aboutsummaryrefslogtreecommitdiffstats
path: root/activesupport/test/message_verifier_test.rb
Commit message (Collapse)AuthorAgeFilesLines
* Fix the message verifier encoding issueRoque Pinel2015-06-141-0/+1
| | | | | | | ```ruby verifier = ActiveSupport::MessageVerifier.new('secret') verifier.verify("\xff") # => ArgumentError: invalid byte sequence in UTF-8 ```
* Remove "rescue" clause around "require 'openssl'"claudiob2014-12-031-12/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Some `require 'openssl'` statements were surrounded by `rescue` blocks to deal with Ruby versions that did not support `OpenSSL::Digest::SHA1` or `OpenSSL::PKCS5`. [As @jeremy explains](https://github.com/rails/rails/commit/a6a0904fcb12b876469c48b1c885aadafe9188cf#commitcomment-8826666) in the original commit: > If jruby didn't have jruby-openssl gem, the require wouldn't work. Not sure whether either of these are still relevant today. According to the [release notes for JRuby 1.7.13](http://www.jruby.org/2014/06/24/jruby-1-7-13.html): > jruby-openssl 0.9.5 bundled which means the above `rescue` block is not needed anymore. All the Ruby versions supported by the current version of Rails provide those OpenSSL libraries, so Travis CI should also be happy by removing the `rescue` blocks. --- Just to confirm, with JRuby: $ ruby --version #=> jruby 1.7.16.1 (1.9.3p392) 2014-10-28 4e93f31 on Java HotSpot(TM) 64-Bit Server VM 1.8.0_20-b26 +jit [darwin-x86_64] $ irb irb(main):001:0> require 'openssl' #=> true irb(main):002:0> OpenSSL::Digest::SHA1 #=> OpenSSL::Digest::SHA1 irb(main):003:0> OpenSSL::PKCS5 # => OpenSSL::PKCS5 And with Ruby 2.1: $ ruby --version #=> ruby 2.1.2p95 (2014-05-08 revision 45877) [x86_64-darwin13.0] $ irb irb(main):001:0> require 'openssl' #=> true irb(main):002:0> OpenSSL::Digest::SHA1 #=> OpenSSL::Digest::SHA1 irb(main):003:0> OpenSSL::PKCS5 #=> OpenSSL::PKCS5
* Add `#verified` and `#valid_message?` to MessageVerifierLogan Leger2014-12-011-16/+24
| | | | | | | | | | | This commit adds a `#verified` method to `ActiveSupport::MessageVerifier` which will return either `false` when it encounters an error or the message. `#verify` continues to raise an `InvalidSignature` exception on error. This commit also adds a convenience boolean method on `MessageVerifier` as a way to check if a message is valid without performing the decoding.
* MessageVerifier raises an appropriate exception if the secret is nilKostiantyn Kahanskyi2014-09-121-0/+7
| | | | | Otherwise this will lead to another error later on when generating a signature: TypeError (no implicit conversion of nil into String).
* PR #10635 introduces rescue from ArgumentError thrown by ↵Vipul A M2013-12-121-0/+14
| | | | | | | | `Base64.strict_decode64`. This broke natural order of things for `StaleSessionCheck#stale_session_check!` which tried auto_loading a class based on `ArgumentError` message , and later retrying the `Marshal#load` of class, successfully allowing auto_loading. This PR tries to fix this behavior by forwarding `ArgumentError` 's not raised by `Base64.strict_decode64` , as is, ahead to `StaleSessionCheck#stale_session_check!`
* :scissors:Rafael Mendonça França2013-12-021-4/+4
| | | | [ci skip]
* Standardize all JSON encoded times to use 3 decimal fractional secondsRyan Glover2013-11-071-1/+1
|
* Fixed bad tests to clean up after themselves.Ryan Davis2013-05-031-1/+6
|
* Remove deprecations from Active Support.José Valim2011-12-201-6/+0
|
* Test deprecation warning when not using an options hash as second parameter.Willem van Bergen2011-09-151-1/+7
|
* Use an options hash to specify digest/cipher algorithm and a serializer for ↵Willem van Bergen2011-09-151-3/+3
| | | | MessageVerifier and MessageEncryptor.
* Implement API suggestions of pull request.Willem van Bergen2011-09-151-3/+12
|
* Fixed tests so that they will also run properly in other timezones.Willem van Bergen2011-09-151-2/+2
|
* Custom serializers and deserializers in MessageVerifier and MessageEncryptor.Willem van Bergen2011-09-151-0/+9
| | | | | By default, these classes use Marshal for serializing and deserializing messages. Unfortunately, the Marshal format is closely associated with Ruby internals and even changes between different interpreters. This makes the resulting message very hard to impossible to unserialize messages generated by these classes in other environments like node.js. This patch solves this by allowing you to set your own custom serializer and deserializer lambda functions. By default, it still uses Marshal to be backwards compatible.
* Ruby 1.9.2: marshaling round-trips Time#zoneJeremy Kemper2010-03-281-1/+1
|
* Repair time dependenciesJeremy Kemper2009-11-141-0/+2
|
* Ensure MessageVerifier raises appropriate exception on tampered dataPratik Naik2009-10-091-0/+1
|
* MessageVerifier#verify raises InvalidSignature if the signature is blankJeffrey Hardy2009-10-051-0/+5
| | | | Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
* Nah, test SHA1, but skip the test and whine if OpenSSL is borked upJeremy Kemper2009-09-241-4/+13
|
* Test with MD5 digest in an attempt to mollify CIJeremy Kemper2009-09-241-1/+1
|
* Ruby 1.9 compat: rename deprecated assert_raises to assert_raise.Jeremy Kemper2009-03-081-1/+1
| | | | [#1617 state:resolved]
* Don't need _message as it's in the class name alreadyMichael Koziarski2008-11-231-4/+4
|
* Add ActiveSupport::MessageVerifier to aid users who need to store ↵Michael Koziarski2008-11-231-0/+25
tamper-proof messages in cookies etc. This is particularly useful for things like remember-me tokens in web applications and auto-unsubscribe links in emails.