aboutsummaryrefslogtreecommitdiffstats
path: root/activesupport/lib/active_support/message_verifier.rb
Commit message (Collapse)AuthorAgeFilesLines
* Fix small typo in docs Conrad Beach2019-02-151-1/+1
| | | | | [ci skip]
* Add `Style/RedundantFreeze` to remove redudant `.freeze`Yasuo Honda2018-09-291-2/+2
| | | | | | | | | | | | | | | | | | | | | Since Rails 6.0 will support Ruby 2.4.1 or higher `# frozen_string_literal: true` magic comment is enough to make string object frozen. This magic comment is enabled by `Style/FrozenStringLiteralComment` cop. * Exclude these files not to auto correct false positive `Regexp#freeze` - 'actionpack/lib/action_dispatch/journey/router/utils.rb' - 'activerecord/lib/active_record/connection_adapters/sqlite3_adapter.rb' It has been fixed by https://github.com/rubocop-hq/rubocop/pull/6333 Once the newer version of RuboCop released and available at Code Climate these exclude entries should be removed. * Replace `String#freeze` with `String#-@` manually if explicit frozen string objects are required - 'actionpack/test/controller/test_case_test.rb' - 'activemodel/test/cases/type/string_test.rb' - 'activesupport/lib/active_support/core_ext/string/strip.rb' - 'activesupport/test/core_ext/string_ext_test.rb' - 'railties/test/generators/actions_test.rb'
* Update incorrect backtick usage in RDoc to teletypeT.J. Schuck2017-11-221-3/+3
| | | [ci skip]
* [Active Support] require_relative => requireAkira Matsuda2017-10-211-4/+4
| | | | This basically reverts 8da30ad6be34339124ba4cb4e36aea260dda12bc
* [ci skip] Attempt a new explanation for rotations.Kasper Timm Hansen2017-09-241-24/+21
| | | | | | | | | | | It's become clear to me that the use case is still a bit muddy and the upgrade path is going to be tough for people to figure out. This attempts at understanding it better through documentation, but still needs follow up work. [ Michael Coyne & Kasper Timm Hansen ]
* Add key rotation message Encryptor and VerifierMichael Coyne2017-09-231-3/+33
| | | | | | Both classes now have a rotate method where new instances are added for each call. When decryption or verification fails the next rotation instance is tried.
* Perform self-serialization once metadata is involved.Kasper Timm Hansen2017-08-131-2/+3
| | | | Adds support for metadata even when using ActiveSupport::MessageEncryptor::NullSerializer.
* document metadata support added to message encryptor and message verifierAssain2017-07-241-0/+40
| | | | [ci skip]
* add metadata support to message verifierAssain2017-07-191-6/+7
|
* [Active Support] `rubocop -a --only Layout/EmptyLineAfterMagicComment`Koichi ITO2017-07-111-0/+1
|
* Use frozen-string-literal in ActiveSupportKir Shatrov2017-07-091-0/+1
|
* [Active Support] require => require_relativeAkira Matsuda2017-07-011-2/+2
|
* applies new string literal convention in activesupport/libXavier Noria2016-08-061-7/+7
| | | | | The current code base is not uniform. After some discussion, we have chosen to go with double quotes by default.
* systematic revision of =~ usage in ASXavier Noria2016-07-221-1/+1
| | | | | Where appropriate prefer the more concise Regexp#match?, String#include?, String#start_with?, and String#end_with?
* Missing documentation about hash algorithm option for MessageVerifier [ci skip]Mehmet Emin İNAÇ2016-02-181-0/+6
|
* Correct the time comparison for remember_me tokenJeffrey Warren2015-12-101-1/+1
| | | | | Corrects the time comparison to be `Time.now < time` which allows the user to be set only when the current time is less than the 2 week window given in the example.
* Freeze string literals when not mutated.schneems2015-07-191-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | I wrote a utility that helps find areas where you could optimize your program using a frozen string instead of a string literal, it's called [let_it_go](https://github.com/schneems/let_it_go). After going through the output and adding `.freeze` I was able to eliminate the creation of 1,114 string objects on EVERY request to [codetriage](codetriage.com). How does this impact execution? To look at memory: ```ruby require 'get_process_mem' mem = GetProcessMem.new GC.start GC.disable 1_114.times { " " } before = mem.mb after = mem.mb GC.enable puts "Diff: #{after - before} mb" ``` Creating 1,114 string objects results in `Diff: 0.03125 mb` of RAM allocated on every request. Or 1mb every 32 requests. To look at raw speed: ```ruby require 'benchmark/ips' number_of_objects_reduced = 1_114 Benchmark.ips do |x| x.report("freeze") { number_of_objects_reduced.times { " ".freeze } } x.report("no-freeze") { number_of_objects_reduced.times { " " } } end ``` We get the results ``` Calculating ------------------------------------- freeze 1.428k i/100ms no-freeze 609.000 i/100ms ------------------------------------------------- freeze 14.363k (± 8.5%) i/s - 71.400k no-freeze 6.084k (± 8.1%) i/s - 30.450k ``` Now we can do some maths: ```ruby ips = 6_226k # iterations / 1 second call_time_before = 1.0 / ips # seconds per iteration ips = 15_254 # iterations / 1 second call_time_after = 1.0 / ips # seconds per iteration diff = call_time_before - call_time_after number_of_objects_reduced * diff * 100 # => 0.4530373333993266 miliseconds saved per request ``` So we're shaving off 1 second of execution time for every 220 requests. Is this going to be an insane speed boost to any Rails app: nope. Should we merge it: yep. p.s. If you know of a method call that doesn't modify a string input such as [String#gsub](https://github.com/schneems/let_it_go/blob/b0e2da69f0cca87ab581022baa43291cdf48638c/lib/let_it_go/core_ext/string.rb#L37) please [give me a pull request to the appropriate file](https://github.com/schneems/let_it_go/blob/b0e2da69f0cca87ab581022baa43291cdf48638c/lib/let_it_go/core_ext/string.rb#L37), or open an issue in LetItGo so we can track and freeze more strings. Keep those strings Frozen ![](https://www.dropbox.com/s/z4dj9fdsv213r4v/let-it-go.gif?dl=1)
* Fix the message verifier encoding issueRoque Pinel2015-06-141-1/+1
| | | | | | | ```ruby verifier = ActiveSupport::MessageVerifier.new('secret') verifier.verify("\xff") # => ArgumentError: invalid byte sequence in UTF-8 ```
* [ci skip] fix typo in MessageVerifier#verify docsyuuji.yaginuma2014-12-101-1/+1
|
* Copy-edit the MessageVerifier documentation [ci skip]Rafael Mendonça França2014-12-041-7/+6
|
* Add documentation to MessageVerifierclaudiob2014-12-031-4/+50
| | | | | | | | [ci skip] Complements #17727 and closes ee73d9ff8. @lleger How do you feel about this?
* Add some FIXME notes about documentation [ci skip]Rafael Mendonça França2014-12-021-0/+4
|
* Prefer object/nil over `true`/`false`Rafael Mendonça França2014-12-021-6/+4
| | | | | | | | | | | This is the project guideline and the reasons are: * That follows standard Ruby semantics. * Allows the implementation to avoid artificial code like !! or something ? true : false * You do not need to rely on the exact type of 3rd party code. For example, if your method returns str.end_with?('foo') you do not need to make sure end_with? returns a singleton. Your predicate just propagates predicate semantics up regardless of what end_with? returns.
* Add `#verified` and `#valid_message?` to MessageVerifierLogan Leger2014-12-011-6/+15
| | | | | | | | | | | This commit adds a `#verified` method to `ActiveSupport::MessageVerifier` which will return either `false` when it encounters an error or the message. `#verify` continues to raise an `InvalidSignature` exception on error. This commit also adds a convenience boolean method on `MessageVerifier` as a way to check if a message is valid without performing the decoding.
* Abstract encoding strategy for ActiveSupport::MessageVerifierRyan Mohr2014-11-121-2/+10
|
* Use AS secure_compare in AS::MessageVerifierGuillermo Iguaran2014-10-231-12/+2
|
* Changes "if secret.nil?" to unless secret in MessageVerfierKostiantyn Kahanskyi2014-09-121-1/+1
|
* MessageVerifier raises an appropriate exception if the secret is nilKostiantyn Kahanskyi2014-09-121-0/+1
| | | | | Otherwise this will lead to another error later on when generating a signature: TypeError (no implicit conversion of nil into String).
* PR #10635 introduces rescue from ArgumentError thrown by ↵Vipul A M2013-12-121-2/+3
| | | | | | | | `Base64.strict_decode64`. This broke natural order of things for `StaleSessionCheck#stale_session_check!` which tried auto_loading a class based on `ArgumentError` message , and later retrying the `Marshal#load` of class, successfully allowing auto_loading. This PR tries to fix this behavior by forwarding `ArgumentError` 's not raised by `Base64.strict_decode64` , as is, ahead to `StaleSessionCheck#stale_session_check!`
* Use `Base.strict_decode64` instead of `Base.decode64` just as we do in encoding;Vipul A M2013-05-161-1/+5
| | | | Also reduce extra object allocation by creating string directly instead of join on Array
* Updated docs due to removal of serializer accessorAlbert Lash2013-03-241-3/+3
|
* Replace comments' non-breaking spaces with spacesclaudiob2012-12-041-1/+1
| | | | | | | | | | Sometimes, on Mac OS X, programmers accidentally press Option+Space rather than just Space and don’t see the difference. The problem is that Option+Space writes a non-breaking space (0XA0) rather than a normal space (0x20). This commit removes all the non-breaking spaces inadvertently introduced in the comments of the code.
* update AS docs [ci skip]Francesco Rodriguez2012-09-171-7/+7
|
* remove ActiveSupport::Base64 in favor of ::Base64Sergey Nartimov2012-01-021-3/+3
|
* deprecate Base64.encode64s from AS. Use Base64.strict_encode64 insteadVasiliy Ermolovich2011-12-271-2/+2
|
* Remove deprecations from Active Support.José Valim2011-12-201-5/+0
|
* Fix typo in deprecation noticeClaudio Poli2011-09-161-1/+1
|
* Use an options hash to specify digest/cipher algorithm and a serializer for ↵Willem van Bergen2011-09-151-7/+10
| | | | MessageVerifier and MessageEncryptor.
* Add some documentation for the new serializer property of MessageVerifier ↵Willem van Bergen2011-09-151-0/+5
| | | | and MessageEncryptor.
* Implement API suggestions of pull request.Willem van Bergen2011-09-151-6/+5
|
* Custom serializers and deserializers in MessageVerifier and MessageEncryptor.Willem van Bergen2011-09-151-2/+6
| | | | | By default, these classes use Marshal for serializing and deserializing messages. Unfortunately, the Marshal format is closely associated with Ruby internals and even changes between different interpreters. This makes the resulting message very hard to impossible to unserialize messages generated by these classes in other environments like node.js. This patch solves this by allowing you to set your own custom serializer and deserializer lambda functions. By default, it still uses Marshal to be backwards compatible.
* more style changessuchasurge2011-03-061-1/+1
|
* Deletes trailing whitespaces (over text files only find * -type f -exec sed ↵Santiago Pastorino2010-08-141-7/+7
| | | | 's/[ \t]*$//' -i {} \;)
* Revert "Improve performance of MessageVerifier while keeping it constant time"wycats2010-07-131-4/+4
| | | | This reverts commit 8b05c5207dd5757d55d0c384740db289e6bd5415.
* Improve performance of MessageVerifier while keeping it constant timewycats2010-06-041-4/+4
|
* message_verifier.rb needs active_support/core_ext/object/blankXavier Noria2010-01-011-0/+1
|
* message_verifier.rb needs active_support/base64Xavier Noria2010-01-011-0/+2
|
* String#bytesize is not needed for Ruby >= 1.8.7Xavier Noria2009-11-091-2/+0
|
* Ensure MessageVerifier raises appropriate exception on tampered dataPratik Naik2009-10-091-1/+1
|
* MessageVerifier#verify raises InvalidSignature if the signature is blankJeffrey Hardy2009-10-051-0/+2
| | | | Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>