Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Merge pull request #3037 from wvanbergen/master

MessageVerifier: set serializer and crypto algorithm using an option hash
  • Loading branch information...
commit 8a32a58f6f95deeae1ffe6f5dba9c4d71fbc8dff 2 parents 28300f4 + 6d52080
@josevalim josevalim authored
View
17 activesupport/lib/active_support/message_encryptor.rb
@@ -13,12 +13,15 @@ class MessageEncryptor
class InvalidMessage < StandardError; end
OpenSSLCipherError = OpenSSL::Cipher.const_defined?(:CipherError) ? OpenSSL::Cipher::CipherError : OpenSSL::CipherError
- attr_accessor :serializer
-
- def initialize(secret, cipher = 'aes-256-cbc', serializer = Marshal)
+ def initialize(secret, options = {})
+ unless options.is_a?(Hash)
+ ActiveSupport::Deprecation.warn "The second parameter should be an options hash. Use :cipher => 'algorithm' to sepcify the cipher algorithm."
+ options = { :cipher => options }
+ end
+
@secret = secret
- @cipher = cipher
- @serializer = serializer
+ @cipher = options[:cipher] || 'aes-256-cbc'
+ @serializer = options[:serializer] || Marshal
end
def encrypt(value)
@@ -30,7 +33,7 @@ def encrypt(value)
cipher.key = @secret
cipher.iv = iv
- encrypted_data = cipher.update(serializer.dump(value))
+ encrypted_data = cipher.update(@serializer.dump(value))
encrypted_data << cipher.final
[encrypted_data, iv].map {|v| ActiveSupport::Base64.encode64s(v)}.join("--")
@@ -47,7 +50,7 @@ def decrypt(encrypted_message)
decrypted_data = cipher.update(encrypted_data)
decrypted_data << cipher.final
- serializer.load(decrypted_data)
+ @serializer.load(decrypted_data)
rescue OpenSSLCipherError, TypeError
raise InvalidMessage
end
View
17 activesupport/lib/active_support/message_verifier.rb
@@ -26,12 +26,15 @@ module ActiveSupport
class MessageVerifier
class InvalidSignature < StandardError; end
- attr_accessor :serializer
-
- def initialize(secret, digest = 'SHA1', serializer = Marshal)
+ def initialize(secret, options = {})
+ unless options.is_a?(Hash)
+ ActiveSupport::Deprecation.warn "The second parameter should be an options hash. Use :digest => 'algorithm' to sepcify the digest algorithm."
+ options = { :digest => options }
+ end
+
@secret = secret
- @digest = digest
- @serializer = serializer
+ @digest = options[:digest] || 'SHA1'
+ @serializer = options[:serializer] || Marshal
end
def verify(signed_message)
@@ -39,14 +42,14 @@ def verify(signed_message)
data, digest = signed_message.split("--")
if data.present? && digest.present? && secure_compare(digest, generate_digest(data))
- serializer.load(ActiveSupport::Base64.decode64(data))
+ @serializer.load(ActiveSupport::Base64.decode64(data))
else
raise InvalidSignature
end
end
def generate(value)
- data = ActiveSupport::Base64.encode64s(serializer.dump(value))
+ data = ActiveSupport::Base64.encode64s(@serializer.dump(value))
"#{data}--#{generate_digest(data)}"
end
View
14 activesupport/test/message_encryptor_test.rb
@@ -10,7 +10,7 @@
require 'active_support/time'
require 'active_support/json'
-class MessageEncryptorTest < Test::Unit::TestCase
+class MessageEncryptorTest < ActiveSupport::TestCase
class JSONSerializer
def dump(value)
@@ -52,11 +52,17 @@ def test_signed_round_tripping
end
def test_alternative_serialization_method
- @encryptor.serializer = JSONSerializer.new
- message = @encryptor.encrypt_and_sign({ :foo => 123, 'bar' => Time.utc(2010) })
- assert_equal @encryptor.decrypt_and_verify(message), { "foo" => 123, "bar" => "2010-01-01T00:00:00Z" }
+ encryptor = ActiveSupport::MessageEncryptor.new(SecureRandom.hex(64), :serializer => JSONSerializer.new)
+ message = encryptor.encrypt_and_sign({ :foo => 123, 'bar' => Time.utc(2010) })
+ assert_equal encryptor.decrypt_and_verify(message), { "foo" => 123, "bar" => "2010-01-01T00:00:00Z" }
end
+ def test_digest_algorithm_as_second_parameter_deprecation
+ assert_deprecated(/options hash/) do
+ ActiveSupport::MessageEncryptor.new(SecureRandom.hex(64), 'aes-256-cbc')
+ end
+ end
+
private
def assert_not_decrypted(value)
assert_raise(ActiveSupport::MessageEncryptor::InvalidMessage) do
View
14 activesupport/test/message_verifier_test.rb
@@ -10,7 +10,7 @@
require 'active_support/time'
require 'active_support/json'
-class MessageVerifierTest < Test::Unit::TestCase
+class MessageVerifierTest < ActiveSupport::TestCase
class JSONSerializer
def dump(value)
@@ -45,9 +45,15 @@ def test_tampered_data_raises
end
def test_alternative_serialization_method
- @verifier.serializer = JSONSerializer.new
- message = @verifier.generate({ :foo => 123, 'bar' => Time.utc(2010) })
- assert_equal @verifier.verify(message), { "foo" => 123, "bar" => "2010-01-01T00:00:00Z" }
+ verifier = ActiveSupport::MessageVerifier.new("Hey, I'm a secret!", :serializer => JSONSerializer.new)
+ message = verifier.generate({ :foo => 123, 'bar' => Time.utc(2010) })
+ assert_equal verifier.verify(message), { "foo" => 123, "bar" => "2010-01-01T00:00:00Z" }
+ end
+
+ def test_digest_algorithm_as_second_parameter_deprecation
+ assert_deprecated(/options hash/) do
+ ActiveSupport::MessageVerifier.new("secret", "SHA1")
+ end
end
def assert_not_verified(message)
Please sign in to comment.
Something went wrong with that request. Please try again.