Skip to content
Browse files

Move ensure_secret_secure to DummyKeyGenerator

  • Loading branch information...
1 parent 851e8fe commit c2a7956eb7fbc099ea38d21601d215ab3def27fb @spastorino spastorino committed Nov 2, 2012
View
24 actionpack/lib/action_dispatch/middleware/cookies.rb
@@ -312,13 +312,11 @@ def method_missing(method, *arguments, &block)
class SignedCookieJar < CookieJar #:nodoc:
MAX_COOKIE_SIZE = 4096 # Cookies can typically store 4096 bytes.
- SECRET_MIN_LENGTH = 30 # Characters
def initialize(parent_jar, key_generator, options = {})
@parent_jar = parent_jar
@options = options
secret = key_generator.generate_key(@options[:signed_cookie_salt])
- ensure_secret_secure(secret)
@verifier = ActiveSupport::MessageVerifier.new(secret)
end
@@ -345,27 +343,6 @@ def []=(key, options)
def method_missing(method, *arguments, &block)
@parent_jar.send(method, *arguments, &block)
end
-
- protected
-
- # To prevent users from using something insecure like "Password" we make sure that the
- # secret they've provided is at least 30 characters in length.
- def ensure_secret_secure(secret)
- if secret.blank?
- raise ArgumentError, "A secret is required to generate an " +
- "integrity hash for cookie session data. Use " +
- "config.secret_token_key = \"some secret phrase of at " +
- "least #{SECRET_MIN_LENGTH} characters\"" +
- "in config/initializers/secret_token.rb"
- end
-
- if secret.length < SECRET_MIN_LENGTH
- raise ArgumentError, "Secret should be something secure, " +
- "like \"#{SecureRandom.hex(16)}\". The value you " +
- "provided, \"#{secret}\", is shorter than the minimum length " +
- "of #{SECRET_MIN_LENGTH} characters"
- end
- end
end
class EncryptedCookieJar < SignedCookieJar #:nodoc:
@@ -375,7 +352,6 @@ def initialize(parent_jar, key_generator, options = {})
secret = key_generator.generate_key(@options[:encrypted_cookie_salt])
sign_secret = key_generator.generate_key(@options[:encrypted_signed_cookie_salt])
@encryptor = ActiveSupport::MessageEncryptor.new(secret, sign_secret)
- ensure_secret_secure(secret)
end
def [](name)
View
2 actionpack/test/controller/http_digest_authentication_test.rb
@@ -42,7 +42,7 @@ def authenticate_with_request
setup do
# Used as secret in generating nonce to prevent tampering of timestamp
- @secret = "session_options_secret"
+ @secret = "4fb45da9e4ab4ddeb7580d6a35503d99"
@request.env["action_dispatch.key_generator"] = ActiveSupport::DummyKeyGenerator.new(@secret)
end
View
24 activesupport/lib/active_support/key_generator.rb
@@ -36,12 +36,36 @@ def generate_key(salt, key_size=64)
end
class DummyKeyGenerator
+ SECRET_MIN_LENGTH = 30 # Characters
+
def initialize(secret)
+ ensure_secret_secure(secret)
@secret = secret
end
def generate_key(salt)
@secret
end
+
+ private
+
+ # To prevent users from using something insecure like "Password" we make sure that the
+ # secret they've provided is at least 30 characters in length.
+ def ensure_secret_secure(secret)
+ if secret.blank?
+ raise ArgumentError, "A secret is required to generate an " +
+ "integrity hash for cookie session data. Use " +
+ "config.secret_token_key = \"some secret phrase of at " +
+ "least #{SECRET_MIN_LENGTH} characters\"" +
+ "in config/initializers/secret_token.rb"
+ end
+
+ if secret.length < SECRET_MIN_LENGTH
+ raise ArgumentError, "Secret should be something secure, " +
+ "like \"#{SecureRandom.hex(16)}\". The value you " +
+ "provided, \"#{secret}\", is shorter than the minimum length " +
+ "of #{SECRET_MIN_LENGTH} characters"
+ end
+ end
end
end

0 comments on commit c2a7956

Please sign in to comment.
Something went wrong with that request. Please try again.