Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP

Loading…

Make API for custom message serializers nicer. #3035

Merged
merged 2 commits into from

2 participants

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
This page is out of date. Refresh to see the latest.
View
11 activesupport/lib/active_support/message_encryptor.rb
@@ -13,13 +13,12 @@ class MessageEncryptor
class InvalidMessage < StandardError; end
OpenSSLCipherError = OpenSSL::Cipher.const_defined?(:CipherError) ? OpenSSL::Cipher::CipherError : OpenSSL::CipherError
- attr_accessor :serializer, :deserializer
+ attr_accessor :serializer
- def initialize(secret, cipher = 'aes-256-cbc')
+ def initialize(secret, cipher = 'aes-256-cbc', serializer = Marshal)
@secret = secret
@cipher = cipher
- @serializer = lambda { |value| Marshal.dump(value) }
- @deserializer = lambda { |value| Marshal.load(value) }
+ @serializer = serializer
end
def encrypt(value)
@@ -31,7 +30,7 @@ def encrypt(value)
cipher.key = @secret
cipher.iv = iv
- encrypted_data = cipher.update(serializer.call(value))
+ encrypted_data = cipher.update(serializer.dump(value))
encrypted_data << cipher.final
[encrypted_data, iv].map {|v| ActiveSupport::Base64.encode64s(v)}.join("--")
@@ -48,7 +47,7 @@ def decrypt(encrypted_message)
decrypted_data = cipher.update(encrypted_data)
decrypted_data << cipher.final
- deserializer.call(decrypted_data)
+ serializer.load(decrypted_data)
rescue OpenSSLCipherError, TypeError
raise InvalidMessage
end
View
16 activesupport/lib/active_support/message_verifier.rb
@@ -18,16 +18,20 @@ module ActiveSupport
# self.current_user = User.find(id)
# end
#
+ # By default it uses Marshal to serialize the message. If you want to use another
+ # serialization method, you can set the serializer attribute to something that responds
+ # to dump and load, e.g.:
+ #
+ # @verifier.serializer = YAML
class MessageVerifier
class InvalidSignature < StandardError; end
- attr_accessor :serializer, :deserializer
+ attr_accessor :serializer
- def initialize(secret, digest = 'SHA1')
+ def initialize(secret, digest = 'SHA1', serializer = Marshal)
@secret = secret
@digest = digest
- @serializer = lambda { |value| Marshal.dump(value) }
- @deserializer = lambda { |value| Marshal.load(value) }
+ @serializer = serializer
end
def verify(signed_message)
@@ -35,14 +39,14 @@ def verify(signed_message)
data, digest = signed_message.split("--")
if data.present? && digest.present? && secure_compare(digest, generate_digest(data))
- deserializer.call(ActiveSupport::Base64.decode64(data))
+ serializer.load(ActiveSupport::Base64.decode64(data))
else
raise InvalidSignature
end
end
def generate(value)
- data = ActiveSupport::Base64.encode64s(serializer.call(value))
+ data = ActiveSupport::Base64.encode64s(serializer.dump(value))
"#{data}--#{generate_digest(data)}"
end
View
15 activesupport/test/message_encryptor_test.rb
@@ -11,6 +11,17 @@
require 'active_support/json'
class MessageEncryptorTest < Test::Unit::TestCase
+
+ class JSONSerializer
+ def dump(value)
+ ActiveSupport::JSON.encode(value)
+ end
+
+ def load(value)
+ ActiveSupport::JSON.decode(value)
+ end
+ end
+
def setup
@encryptor = ActiveSupport::MessageEncryptor.new(SecureRandom.hex(64))
@data = { :some => "data", :now => Time.local(2010) }
@@ -41,9 +52,7 @@ def test_signed_round_tripping
end
def test_alternative_serialization_method
- @encryptor.serializer = lambda { |value| ActiveSupport::JSON.encode(value) }
- @encryptor.deserializer = lambda { |value| ActiveSupport::JSON.decode(value) }
-
+ @encryptor.serializer = JSONSerializer.new
message = @encryptor.encrypt_and_sign({ :foo => 123, 'bar' => Time.utc(2010) })
assert_equal @encryptor.decrypt_and_verify(message), { "foo" => 123, "bar" => "2010-01-01T00:00:00Z" }
end
View
15 activesupport/test/message_verifier_test.rb
@@ -11,6 +11,17 @@
require 'active_support/json'
class MessageVerifierTest < Test::Unit::TestCase
+
+ class JSONSerializer
+ def dump(value)
+ ActiveSupport::JSON.encode(value)
+ end
+
+ def load(value)
+ ActiveSupport::JSON.decode(value)
+ end
+ end
+
def setup
@verifier = ActiveSupport::MessageVerifier.new("Hey, I'm a secret!")
@data = { :some => "data", :now => Time.local(2010) }
@@ -34,9 +45,7 @@ def test_tampered_data_raises
end
def test_alternative_serialization_method
- @verifier.serializer = lambda { |value| ActiveSupport::JSON.encode(value) }
- @verifier.deserializer = lambda { |value| ActiveSupport::JSON.decode(value) }
-
+ @verifier.serializer = JSONSerializer.new
message = @verifier.generate({ :foo => 123, 'bar' => Time.utc(2010) })
assert_equal @verifier.verify(message), { "foo" => 123, "bar" => "2010-01-01T00:00:00Z" }
end
Something went wrong with that request. Please try again.