Skip to content

Commit

Permalink
Abstract encoding strategy for ActiveSupport::MessageVerifier
Browse files Browse the repository at this point in the history
  • Loading branch information
@rymohr
rymohr committed Nov 12, 2014
1 parent 6ff7846 commit 8573de4
Showing 1 changed file with 10 additions and 2 deletions.
12 changes: 10 additions & 2 deletions activesupport/lib/active_support/message_verifier.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@ def verify(signed_message)
data, digest = signed_message.split("--")
if data.present? && digest.present? && ActiveSupport::SecurityUtils.secure_compare(digest, generate_digest(data))
begin
@serializer.load(::Base64.strict_decode64(data))
@serializer.load(decode(data))
rescue ArgumentError => argument_error
raise InvalidSignature if argument_error.message =~ %r{invalid base64}
raise
Expand All @@ -51,11 +51,19 @@ def verify(signed_message)
end

def generate(value)
data = ::Base64.strict_encode64(@serializer.dump(value))
data = encode(@serializer.dump(value))
"#{data}--#{generate_digest(data)}"
end

private
def encode(data)
::Base64.strict_encode64(data)
end

def decode(data)
::Base64.strict_decode64(data)
end

def generate_digest(data)
require 'openssl' unless defined?(OpenSSL)
OpenSSL::HMAC.hexdigest(OpenSSL::Digest.const_get(@digest).new, @secret, data)
Expand Down

0 comments on commit 8573de4

Please sign in to comment.