From 233001749cd00e147f93c17c17e49e5f6094721e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rafael=20Mendon=C3=A7a=20Fran=C3=A7a?= Date: Tue, 19 Nov 2013 22:26:52 -0200 Subject: Add application verifier It is an application global verifier that can be used to generate and verify signed messages. See the documentation of ActiveSupport::MessageVerifier for more information. --- railties/lib/rails/application.rb | 12 ++++++++++++ 1 file changed, 12 insertions(+) (limited to 'railties/lib') diff --git a/railties/lib/rails/application.rb b/railties/lib/rails/application.rb index d1e88cfafd..ccd97af655 100644 --- a/railties/lib/rails/application.rb +++ b/railties/lib/rails/application.rb @@ -158,6 +158,18 @@ module Rails end end + def verifier + @verifier ||= begin + if config.respond_to?(:message_verifier_salt) + salt = config.message_verifier_salt + end + + salt = salt || 'application verifier' + secret = key_generator.generate_key(salt) + ActiveSupport::MessageVerifier.new(secret) + end + end + # Stores some of the Rails initial environment parameters which # will be used by middlewares and engines to configure themselves. def env_config -- cgit v1.2.3 From 69ac53cfec067103427945b3ef137b9ce07294c9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rafael=20Mendon=C3=A7a=20Fran=C3=A7a?= Date: Tue, 19 Nov 2013 22:34:32 -0200 Subject: Add documentation and CHANGELOG entry to Application#verifier --- railties/lib/rails/application.rb | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'railties/lib') diff --git a/railties/lib/rails/application.rb b/railties/lib/rails/application.rb index ccd97af655..320da8f100 100644 --- a/railties/lib/rails/application.rb +++ b/railties/lib/rails/application.rb @@ -158,6 +158,15 @@ module Rails end end + # Return the application's message verifier. + # + # This verify can be used to generate and verify signed messages in the application. + # + # message = Rails.application.verifier.generate('my sensible data') + # Rails.application.verifier.verify(message) + # # => 'my sensible data' + # + # See the +ActiveSupport::MessageVerifier+ documentation to more information. def verifier @verifier ||= begin if config.respond_to?(:message_verifier_salt) -- cgit v1.2.3 From 609c217628acb4e1a01c4c40055d6d3304710bc7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rafael=20Mendon=C3=A7a=20Fran=C3=A7a?= Date: Thu, 21 Nov 2013 23:07:26 -0200 Subject: Rename verifier to message_verifier --- railties/lib/rails/application.rb | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'railties/lib') diff --git a/railties/lib/rails/application.rb b/railties/lib/rails/application.rb index 320da8f100..6ab13b18e0 100644 --- a/railties/lib/rails/application.rb +++ b/railties/lib/rails/application.rb @@ -162,13 +162,13 @@ module Rails # # This verify can be used to generate and verify signed messages in the application. # - # message = Rails.application.verifier.generate('my sensible data') - # Rails.application.verifier.verify(message) + # message = Rails.application.message_verifier.generate('my sensible data') + # Rails.application.message_verifier.verify(message) # # => 'my sensible data' # # See the +ActiveSupport::MessageVerifier+ documentation to more information. - def verifier - @verifier ||= begin + def message_verifier + @message_verifier ||= begin if config.respond_to?(:message_verifier_salt) salt = config.message_verifier_salt end -- cgit v1.2.3 From 0a2d004ba110f0f94fb9660bd1c81bb34699a6c3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rafael=20Mendon=C3=A7a=20Fran=C3=A7a?= Date: Thu, 21 Nov 2013 23:19:30 -0200 Subject: Add missing require --- railties/lib/rails/application.rb | 1 + 1 file changed, 1 insertion(+) (limited to 'railties/lib') diff --git a/railties/lib/rails/application.rb b/railties/lib/rails/application.rb index 6ab13b18e0..44d9f67d51 100644 --- a/railties/lib/rails/application.rb +++ b/railties/lib/rails/application.rb @@ -1,6 +1,7 @@ require 'fileutils' require 'active_support/core_ext/object/blank' require 'active_support/key_generator' +require 'active_support/message_verifier' require 'rails/engine' module Rails -- cgit v1.2.3 From 2be4916e8ee6f36b090df91d28d0c484983dcb5a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rafael=20Mendon=C3=A7a=20Fran=C3=A7a?= Date: Thu, 21 Nov 2013 23:42:10 -0200 Subject: Make possibile to get different message verifiers --- railties/lib/rails/application.rb | 27 ++++++++++++++++++--------- 1 file changed, 18 insertions(+), 9 deletions(-) (limited to 'railties/lib') diff --git a/railties/lib/rails/application.rb b/railties/lib/rails/application.rb index 44d9f67d51..97f3fa8ef3 100644 --- a/railties/lib/rails/application.rb +++ b/railties/lib/rails/application.rb @@ -108,12 +108,13 @@ module Rails def initialize(initial_variable_values = {}, &block) super() - @initialized = false - @reloaders = [] - @routes_reloader = nil - @app_env_config = nil - @ordered_railties = nil - @railties = nil + @initialized = false + @reloaders = [] + @routes_reloader = nil + @app_env_config = nil + @ordered_railties = nil + @railties = nil + @message_verifiers = {} add_lib_to_load_path! ActiveSupport.run_load_hooks(:before_configuration, self) @@ -159,17 +160,25 @@ module Rails end end - # Return the application's message verifier. + # Return a message verifier object. # # This verify can be used to generate and verify signed messages in the application. # + # By default all the verifiers will share the same salt. + # + # ==== Parameters + # + # * +verifier_name+ - the name of verifier you want to get. + # + # ==== Examples + # # message = Rails.application.message_verifier.generate('my sensible data') # Rails.application.message_verifier.verify(message) # # => 'my sensible data' # # See the +ActiveSupport::MessageVerifier+ documentation to more information. - def message_verifier - @message_verifier ||= begin + def message_verifier(verifier_name = 'default') + @message_verifiers[verifier_name] ||= begin if config.respond_to?(:message_verifier_salt) salt = config.message_verifier_salt end -- cgit v1.2.3 From f98bd42854cc00868cd3f17fe164f32be7315d6b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rafael=20Mendon=C3=A7a=20Fran=C3=A7a?= Date: Fri, 22 Nov 2013 00:02:10 -0200 Subject: No need to configure salts --- railties/lib/rails/application.rb | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) (limited to 'railties/lib') diff --git a/railties/lib/rails/application.rb b/railties/lib/rails/application.rb index 97f3fa8ef3..a2744357ee 100644 --- a/railties/lib/rails/application.rb +++ b/railties/lib/rails/application.rb @@ -164,7 +164,8 @@ module Rails # # This verify can be used to generate and verify signed messages in the application. # - # By default all the verifiers will share the same salt. + # It is recommended not to use the same verifier for different things, so you can get different + # verifiers passing the +verifier_name+ argument. # # ==== Parameters # @@ -176,15 +177,10 @@ module Rails # Rails.application.message_verifier.verify(message) # # => 'my sensible data' # - # See the +ActiveSupport::MessageVerifier+ documentation to more information. + # See the +ActiveSupport::MessageVerifier+ documentation for more information. def message_verifier(verifier_name = 'default') @message_verifiers[verifier_name] ||= begin - if config.respond_to?(:message_verifier_salt) - salt = config.message_verifier_salt - end - - salt = salt || 'application verifier' - secret = key_generator.generate_key(salt) + secret = key_generator.generate_key(verifier_name) ActiveSupport::MessageVerifier.new(secret) end end -- cgit v1.2.3 From d3d84988674dde77236d04181b48468765ed56c8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rafael=20Mendon=C3=A7a=20Fran=C3=A7a?= Date: Mon, 2 Dec 2013 22:42:10 -0200 Subject: Fix typos --- railties/lib/rails/application.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'railties/lib') diff --git a/railties/lib/rails/application.rb b/railties/lib/rails/application.rb index a2744357ee..df64736e62 100644 --- a/railties/lib/rails/application.rb +++ b/railties/lib/rails/application.rb @@ -160,9 +160,9 @@ module Rails end end - # Return a message verifier object. + # Returns a message verifier object. # - # This verify can be used to generate and verify signed messages in the application. + # This verifier can be used to generate and verify signed messages in the application. # # It is recommended not to use the same verifier for different things, so you can get different # verifiers passing the +verifier_name+ argument. -- cgit v1.2.3 From 48c703b055a6b287100f3c0fbc18f1294d7c7af4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rafael=20Mendon=C3=A7a=20Fran=C3=A7a?= Date: Wed, 4 Dec 2013 23:11:42 -0200 Subject: Make salt argument required for message verifier --- railties/lib/rails/application.rb | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'railties/lib') diff --git a/railties/lib/rails/application.rb b/railties/lib/rails/application.rb index df64736e62..e45bfaf6fc 100644 --- a/railties/lib/rails/application.rb +++ b/railties/lib/rails/application.rb @@ -169,18 +169,18 @@ module Rails # # ==== Parameters # - # * +verifier_name+ - the name of verifier you want to get. + # * +salt+ - the salt that will be used to generate the secret key of the verifier. # # ==== Examples # - # message = Rails.application.message_verifier.generate('my sensible data') - # Rails.application.message_verifier.verify(message) + # message = Rails.application.message_verifier('salt').generate('my sensible data') + # Rails.application.message_verifier('salt').verify(message) # # => 'my sensible data' # # See the +ActiveSupport::MessageVerifier+ documentation for more information. - def message_verifier(verifier_name = 'default') - @message_verifiers[verifier_name] ||= begin - secret = key_generator.generate_key(verifier_name) + def message_verifier(salt) + @message_verifiers[salt] ||= begin + secret = key_generator.generate_key(salt) ActiveSupport::MessageVerifier.new(secret) end end -- cgit v1.2.3