Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Add application verifier

It is an application global verifier that can be used to generate and
verify signed messages.

See the documentation of ActiveSupport::MessageVerifier for more
information.
  • Loading branch information...
commit 233001749cd00e147f93c17c17e49e5f6094721e 1 parent c9223dc
@rafaelfranca rafaelfranca authored
View
12 railties/lib/rails/application.rb
@@ -158,6 +158,18 @@ def key_generator
end
end
+ def verifier
+ @verifier ||= begin
+ if config.respond_to?(:message_verifier_salt)
+ salt = config.message_verifier_salt
+ end
+
+ salt = salt || 'application verifier'
+ secret = key_generator.generate_key(salt)
+ ActiveSupport::MessageVerifier.new(secret)
+ end
+ end
+
# Stores some of the Rails initial environment parameters which
# will be used by middlewares and engines to configure themselves.
def env_config
View
41 railties/test/application/configuration_test.rb
@@ -268,6 +268,47 @@ def index
assert_equal 'some_value', verifier.verify(last_response.body)
end
+ test "application verifier can be used in the entire application" do
+ make_basic_app do |app|
+ app.config.secret_key_base = 'b3c631c314c0bbca50c1b2843150fe33'
+ app.config.session_store :disabled
+ end
+
+ class ::OmgController < ActionController::Base
+ def index
+ render text: Rails.application.verifier.generate("some_value")
+ end
+ end
+
+ get "/"
+
+ assert_equal 'some_value', Rails.application.verifier.verify(last_response.body)
+
+ secret = app.key_generator.generate_key('application verifier')
+ verifier = ActiveSupport::MessageVerifier.new(secret)
+ assert_equal 'some_value', verifier.verify(last_response.body)
+ end
+
+ test "application verifier use the configure salt" do
+ make_basic_app do |app|
+ app.config.secret_key_base = 'b3c631c314c0bbca50c1b2843150fe33'
+ app.config.session_store :disabled
+ app.config.message_verifier_salt = 'another salt'
+ end
+
+ class ::OmgController < ActionController::Base
+ def index
+ render text: Rails.application.verifier.generate("some_value")
+ end
+ end
+
+ get "/"
+
+ secret = app.key_generator.generate_key('another salt')
+ verifier = ActiveSupport::MessageVerifier.new(secret)
+ assert_equal 'some_value', verifier.verify(last_response.body)
+ end
+
test "protect from forgery is the default in a new app" do
make_basic_app
Please sign in to comment.
Something went wrong with that request. Please try again.