Permalink
Browse files

MessageVerifier#verify raises InvalidSignature if the signature is blank

Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
  • Loading branch information...
1 parent b480da5 commit 9212138ad0a9ae3285a2566300afb7d94344214a @packagethief packagethief committed with jeremy Oct 5, 2009
@@ -26,6 +26,8 @@ def initialize(secret, digest = 'SHA1')
end
def verify(signed_message)
+ raise InvalidSignature if signed_message.blank?
+
data, digest = signed_message.split("--")
if secure_compare(digest, generate_digest(data))
Marshal.load(ActiveSupport::Base64.decode64(data))
@@ -18,6 +18,11 @@ def test_simple_round_tripping
assert_equal @data, @verifier.verify(message)
end
+ def test_missing_signature_raises
+ assert_not_verified(nil)
+ assert_not_verified("")
+ end
+
def test_tampered_data_raises
data, hash = @verifier.generate(@data).split("--")
assert_not_verified("#{data.reverse}--#{hash}")

0 comments on commit 9212138

Please sign in to comment.