Skip to content
This repository
Browse code

MessageVerifier#verify raises InvalidSignature if the signature is blank

Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
  • Loading branch information...
commit f98302e46b66a8e4ce7038944901c8066130b083 1 parent 11cce5b
Jeffrey Hardy authored October 05, 2009 jeremy committed October 05, 2009
2  activesupport/lib/active_support/message_verifier.rb
@@ -24,6 +24,8 @@ def initialize(secret, digest = 'SHA1')
24 24
     end
25 25
     
26 26
     def verify(signed_message)
  27
+      raise InvalidSignature if signed_message.blank?
  28
+
27 29
       data, digest = signed_message.split("--")
28 30
       if secure_compare(digest, generate_digest(data))
29 31
         Marshal.load(ActiveSupport::Base64.decode64(data))
5  activesupport/test/message_verifier_test.rb
@@ -11,6 +11,11 @@ def test_simple_round_tripping
11 11
     assert_equal @data, @verifier.verify(message)
12 12
   end
13 13
   
  14
+  def test_missing_signature_raises
  15
+    assert_not_verified(nil)
  16
+    assert_not_verified("")
  17
+  end
  18
+
14 19
   def test_tampered_data_raises
15 20
     data, hash = @verifier.generate(@data).split("--")
16 21
     assert_not_verified("#{data.reverse}--#{hash}")

0 notes on commit f98302e

Please sign in to comment.
Something went wrong with that request. Please try again.