
#
+ # By default it uses Marshal to serialize the message. If you want to use another
+ # serialization method, you can set the serializer attribute to something that responds
+ # to dump and load, e.g.:
+ #
+ # @verifier.serializer = YAML
class MessageVerifier
class InvalidSignature < StandardError; end
- attr_accessor :serializer, :deserializer
+ attr_accessor :serializer
- def initialize(secret, digest = 'SHA1')
+ def initialize(secret, digest = 'SHA1', serializer = Marshal)
@secret = secret
@digest = digest
- @serializer = lambda { |value| Marshal.dump(value) }
- @deserializer = lambda { |value| Marshal.load(value) }
+ @serializer = serializer
end
def verify(signed_message)
@@ -35,14 +39,14 @@ module ActiveSupport
data, digest = signed_message.split("--")
if data.present? && digest.present? && secure_compare(digest, generate_digest(data))
- deserializer.call(ActiveSupport::Base64.decode64(data))
+ serializer.load(ActiveSupport::Base64.decode64(data))
else
raise InvalidSignature
end
end
def generate(value)
- data = ActiveSupport::Base64.encode64s(serializer.call(value))
+ data = ActiveSupport::Base64.encode64s(serializer.dump(value))
"#{data}--#{generate_digest(data)}"
end
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-10 03:49:57 +0000