From f98bd42854cc00868cd3f17fe164f32be7315d6b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rafael=20Mendon=C3=A7a=20Fran=C3=A7a?= Date: Fri, 22 Nov 2013 00:02:10 -0200 Subject: No need to configure salts --- railties/CHANGELOG.md | 7 ++----- railties/lib/rails/application.rb | 12 ++++-------- railties/test/application/configuration_test.rb | 22 +--------------------- 3 files changed, 7 insertions(+), 34 deletions(-) (limited to 'railties') diff --git a/railties/CHANGELOG.md b/railties/CHANGELOG.md index 85db9f62ed..6c3090bc34 100644 --- a/railties/CHANGELOG.md +++ b/railties/CHANGELOG.md @@ -6,15 +6,12 @@ Rails.application.message_verifier.verify(message) # => 'my sensible data' - It is recommended to not use the same verifier to different things, so you can get different + It is recommended not not use the same verifier for different things, so you can get different verifiers passing the name argument. message = Rails.application.message_verifier('cookies').generate('my sensible cookie data') - By default all the verifiers will share the same salt, so messages generates by one can be - verifier by another one. - - See the `ActiveSupport::MessageVerifier` documentation to more information. + See the `ActiveSupport::MessageVerifier` documentation for more information. *Rafael Mendonça França* diff --git a/railties/lib/rails/application.rb b/railties/lib/rails/application.rb index 97f3fa8ef3..a2744357ee 100644 --- a/railties/lib/rails/application.rb +++ b/railties/lib/rails/application.rb @@ -164,7 +164,8 @@ module Rails # # This verify can be used to generate and verify signed messages in the application. # - # By default all the verifiers will share the same salt. + # It is recommended not to use the same verifier for different things, so you can get different + # verifiers passing the +verifier_name+ argument. # # ==== Parameters # @@ -176,15 +177,10 @@ module Rails # Rails.application.message_verifier.verify(message) # # => 'my sensible data' # - # See the +ActiveSupport::MessageVerifier+ documentation to more information. + # See the +ActiveSupport::MessageVerifier+ documentation for more information. def message_verifier(verifier_name = 'default') @message_verifiers[verifier_name] ||= begin - if config.respond_to?(:message_verifier_salt) - salt = config.message_verifier_salt - end - - salt = salt || 'application verifier' - secret = key_generator.generate_key(salt) + secret = key_generator.generate_key(verifier_name) ActiveSupport::MessageVerifier.new(secret) end end diff --git a/railties/test/application/configuration_test.rb b/railties/test/application/configuration_test.rb index 8ef584b5ee..6b19acb482 100644 --- a/railties/test/application/configuration_test.rb +++ b/railties/test/application/configuration_test.rb @@ -284,27 +284,7 @@ module ApplicationTests assert_equal 'some_value', Rails.application.message_verifier.verify(last_response.body) - secret = app.key_generator.generate_key('application verifier') - verifier = ActiveSupport::MessageVerifier.new(secret) - assert_equal 'some_value', verifier.verify(last_response.body) - end - - test "application verifier use the configure salt" do - make_basic_app do |app| - app.config.secret_key_base = 'b3c631c314c0bbca50c1b2843150fe33' - app.config.session_store :disabled - app.config.message_verifier_salt = 'another salt' - end - - class ::OmgController < ActionController::Base - def index - render text: Rails.application.message_verifier.generate("some_value") - end - end - - get "/" - - secret = app.key_generator.generate_key('another salt') + secret = app.key_generator.generate_key('default') verifier = ActiveSupport::MessageVerifier.new(secret) assert_equal 'some_value', verifier.verify(last_response.body) end -- cgit v1.2.3