From 45635098ac827ee5b243ac01b6267843cd89200a Mon Sep 17 00:00:00 2001
From: Jon Moss <me@jonathanmoss.me>
Date: Fri, 12 Feb 2016 21:13:37 -0500
Subject: Accept JSON with no backslashes/escaping

Fixes #22675

Allow channel identifiers and also data with no backslahes/escaping to be accepted by
the subscription storer.
---
 .../lib/action_cable/connection/subscriptions.rb   | 25 ++++++++++++++++------
 1 file changed, 19 insertions(+), 6 deletions(-)

(limited to 'actioncable/lib/action_cable/connection/subscriptions.rb')

diff --git a/actioncable/lib/action_cable/connection/subscriptions.rb b/actioncable/lib/action_cable/connection/subscriptions.rb
index 3742f248d1..5aa907c2d3 100644
--- a/actioncable/lib/action_cable/connection/subscriptions.rb
+++ b/actioncable/lib/action_cable/connection/subscriptions.rb
@@ -23,13 +23,13 @@ module ActionCable
       end
 
       def add(data)
-        id_key = data['identifier']
-        id_options = ActiveSupport::JSON.decode(id_key).with_indifferent_access
+        id_options = decode_hash(data['identifier'])
+        identifier = normalize_identifier(id_options)
 
         subscription_klass = connection.server.channel_classes[id_options[:channel]]
 
         if subscription_klass
-          subscriptions[id_key] ||= subscription_klass.new(connection, id_key, id_options)
+          subscriptions[identifier] ||= subscription_klass.new(connection, identifier, id_options)
         else
           logger.error "Subscription class not found (#{data.inspect})"
         end
@@ -37,7 +37,7 @@ module ActionCable
 
       def remove(data)
         logger.info "Unsubscribing from channel: #{data['identifier']}"
-        remove_subscription subscriptions[data['identifier']]
+        remove_subscription subscriptions[normalize_identifier(data['identifier'])]
       end
 
       def remove_subscription(subscription)
@@ -46,7 +46,7 @@ module ActionCable
       end
 
       def perform_action(data)
-        find(data).perform_action ActiveSupport::JSON.decode(data['data'])
+        find(data).perform_action(decode_hash(data['data']))
       end
 
       def identifiers
@@ -63,8 +63,21 @@ module ActionCable
       private
         delegate :logger, to: :connection
 
+        def normalize_identifier(identifier)
+          identifier = ActiveSupport::JSON.encode(identifier) if identifier.is_a?(Hash)
+          identifier
+        end
+
+        # If `data` is a Hash, this means that the original JSON
+        # sent by the client had no backslashes in it, and does
+        # not need to be decoded again.
+        def decode_hash(data)
+          data = ActiveSupport::JSON.decode(data) unless data.is_a?(Hash)
+          data.with_indifferent_access
+        end
+
         def find(data)
-          if subscription = subscriptions[data['identifier']]
+          if subscription = subscriptions[normalize_identifier(data['identifier'])]
             subscription
           else
             raise "Unable to find subscription with identifier: #{data['identifier']}"
-- 
cgit v1.2.3