aboutsummaryrefslogtreecommitdiffstats
path: root/activesupport/test/message_verifier_test.rb
Commit message (Collapse)AuthorAgeFilesLines
* Remove advanced key generator rotations from verifier/encryptor.Kasper Timm Hansen2017-09-241-70/+26
| | | | | | | | Noticed that verifiers and encryptors never once mentioned key generators and salts but only concerned themselves with generated secrets. Clears up the confusing naming around raw_key and secret as well. And makes the rotation API follow the constructor signature to the letter.
* Infer options from the primary verifier.Kasper Timm Hansen2017-09-241-4/+4
| | | | | | Spares users from passing in non-changing values explicitly. [ Michael Coyne & Kasper Timm Hansen ]
* Add key rotation message Encryptor and VerifierMichael Coyne2017-09-231-0/+90
| | | | | | Both classes now have a rotate method where new instances are added for each call. When decryption or verification fails the next rotation instance is tried.
* Perform self-serialization once metadata is involved.Kasper Timm Hansen2017-08-131-2/+17
| | | | Adds support for metadata even when using ActiveSupport::MessageEncryptor::NullSerializer.
* Merge pull request #29907 from deivid-rodriguez/fix_flaky_message_verifier_testKasper Timm Hansen2017-07-241-1/+1
|\ | | | | Fix test failure in message verifier tests
| * Fix test failure in message verifier testsDavid Rodríguez2017-07-241-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Without this, I get the following result on my machine ``` # Running: F Failure: MessageVerifierTest#test_backward_compatibility_messages_signed_without_metadata [/home/deivid/Code/rails/activesupport/test/message_verifier_test.rb:91]: --- expected +++ actual @@ -1 +1 @@ -{:some=>"data", :now=>2010-01-01 00:00:00 +0100} +{:some=>"data", :now=>2010-01-01 00:00:00 +0000} bin/test test/message_verifier_test.rb:89 ```
* | add metadata tests: verify methodAssain2017-07-241-0/+15
|/
* add metadata support to message verifierAssain2017-07-191-0/+41
|
* [Active Support] `rubocop -a --only Layout/EmptyLineAfterMagicComment`Koichi ITO2017-07-111-0/+1
|
* Use frozen-string-literal in ActiveSupportKir Shatrov2017-07-091-0/+1
|
* Revert "Merge pull request #29540 from kirs/rubocop-frozen-string"Matthew Draper2017-07-021-1/+0
| | | | | This reverts commit 3420a14590c0e6915d8b6c242887f74adb4120f9, reversing changes made to afb66a5a598ce4ac74ad84b125a5abf046dcf5aa.
* Enforce frozen string in RubocopKir Shatrov2017-07-011-0/+1
|
* assert_equal takes expectation firstAkira Matsuda2016-12-261-1/+1
|
* applies remaining conventions across the projectXavier Noria2016-08-061-1/+0
|
* remove redundant curlies from hash argumentsXavier Noria2016-08-061-1/+1
|
* modernizes hash syntax in activesupportXavier Noria2016-08-061-2/+2
|
* applies new string literal convention in activesupport/testXavier Noria2016-08-061-6/+6
| | | | | The current code base is not uniform. After some discussion, we have chosen to go with double quotes by default.
* Fix the message verifier encoding issueRoque Pinel2015-06-141-0/+1
| | | | | | | ```ruby verifier = ActiveSupport::MessageVerifier.new('secret') verifier.verify("\xff") # => ArgumentError: invalid byte sequence in UTF-8 ```
* Remove "rescue" clause around "require 'openssl'"claudiob2014-12-031-12/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Some `require 'openssl'` statements were surrounded by `rescue` blocks to deal with Ruby versions that did not support `OpenSSL::Digest::SHA1` or `OpenSSL::PKCS5`. [As @jeremy explains](https://github.com/rails/rails/commit/a6a0904fcb12b876469c48b1c885aadafe9188cf#commitcomment-8826666) in the original commit: > If jruby didn't have jruby-openssl gem, the require wouldn't work. Not sure whether either of these are still relevant today. According to the [release notes for JRuby 1.7.13](http://www.jruby.org/2014/06/24/jruby-1-7-13.html): > jruby-openssl 0.9.5 bundled which means the above `rescue` block is not needed anymore. All the Ruby versions supported by the current version of Rails provide those OpenSSL libraries, so Travis CI should also be happy by removing the `rescue` blocks. --- Just to confirm, with JRuby: $ ruby --version #=> jruby 1.7.16.1 (1.9.3p392) 2014-10-28 4e93f31 on Java HotSpot(TM) 64-Bit Server VM 1.8.0_20-b26 +jit [darwin-x86_64] $ irb irb(main):001:0> require 'openssl' #=> true irb(main):002:0> OpenSSL::Digest::SHA1 #=> OpenSSL::Digest::SHA1 irb(main):003:0> OpenSSL::PKCS5 # => OpenSSL::PKCS5 And with Ruby 2.1: $ ruby --version #=> ruby 2.1.2p95 (2014-05-08 revision 45877) [x86_64-darwin13.0] $ irb irb(main):001:0> require 'openssl' #=> true irb(main):002:0> OpenSSL::Digest::SHA1 #=> OpenSSL::Digest::SHA1 irb(main):003:0> OpenSSL::PKCS5 #=> OpenSSL::PKCS5
* Add `#verified` and `#valid_message?` to MessageVerifierLogan Leger2014-12-011-16/+24
| | | | | | | | | | | This commit adds a `#verified` method to `ActiveSupport::MessageVerifier` which will return either `false` when it encounters an error or the message. `#verify` continues to raise an `InvalidSignature` exception on error. This commit also adds a convenience boolean method on `MessageVerifier` as a way to check if a message is valid without performing the decoding.
* MessageVerifier raises an appropriate exception if the secret is nilKostiantyn Kahanskyi2014-09-121-0/+7
| | | | | Otherwise this will lead to another error later on when generating a signature: TypeError (no implicit conversion of nil into String).
* PR #10635 introduces rescue from ArgumentError thrown by ↵Vipul A M2013-12-121-0/+14
| | | | | | | | `Base64.strict_decode64`. This broke natural order of things for `StaleSessionCheck#stale_session_check!` which tried auto_loading a class based on `ArgumentError` message , and later retrying the `Marshal#load` of class, successfully allowing auto_loading. This PR tries to fix this behavior by forwarding `ArgumentError` 's not raised by `Base64.strict_decode64` , as is, ahead to `StaleSessionCheck#stale_session_check!`
* :scissors:Rafael Mendonça França2013-12-021-4/+4
| | | | [ci skip]
* Standardize all JSON encoded times to use 3 decimal fractional secondsRyan Glover2013-11-071-1/+1
|
* Fixed bad tests to clean up after themselves.Ryan Davis2013-05-031-1/+6
|
* Remove deprecations from Active Support.José Valim2011-12-201-6/+0
|
* Test deprecation warning when not using an options hash as second parameter.Willem van Bergen2011-09-151-1/+7
|
* Use an options hash to specify digest/cipher algorithm and a serializer for ↵Willem van Bergen2011-09-151-3/+3
| | | | MessageVerifier and MessageEncryptor.
* Implement API suggestions of pull request.Willem van Bergen2011-09-151-3/+12
|
* Fixed tests so that they will also run properly in other timezones.Willem van Bergen2011-09-151-2/+2
|
* Custom serializers and deserializers in MessageVerifier and MessageEncryptor.Willem van Bergen2011-09-151-0/+9
| | | | | By default, these classes use Marshal for serializing and deserializing messages. Unfortunately, the Marshal format is closely associated with Ruby internals and even changes between different interpreters. This makes the resulting message very hard to impossible to unserialize messages generated by these classes in other environments like node.js. This patch solves this by allowing you to set your own custom serializer and deserializer lambda functions. By default, it still uses Marshal to be backwards compatible.
* Ruby 1.9.2: marshaling round-trips Time#zoneJeremy Kemper2010-03-281-1/+1
|
* Repair time dependenciesJeremy Kemper2009-11-141-0/+2
|
* Ensure MessageVerifier raises appropriate exception on tampered dataPratik Naik2009-10-091-0/+1
|
* MessageVerifier#verify raises InvalidSignature if the signature is blankJeffrey Hardy2009-10-051-0/+5
| | | | Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
* Nah, test SHA1, but skip the test and whine if OpenSSL is borked upJeremy Kemper2009-09-241-4/+13
|
* Test with MD5 digest in an attempt to mollify CIJeremy Kemper2009-09-241-1/+1
|
* Ruby 1.9 compat: rename deprecated assert_raises to assert_raise.Jeremy Kemper2009-03-081-1/+1
| | | | [#1617 state:resolved]
* Don't need _message as it's in the class name alreadyMichael Koziarski2008-11-231-4/+4
|
* Add ActiveSupport::MessageVerifier to aid users who need to store ↵Michael Koziarski2008-11-231-0/+25
tamper-proof messages in cookies etc. This is particularly useful for things like remember-me tokens in web applications and auto-unsubscribe links in emails.