Skip to content
Browse files

Add application verifier

It is an application global verifier that can be used to generate and
verify signed messages.

See the documentation of ActiveSupport::MessageVerifier for more
information.
  • Loading branch information...
1 parent c9223dc commit 233001749cd00e147f93c17c17e49e5f6094721e @rafaelfranca rafaelfranca committed Nov 19, 2013
Showing with 53 additions and 0 deletions.
  1. +12 −0 railties/lib/rails/application.rb
  2. +41 −0 railties/test/application/configuration_test.rb
View
12 railties/lib/rails/application.rb
@@ -158,6 +158,18 @@ def key_generator
end
end
+ def verifier
+ @verifier ||= begin
+ if config.respond_to?(:message_verifier_salt)
+ salt = config.message_verifier_salt
+ end
+
+ salt = salt || 'application verifier'
+ secret = key_generator.generate_key(salt)
+ ActiveSupport::MessageVerifier.new(secret)
+ end
+ end
+
# Stores some of the Rails initial environment parameters which
# will be used by middlewares and engines to configure themselves.
def env_config
View
41 railties/test/application/configuration_test.rb
@@ -268,6 +268,47 @@ def index
assert_equal 'some_value', verifier.verify(last_response.body)
end
+ test "application verifier can be used in the entire application" do
+ make_basic_app do |app|
+ app.config.secret_key_base = 'b3c631c314c0bbca50c1b2843150fe33'
+ app.config.session_store :disabled
+ end
+
+ class ::OmgController < ActionController::Base
+ def index
+ render text: Rails.application.verifier.generate("some_value")
+ end
+ end
+
+ get "/"
+
+ assert_equal 'some_value', Rails.application.verifier.verify(last_response.body)
+
+ secret = app.key_generator.generate_key('application verifier')
+ verifier = ActiveSupport::MessageVerifier.new(secret)
+ assert_equal 'some_value', verifier.verify(last_response.body)
+ end
+
+ test "application verifier use the configure salt" do
+ make_basic_app do |app|
+ app.config.secret_key_base = 'b3c631c314c0bbca50c1b2843150fe33'
+ app.config.session_store :disabled
+ app.config.message_verifier_salt = 'another salt'
+ end
+
+ class ::OmgController < ActionController::Base
+ def index
+ render text: Rails.application.verifier.generate("some_value")
+ end
+ end
+
+ get "/"
+
+ secret = app.key_generator.generate_key('another salt')
+ verifier = ActiveSupport::MessageVerifier.new(secret)
+ assert_equal 'some_value', verifier.verify(last_response.body)
+ end
+
test "protect from forgery is the default in a new app" do
make_basic_app

0 comments on commit 2330017

Please sign in to comment.
Something went wrong with that request. Please try again.