Class: ActiveSupport::MessageVerifier
- Defined in:
- activesupport/lib/active_support/message_verifier.rb
Overview
MessageVerifier
makes it easy to generate and verify messages which are signed to prevent tampering.
This is useful for cases like remember-me tokens and auto-unsubscribe links where the session store isn’t suitable or available.
Remember Me:
[:remember_me] = @verifier.generate([@user.id, 2.weeks.from_now])
In the authentication filter:
id, time = @verifier.verify([:remember_me])
if time < Time.now
self.current_user = User.find(id)
end
Defined Under Namespace
Classes: InvalidSignature
Instance Method Summary collapse
- #generate(value) ⇒ Object
-
#initialize(secret, digest = 'SHA1') ⇒ MessageVerifier
constructor
A new instance of MessageVerifier.
- #verify(signed_message) ⇒ Object
Constructor Details
#initialize(secret, digest = 'SHA1') ⇒ MessageVerifier
Returns a new instance of MessageVerifier.
24 25 26 27 |
# File 'activesupport/lib/active_support/message_verifier.rb', line 24 def initialize(secret, digest = 'SHA1') @secret = secret @digest = digest end |
Instance Method Details
#generate(value) ⇒ Object
40 41 42 43 |
# File 'activesupport/lib/active_support/message_verifier.rb', line 40 def generate(value) data = ActiveSupport::Base64.encode64s(Marshal.dump(value)) "#{data}--#{generate_digest(data)}" end |
#verify(signed_message) ⇒ Object
29 30 31 32 33 34 35 36 37 38 |
# File 'activesupport/lib/active_support/message_verifier.rb', line 29 def verify() raise InvalidSignature if .blank? data, digest = .split("--") if data.present? && digest.present? && secure_compare(digest, generate_digest(data)) Marshal.load(ActiveSupport::Base64.decode64(data)) else raise InvalidSignature end end |